audit/stable-7.1 PR 20260410

-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmnZegUUHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNydxAApWBVRWp/AY7jtCQGWRYAa+6y+bQ0
 RWfu8putXaOyk3NTeWP64e87FKsdByR/yflefYxMH+bXc2mwbuUZYAreEVmLCJ1P
 QxHKuwCkCNOz90n/Y7nlDSDK1GYdzlFkCgidfr4iNSCD58WMTtNNpZREzaNiR8a1
 PZ3bFvJH+S7BRCGA6/S/20rNYeWTga56pSrWt6VpMwVHGJ1R4DsD60pT8z0NqMYI
 BTBLeZ36HlZdwUp+APldKNNDRKG1ZQVKJRO68qcSkopr4vQzK7yL/SJsCdU8MHj2
 LccXTCTHHWJbpdiE7BtzPO9UobVZIdcz2wsnJHWxzHYtXlPolgM7F31111GL4HSv
 V/mq5o7dR3h6nn+1gkWHjOpd/f3J3xl3FaJsH9FIIhPmCRHb4oZI0WG0ZH3mHZBl
 o6aaWja3PBl0XNA+q87DQVBYDOyVNB4RjuaKy+d7hm4eronTRaZkg3zutrB6/XxP
 uFbp+Q3diWNMsYO52DKFThL/sStmnnCMIRJuTxd8QaPhLVakaFSkWZycSUH4HijD
 8WMk3e4yo3TeD6rCAognwKclj0vCMHS3TLOMXlY0vMD04gwXJ2S81yfyXGT4F5De
 KkXj61TFMxPyiZ6yrxk86BmoqHL0DUiCDn1rMKbNdIncHedKZoNuy+O/XNLS6No/
 hLRvXSI7MNthJ5E=
 =1rY2
 -----END PGP SIGNATURE-----

Merge tag 'audit-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit updates from Paul Moore:

 - Improved handling of unknown status requests from userspace

   The current kernel code ignores unknown/unused request bits sent from
   userspace and returns an error code based on the results of the
   request(s) it does understand. The patch from Ricardo fixes this so
   that unknown requests return an -EINVAL to userspace, making
   compatibility a bit easier moving forward.

 - A number of small style and formatting cleanups

* tag 'audit-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: handle unknown status requests in audit_receive_msg()
  audit: fix coding style issues
  audit: remove redundant initialization of static variables to 0
  audit: fix whitespace alignment in include/uapi/linux/audit.h
This commit is contained in:
Linus Torvalds 2026-04-13 14:56:54 -07:00
commit de639344bb
5 changed files with 20 additions and 10 deletions

View file

@ -15,6 +15,15 @@
#include <uapi/linux/audit.h>
#include <uapi/linux/fanotify.h>
#define AUDIT_STATUS_ALL (AUDIT_STATUS_ENABLED | \
AUDIT_STATUS_FAILURE | \
AUDIT_STATUS_PID | \
AUDIT_STATUS_RATE_LIMIT | \
AUDIT_STATUS_BACKLOG_LIMIT | \
AUDIT_STATUS_BACKLOG_WAIT_TIME | \
AUDIT_STATUS_LOST | \
AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL)
#define AUDIT_INO_UNSET ((u64)-1)
#define AUDIT_DEV_UNSET ((dev_t)-1)

View file

@ -350,7 +350,7 @@ enum {
#define AUDIT_STATUS_ENABLED 0x0001
#define AUDIT_STATUS_FAILURE 0x0002
#define AUDIT_STATUS_PID 0x0004
#define AUDIT_STATUS_RATE_LIMIT 0x0008
#define AUDIT_STATUS_RATE_LIMIT 0x0008
#define AUDIT_STATUS_BACKLOG_LIMIT 0x0010
#define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020
#define AUDIT_STATUS_LOST 0x0040
@ -386,8 +386,8 @@ enum {
* These bits disambiguate different calling conventions that share an
* ELF machine type, bitness, and endianness
*/
#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000
#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000
#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000
#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000
/* distinguish syscall tables */
#define __AUDIT_ARCH_64BIT 0x80000000
@ -508,7 +508,7 @@ struct audit_tty_status {
__u32 log_passwd; /* 1 = enabled, 0 = disabled */
};
#define AUDIT_UID_UNSET (unsigned int)-1
#define AUDIT_UID_UNSET ((unsigned int)-1)
#define AUDIT_SID_UNSET ((unsigned int)-1)
/* audit_rule_data supports filter rules with both integer and string

View file

@ -355,8 +355,8 @@ void audit_panic(const char *message)
static inline int audit_rate_check(void)
{
static unsigned long last_check = 0;
static int messages = 0;
static unsigned long last_check;
static int messages;
static DEFINE_SPINLOCK(lock);
unsigned long flags;
unsigned long now;
@ -391,7 +391,7 @@ static inline int audit_rate_check(void)
*/
void audit_log_lost(const char *message)
{
static unsigned long last_msg = 0;
static unsigned long last_msg;
static DEFINE_SPINLOCK(lock);
unsigned long flags;
unsigned long now;
@ -1295,6 +1295,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
memset(&s, 0, sizeof(s));
/* guard against past and future API changes */
memcpy(&s, data, min_t(size_t, sizeof(s), data_len));
if (s.mask & ~AUDIT_STATUS_ALL)
return -EINVAL;
if (s.mask & AUDIT_STATUS_ENABLED) {
err = audit_set_enabled(s.enabled);
if (err < 0)

View file

@ -303,8 +303,7 @@ exit_err:
return ERR_PTR(err);
}
static u32 audit_ops[] =
{
static u32 audit_ops[] = {
[Audit_equal] = AUDIT_EQUAL,
[Audit_not_equal] = AUDIT_NOT_EQUAL,
[Audit_bitmask] = AUDIT_BIT_MASK,

View file

@ -42,7 +42,7 @@ int audit_classify_syscall(int abi, unsigned syscall)
if (audit_is_compat(abi))
return audit_classify_compat_syscall(abi, syscall);
switch(syscall) {
switch (syscall) {
#ifdef __NR_open
case __NR_open:
return AUDITSC_OPEN;