| Message ID | 20211009063053.187953-1-cuigaosheng1@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [-next] integrity: return early if audit_log_start return NULL | expand |
On Sat, Oct 9, 2021 at 2:28 AM Gaosheng Cui <cuigaosheng1@huawei.com> wrote: > > audit_log_start() may return NULL in below cases: > - when audit is not initialized. > - when audit backlog limit exceeds. > > After the call to audit_log_start() is made and then possible NULL audit > buffer argument is passed to audit_log_*() functions, audit_log_*() > functions return immediately in case of a NULL audit buffer argument. > > It is not necessary for audit_log_*() functions to be called with > NULL audit buffer argument, so return early when audit_log_start() > returns NULL. > > Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> > --- > security/integrity/integrity_audit.c | 2 ++ > 1 file changed, 2 insertions(+) Acked-by: Paul Moore <paul@paul-moore.com> > diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c > index 29220056207f..fbc032185d72 100644 > --- a/security/integrity/integrity_audit.c > +++ b/security/integrity/integrity_audit.c > @@ -45,6 +45,8 @@ void integrity_audit_message(int audit_msgno, struct inode *inode, > return; > > ab = audit_log_start(audit_context(), GFP_KERNEL, audit_msgno); > + if (unlikely(!ab)) > + return; > audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", > task_pid_nr(current), > from_kuid(&init_user_ns, current_uid()), > -- > 2.30.0
diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 29220056207f..fbc032185d72 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -45,6 +45,8 @@ void integrity_audit_message(int audit_msgno, struct inode *inode, return; ab = audit_log_start(audit_context(), GFP_KERNEL, audit_msgno); + if (unlikely(!ab)) + return; audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", task_pid_nr(current), from_kuid(&init_user_ns, current_uid()),
audit_log_start() may return NULL in below cases: - when audit is not initialized. - when audit backlog limit exceeds. After the call to audit_log_start() is made and then possible NULL audit buffer argument is passed to audit_log_*() functions, audit_log_*() functions return immediately in case of a NULL audit buffer argument. It is not necessary for audit_log_*() functions to be called with NULL audit buffer argument, so return early when audit_log_start() returns NULL. Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> --- security/integrity/integrity_audit.c | 2 ++ 1 file changed, 2 insertions(+)