From mboxrd@z Thu Jan 1 00:00:00 1970 From: hujianyang Subject: Re: [RFC PATCH] audit: correctly record file names with different path name types Date: Tue, 2 Dec 2014 15:12:25 +0800 Message-ID: <547D6659.6090603@huawei.com> References: <20141201212747.19982.27425.stgit@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20141201212747.19982.27425.stgit@localhost> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Paul Moore Cc: rgb@redhat.com, linux-audit@redhat.com, jlayton@redhat.com List-Id: linux-audit@redhat.com On 2014/12/2 5:27, Paul Moore wrote: > --- > kernel/auditsc.c | 14 ++++++++++---- > 1 file changed, 10 insertions(+), 4 deletions(-) > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 21eae3c..ff99c05 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -1886,12 +1886,18 @@ void __audit_inode(struct filename *name, const struct dentry *dentry, > } > > out_alloc: > - /* unable to find the name from a previous getname(). Allocate a new > - * anonymous entry. > - */ > - n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); > + /* unable to find an entry with both a matching name and type */ > + n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); > if (!n) > return; > + if (name) > + /* since name is not NULL we know there is already a matching > + * name record, see audit_getname(), so there must be a type > + * mismatch; reuse the string path since the original name > + * record will keep the string valid until we free it in > + * audit_free_names() */ > + n->name = name; > + > out: > if (parent) { > n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL; > > > . > Hi Paul, Thanks for your work~! But I'm sorry to say I've tested this patch with a kernel 3.10.53 and met a panic while booting. I think it's caused by this patch. Could you please take some time to look at this? Did I do something wrong? Thanks~! Hu INIT: Entering runlevel: 3 Starting OpenBSD Secure Shell server: sshd done. Starting audit daemon auditd [ 25.257694] type=1305 audit(1417530900.169:2): audit_pid=1348 old=0 auid=4294967295 ses=4294967295 [ 25.257694] res=1 Starting domain name service: namedwrote key file "/etc/bind/rndc.key" . hwclock: can't open '/dev/misc/rtc': No such file or directory Starting ntpd: done Starting syslog-ng:[ 25.623155] Unable to handle kernel NULL pointer dereference at virtual address 00000001 [ 25.631287] pgd = c5a1c000 [ 25.633994] [00000001] *pgd=85880831, *pte=00000000, *ppte=00000000 [ 25.640295] Internal error: Oops: 17 [#1] SMP ARM [ 25.644993] Modules linked in: ipv6 [ 25.648507] CPU: 0 PID: 1375 Comm: syslog-ng Not tainted 3.10.53 #1 [ 25.655286] task: ef34ac00 ti: c5ae6000 task.ti: c5ae6000 [ 25.660681] PC is at strlen+0xc/0x20 [ 25.664264] LR is at audit_compare_dname_path+0x20/0x68 [ 25.669484] pc : [] lr : [] psr: 600f0013 [ 25.669484] sp : c5ae7e58 ip : 00000000 fp : ef349c44 [ 25.680944] r10: 0000c1ed r9 : ef26c1a8 r8 : ee74ef0c [ 25.686162] r7 : ee74eee0 r6 : 00000003 r5 : 00000001 r4 : 00000005 [ 25.692679] r3 : 00000002 r2 : 00000001 r1 : 00000000 r0 : 00000001 [ 25.699198] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 25.706323] Control: 18c53c7d Table: 85a1c04a DAC: 00000015 [ 25.712061] Process syslog-ng (pid: 1375, stack limit = 0xc5ae6238) [ 25.718319] Stack: (0xc5ae7e58 to 0xc5ae8000) [ 25.722672] 7e40: ef349c00 00000000 [ 25.730841] 7e60: ef349dd8 ee74eee0 ee74ef0c c0080504 ef26c1a8 00000004 00000004 ef26c1a8 [ 25.739009] 7e80: c5815680 ee74eee0 0000c1ed 00000000 00000001 0000c1ed 0000000b c00fa2c4 [ 25.747178] 7ea0: ef26c1a8 ee74eee0 dd79fc00 c5815680 00000000 ee74eee0 c581581c c02b6550 [ 25.755346] 7ec0: c5bfd015 c5bfd010 00000000 c048e000 ef26c1a8 00000001 00000002 c5ae6000 [ 25.763514] 7ee0: dd9b96d0 ee71ac38 c5ae7f18 eec45800 0000000b 01357070 0000011a c000e1e4 [ 25.771682] 7f00: c5ae6000 00000200 00000000 c022fcf4 00000000 00000000 642f0001 6c2f7665 [ 25.779850] 7f20: 0000676f dd7eb400 ef34ac00 c04a6270 c5ae7f48 c04a6368 00000001 c0081d14 [ 25.788016] 7f40: c5ae7f48 000000c3 ef349c00 ef349c00 00000001 0000011a ef349c00 00000001 [ 25.796183] 7f60: c5ae7f68 c0082108 547dce14 202fbeff 00000008 c5ae7f88 c5ae6000 0000011a [ 25.804351] 7f80: 0000011a c001037c 0000000b 01357060 0000000b 01357060 01357060 00000008 [ 25.812520] 7fa0: beaf8a2c c000e1c8 01357060 00000008 00000008 01357070 0000000b 01357060 [ 25.820687] 7fc0: 01357060 00000008 beaf8a2c 0000011a 01350ba8 00000000 4fa97000 00000000 [ 25.828855] 7fe0: b6d8e870 beaf88ec b6f43ee0 b6d8e87c 600f0010 00000008 af7fd821 af7fdc21 [ 25.837031] [] (strlen+0xc/0x20) from [] (audit_compare_dname_path+0x20/0x68) [ 25.845899] [] (audit_compare_dname_path+0x20/0x68) from [] (__audit_inode_child+0x124/0x26c) [ 25.856153] [] (__audit_inode_child+0x124/0x26c) from [] (vfs_mknod+0x138/0x158) [ 25.865285] [] (vfs_mknod+0x138/0x158) from [] (unix_bind+0x114/0x2b8) [ 25.873552] [] (unix_bind+0x114/0x2b8) from [] (SyS_bind+0x5c/0x80) [ 25.881556] [] (SyS_bind+0x5c/0x80) from [] (__sys_trace_return+0x0/0x18) [ 25.890072] Code: c02f1948 e1a03000 e1a02003 e2833001 (e5d21000) [ 25.896176] ---[ end trace 2f04133705b763f6 ]--- [ 25.900790] Kernel panic - not syncing: Fatal exception