* [PATCH -next,v3 0/2] Audit: fix warning and check priority early @ 2021-10-16 7:23 Gaosheng Cui 2021-10-16 7:23 ` [PATCH -next, v3 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui 2021-10-16 7:23 ` [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority Gaosheng Cui 0 siblings, 2 replies; 7+ messages in thread From: Gaosheng Cui @ 2021-10-16 7:23 UTC (permalink / raw) To: paul, eparis, rgb; +Cc: wangweiyang2, linux-audit, linux-kernel v3: drop the redundant commit message and add a Fixes tag to the first patch v2: audit: fix possible null-pointer dereference in audit_filter_rules audit: return early if the rule has a lower priority v1: audit: return early if the rule has a lower priority Gaosheng Cui (2): audit: fix possible null-pointer dereference in audit_filter_rules audit: return early if the rule has a lower priority kernel/auditsc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) -- 2.30.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH -next, v3 1/2] audit: fix possible null-pointer dereference in audit_filter_rules 2021-10-16 7:23 [PATCH -next,v3 0/2] Audit: fix warning and check priority early Gaosheng Cui @ 2021-10-16 7:23 ` Gaosheng Cui 2021-10-18 22:28 ` Paul Moore 2021-10-16 7:23 ` [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority Gaosheng Cui 1 sibling, 1 reply; 7+ messages in thread From: Gaosheng Cui @ 2021-10-16 7:23 UTC (permalink / raw) To: paul, eparis, rgb; +Cc: wangweiyang2, linux-audit, linux-kernel Fix possible null-pointer dereference in audit_filter_rules. audit_filter_rules() error: we previously assumed 'ctx' could be null Fixes: bf361231c295 ("audit: add saddr_fam filter field") Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4ba3b8573ff4..42d4a4320526 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -647,7 +647,7 @@ static int audit_filter_rules(struct task_struct *tsk, result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); break; case AUDIT_SADDR_FAM: - if (ctx->sockaddr) + if (ctx && ctx->sockaddr) result = audit_comparator(ctx->sockaddr->ss_family, f->op, f->val); break; -- 2.30.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH -next, v3 1/2] audit: fix possible null-pointer dereference in audit_filter_rules 2021-10-16 7:23 ` [PATCH -next, v3 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui @ 2021-10-18 22:28 ` Paul Moore 0 siblings, 0 replies; 7+ messages in thread From: Paul Moore @ 2021-10-18 22:28 UTC (permalink / raw) To: Gaosheng Cui; +Cc: rgb, wangweiyang2, linux-audit, linux-kernel, Eric Paris On Sat, Oct 16, 2021 at 3:21 AM Gaosheng Cui <cuigaosheng1@huawei.com> wrote: > > Fix possible null-pointer dereference in audit_filter_rules. > > audit_filter_rules() error: we previously assumed 'ctx' could be null > > Fixes: bf361231c295 ("audit: add saddr_fam filter field") > Reported-by: kernel test robot <lkp@intel.com> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> > --- > kernel/auditsc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Thank you for the patch; I added a stable tag and merged it into audit/stable-5.15, I'll send it up to Linus later this week once it has gone through some additional testing. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority 2021-10-16 7:23 [PATCH -next,v3 0/2] Audit: fix warning and check priority early Gaosheng Cui 2021-10-16 7:23 ` [PATCH -next, v3 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui @ 2021-10-16 7:23 ` Gaosheng Cui 2021-10-18 22:38 ` Paul Moore 2021-10-19 14:51 ` Steve Grubb 1 sibling, 2 replies; 7+ messages in thread From: Gaosheng Cui @ 2021-10-16 7:23 UTC (permalink / raw) To: paul, eparis, rgb; +Cc: wangweiyang2, linux-audit, linux-kernel It is not necessary for audit_filter_rules() functions to check audit fileds of the rule with a lower priority, and if we did, there might be some unintended effects, such as the ctx->ppid may be changed unexpectedly, so return early if the rule has a lower priority. Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> --- kernel/auditsc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 42d4a4320526..b517947bfa48 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk, u32 sid; unsigned int sessionid; + if (ctx && rule->prio <= ctx->prio) + return 0; + cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); for (i = 0; i < rule->field_count; i++) { @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk, } if (ctx) { - if (rule->prio <= ctx->prio) - return 0; if (rule->filterkey) { kfree(ctx->filterkey); ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); -- 2.30.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority 2021-10-16 7:23 ` [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority Gaosheng Cui @ 2021-10-18 22:38 ` Paul Moore 2021-10-19 14:51 ` Steve Grubb 1 sibling, 0 replies; 7+ messages in thread From: Paul Moore @ 2021-10-18 22:38 UTC (permalink / raw) To: Gaosheng Cui; +Cc: rgb, wangweiyang2, linux-audit, linux-kernel, Eric Paris On Sat, Oct 16, 2021 at 3:21 AM Gaosheng Cui <cuigaosheng1@huawei.com> wrote: > > It is not necessary for audit_filter_rules() functions to check > audit fileds of the rule with a lower priority, and if we did, > there might be some unintended effects, such as the ctx->ppid > may be changed unexpectedly, so return early if the rule has > a lower priority. > > Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> > --- > kernel/auditsc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) Merged to audit/next, thanks! -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority 2021-10-16 7:23 ` [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority Gaosheng Cui 2021-10-18 22:38 ` Paul Moore @ 2021-10-19 14:51 ` Steve Grubb 2021-10-19 14:53 ` Paul Moore 1 sibling, 1 reply; 7+ messages in thread From: Steve Grubb @ 2021-10-19 14:51 UTC (permalink / raw) To: paul, eparis, rgb, linux-audit Cc: wangweiyang2, linux-audit, linux-kernel, Gaosheng Cui Hello, On Saturday, October 16, 2021 3:23:51 AM EDT Gaosheng Cui wrote: > It is not necessary for audit_filter_rules() functions to check > audit fileds of the rule with a lower priority, and if we did, > there might be some unintended effects, such as the ctx->ppid > may be changed unexpectedly, so return early if the rule has > a lower priority. > > Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> > --- > kernel/auditsc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 42d4a4320526..b517947bfa48 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk, > u32 sid; > unsigned int sessionid; > > + if (ctx && rule->prio <= ctx->prio) > + return 0; > + Just wondering something... If the first thing we do is to decide to return, should we have called the function in the first place? I wonder if this test should be used to break out of the rule iteration loops so that we don't keep calling only to return ? -Steve > cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); > > for (i = 0; i < rule->field_count; i++) { > @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk, > } > > if (ctx) { > - if (rule->prio <= ctx->prio) > - return 0; > if (rule->filterkey) { > kfree(ctx->filterkey); > ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority 2021-10-19 14:51 ` Steve Grubb @ 2021-10-19 14:53 ` Paul Moore 0 siblings, 0 replies; 7+ messages in thread From: Paul Moore @ 2021-10-19 14:53 UTC (permalink / raw) To: Steve Grubb Cc: rgb, linux-kernel, Eric Paris, wangweiyang2, linux-audit, Gaosheng Cui On Tue, Oct 19, 2021 at 10:51 AM Steve Grubb <sgrubb@redhat.com> wrote: > Just wondering something... If the first thing we do is to decide to return, > should we have called the function in the first place? I wonder if this test > should be used to break out of the rule iteration loops so that we don't keep > calling only to return ? Patches are welcome ... ;) -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-10-19 14:58 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-10-16 7:23 [PATCH -next,v3 0/2] Audit: fix warning and check priority early Gaosheng Cui 2021-10-16 7:23 ` [PATCH -next, v3 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui 2021-10-18 22:28 ` Paul Moore 2021-10-16 7:23 ` [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority Gaosheng Cui 2021-10-18 22:38 ` Paul Moore 2021-10-19 14:51 ` Steve Grubb 2021-10-19 14:53 ` Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox