From f6c2996709ca864a8226f54377b4b07da002b807 Mon Sep 17 00:00:00 2001 From: Ricardo Robaina Date: Thu, 26 Feb 2026 14:15:46 -0300 Subject: [PATCH 1/4] audit: fix whitespace alignment in include/uapi/linux/audit.h Fixed minor indentation inconsistencies in the audit macros to align with standard kernel coding style using 8-character hard tabs. Signed-off-by: Ricardo Robaina [PM: fixed a space before tab issue in the patch] Signed-off-by: Paul Moore --- include/uapi/linux/audit.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 14a1c1fe013a..71cbdc542ce9 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -350,7 +350,7 @@ enum { #define AUDIT_STATUS_ENABLED 0x0001 #define AUDIT_STATUS_FAILURE 0x0002 #define AUDIT_STATUS_PID 0x0004 -#define AUDIT_STATUS_RATE_LIMIT 0x0008 +#define AUDIT_STATUS_RATE_LIMIT 0x0008 #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010 #define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020 #define AUDIT_STATUS_LOST 0x0040 @@ -386,8 +386,8 @@ enum { * These bits disambiguate different calling conventions that share an * ELF machine type, bitness, and endianness */ -#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000 -#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000 +#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000 +#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000 /* distinguish syscall tables */ #define __AUDIT_ARCH_64BIT 0x80000000 From a6053fefcd3e3522274344dd5da8d49eafea25ca Mon Sep 17 00:00:00 2001 From: Ricardo Robaina Date: Thu, 26 Feb 2026 15:13:38 -0300 Subject: [PATCH 2/4] audit: remove redundant initialization of static variables to 0 Static variables are automatically initialized to 0 by the compiler. Remove the redundant explicit assignments in kernel/audit.c to clean up the code, align with standard kernel coding style, and fix the following checkpatch.pl errors: ./scripts/checkpatch.pl kernel/audit.c | grep -A2 ERROR: ERROR: do not initialise statics to 0 + static unsigned long last_check = 0; -- ERROR: do not initialise statics to 0 + static int messages = 0; -- ERROR: do not initialise statics to 0 + static unsigned long last_msg = 0; Signed-off-by: Ricardo Robaina Signed-off-by: Paul Moore --- kernel/audit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 5a0216056524..08793e71b975 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -355,8 +355,8 @@ void audit_panic(const char *message) static inline int audit_rate_check(void) { - static unsigned long last_check = 0; - static int messages = 0; + static unsigned long last_check; + static int messages; static DEFINE_SPINLOCK(lock); unsigned long flags; unsigned long now; @@ -391,7 +391,7 @@ static inline int audit_rate_check(void) */ void audit_log_lost(const char *message) { - static unsigned long last_msg = 0; + static unsigned long last_msg; static DEFINE_SPINLOCK(lock); unsigned long flags; unsigned long now; From f3e334fb7f82cd63734faeb395419ab713b4bb5c Mon Sep 17 00:00:00 2001 From: Ricardo Robaina Date: Tue, 3 Mar 2026 10:35:28 -0300 Subject: [PATCH 3/4] audit: fix coding style issues Fix various coding style issues across the audit subsystem flagged by checkpatch.pl script to adhere to kernel coding standards. Specific changes include: - kernel/auditfilter.c: Move the open brace '{' to the previous line for the audit_ops array declaration. - lib/audit.c: Add a required space before the open parenthesis '('. - include/uapi/linux/audit.h: Enclose the complex macro value for AUDIT_UID_UNSET in parentheses. Signed-off-by: Ricardo Robaina Signed-off-by: Paul Moore --- include/uapi/linux/audit.h | 2 +- kernel/auditfilter.c | 3 +-- lib/audit.c | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 71cbdc542ce9..e8f5ce677df7 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -508,7 +508,7 @@ struct audit_tty_status { __u32 log_passwd; /* 1 = enabled, 0 = disabled */ }; -#define AUDIT_UID_UNSET (unsigned int)-1 +#define AUDIT_UID_UNSET ((unsigned int)-1) #define AUDIT_SID_UNSET ((unsigned int)-1) /* audit_rule_data supports filter rules with both integer and string diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 6e3abbf08e3d..093425123f6c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -303,8 +303,7 @@ exit_err: return ERR_PTR(err); } -static u32 audit_ops[] = -{ +static u32 audit_ops[] = { [Audit_equal] = AUDIT_EQUAL, [Audit_not_equal] = AUDIT_NOT_EQUAL, [Audit_bitmask] = AUDIT_BIT_MASK, diff --git a/lib/audit.c b/lib/audit.c index 738bda22dd39..bc07fbd3a698 100644 --- a/lib/audit.c +++ b/lib/audit.c @@ -42,7 +42,7 @@ int audit_classify_syscall(int abi, unsigned syscall) if (audit_is_compat(abi)) return audit_classify_compat_syscall(abi, syscall); - switch(syscall) { + switch (syscall) { #ifdef __NR_open case __NR_open: return AUDITSC_OPEN; From 360160f75592bdc85edba8fe78fb20d90924c7e8 Mon Sep 17 00:00:00 2001 From: Ricardo Robaina Date: Mon, 9 Mar 2026 10:05:33 -0300 Subject: [PATCH 4/4] audit: handle unknown status requests in audit_receive_msg() Currently, audit_receive_msg() ignores unknown status bits in AUDIT_SET requests, incorrectly returning success to newer user space tools querying unsupported features. This breaks forward compatibility. Fix this by defining AUDIT_STATUS_ALL and returning -EINVAL if any unrecognized bits are set (s.mask & ~AUDIT_STATUS_ALL). This ensures invalid requests are safely rejected, allowing user space to reliably test for and gracefully handle feature detection on older kernels. Suggested-by: Steve Grubb Signed-off-by: Ricardo Robaina [PM: subject line tweak] Signed-off-by: Paul Moore --- include/linux/audit.h | 9 +++++++++ kernel/audit.c | 2 ++ 2 files changed, 11 insertions(+) diff --git a/include/linux/audit.h b/include/linux/audit.h index b642b5faca65..d79218bf075a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -15,6 +15,15 @@ #include #include +#define AUDIT_STATUS_ALL (AUDIT_STATUS_ENABLED | \ + AUDIT_STATUS_FAILURE | \ + AUDIT_STATUS_PID | \ + AUDIT_STATUS_RATE_LIMIT | \ + AUDIT_STATUS_BACKLOG_LIMIT | \ + AUDIT_STATUS_BACKLOG_WAIT_TIME | \ + AUDIT_STATUS_LOST | \ + AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL) + #define AUDIT_INO_UNSET ((unsigned long)-1) #define AUDIT_DEV_UNSET ((dev_t)-1) diff --git a/kernel/audit.c b/kernel/audit.c index 08793e71b975..e1d489bc2dff 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1295,6 +1295,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh, memset(&s, 0, sizeof(s)); /* guard against past and future API changes */ memcpy(&s, data, min_t(size_t, sizeof(s), data_len)); + if (s.mask & ~AUDIT_STATUS_ALL) + return -EINVAL; if (s.mask & AUDIT_STATUS_ENABLED) { err = audit_set_enabled(s.enabled); if (err < 0)