diff mbox series

[v25,21/25] audit: add support for non-syscall auxiliary records

Message ID 20210309144243.12519-22-casey@schaufler-ca.com (mailing list archive)
State New, archived
Headers show
Series LSM: Module stacking for AppArmor | expand

Commit Message

Casey Schaufler March 9, 2021, 2:42 p.m. UTC
Standalone audit records have the timestamp and serial number generated
on the fly and as such are unique, making them standalone.  This new
function audit_alloc_local() generates a local audit context that will
be used only for a standalone record and its auxiliary record(s).  The
context is discarded immediately after the local associated records are
produced.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-audit@redhat.com
To: Richard Guy Briggs <rgb@redhat.com>
---
 include/linux/audit.h |  8 ++++++++
 kernel/audit.h        |  1 +
 kernel/auditsc.c      | 33 ++++++++++++++++++++++++++++-----
 3 files changed, 37 insertions(+), 5 deletions(-)

Comments

kernel test robot March 9, 2021, 5:55 p.m. UTC | #1
Hi Casey,

I love your patch! Yet something to improve:

[auto build test ERROR on nf/master]
[also build test ERROR on linus/master v5.12-rc2 next-20210309]
[cannot apply to pcmoore-audit/next nf-next/master security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Casey-Schaufler/LSM-Infrastructure-management-of-the-sock-security/20210309-234224
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: h8300-randconfig-r026-20210308 (attached as .config)
compiler: h8300-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/96082b2d5d5bc80fd3dafdf8a737ba8961568067
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Casey-Schaufler/LSM-Infrastructure-management-of-the-sock-security/20210309-234224
        git checkout 96082b2d5d5bc80fd3dafdf8a737ba8961568067
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=h8300 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from drivers/tty/n_tty.c:46:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
--
   In file included from include/linux/rcupdate.h:24,
                    from include/linux/init_task.h:5,
                    from init/init_task.c:2:
   include/linux/scatterlist.h: In function 'sg_set_buf':
   include/asm-generic/page.h:89:50: warning: ordered comparison of pointer with null pointer [-Wextra]
      89 | #define virt_addr_valid(kaddr) (((void *)(kaddr) >= (void *)PAGE_OFFSET) && \
         |                                                  ^~
   include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
      78 | # define unlikely(x) __builtin_expect(!!(x), 0)
         |                                          ^
   include/linux/scatterlist.h:137:2: note: in expansion of macro 'BUG_ON'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |  ^~~~~~
   include/linux/scatterlist.h:137:10: note: in expansion of macro 'virt_addr_valid'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |          ^~~~~~~~~~~~~~~
   In file included from init/init_task.c:12:
   include/linux/audit.h: At top level:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
--
   In file included from arch/h8300/kernel/ptrace.c:14:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
   In file included from include/linux/kernel.h:10,
                    from arch/h8300/kernel/ptrace.c:11:
   include/linux/scatterlist.h: In function 'sg_set_buf':
   include/asm-generic/page.h:89:50: warning: ordered comparison of pointer with null pointer [-Wextra]
      89 | #define virt_addr_valid(kaddr) (((void *)(kaddr) >= (void *)PAGE_OFFSET) && \
         |                                                  ^~
   include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
      78 | # define unlikely(x) __builtin_expect(!!(x), 0)
         |                                          ^
   include/linux/scatterlist.h:137:2: note: in expansion of macro 'BUG_ON'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |  ^~~~~~
   include/linux/scatterlist.h:137:10: note: in expansion of macro 'virt_addr_valid'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |          ^~~~~~~~~~~~~~~
   arch/h8300/kernel/ptrace.c: At top level:
   arch/h8300/kernel/ptrace.c:172:17: warning: no previous prototype for 'do_syscall_trace_enter' [-Wmissing-prototypes]
     172 | asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
         |                 ^~~~~~~~~~~~~~~~~~~~~~
   arch/h8300/kernel/ptrace.c:191:17: warning: no previous prototype for 'do_syscall_trace_leave' [-Wmissing-prototypes]
     191 | asmlinkage void do_syscall_trace_leave(struct pt_regs *regs)
         |                 ^~~~~~~~~~~~~~~~~~~~~~
   arch/h8300/kernel/ptrace.c: In function 'h8300_put_reg':
   arch/h8300/kernel/ptrace.c:61:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
      61 |   task->thread.usp = data - sizeof(long)*2;
         |   ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
   arch/h8300/kernel/ptrace.c:62:2: note: here
      62 |  case PT_CCR:
         |  ^~~~
--
   In file included from kernel/module.c:58:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
   kernel/module.c:4675:6: warning: no previous prototype for 'module_layout' [-Wmissing-prototypes]
    4675 | void module_layout(struct module *mod,
         |      ^~~~~~~~~~~~~
--
   In file included from include/asm-generic/bug.h:5,
                    from arch/h8300/include/asm/bug.h:8,
                    from include/linux/bug.h:5,
                    from include/linux/mmdebug.h:5,
                    from include/linux/gfp.h:5,
                    from include/linux/slab.h:15,
                    from kernel/fork.c:16:
   include/linux/scatterlist.h: In function 'sg_set_buf':
   include/asm-generic/page.h:89:50: warning: ordered comparison of pointer with null pointer [-Wextra]
      89 | #define virt_addr_valid(kaddr) (((void *)(kaddr) >= (void *)PAGE_OFFSET) && \
         |                                                  ^~
   include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
      78 | # define unlikely(x) __builtin_expect(!!(x), 0)
         |                                          ^
   include/linux/scatterlist.h:137:2: note: in expansion of macro 'BUG_ON'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |  ^~~~~~
   include/linux/scatterlist.h:137:10: note: in expansion of macro 'virt_addr_valid'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |          ^~~~~~~~~~~~~~~
   In file included from kernel/fork.c:63:
   include/linux/audit.h: At top level:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
   kernel/fork.c:161:13: warning: no previous prototype for 'arch_release_task_struct' [-Wmissing-prototypes]
     161 | void __weak arch_release_task_struct(struct task_struct *tsk)
         |             ^~~~~~~~~~~~~~~~~~~~~~~~
   kernel/fork.c:746:20: warning: no previous prototype for 'arch_task_cache_init' [-Wmissing-prototypes]
     746 | void __init __weak arch_task_cache_init(void) { }
         |                    ^~~~~~~~~~~~~~~~~~~~
   kernel/fork.c:836:12: warning: no previous prototype for 'arch_dup_task_struct' [-Wmissing-prototypes]
     836 | int __weak arch_dup_task_struct(struct task_struct *dst,
         |            ^~~~~~~~~~~~~~~~~~~~
--
   In file included from kernel/exit.c:49:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
   In file included from include/asm-generic/bug.h:5,
                    from arch/h8300/include/asm/bug.h:8,
                    from include/linux/bug.h:5,
                    from include/linux/mmdebug.h:5,
                    from include/linux/mm.h:9,
                    from kernel/exit.c:8:
   include/linux/scatterlist.h: In function 'sg_set_buf':
   include/asm-generic/page.h:89:50: warning: ordered comparison of pointer with null pointer [-Wextra]
      89 | #define virt_addr_valid(kaddr) (((void *)(kaddr) >= (void *)PAGE_OFFSET) && \
         |                                                  ^~
   include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
      78 | # define unlikely(x) __builtin_expect(!!(x), 0)
         |                                          ^
   include/linux/scatterlist.h:137:2: note: in expansion of macro 'BUG_ON'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |  ^~~~~~
   include/linux/scatterlist.h:137:10: note: in expansion of macro 'virt_addr_valid'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |          ^~~~~~~~~~~~~~~
   kernel/exit.c: At top level:
   kernel/exit.c:1763:13: warning: no previous prototype for 'abort' [-Wmissing-prototypes]
    1763 | __weak void abort(void)
         |             ^~~~~
--
   In file included from include/asm-generic/bug.h:5,
                    from arch/h8300/include/asm/bug.h:8,
                    from include/linux/bug.h:5,
                    from include/linux/mmdebug.h:5,
                    from include/linux/gfp.h:5,
                    from include/linux/slab.h:15,
                    from kernel/signal.c:14:
   include/linux/scatterlist.h: In function 'sg_set_buf':
   include/asm-generic/page.h:89:50: warning: ordered comparison of pointer with null pointer [-Wextra]
      89 | #define virt_addr_valid(kaddr) (((void *)(kaddr) >= (void *)PAGE_OFFSET) && \
         |                                                  ^~
   include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
      78 | # define unlikely(x) __builtin_expect(!!(x), 0)
         |                                          ^
   include/linux/scatterlist.h:137:2: note: in expansion of macro 'BUG_ON'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |  ^~~~~~
   include/linux/scatterlist.h:137:10: note: in expansion of macro 'virt_addr_valid'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |          ^~~~~~~~~~~~~~~
   In file included from kernel/signal.c:48:
   include/linux/audit.h: At top level:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
   kernel/signal.c:4645:6: warning: no previous prototype for 'kdb_send_sig' [-Wmissing-prototypes]
    4645 | void kdb_send_sig(struct task_struct *t, int sig)
         |      ^~~~~~~~~~~~
--
   In file included from include/asm-generic/bug.h:5,
                    from arch/h8300/include/asm/bug.h:8,
                    from include/linux/bug.h:5,
                    from include/linux/mmdebug.h:5,
                    from include/linux/mm.h:9,
                    from mm/nommu.c:20:
   include/linux/scatterlist.h: In function 'sg_set_buf':
   include/asm-generic/page.h:89:50: warning: ordered comparison of pointer with null pointer [-Wextra]
      89 | #define virt_addr_valid(kaddr) (((void *)(kaddr) >= (void *)PAGE_OFFSET) && \
         |                                                  ^~
   include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
      78 | # define unlikely(x) __builtin_expect(!!(x), 0)
         |                                          ^
   include/linux/scatterlist.h:137:2: note: in expansion of macro 'BUG_ON'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |  ^~~~~~
   include/linux/scatterlist.h:137:10: note: in expansion of macro 'virt_addr_valid'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |          ^~~~~~~~~~~~~~~
   In file included from mm/nommu.c:37:
   include/linux/audit.h: At top level:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
   In file included from arch/h8300/include/asm/page.h:5,
                    from arch/h8300/include/asm/thread_info.h:12,
                    from include/linux/thread_info.h:58,
                    from include/asm-generic/preempt.h:5,
                    from ./arch/h8300/include/generated/asm/preempt.h:1,
                    from include/linux/preempt.h:78,
                    from include/linux/spinlock.h:51,
                    from include/linux/mmzone.h:8,
                    from include/linux/gfp.h:6,
                    from include/linux/mm.h:10,
                    from mm/nommu.c:20:
   mm/nommu.c: In function 'kobjsize':
   include/asm-generic/page.h:89:50: warning: ordered comparison of pointer with null pointer [-Wextra]
      89 | #define virt_addr_valid(kaddr) (((void *)(kaddr) >= (void *)PAGE_OFFSET) && \
         |                                                  ^~
   mm/nommu.c:81:16: note: in expansion of macro 'virt_addr_valid'
      81 |  if (!objp || !virt_addr_valid(objp))
         |                ^~~~~~~~~~~~~~~
   mm/nommu.c: At top level:
   mm/nommu.c:1658:15: warning: no previous prototype for 'arch_get_unmapped_area' [-Wmissing-prototypes]
    1658 | unsigned long arch_get_unmapped_area(struct file *file, unsigned long addr,
         |               ^~~~~~~~~~~~~~~~~~~~~~
--
   In file included from fs/pipe.c:23:
>> include/linux/audit.h:557:1: error: expected identifier or '(' before '+' token
     557 | +static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
         | ^
   In file included from include/asm-generic/bug.h:5,
                    from arch/h8300/include/asm/bug.h:8,
                    from include/linux/bug.h:5,
                    from include/linux/mmdebug.h:5,
                    from include/linux/mm.h:9,
                    from fs/pipe.c:8:
   include/linux/scatterlist.h: In function 'sg_set_buf':
   include/asm-generic/page.h:89:50: warning: ordered comparison of pointer with null pointer [-Wextra]
      89 | #define virt_addr_valid(kaddr) (((void *)(kaddr) >= (void *)PAGE_OFFSET) && \
         |                                                  ^~
   include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
      78 | # define unlikely(x) __builtin_expect(!!(x), 0)
         |                                          ^
   include/linux/scatterlist.h:137:2: note: in expansion of macro 'BUG_ON'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |  ^~~~~~
   include/linux/scatterlist.h:137:10: note: in expansion of macro 'virt_addr_valid'
     137 |  BUG_ON(!virt_addr_valid(buf));
         |          ^~~~~~~~~~~~~~~


vim +557 include/linux/audit.h

   553	
   554	extern int audit_n_rules;
   555	extern int audit_signals;
   556	#else /* CONFIG_AUDITSYSCALL */
 > 557	+static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
   558	{
   559		return NULL;
   560	}
   561	static inline void audit_free_context(struct audit_context *context)
   562	{ }
   563	static inline int audit_alloc(struct task_struct *task)
   564	{
   565		return 0;
   566	}
   567	static inline void audit_free(struct task_struct *task)
   568	{ }
   569	static inline void audit_syscall_entry(int major, unsigned long a0,
   570					       unsigned long a1, unsigned long a2,
   571					       unsigned long a3)
   572	{ }
   573	static inline void audit_syscall_exit(void *pt_regs)
   574	{ }
   575	static inline bool audit_dummy_context(void)
   576	{
   577		return true;
   578	}
   579	static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx)
   580	{ }
   581	static inline struct audit_context *audit_context(void)
   582	{
   583		return NULL;
   584	}
   585	static inline struct filename *audit_reusename(const __user char *name)
   586	{
   587		return NULL;
   588	}
   589	static inline void audit_getname(struct filename *name)
   590	{ }
   591	static inline void audit_inode(struct filename *name,
   592					const struct dentry *dentry,
   593					unsigned int aflags)
   594	{ }
   595	static inline void audit_file(struct file *file)
   596	{
   597	}
   598	static inline void audit_inode_parent_hidden(struct filename *name,
   599					const struct dentry *dentry)
   600	{ }
   601	static inline void audit_inode_child(struct inode *parent,
   602					     const struct dentry *dentry,
   603					     const unsigned char type)
   604	{ }
   605	static inline void audit_core_dumps(long signr)
   606	{ }
   607	static inline void audit_seccomp(unsigned long syscall, long signr, int code)
   608	{ }
   609	static inline void audit_seccomp_actions_logged(const char *names,
   610							const char *old_names, int res)
   611	{ }
   612	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
   613	{ }
   614	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
   615						gid_t gid, umode_t mode)
   616	{ }
   617	static inline void audit_bprm(struct linux_binprm *bprm)
   618	{ }
   619	static inline int audit_socketcall(int nargs, unsigned long *args)
   620	{
   621		return 0;
   622	}
   623	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
diff mbox series

Patch

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 418a485af114..97cd7471e572 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -289,6 +289,8 @@  static inline int audit_signal_info(int sig, struct task_struct *t)
 				/* Public API */
 extern int  audit_alloc(struct task_struct *task);
 extern void __audit_free(struct task_struct *task);
+extern struct audit_context *audit_alloc_local(gfp_t gfpflags);
+extern void audit_free_context(struct audit_context *context);
 extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
 				  unsigned long a2, unsigned long a3);
 extern void __audit_syscall_exit(int ret_success, long ret_value);
@@ -552,6 +554,12 @@  static inline void audit_log_nfcfg(const char *name, u8 af,
 extern int audit_n_rules;
 extern int audit_signals;
 #else /* CONFIG_AUDITSYSCALL */
++static inline struct audit_context *audit_alloc_local(gfp_t gfpflags)
+{
+	return NULL;
+}
+static inline void audit_free_context(struct audit_context *context)
+{ }
 static inline int audit_alloc(struct task_struct *task)
 {
 	return 0;
diff --git a/kernel/audit.h b/kernel/audit.h
index ce41886807bb..3f2285e1c6e0 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -99,6 +99,7 @@  struct audit_proctitle {
 struct audit_context {
 	int		    dummy;	/* must be the first element */
 	int		    in_syscall;	/* 1 if task is in a syscall */
+	bool		    local;	/* local context needed */
 	enum audit_state    state, current_state;
 	unsigned int	    serial;     /* serial number for record */
 	int		    major;      /* syscall number */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3db1ec97720e..8994d4f4672e 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -927,11 +927,13 @@  static inline void audit_free_aux(struct audit_context *context)
 	}
 }
 
-static inline struct audit_context *audit_alloc_context(enum audit_state state)
+static inline struct audit_context *audit_alloc_context(enum audit_state state,
+							gfp_t gfpflags)
 {
 	struct audit_context *context;
 
-	context = kzalloc(sizeof(*context), GFP_KERNEL);
+	/* We can be called in atomic context via audit_tg() */
+	context = kzalloc(sizeof(*context), gfpflags);
 	if (!context)
 		return NULL;
 	context->state = state;
@@ -967,7 +969,8 @@  int audit_alloc(struct task_struct *tsk)
 		return 0;
 	}
 
-	if (!(context = audit_alloc_context(state))) {
+	context = audit_alloc_context(state, GFP_KERNEL);
+	if (!context) {
 		kfree(key);
 		audit_log_lost("out of memory in audit_alloc");
 		return -ENOMEM;
@@ -979,8 +982,27 @@  int audit_alloc(struct task_struct *tsk)
 	return 0;
 }
 
-static inline void audit_free_context(struct audit_context *context)
+struct audit_context *audit_alloc_local(gfp_t gfpflags)
 {
+	struct audit_context *context = NULL;
+
+	context = audit_alloc_context(AUDIT_RECORD_CONTEXT, gfpflags);
+	if (!context) {
+		audit_log_lost("out of memory in audit_alloc_local");
+		goto out;
+	}
+	context->serial = audit_serial();
+	ktime_get_coarse_real_ts64(&context->ctime);
+	context->local = true;
+out:
+	return context;
+}
+EXPORT_SYMBOL(audit_alloc_local);
+
+void audit_free_context(struct audit_context *context)
+{
+	if (!context)
+		return;
 	audit_free_module(context);
 	audit_free_names(context);
 	unroll_tree_refs(context, NULL, 0);
@@ -991,6 +1013,7 @@  static inline void audit_free_context(struct audit_context *context)
 	audit_proctitle_free(context);
 	kfree(context);
 }
+EXPORT_SYMBOL(audit_free_context);
 
 static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 				 kuid_t auid, kuid_t uid,
@@ -2214,7 +2237,7 @@  EXPORT_SYMBOL_GPL(__audit_inode_child);
 int auditsc_get_stamp(struct audit_context *ctx,
 		       struct timespec64 *t, unsigned int *serial)
 {
-	if (!ctx->in_syscall)
+	if (!ctx->in_syscall && !ctx->local)
 		return 0;
 	if (!ctx->serial)
 		ctx->serial = audit_serial();