1. 10 Apr, 2016 1 commit
  2. 08 Feb, 2016 1 commit
  3. 22 Jan, 2016 1 commit
    • Al Viro's avatar
      wrappers for ->i_mutex access · 5955102c
      Al Viro authored
      parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested},
      inode_foo(inode) being mutex_foo(&inode->i_mutex).
      
      Please, use those for access to ->i_mutex; over the coming cycle
      ->i_mutex will become rwsem, with ->lookup() done with it held
      only shared.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      5955102c
  4. 12 Aug, 2015 1 commit
    • Richard Guy Briggs's avatar
      fixup: audit: implement audit by executable · 15ce414b
      Richard Guy Briggs authored
      The Intel build-bot detected a sparse warning with with a patch I posted a
      couple of days ago that was accepted in the audit/next tree:
      
      Subject: [linux-next:master 6689/6751] kernel/audit_watch.c:543:36: sparse: dereference of noderef expression
      Date: Friday, August 07, 2015, 06:57:55 PM
      From: kbuild test robot <fengguang.wu@intel.com>
      tree:   git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
      head:   e6455bc5b91f41f842f30465c9193320f0568707
      commit: 2e3a8aeb63e5335d4f837d453787c71bcb479796 [6689/6751] Merge remote- tracking branch 'audit/next'
      sparse warnings: (new ones prefixed by >>)
      >> kernel/audit_watch.c:543:36: sparse: dereference of noderef expression
         kernel/audit_watch.c:544:28: sparse: dereference of noderef expression
      
      34d99af5 Richard Guy Briggs 2015-08-05  541  int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark *mark)
      34d99af5 Richard Guy Briggs 2015-08-05  542  {
      34d99af5 Richard Guy Briggs 2015-08-05 @543     unsigned long ino = tsk->mm- >exe_file->f_inode->i_ino;
      34d99af5 Richard Guy Briggs 2015-08-05  544     dev_t dev = tsk->mm->exe_file- >f_inode->i_sb->s_dev;
      
      :::::: The code at line 543 was first introduced by commit
      :::::: 34d99af5 audit: implement audit by executable
      
      tsk->mm->exe_file requires RCU access.  The warning was reproduceable by adding
      "C=1 CF=-D__CHECK_ENDIAN__" to the build command, and verified eliminated with
      this patch.
      Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      15ce414b
  5. 06 Aug, 2015 2 commits
    • Richard Guy Briggs's avatar
      audit: implement audit by executable · 34d99af5
      Richard Guy Briggs authored
      This adds the ability audit the actions of a not-yet-running process.
      
      This patch implements the ability to filter on the executable path.  Instead of
      just hard coding the ino and dev of the executable we care about at the moment
      the rule is inserted into the kernel, use the new audit_fsnotify
      infrastructure to manage this dynamically.  This means that if the filename
      does not yet exist but the containing directory does, or if the inode in
      question is unlinked and creat'd (aka updated) the rule will just continue to
      work.  If the containing directory is moved or deleted or the filesystem is
      unmounted, the rule is deleted automatically.  A future enhancement would be to
      have the rule survive across directory disruptions.
      
      This is a heavily modified version of a patch originally submitted by Eric
      Paris with some ideas from Peter Moody.
      
      Cc: Peter Moody <peter@hda3.com>
      Cc: Eric Paris <eparis@redhat.com>
      Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      [PM: minor whitespace clean to satisfy ./scripts/checkpatch]
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      34d99af5
    • Richard Guy Briggs's avatar
      audit: use macros for unset inode and device values · 84cb777e
      Richard Guy Briggs authored
      Clean up a number of places were casted magic numbers are used to represent
      unset inode and device numbers in preparation for the audit by executable path
      patch set.
      Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      [PM: enclosed the _UNSET macros in parentheses for ./scripts/checkpatch]
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      84cb777e
  6. 04 Aug, 2015 2 commits
    • Richard Guy Briggs's avatar
      audit: eliminate unnecessary extra layer of watch parent references · aa7c043d
      Richard Guy Briggs authored
      The audit watch parent count was imbalanced, adding an unnecessary layer of
      watch parent references.  Decrement the additional parent reference when a
      watch is reused, already having a reference to the parent.
      
      audit_find_parent() gets a reference to the parent, if the parent is
      already known.  This additional parental reference is not needed if the
      watch is subsequently found by audit_add_to_parent(), and consumed if
      the watch does not already exist, so we need to put the parent if the
      watch is found, and do nothing if this new watch is added to the parent.
      
      If the parent wasn't already known, it is created with a refcount of 1
      and added to the audit_watch_group, then incremented by one to be
      subsequently consumed by the newly created watch in
      audit_add_to_parent().
      
      The rule points to the watch, not to the parent, so the rule's refcount
      gets bumped, not the parent's.
      
      See LKML, 2015-07-16
      Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      aa7c043d
    • Richard Guy Briggs's avatar
      audit: eliminate unnecessary extra layer of watch references · f8259b26
      Richard Guy Briggs authored
      The audit watch count was imbalanced, adding an unnecessary layer of watch
      references.  Only add the second reference when it is added to a parent.
      Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      f8259b26
  7. 15 Apr, 2015 1 commit
  8. 23 Sep, 2014 1 commit
    • Burn Alting's avatar
      audit: invalid op= values for rules · e7df61f4
      Burn Alting authored
      Various audit events dealing with adding, removing and updating rules result in
      invalid values set for the op keys which result in embedded spaces in op=
      values.
      
      The invalid values are
              op="add rule"       set in kernel/auditfilter.c
              op="remove rule"    set in kernel/auditfilter.c
              op="remove rule"    set in kernel/audit_tree.c
              op="updated rules"  set in kernel/audit_watch.c
              op="remove rule"    set in kernel/audit_watch.c
      
      Replace the space in the above values with an underscore character ('_').
      Coded-by: default avatarBurn Alting <burn@swtf.dyndns.org>
      Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      e7df61f4
  9. 18 Feb, 2014 1 commit
    • Jan Kara's avatar
      inotify: Fix reporting of cookies for inotify events · 45a22f4c
      Jan Kara authored
      My rework of handling of notification events (namely commit 7053aee2
      "fsnotify: do not share events between notification groups") broke
      sending of cookies with inotify events. We didn't propagate the value
      passed to fsnotify() properly and passed 4 uninitialized bytes to
      userspace instead (so it is also an information leak). Sadly I didn't
      notice this during my testing because inotify cookies aren't used very
      much and LTP inotify tests ignore them.
      
      Fix the problem by passing the cookie value properly.
      
      Fixes: 7053aee2Reported-by: default avatarVegard Nossum <vegard.nossum@oracle.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      45a22f4c
  10. 21 Jan, 2014 3 commits
    • Jan Kara's avatar
      fsnotify: remove pointless NULL initializers · 56b27cf6
      Jan Kara authored
      We usually rely on the fact that struct members not specified in the
      initializer are set to NULL.  So do that with fsnotify function pointers
      as well.
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Cc: Eric Paris <eparis@parisplace.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      56b27cf6
    • Jan Kara's avatar
      fsnotify: remove .should_send_event callback · 83c4c4b0
      Jan Kara authored
      After removing event structure creation from the generic layer there is
      no reason for separate .should_send_event and .handle_event callbacks.
      So just remove the first one.
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Cc: Eric Paris <eparis@parisplace.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      83c4c4b0
    • Jan Kara's avatar
      fsnotify: do not share events between notification groups · 7053aee2
      Jan Kara authored
      Currently fsnotify framework creates one event structure for each
      notification event and links this event into all interested notification
      groups.  This is done so that we save memory when several notification
      groups are interested in the event.  However the need for event
      structure shared between inotify & fanotify bloats the event structure
      so the result is often higher memory consumption.
      
      Another problem is that fsnotify framework keeps path references with
      outstanding events so that fanotify can return open file descriptors
      with its events.  This has the undesirable effect that filesystem cannot
      be unmounted while there are outstanding events - a regression for
      inotify compared to a situation before it was converted to fsnotify
      framework.  For fanotify this problem is hard to avoid and users of
      fanotify should kind of expect this behavior when they ask for file
      descriptors from notified files.
      
      This patch changes fsnotify and its users to create separate event
      structure for each group.  This allows for much simpler code (~400 lines
      removed by this patch) and also smaller event structures.  For example
      on 64-bit system original struct fsnotify_event consumes 120 bytes, plus
      additional space for file name, additional 24 bytes for second and each
      subsequent group linking the event, and additional 32 bytes for each
      inotify group for private data.  After the conversion inotify event
      consumes 48 bytes plus space for file name which is considerably less
      memory unless file names are long and there are several groups
      interested in the events (both of which are uncommon).  Fanotify event
      fits in 56 bytes after the conversion (fanotify doesn't care about file
      names so its events don't have to have it allocated).  A win unless
      there are four or more fanotify groups interested in the event.
      
      The conversion also solves the problem with unmount when only inotify is
      used as we don't have to grab path references for inotify events.
      
      [hughd@google.com: fanotify: fix corruption preventing startup]
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Cc: Eric Paris <eparis@parisplace.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7053aee2
  11. 11 Jan, 2013 1 commit
  12. 11 Dec, 2012 1 commit
  13. 11 Oct, 2012 2 commits
  14. 17 Sep, 2012 1 commit
    • Eric W. Biederman's avatar
      userns: Convert the audit loginuid to be a kuid · e1760bd5
      Eric W. Biederman authored
      Always store audit loginuids in type kuid_t.
      
      Print loginuids by converting them into uids in the appropriate user
      namespace, and then printing the resulting uid.
      
      Modify audit_get_loginuid to return a kuid_t.
      
      Modify audit_set_loginuid to take a kuid_t.
      
      Modify /proc/<pid>/loginuid on read to convert the loginuid into the
      user namespace of the opener of the file.
      
      Modify /proc/<pid>/loginud on write to convert the loginuid
      rom the user namespace of the opener of the file.
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Eric Paris <eparis@redhat.com>
      Cc: Paul Moore <paul@paul-moore.com> ?
      Cc: David Miller <davem@davemloft.net>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      e1760bd5
  15. 14 Jul, 2012 1 commit
    • Al Viro's avatar
      get rid of kern_path_parent() · 79714f72
      Al Viro authored
      all callers want the same thing, actually - a kinda-sorta analog of
      kern_path_create().  I.e. they want parent vfsmount/dentry (with
      ->i_mutex held, to make sure the child dentry is still their child)
      + the child dentry.
      
      Signed-off-by Al Viro <viro@zeniv.linux.org.uk>
      79714f72
  16. 14 Mar, 2011 2 commits
  17. 29 Oct, 2010 1 commit
  18. 12 Aug, 2010 1 commit
  19. 28 Jul, 2010 16 commits