* [PATCH] Fix the kernel panic of audit_filter_task when key field is set @ 2008-08-01 11:15 zhangxiliang 2008-08-02 2:19 ` zhangxiliang 0 siblings, 1 reply; 6+ messages in thread From: zhangxiliang @ 2008-08-01 11:15 UTC (permalink / raw) To: Eric Paris, Steve Grubb, viro, Linux Audit, Linux Kernel Mailing List When calling audit_filter_task(), it calls audit_filter_rules() with audit_context is NULL. If the key field is set, the result in audit_filter_rules() will be set to 1 and ctx->filterkey will be set to key. But the ctx is NULL in this condition, so kernel will panic. Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com> --- kernel/auditsc.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4699950..012c94e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -610,7 +610,7 @@ static int audit_filter_rules(struct task_struct *tsk, if (!result) return 0; } - if (rule->filterkey) + if (rule->filterkey && ctx) ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); switch (rule->action) { case AUDIT_NEVER: *state = AUDIT_DISABLED; break; ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] Fix the kernel panic of audit_filter_task when key field is set 2008-08-01 11:15 [PATCH] Fix the kernel panic of audit_filter_task when key field is set zhangxiliang @ 2008-08-02 2:19 ` zhangxiliang 2008-08-02 2:51 ` Yu Zhiguo 0 siblings, 1 reply; 6+ messages in thread From: zhangxiliang @ 2008-08-02 2:19 UTC (permalink / raw) To: Eric Paris, Steve Grubb, viro, Linux Audit, Linux Kernel Mailing List [PATCH] Fix the kernel panic of audit_filter_task when AUDIT_PERM or AUDIT_FILETYPE field is set When calling audit_filter_task(), it calls audit_filter_rules() with audit_context is NULL. If the AUDIT_PERM or AUDIT_FILETYPE field is set, audit_match_perm() or audit_match_filetype() will use ctx->xx. But the ctx is NULL in this condition, so kernel will panic. Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com> --- kernel/auditsc.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 012c94e..29b6964 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -243,6 +243,8 @@ static inline int open_arg(int flags, int mask) static int audit_match_perm(struct audit_context *ctx, int mask) { + if(!ctx) + return 0; unsigned n = ctx->major; switch (audit_classify_syscall(ctx->arch, n)) { case 0: /* native */ @@ -284,6 +286,8 @@ static int audit_match_filetype(struct audit_context *ctx, int which) { unsigned index = which & ~S_IFMT; mode_t mode = which & S_IFMT; + if(!ctx) + return 0; if (index >= ctx->name_count) return 0; if (ctx->names[index].ino == -1) zhangxiliang said the following on 2008-08-01 19:15: > When calling audit_filter_task(), it calls audit_filter_rules() with audit_context is NULL. > If the key field is set, the result in audit_filter_rules() will be set to 1 and > ctx->filterkey will be set to key. > But the ctx is NULL in this condition, so kernel will panic. > > Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com> > --- > kernel/auditsc.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 4699950..012c94e 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -610,7 +610,7 @@ static int audit_filter_rules(struct task_struct *tsk, > if (!result) > return 0; > } > - if (rule->filterkey) > + if (rule->filterkey && ctx) > ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); > switch (rule->action) { > case AUDIT_NEVER: *state = AUDIT_DISABLED; break; > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit > > > ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] Fix the kernel panic of audit_filter_task when key field is set 2008-08-02 2:19 ` zhangxiliang @ 2008-08-02 2:51 ` Yu Zhiguo 2008-08-02 2:56 ` zhangxiliang 0 siblings, 1 reply; 6+ messages in thread From: Yu Zhiguo @ 2008-08-02 2:51 UTC (permalink / raw) To: zhangxiliang Cc: Eric Paris, Steve Grubb, viro, Linux Audit, Linux Kernel Mailing List zhangxiliang wrote: > static int audit_match_perm(struct audit_context *ctx, int mask) > { > + if(!ctx) > + return 0; > unsigned n = ctx->major; Please check this patch with scripts/checkpatch.pl and then resend it. > switch (audit_classify_syscall(ctx->arch, n)) { > case 0: /* native */ > @@ -284,6 +286,8 @@ static int audit_match_filetype(struct audit_context *ctx, int which) > { > unsigned index = which & ~S_IFMT; > mode_t mode = which & S_IFMT; > + if(!ctx) > + return 0; > if (index >= ctx->name_count) > return 0; > if (ctx->names[index].ino == -1) > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Fix the kernel panic of audit_filter_task when key field is set 2008-08-02 2:51 ` Yu Zhiguo @ 2008-08-02 2:56 ` zhangxiliang 2008-08-04 10:20 ` Al Viro 2008-08-20 11:18 ` [PATCH] fix warning in audit_match_perm Benny Halevy 0 siblings, 2 replies; 6+ messages in thread From: zhangxiliang @ 2008-08-02 2:56 UTC (permalink / raw) Cc: Eric Paris, Steve Grubb, viro, Linux Audit, Linux Kernel Mailing List, Yu Zhiguo Sorry, I miss a blank between if and "(". And I add "unlikely" to check "ctx" in audit_match_perm() and audit_match_filetype(). This is a new patch for it. Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com> --- kernel/auditsc.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4699950..57a001a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -243,6 +243,9 @@ static inline int open_arg(int flags, int mask) static int audit_match_perm(struct audit_context *ctx, int mask) { + if (unlikely(!ctx)) + return 0; + unsigned n = ctx->major; switch (audit_classify_syscall(ctx->arch, n)) { case 0: /* native */ @@ -284,6 +287,10 @@ static int audit_match_filetype(struct audit_context *ctx, int which) { unsigned index = which & ~S_IFMT; mode_t mode = which & S_IFMT; + + if (unlikely(!ctx)) + return 0; + if (index >= ctx->name_count) return 0; if (ctx->names[index].ino == -1) Yu Zhiguo said the following on 2008-08-02 10:51: > > zhangxiliang wrote: > >> static int audit_match_perm(struct audit_context *ctx, int mask) >> { >> + if(!ctx) >> + return 0; >> unsigned n = ctx->major; > > Please check this patch with scripts/checkpatch.pl and then resend it. > > >> switch (audit_classify_syscall(ctx->arch, n)) { >> case 0: /* native */ >> @@ -284,6 +286,8 @@ static int audit_match_filetype(struct >> audit_context *ctx, int which) >> { >> unsigned index = which & ~S_IFMT; >> mode_t mode = which & S_IFMT; >> + if(!ctx) >> + return 0; >> if (index >= ctx->name_count) >> return 0; >> if (ctx->names[index].ino == -1) >> >> > > > > ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] Fix the kernel panic of audit_filter_task when key field is set 2008-08-02 2:56 ` zhangxiliang @ 2008-08-04 10:20 ` Al Viro 2008-08-20 11:18 ` [PATCH] fix warning in audit_match_perm Benny Halevy 1 sibling, 0 replies; 6+ messages in thread From: Al Viro @ 2008-08-04 10:20 UTC (permalink / raw) To: zhangxiliang Cc: Eric Paris, Steve Grubb, Linux Audit, Linux Kernel Mailing List, Yu Zhiguo On Sat, Aug 02, 2008 at 10:56:37AM +0800, zhangxiliang wrote: > Sorry, I miss a blank between if and "(". > And I add "unlikely" to check "ctx" in audit_match_perm() and audit_match_filetype(). > This is a new patch for it. Thanks. Applied and pushed. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] fix warning in audit_match_perm 2008-08-02 2:56 ` zhangxiliang 2008-08-04 10:20 ` Al Viro @ 2008-08-20 11:18 ` Benny Halevy 1 sibling, 0 replies; 6+ messages in thread From: Benny Halevy @ 2008-08-20 11:18 UTC (permalink / raw) To: Linux Audit Cc: zhangxiliang, Eric Paris, Steve Grubb, viro, Linux Kernel Mailing List, Yu Zhiguo kernel/auditsc.c: In function ‘audit_match_perm’: kernel/auditsc.c:249: warning: ISO C90 forbids mixed declarations and code This was introduced in commit 1a61c88defcd611bd148d6c960b498e1b8bbbe00 Signed-off-by: Benny Halevy <bhalevy@panasas.com> --- kernel/auditsc.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 972f8e6..e72b161 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -243,10 +243,12 @@ static inline int open_arg(int flags, int mask) static int audit_match_perm(struct audit_context *ctx, int mask) { + unsigned n; + if (unlikely(!ctx)) return 0; - unsigned n = ctx->major; + n = ctx->major; switch (audit_classify_syscall(ctx->arch, n)) { case 0: /* native */ if ((mask & AUDIT_PERM_WRITE) && -- 1.6.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-08-20 11:18 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-08-01 11:15 [PATCH] Fix the kernel panic of audit_filter_task when key field is set zhangxiliang 2008-08-02 2:19 ` zhangxiliang 2008-08-02 2:51 ` Yu Zhiguo 2008-08-02 2:56 ` zhangxiliang 2008-08-04 10:20 ` Al Viro 2008-08-20 11:18 ` [PATCH] fix warning in audit_match_perm Benny Halevy
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox