1. 20 Mar, 2006 21 commits
    • Dustin Kirkland's avatar
      [PATCH] Fix audit operators · d9d9ec6e
      Dustin Kirkland authored
      Darrel Goeddel initiated a discussion on IRC regarding the possibility
      of audit_comparator() returning -EINVAL signaling an invalid operator.
      
      It is possible when creating the rule to assure that the operator is one
      of the 6 sane values.  Here's a snip from include/linux/audit.h  Note
      that 0 (nonsense) and 7 (all operators) are not valid values for an
      operator.
      
      ...
      
      /* These are the supported operators.
       *      4  2  1
       *      =  >  <
       *      -------
       *      0  0  0         0       nonsense
       *      0  0  1         1       <
       *      0  1  0         2       >
       *      0  1  1         3       !=
       *      1  0  0         4       =
       *      1  0  1         5       <=
       *      1  1  0         6       >=
       *      1  1  1         7       all operators
       */
      ...
      
      Furthermore, prior to adding these extended operators, flagging the
      AUDIT_NEGATE bit implied !=, and otherwise == was assumed.
      
      The following code forces the operator to be != if the AUDIT_NEGATE bit
      was flipped on.  And if no operator was specified, == is assumed.  The
      only invalid condition is if the AUDIT_NEGATE bit is off and all of the
      AUDIT_EQUAL, AUDIT_LESS_THAN, and AUDIT_GREATER_THAN bits are
      on--clearly a nonsensical operator.
      
      Now that this is handled at rule insertion time, the default -EINVAL
      return of audit_comparator() is eliminated such that the function can
      only return 1 or 0.
      
      If this is acceptable, let's get this applied to the current tree.
      
      :-Dustin
      
      --
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      (cherry picked from 9bf0a8e137040f87d1b563336d4194e38fb2ba1a commit)
      d9d9ec6e
    • Steve Grubb's avatar
      [PATCH] promiscuous mode · 5bdb9886
      Steve Grubb authored
      Hi,
      
      When a network interface goes into promiscuous mode, its an important security
      issue. The attached patch is intended to capture that action and send an
      event to the audit system.
      
      The patch carves out a new block of numbers for kernel detected anomalies.
      These are events that may indicate suspicious activity. Other examples of
      potential kernel anomalies would be: exceeding disk quota, rlimit violations,
      changes to syscall entry table.
      Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      5bdb9886
    • Steve Grubb's avatar
      [PATCH] Add tty to syscall audit records · a6c043a8
      Steve Grubb authored
      Hi,
      
      >From the RBAC specs:
      
      FAU_SAR.1.1 The TSF shall provide the set of authorized
      RBAC administrators with the capability to read the following
      audit information from the audit records:
      
      <snip>
      (e) The User Session Identifier or Terminal Type
      
      A patch adding the tty for all syscalls is included in this email.
      Please apply.
      Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      a6c043a8
    • Steve Grubb's avatar
      [PATCH] add/remove rule update · 5d330108
      Steve Grubb authored
      Hi,
      
      The following patch adds a little more information to the add/remove rule message emitted
      by the kernel.
      Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      5d330108
    • Amy Griffis's avatar
      [PATCH] audit string fields interface + consumer · 93315ed6
      Amy Griffis authored
      Updated patch to dynamically allocate audit rule fields in kernel's
      internal representation.  Added unlikely() calls for testing memory
      allocation result.
      
      Amy Griffis wrote:     [Wed Jan 11 2006, 02:02:31PM EST]
      > Modify audit's kernel-userspace interface to allow the specification
      > of string fields in audit rules.
      >
      > Signed-off-by: Amy Griffis <amy.griffis@hp.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      (cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)
      93315ed6
    • Steve Grubb's avatar
      [PATCH] SE Linux audit events · af601e46
      Steve Grubb authored
      Attached is a patch that hardwires important SE Linux events to the audit
      system. Please Apply.
      Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      af601e46
    • David Woodhouse's avatar
    • David Woodhouse's avatar
      [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL · fe7752ba
      David Woodhouse authored
      This fixes the per-user and per-message-type filtering when syscall
      auditing isn't enabled.
      
      [AV: folded followup fix from the same author]
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      fe7752ba
    • David Woodhouse's avatar
      [PATCH] Fix IA64 success/failure indication in syscall auditing. · ee436dc4
      David Woodhouse authored
      Original 2.6.9 patch and explanation from somewhere within HP via
      bugzilla...
      
      ia64 stores a success/failure code in r10, and the return value (normal
      return, or *positive* errno) in r8. The patch also sets the exit code to
      negative errno if it's a failure result for consistency with other
      architectures.
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      ee436dc4
    • Dustin Kirkland's avatar
      [PATCH] Miscellaneous bug and warning fixes · 7306a0b9
      Dustin Kirkland authored
      This patch fixes a couple of bugs revealed in new features recently
      added to -mm1:
      * fixes warnings due to inconsistent use of const struct inode *inode
      * fixes bug that prevent a kernel from booting with audit on, and SELinux off
        due to a missing function in security/dummy.c
      * fixes a bug that throws spurious audit_panic() messages due to a missing
        return just before an error_path label
      * some reasonable house cleaning in audit_ipc_context(),
        audit_inode_context(), and audit_log_task_context()
      Signed-off-by: default avatarDustin Kirkland <dustin.kirkland@us.ibm.com>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      7306a0b9
    • Dustin Kirkland's avatar
      [PATCH] Capture selinux subject/object context information. · 8c8570fb
      Dustin Kirkland authored
      This patch extends existing audit records with subject/object context
      information. Audit records associated with filesystem inodes, ipc, and
      tasks now contain SELinux label information in the field "subj" if the
      item is performing the action, or in "obj" if the item is the receiver
      of an action.
      
      These labels are collected via hooks in SELinux and appended to the
      appropriate record in the audit code.
      
      This additional information is required for Common Criteria Labeled
      Security Protection Profile (LSPP).
      
      [AV: fixed kmalloc flags use]
      [folded leak fixes]
      [folded cleanup from akpm (kfree(NULL)]
      [folded audit_inode_context() leak fix]
      [folded akpm's fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]
      Signed-off-by: default avatarDustin Kirkland <dustin.kirkland@us.ibm.com>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      8c8570fb
    • Dustin Kirkland's avatar
      [PATCH] Exclude messages by message type · c8edc80c
      Dustin Kirkland authored
          - Add a new, 5th filter called "exclude".
          - And add a new field AUDIT_MSGTYPE.
          - Define a new function audit_filter_exclude() that takes a message type
            as input and examines all rules in the filter.  It returns '1' if the
            message is to be excluded, and '0' otherwise.
          - Call the audit_filter_exclude() function near the top of
            audit_log_start() just after asserting audit_initialized.  If the
            message type is not to be audited, return NULL very early, before
            doing a lot of work.
      [combined with followup fix for bug in original patch, Nov 4, same author]
      [combined with later renaming AUDIT_FILTER_EXCLUDE->AUDIT_FILTER_TYPE
      and audit_filter_exclude() -> audit_filter_type()]
      Signed-off-by: default avatarDustin Kirkland <dustin.kirkland@us.ibm.com>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      c8edc80c
    • Amy Griffis's avatar
      [PATCH] Collect more inode information during syscall processing. · 73241ccc
      Amy Griffis authored
      This patch augments the collection of inode info during syscall
      processing. It represents part of the functionality that was provided
      by the auditfs patch included in RHEL4.
      
      Specifically, it:
      
      - Collects information for target inodes created or removed during
        syscalls.  Previous code only collects information for the target
        inode's parent.
      
      - Adds the audit_inode() hook to syscalls that operate on a file
        descriptor (e.g. fchown), enabling audit to do inode filtering for
        these calls.
      
      - Modifies filtering code to check audit context for either an inode #
        or a parent inode # matching a given rule.
      
      - Modifies logging to provide inode # for both parent and child.
      
      - Protect debug info from NULL audit_names.name.
      
      [AV: folded a later typo fix from the same author]
      Signed-off-by: default avatarAmy Griffis <amy.griffis@hp.com>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      73241ccc
    • Amy Griffis's avatar
      [PATCH] Pass dentry, not just name, in fsnotify creation hooks. · f38aa942
      Amy Griffis authored
      The audit hooks (to be added shortly) will want to see dentry->d_inode
      too, not just the name.
      Signed-off-by: default avatarAmy Griffis <amy.griffis@hp.com>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      f38aa942
    • Steve Grubb's avatar
      [PATCH] Define new range of userspace messages. · 90d526c0
      Steve Grubb authored
      The attached patch updates various items for the new user space
      messages. Please apply.
      Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      90d526c0
    • Dustin Kirkland's avatar
      [PATCH] Filter rule comparators · b63862f4
      Dustin Kirkland authored
      Currently, audit only supports the "=" and "!=" operators in the -F
      filter rules.
      
      This patch reworks the support for "=" and "!=", and adds support
      for ">", ">=", "<", and "<=".
      
      This turned out to be a pretty clean, and simply process.  I ended up
      using the high order bits of the "field", as suggested by Steve and Amy.
      This allowed for no changes whatsoever to the netlink communications.
      See the documentation within the patch in the include/linux/audit.h
      area, where there is a table that explains the reasoning of the bitmask
      assignments clearly.
      
      The patch adds a new function, audit_comparator(left, op, right).
      This function will perform the specified comparison (op, which defaults
      to "==" for backward compatibility) between two values (left and right).
      If the negate bit is on, it will negate whatever that result was.  This
      value is returned.
      Signed-off-by: default avatarDustin Kirkland <dustin.kirkland@us.ibm.com>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      b63862f4
    • Randy Dunlap's avatar
      [PATCH] AUDIT: kerneldoc for kernel/audit*.c · b0dd25a8
      Randy Dunlap authored
      - add kerneldoc for non-static functions;
      - don't init static data to 0;
      - limit lines to < 80 columns;
      - fix long-format style;
      - delete whitespace at end of some lines;
      
      (chrisw: resend and update to current audit-2.6 tree)
      Signed-off-by: default avatarRandy Dunlap <rdunlap@xenotime.net>
      Signed-off-by: default avatarChris Wright <chrisw@osdl.org>
      Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
      b0dd25a8
    • Jason Baron's avatar
      [PATCH] make vm86 call audit_syscall_exit · 7e7f8a03
      Jason Baron authored
      hi,
      
      The motivation behind the patch below was to address messages in
      /var/log/messages such as:
      
      Jan 31 10:54:15 mets kernel: audit(:0): major=252 name_count=0: freeing
      multiple contexts (1)
      Jan 31 10:54:15 mets kernel: audit(:0): major=113 name_count=0: freeing
      multiple contexts (2)
      
      I can reproduce by running 'get-edid' from:
      http://john.fremlin.de/programs/linux/read-edid/.
      
      These messages come about in the log b/c the vm86 calls do not exit via
      the normal system call exit paths and thus do not call
      'audit_syscall_exit'. The next system call will then free the context for
      itself and for the vm86 context, thus generating the above messages. This
      patch addresses the issue by simply adding a call to 'audit_syscall_exit'
      from the vm86 code.
      
      Besides fixing the above error messages the patch also now allows vm86
      system calls to become auditable. This is useful since strace does not
      appear to properly record the return values from sys_vm86.
      
      I think this patch is also a step in the right direction in terms of
      cleaning up some core auditing code. If we can correct any other paths
      that do not properly call the audit exit and entries points, then we can
      also eliminate the notion of context chaining.
      
      I've tested this patch by verifying that the log messages no longer
      appear, and that the audit records for sys_vm86 appear to be correct.
      Also, 'read_edid' produces itentical output.
      
      thanks,
      
      -Jason
      Signed-off-by: default avatarJason Baron <jbaron@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      7e7f8a03
    • Linus Torvalds's avatar
      Linux 2.6.16 · 7705a879
      Linus Torvalds authored
      7705a879
    • Andrea Arcangeli's avatar
      [PATCH] Remove obsolete CREDITS address · 2be1aaf9
      Andrea Arcangeli authored
      This address is going to be obsolete, so I should update it.
      2be1aaf9
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus · 46571909
      Linus Torvalds authored
      * 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
        [MIPS] SB1: Check for -mno-sched-prolog if building corelis debug kernel.
        [MIPS] Sibyte: Fix race in sb1250_gettimeoffset().
        [MIPS] Sibyte: Fix interrupt timer off by one bug.
        [MIPS] Sibyte: Fix M_SCD_TIMER_INIT and M_SCD_TIMER_CNT wrong field width.
        [MIPS] Protect more of timer_interrupt() by xtime_lock.
        [MIPS] Work around bad code generation for <asm/io.h>.
        [MIPS] Simple patch to power off DBAU1200
        [MIPS] Fix DBAu1550 software power off.
        [MIPS] local_r4k_flush_cache_page fix
        [MIPS] SB1: Fix interrupt disable hazard.
        [MIPS] Get rid of the IP22-specific code in arclib.
        Update MAINTAINERS entry for MIPS.
      46571909
  2. 19 Mar, 2006 2 commits
    • Michael Chan's avatar
      [TG3]: 40-bit DMA workaround part 2 · 4a29cc2e
      Michael Chan authored
      The 40-bit DMA workaround recently implemented for 5714, 5715, and
      5780 needs to be expanded because there may be other tg3 devices
      behind the EPB Express to PCIX bridge in the 5780 class device.
      
      For example, some 4-port card or mother board designs have 5704 behind
      the 5714.
      
      All devices behind the EPB require the 40-bit DMA workaround.
      
      Thanks to Chris Elmquist again for reporting the problem and testing
      the patch.
      Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4a29cc2e
    • Ralf Baechle DL5RB's avatar
      [AX.25]: Fix potencial memory hole. · c7c694d1
      Ralf Baechle DL5RB authored
      If the AX.25 dialect chosen by the sysadmin is set to DAMA master / 3
      (or DAMA slave / 2, if CONFIG_AX25_DAMA_SLAVE=n) ax25_kick() will fall
      through the switch statement without calling ax25_send_iframe() or any
      other function that would eventually free skbn thus leaking the packet.
      
      Fix by restricting the sysctl inferface to allow only actually supported
      AX.25 dialects.
      
      The system administration mistake needed for this to happen is rather
      unlikely, so this is an uncritical hole.
      
      Coverity #651.
      Signed-off-by: default avatarRalf Baechle DL5RB <ralf@linux-mips.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c7c694d1
  3. 18 Mar, 2006 16 commits
  4. 17 Mar, 2006 1 commit
    • Hugh Dickins's avatar
      [PATCH] fix free swap cache latency · 6f5e6b9e
      Hugh Dickins authored
      Lee Revell reported 28ms latency when process with lots of swapped memory
      exits.
      
      2.6.15 introduced a latency regression when unmapping: in accounting the
      zap_work latency breaker, pte_none counted 1, pte_present PAGE_SIZE, but a
      swap entry counted nothing at all.  We think of pages present as the slow
      case, but Lee's trace shows that free_swap_and_cache's radix tree lookup
      can make a lot of work - and we could have been doing it many thousands of
      times without a latency break.
      
      Move the zap_work update up to account swap entries like pages present.
      This does account non-linear pte_file entries, and unmap_mapping_range
      skipping over swap entries, by the same amount even though they're quick:
      but neither of those cases deserves complicating the code (and they're
      treated no worse than they were in 2.6.14).
      Signed-off-by: default avatarHugh Dickins <hugh@veritas.com>
      Acked-by: default avatarNick Piggin <npiggin@suse.de>
      Acked-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      6f5e6b9e