Merge: audit: backport kernel audit enhancements and fixes up to upstream v6.10

zampierilucas · zampierilucas · commit e60c2bb59d50 · 2024-07-22T14:42:00.000Z
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/4653 JIRA: https://issues.redhat.com/browse/RHEL-35421 Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=62377223 Backport selected trivial fixes, cleanups, and enhancements from upstream up to version 6.10. This will help make Audit functionality more stable, bring useful enhancements/fixes downstream, and ease future backports. Selected upstream commits: [cleanup] 97f576e audit: Annotate struct audit_chunk with __counted_by [bug fix] 03adc61 audit,io_uring: io_uring openat triggers audit reference count underflow [cleanup] 3104d0e audit: remove unnecessary assignment in audit_dupe_lsm_field() [cleanup] aa13b70 audit: use KMEM_CACHE() instead of kmem_cache_create() In addition, the upstream commit ea47ab1 ("putname(): IS_ERR_OR_NULL() is wrong here") was added to the list as a dependency. Ricardo Robaina (5): putname(): IS_ERR_OR_NULL() is wrong here audit: Annotate struct audit_chunk with __counted_by audit,io_uring: io_uring openat triggers audit reference count underflow audit: remove unnecessary assignment in audit_dupe_lsm_field() audit: use KMEM_CACHE() instead of kmem_cache_create() fs/namei.c | 11 ++++++----- include/linux/fs.h | 2 +- kernel/audit.c | 4 +--- kernel/audit_tree.c | 2 +- kernel/auditfilter.c | 2 +- kernel/auditsc.c | 8 ++++---- 6 files changed, 14 insertions(+), 15 deletions(-) Signed-off-by: Ricardo Robaina <rrobaina@redhat.com> Approved-by: Richard Guy Briggs <rgb@redhat.com> Approved-by: Ondrej Mosnáček <omosnacek@gmail.com> Approved-by: Wander Lairson Costa <wander@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Lucas Zampieri <lzampier@redhat.com>
diff --git a/fs/namei.c b/fs/namei.c
@@ -187,7 +187,7 @@ getname_flags(const char __user *filename, int flags, int *empty)
 		}
 	}
 
-	result->refcnt = 1;
+	atomic_set(&result->refcnt, 1);
 	/* The empty path is special. */
 	if (unlikely(!len)) {
 		if (empty)
@@ -248,20 +248,21 @@ getname_kernel(const char * filename)
 	memcpy((char *)result->name, filename, len);
 	result->uptr = NULL;
 	result->aname = NULL;
-	result->refcnt = 1;
+	atomic_set(&result->refcnt, 1);
 	audit_getname(result);
 
 	return result;
 }
 
 void putname(struct filename *name)
 {
-	if (IS_ERR_OR_NULL(name))
+	if (IS_ERR(name))
 		return;
 
-	BUG_ON(name->refcnt <= 0);
+	if (WARN_ON_ONCE(!atomic_read(&name->refcnt)))
+		return;
 
-	if (--name->refcnt > 0)
+	if (!atomic_dec_and_test(&name->refcnt))
 		return;
 
 	if (name->name != name->iname) {
diff --git a/include/linux/fs.h b/include/linux/fs.h
@@ -2776,7 +2776,7 @@ struct audit_names;
 struct filename {
 	const char		*name;	/* pointer to actual string */
 	const __user char	*uptr;	/* original userland pointer */
-	int			refcnt;
+	atomic_t		refcnt;
 	struct audit_names	*aname;
 	const char		iname[];
 };
diff --git a/kernel/audit.c b/kernel/audit.c
@@ -1676,9 +1676,7 @@ static int __init audit_init(void)
 	if (audit_initialized == AUDIT_DISABLED)
 		return 0;
 
-	audit_buffer_cache = kmem_cache_create("audit_buffer",
-					       sizeof(struct audit_buffer),
-					       0, SLAB_PANIC, NULL);
+	audit_buffer_cache = KMEM_CACHE(audit_buffer, SLAB_PANIC);
 
 	skb_queue_head_init(&audit_queue);
 	skb_queue_head_init(&audit_retry_queue);
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
@@ -34,7 +34,7 @@ struct audit_chunk {
 		struct list_head list;
 		struct audit_tree *owner;
 		unsigned index;		/* index; upper bit indicates 'will prune' */
-	} owners[];
+	} owners[] __counted_by(count);
 };
 
 struct audit_tree_mark {
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
@@ -788,7 +788,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
 static inline int audit_dupe_lsm_field(struct audit_field *df,
 					   struct audit_field *sf)
 {
-	int ret = 0;
+	int ret;
 	char *lsm_str;
 
 	/* our own copy of lsm_str */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
@@ -2216,7 +2216,7 @@ __audit_reusename(const __user char *uptr)
 		if (!n->name)
 			continue;
 		if (n->name->uptr == uptr) {
-			n->name->refcnt++;
+			atomic_inc(&n->name->refcnt);
 			return n->name;
 		}
 	}
@@ -2245,7 +2245,7 @@ void __audit_getname(struct filename *name)
 	n->name = name;
 	n->name_len = AUDIT_NAME_FULL;
 	name->aname = n;
-	name->refcnt++;
+	atomic_inc(&name->refcnt);
 }
 
 static inline int audit_copy_fcaps(struct audit_names *name,
@@ -2377,7 +2377,7 @@ void __audit_inode(struct filename *name, const struct dentry *dentry,
 		return;
 	if (name) {
 		n->name = name;
-		name->refcnt++;
+		atomic_inc(&name->refcnt);
 	}
 
 out:
@@ -2504,7 +2504,7 @@ void __audit_inode_child(struct inode *parent,
 		if (found_parent) {
 			found_child->name = found_parent->name;
 			found_child->name_len = AUDIT_NAME_FULL;
-			found_child->name->refcnt++;
+			atomic_inc(&found_child->name->refcnt);
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -788,7 +788,7 @@ static int audit_compare_rule(struct audit_krule a, struct audit_krule b)`
`788`	`788`	`static inline int audit_dupe_lsm_field(struct audit_field *df,`
`789`	`789`	`struct audit_field *sf)`
`790`	`790`	`{`
`791`		`- int ret = 0;`
	`791`	`+ int ret;`
`792`	`792`	`char *lsm_str;`
`793`	`793`
`794`	`794`	`/* our own copy of lsm_str */`
Original file line number	Diff line number	Diff line change
`@@ -2216,7 +2216,7 @@ __audit_reusename(const __user char *uptr)`
`2216`	`2216`	`if (!n->name)`
`2217`	`2217`	`continue;`
`2218`	`2218`	`if (n->name->uptr == uptr) {`
`2219`		`- n->name->refcnt++;`
	`2219`	`+ atomic_inc(&n->name->refcnt);`
`2220`	`2220`	`return n->name;`
`2221`	`2221`	`}`
`2222`	`2222`	`}`
`@@ -2245,7 +2245,7 @@ void __audit_getname(struct filename *name)`
`2245`	`2245`	`n->name = name;`
`2246`	`2246`	`n->name_len = AUDIT_NAME_FULL;`
`2247`	`2247`	`name->aname = n;`
`2248`		`- name->refcnt++;`
	`2248`	`+ atomic_inc(&name->refcnt);`
`2249`	`2249`	`}`
`2250`	`2250`
`2251`	`2251`	`static inline int audit_copy_fcaps(struct audit_names *name,`
`@@ -2377,7 +2377,7 @@ void __audit_inode(struct filename name, const struct dentry dentry,`
`2377`	`2377`	`return;`
`2378`	`2378`	`if (name) {`
`2379`	`2379`	`n->name = name;`
`2380`		`- name->refcnt++;`
	`2380`	`+ atomic_inc(&name->refcnt);`
`2381`	`2381`	`}`
`2382`	`2382`
`2383`	`2383`	`out:`
`@@ -2504,7 +2504,7 @@ void __audit_inode_child(struct inode *parent,`
`2504`	`2504`	`if (found_parent) {`
`2505`	`2505`	`found_child->name = found_parent->name;`
`2506`	`2506`	`found_child->name_len = AUDIT_NAME_FULL;`
`2507`		`- found_child->name->refcnt++;`
	`2507`	`+ atomic_inc(&found_child->name->refcnt);`
`2508`	`2508`	`}`
`2509`	`2509`	`}`
`2510`	`2510`