March 2018 - Linux-audit - Linux-Audit List Archives

[PATCH] audit: always enable syscall auditing when supported and audit is enabled

by Paul Moore

To the best of our knowledge, everyone who enables audit at compile time also enables syscall auditing; this patch simplifies the Kconfig menus by removing the option to disable syscall auditing when audit is selected and the target arch supports it. Signed-off-by: Paul Moore <pmoore(a)redhat.com> --- init/Kconfig | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/init/Kconfig b/init/Kconfig index c24b6f7..d4663b1 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -299,20 +299,15 @@ config AUDIT help Enable auditing infrastructure that can be used with another kernel subsystem, such as SELinux (which requires this for - logging of avc messages output). Does not do system-call - auditing without CONFIG_AUDITSYSCALL. + logging of avc messages output). System call auditing is included + on architectures which support it. config HAVE_ARCH_AUDITSYSCALL bool config AUDITSYSCALL - bool "Enable system-call auditing support" + def_bool y depends on AUDIT && HAVE_ARCH_AUDITSYSCALL - default y if SECURITY_SELINUX - help - Enable low-overhead system-call auditing infrastructure that - can be used independently or with another kernel subsystem, - such as SELinux. config AUDIT_WATCH def_bool y

5 years, 10 months

5
13
0 / 0

[RFC PATCH 0/3] simplify struct audit_krule reveals bug

by Richard Guy Briggs

In the process of trying to track down a potential bug altering the registered arch for a syscall rule, a simplification of struct audit_krule that removes a seemingly unnecessary member has revealed a surprising NULL pointer dereference. The struct audit_field *arch_f member should not be necessary since it is the first field present if it is present at all, and is only necessary for syscall rules, so iterating over the fields to find it is simple and only happens when adding or deleting a rule. Shrinking the struct audit_krule seemed to be a good idea, but appears to have openned a can of worms. The first patch triggered this OOPS: BUG: unable to handle kernel NULL pointer dereference at 0000000000000009 IP: audit_match_signal+0x42/0x120 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI Modules linked in: sunrpc 8139too i2c_piix4 pcspkr virtio_balloon 8139cp i2c_core mii sch_fq_codel floppy serio_raw ata_generic pata_acpi CPU: 1 PID: 325 Comm: auditctl Not tainted 4.15.0-bz1462178-arch-changed+ #636 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:audit_match_signal+0x42/0x120 RSP: 0018:ffffc900003dfc08 EFLAGS: 00010202 RAX: 0000000000000003 RBX: ffff880036588000 RCX: 0000000000000003 RDX: ffff88003c7f02e0 RSI: ffff88003c7f02a0 RDI: ffff880036588000 RBP: ffff88003671de00 R08: 0000000000000001 R09: 0000000000000000 R10: ffff880036a0b190 R11: 0000000000000000 R12: 0000000000000000 R13: ffff880036588178 R14: ffff880036588000 R15: ffffffff8247f880 FS: 00007fa53c6d9740(0000) GS:ffff88003e400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000009 CR3: 00000000347ba000 CR4: 00000000000006e0 Call Trace: audit_rule_change+0xb32/0xce0 audit_receive_msg+0x163/0x1090 ? netlink_deliver_tap+0x90/0x350 ? kvm_sched_clock_read+0x5/0x10 ? sched_clock+0x5/0x10 audit_receive+0x4d/0xa0 netlink_unicast+0x195/0x250 netlink_sendmsg+0x2fe/0x3f0 sock_sendmsg+0x32/0x60 SYSC_sendto+0xda/0x140 ? syscall_trace_enter+0x2dc/0x400 ? return_from_SYSCALL_64+0x10/0x75 do_syscall_64+0x83/0x360 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x7fa53bbb1607 RSP: 002b:00007fff33f48c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000444 RCX: 00007fa53bbb1607 RDX: 0000000000000444 RSI: 00007fff33f48cb0 RDI: 0000000000000003 RBP: 0000000000000431 R08: 00007fff33f48c9c R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 00007fff33f48cb0 R14: 00007fff33f48c9c R15: 00000000000003f3 Code: 01 00 00 83 3e 0b 0f 84 ef 00 00 00 31 c0 eb 0f 48 63 d0 48 c1 e2 05 48 01 f2 83 3a 0b 74 7d 83 c0 01 39 c8 75 ea 4d 85 c0 74 79 <41> 8b 78 08 e8 25 ff ed ff 85 c0 74 31 83 f8 01 75 58 48 8b 0d RIP: audit_match_signal+0x42/0x120 RSP: ffffc900003dfc08 CR2: 0000000000000009 The second patch surprisingly fixes the OOPS. Adding debug output, the OOPS is consistently happenning in the 7th STIG rule that includes an arch parameter, but the value that causes the OOPS dereferences, copies and prints out fine: -a always,exit -F arch=b32 -S adjtimex,settimeofday,stime -F key=time-change ams_: i=0 f=00000000e5612893 type=11 op=0 val=40000003 key="time-change" -a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=time-change ams_: i=0 f=00000000cf222aca type=11 op=0 val=c000003e key="time-change" -a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change ams_: i=0 f=00000000ad39bfc6 type=11 op=0 val=40000003 key="time-change" -a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change ams_: i=0 f=00000000c9f83209 type=11 op=0 val=c000003e key="time-change" -a always,exit -F arch=b32 -S sethostname,setdomainname -F key=system-locale ams_: i=0 f=000000005a19d216 type=11 op=0 val=40000003 key="system-locale" -a always,exit -F arch=b64 -S sethostname,setdomainname -F key=system-locale ams_: i=0 f=000000003280e47a type=11 op=0 val=c000003e key="system-locale" OOPS -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod ams_: i=0 f=000000008368170a type=11 op=0 val=40000003 key="perm_mod" I'd let sleeping dogs lie, but I haven't tracked down the source of the original rule that changes arch between addition and listing (nor reproduced it yet since I don't have access to that HW arch), and it seems to reveal potentially another bug. Help! Any observations or hints? Richard Guy Briggs (3): audit: remove arch_f pointer from struct audit_krule fixup! audit: remove arch_f pointer from struct audit_krule debug! audit: remove arch_f pointer from struct audit_krule include/linux/audit.h | 1 - kernel/auditfilter.c | 18 +++++++++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) -- 1.8.3.1

6 years

2
11
0 / 0

[RFC PATCH ghak32 V2 00/13] audit: implement container id

by Richard Guy Briggs

Implement audit kernel container ID. This patchset is a second RFC based on the proposal document (V3) posted: https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html The first patch implements the proc fs write to set the audit container ID of a process, emitting an AUDIT_CONTAINER record to announce the registration of that container ID on that process. This patch requires userspace support for record acceptance and proper type display. The second checks for children or co-threads and refuses to set the container ID if either are present. (This policy could be changed to set both with the same container ID provided they meet the rest of the requirements.) The third implements the auxiliary record AUDIT_CONTAINER_INFO if a container ID is identifiable with an event. This patch requires userspace support for proper type display. The fourth adds container ID filtering to the exit, exclude and user lists. This patch requires auditctil userspace support for the --containerid option. The 5th adds signal and ptrace support. The 6th creates a local audit context to be able to bind a standalone record with a locally created auxiliary record. The 7th, 8th, 9th, 10th patches add container ID records to standalone records. Some of these may end up being syscall auxiliary records and won't need this specific support since they'll be supported via syscalls. The 11th adds network namespace container ID labelling based on member tasks' container ID labels. The 12th adds container ID support to standalone netfilter records that don't have a task context and lists each container to which that net namespace belongs. The 13th implements reading the container ID from the proc filesystem for debugging. This patch isn't planned for upstream inclusion. Feedback please! Example: Set a container ID of 123456 to the "sleep" task: sleep 2& child=$! echo 123456 > /proc/$child/containerid; echo $? ausearch -ts recent -m container echo child:$child contid:$( cat /proc/$child/containerid) This should produce a record such as: type=CONTAINER msg=audit(1521122590.315:222): op=set pid=689 uid=0 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 auid=0 tty=pts0 ses=3 opid=707 old-contid=18446744073709551615 contid=123456 res=1 Example: Set a filter on a container ID 123459 on /tmp/tmpcontainerid: containerid=123459 key=tmpcontainerid auditctl -a exit,always -F dir=/tmp -F perm=wa -F containerid=$containerid -F key=$key perl -e "sleep 1; open(my \$tmpfile, '>', \"/tmp/$key\"); close(\$tmpfile);" & child=$! echo $containerid > /proc/$child/containerid sleep 2 ausearch -i -ts recent -k $key auditctl -d exit,always -F dir=/tmp -F perm=wa -F containerid=$containerid -F key=$key rm -f /tmp/$key This should produce an event such as: type=CONTAINER_INFO msg=audit(1521122591.614:227): op=task contid=123459 type=PROCTITLE msg=audit(1521122591.614:227): proctitle=7065726C002D6500736C65657020313B206F70656E286D792024746D7066696C652C20273E272C20222F746D702F746D70636F6E7461696E6572696422293B20636C6F73652824746D7066696C65293B type=PATH msg=audit(1521122591.614:227): item=1 name="/tmp/tmpcontainerid" inode=18427 dev=00:26 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1521122591.614:227): item=0 name="/tmp/" inode=13513 dev=00:26 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1521122591.614:227): cwd="/root" type=SYSCALL msg=audit(1521122591.614:227): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9c a1=55db90a28900 a2=241 a3=1b6 items=2 ppid=689 pid=724 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="perl" exe="/usr/bin/perl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="tmpcontainerid" See: https://github.com/linux-audit/audit-kernel/issues/32 https://github.com/linux-audit/audit-userspace/issues/40 https://github.com/linux-audit/audit-testsuite/issues/64 Richard Guy Briggs (13): audit: add container id audit: check children and threading before allowing containerid audit: log container info of syscalls audit: add containerid filtering audit: add containerid support for ptrace and signals audit: add support for non-syscall auxiliary records audit: add container aux record to watch/tree/mark audit: add containerid support for tty_audit audit: add containerid support for config/feature/user records audit: add containerid support for seccomp and anom_abend records audit: add support for containerid to network namespaces audit: NETFILTER_PKT: record each container ID associated with a netNS debug audit: read container ID of a process drivers/tty/tty_audit.c | 5 +- fs/proc/base.c | 53 ++++++++++++++++ include/linux/audit.h | 43 +++++++++++++ include/linux/init_task.h | 4 +- include/linux/sched.h | 1 + include/net/net_namespace.h | 12 ++++ include/uapi/linux/audit.h | 8 ++- kernel/audit.c | 75 ++++++++++++++++++++--- kernel/audit.h | 3 + kernel/audit_fsnotify.c | 5 +- kernel/audit_tree.c | 5 +- kernel/audit_watch.c | 33 +++++----- kernel/auditfilter.c | 52 +++++++++++++++- kernel/auditsc.c | 145 ++++++++++++++++++++++++++++++++++++++++++-- kernel/nsproxy.c | 6 ++ net/core/net_namespace.c | 45 ++++++++++++++ net/netfilter/xt_AUDIT.c | 15 ++++- 17 files changed, 473 insertions(+), 37 deletions(-) -- 1.8.3.1

6 years, 6 months

6
72
0 / 0

[PATCH] audit: add containerid support for IMA-audit

by Mimi Zohar

Hi Richard, This patch has been compiled, but not runtime tested. --- If the containerid is defined, include it in the IMA-audit record. Signed-off-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> --- security/integrity/ima/ima_api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 33b4458cdbef..41d29a06f28f 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -335,6 +335,9 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, audit_log_untrustedstring(ab, algo_hash); audit_log_task_info(ab, current); + if (audit_containerid_set(current)) + audit_log_format(ab, " contid=%llu", + audit_get_containerid(current)); audit_log_end(ab); iint->flags |= IMA_AUDITED; -- 2.7.5

6 years, 7 months

4
30
0 / 0

What does audisp/plugins.d/syslog.conf LOG_WARN not show?

by leam hall

(RHEL 6, default audit rpms) We're trying to cut down on spurious logging but have some logging mandated (STIG environment). If the syslog.conf file in audisp/plugins.d/syslog.conf is set with "args = LOG_WARN", will the events in audit.rules still be logged? Thanks! Leam

6 years, 7 months

2
1
0 / 0

Limiting SECCOMP audit events

by Steve Grubb

Hello, Over the last month, the amount of seccomp events in audit logs is sky-rocketing. I have over a million events in the last 2 days. Most of this is generated by firefox and qt webkit. I am wondering if the audit package should ship a file for /usr/lib/sysctl.d/60-auditd.conf wherein it has kernel.seccomp.actions_logged = kill_process kill_thread errno Also, has anyone verified this sysctl is filtering audit events? Even with the above, I have over a million events on a 4.14.3 kernel. Firefox alone is generating over 50,000 events per hour. Thanks, -Steve

6 years, 8 months

4
22
0 / 0

[RFC PATCH V1 00/12] audit: implement container id

by Richard Guy Briggs

Implement audit kernel container ID. This patchset is a preliminary RFC based on the proposal document (V3) posted: https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html The first patch implements the proc fs write to set the audit container ID of a process, emitting an AUDIT_CONTAINER record. The second implements an auxiliary syscall record AUDIT_CONTAINER_INFO if a container ID is present on a task. The third adds filtering to the exit, exclude and user lists. The 4th, implements reading the container ID from the proc filesystem for debugging. This isn't planned for upstream inclusion. The 5th adds signal and ptrace support. The 6th attempts to create a local audit context to be able to bind a standalone record with the container ID record. The 7th, 8th, 9th, 10th patches add container ID records to standalone records. Some of these may end up being syscall auxiliary records and won't need this specific support since they'll be supported via syscalls. The 11th is a temporary workaround due to the AUDIT_CONTAINER records not showing up as do AUDIT_LOGIN records. I suspect this is due to its range (1000 vs 1300), but the intent is to solve it. The 12th adds debug information not intended for upstream for those brave souls wanting to tinker with it in this early state. Feedback please! Here's a quick and dirty test script: echo 123455 > /proc/$$/containerid; echo $? sleep 4& child=$!; sleep 1 echo 18446744073709551615 > /proc/$child/containerid; echo $? echo 123456 > /proc/$child/containerid; echo $? echo 123457 > /proc/$child/containerid; echo $? sleep 1 ausearch -ts recent |grep " contid=18446744073709551615"; echo $? ausearch -ts recent |grep " contid=123456"; echo $? ausearch -ts recent |grep " contid=123457"; echo $? echo self:$$ contid:$( cat /proc/$$/containerid) echo child:$child contid:$( cat /proc/$child/containerid) containerid=123458 key=tmpcontainerid auditctl -a exit,always -F dir=/tmp -F perm=wa -F containerid=$containerid -F key=$key || echo failed to add containerid filter rule bash -c "sleep 1; echo test > /tmp/$key"& child=$! echo $containerid > /proc/$child/containerid sleep 2 rm -f /tmp/$key ausearch -ts recent -k $key || echo failed to find CONTAINER_INFO record auditctl -d exit,always -F dir=/tmp -F perm=wa -F containerid=$containerid -F key=$key || echo failed to add containerid filter rule See: https://github.com/linux-audit/audit-kernel/issues/32 https://github.com/linux-audit/audit-userspace/issues/40 https://github.com/linux-audit/audit-testsuite/issues/64 Richard Guy Briggs (12): audit: add container id audit: log container info of syscalls audit: add containerid filtering audit: read container ID of a process audit: add containerid support for ptrace and signals audit: add support for non-syscall auxiliary records audit: add container aux record to watch/tree/mark audit: add containerid support for tty_audit audit: add containerid support for config/feature/user records audit: add containerid support for seccomp and anom_abend records debug audit: add container id debug! audit: add container id drivers/tty/tty_audit.c | 5 +- fs/proc/base.c | 63 +++++++++++++++++++ include/linux/audit.h | 36 +++++++++++ include/linux/init_task.h | 4 +- include/linux/sched.h | 1 + include/uapi/linux/audit.h | 9 ++- kernel/audit.c | 74 +++++++++++++++++++--- kernel/audit.h | 3 + kernel/audit_fsnotify.c | 5 +- kernel/audit_tree.c | 5 +- kernel/audit_watch.c | 33 +++++----- kernel/auditfilter.c | 52 ++++++++++++++- kernel/auditsc.c | 154 +++++++++++++++++++++++++++++++++++++++++++-- 13 files changed, 408 insertions(+), 36 deletions(-) -- 1.8.3.1

6 years, 8 months

6
30
0 / 0

[PATCH ghak21 V4 0/2] audit: address ANOM_LINK excess records

by Richard Guy Briggs

This V4 is a supplement to patches 1 and 2 of v1 already merged. Audit link denied events were being unexpectedly produced in a disjoint way when audit was disabled, and when they were expected, there were duplicate PATH records. This patchset addresses both issues for symlinks and hardlinks. This was introduced with commit b24a30a7305418ff138ff51776fc555ec57c011a ("audit: fix event coverage of AUDIT_ANOM_LINK") commit a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc ("fs: add link restriction audit reporting") Here are the original events for symlink and hardlink for each of CWD!=PARENT and CWD=PARENT on 4.15.7-300.fc27.x86_64: ---- type=PROCTITLE msg=audit(2018-03-21 04:15:45.353:285) : proctitle=ls /tmp/my-passwd type=PATH msg=audit(2018-03-21 04:15:45.353:285) : item=0 name=/tmp/my-passwd nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(2018-03-21 04:15:45.353:285) : cwd=/root type=SYSCALL msg=audit(2018-03-21 04:15:45.353:285) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission denied) a0=0x7ffddb7c4de7 a1=0x557b4bb5f3c0 a2=0x557b4bb5f3c0 a3=0xdb7c4d00 items=1 ppid=621 pid=676 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=ttyS0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=PATH msg=audit(2018-03-21 04:15:45.353:285) : item=0 name=/tmp/my-passwd inode=20618 dev=00:29 mode=link,777 ouid=rgb ogid=rgb rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=ANOM_LINK msg=audit(2018-03-21 04:15:45.353:285) : op=follow_link ppid=621 pid=676 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=ttyS0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no ---- type=PROCTITLE msg=audit(2018-03-21 04:15:45.356:286) : proctitle=ls my-passwd type=PATH msg=audit(2018-03-21 04:15:45.356:286) : item=0 name=my-passwd nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(2018-03-21 04:15:45.356:286) : cwd=/tmp type=SYSCALL msg=audit(2018-03-21 04:15:45.356:286) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission denied) a0=0x7ffe24d26de0 a1=0x55de0254b3c0 a2=0x55de0254b3c0 a3=0x24d26d00 items=1 ppid=621 pid=677 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=ttyS0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=PATH msg=audit(2018-03-21 04:15:45.356:286) : item=0 name=/tmp/my-passwd inode=20618 dev=00:29 mode=link,777 ouid=rgb ogid=rgb rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=ANOM_LINK msg=audit(2018-03-21 04:15:45.356:286) : op=follow_link ppid=621 pid=677 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=ttyS0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no ---- type=PROCTITLE msg=audit(2018-03-21 04:15:56.688:287) : proctitle=ln /tmp/test /tmp/test-ln type=PATH msg=audit(2018-03-21 04:15:56.688:287) : item=1 name=/tmp/ inode=15168 dev=00:29 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=PATH msg=audit(2018-03-21 04:15:56.688:287) : item=0 name=/tmp/test inode=20018 dev=00:29 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(2018-03-21 04:15:56.688:287) : cwd=/home/rgb type=SYSCALL msg=audit(2018-03-21 04:15:56.688:287) : arch=x86_64 syscall=linkat success=no exit=EPERM(Operation not permitted) a0=0xffffff9c a1=0x7fff7f3ac62e a2=0xffffff9c a3=0x7fff7f3ac638 items=2 ppid=650 pid=680 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=pts0 ses=3 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=PATH msg=audit(2018-03-21 04:15:56.688:287) : item=0 name=/tmp/test inode=20018 dev=00:29 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=ANOM_LINK msg=audit(2018-03-21 04:15:56.688:287) : op=linkat ppid=650 pid=680 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=pts0 ses=3 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no ---- type=PROCTITLE msg=audit(2018-03-21 04:15:56.691:288) : proctitle=ln test test-ln type=PATH msg=audit(2018-03-21 04:15:56.691:288) : item=1 name=/tmp inode=15168 dev=00:29 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=PATH msg=audit(2018-03-21 04:15:56.691:288) : item=0 name=test inode=20018 dev=00:29 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=no ne cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(2018-03-21 04:15:56.691:288) : cwd=/tmp type=SYSCALL msg=audit(2018-03-21 04:15:56.691:288) : arch=x86_64 syscall=linkat success=no exit=EPERM(Operation not permitted) a0=0xffffff9c a1=0x7ffd01e3e62c a2=0xffffff9c a3=0x7ffd01e3e631 items=2 ppid=650 pid=681 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=pts0 ses=3 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=PATH msg=audit(2018-03-21 04:15:56.691:288) : item=0 name=/tmp/test inode=20018 dev=00:29 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=ANOM_LINK msg=audit(2018-03-21 04:15:56.691:288) : op=linkat ppid=650 pid=681 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=pts0 ses=3 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no ---- Here are the resulting events for symlink and hardlink for each of CWD!=PARENT and CWD=PARENT based on audit/next 11dd266: ---- type=PROCTITLE msg=audit(2018-03-21 04:29:41.556:315) : proctitle=ls --color=auto /tmp/my-passwd type=PATH msg=audit(2018-03-21 04:29:41.556:315) : item=0 name=/tmp/my-passwd inode=19641 dev=00:26 mode=link,777 ouid=rgb ogid=rgb rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(2018-03-21 04:29:41.556:315) : cwd=/root type=SYSCALL msg=audit(2018-03-21 04:29:41.556:315) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission denied) a0=0x7ffd4585565a a1=0x5649fb468fd0 a2=0x5649fb468fd0 a3=0x45855600 items=1 ppid=694 pid=714 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=6 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=ANOM_LINK msg=audit(2018-03-21 04:29:41.556:315) : op=follow_link ppid=694 pid=714 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=6 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no ---- type=PROCTITLE msg=audit(2018-03-21 04:29:41.562:316) : proctitle=ls --color=auto my-passwd type=PATH msg=audit(2018-03-21 04:29:41.562:316) : item=0 name=my-passwd inode=19641 dev=00:26 mode=link,777 ouid=rgb ogid=rgb rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(2018-03-21 04:29:41.562:316) : cwd=/tmp type=SYSCALL msg=audit(2018-03-21 04:29:41.562:316) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission denied) a0=0x7fff7fe3c653 a1=0x55d9f875dfd0 a2=0x55d9f875dfd0 a3=0x7fe3c600 items=1 ppid=694 pid=715 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=6 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=ANOM_LINK msg=audit(2018-03-21 04:29:41.562:316) : op=follow_link ppid=694 pid=715 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=6 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no ---- type=PROCTITLE msg=audit(2018-03-21 04:29:54.709:317) : proctitle=ln /tmp/test /tmp/test-ln type=PATH msg=audit(2018-03-21 04:29:54.709:317) : item=1 name=/tmp/ inode=13038 dev=00:26 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=PATH msg=audit(2018-03-21 04:29:54.709:317) : item=0 name=/tmp/test inode=18720 dev=00:26 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(2018-03-21 04:29:54.709:317) : cwd=/home/rgb type=SYSCALL msg=audit(2018-03-21 04:29:54.709:317) : arch=x86_64 syscall=linkat success=no exit=EPERM(Operation not permitted) a0=0xffffff9c a1=0x7ffc468b2dbb a2=0xffffff9c a3=0x7ffc468b2dc5 items=2 ppid=661 pid=718 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=ttyS0 ses=5 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=ANOM_LINK msg=audit(2018-03-21 04:29:54.709:317) : op=linkat ppid=661 pid=718 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=ttyS0 ses=5 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no ---- type=PROCTITLE msg=audit(2018-03-21 04:29:54.714:318) : proctitle=ln test test-ln type=PATH msg=audit(2018-03-21 04:29:54.714:318) : item=1 name=/tmp inode=13038 dev=00:26 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=PATH msg=audit(2018-03-21 04:29:54.714:318) : item=0 name=test inode=18720 dev=00:26 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(2018-03-21 04:29:54.714:318) : cwd=/tmp type=SYSCALL msg=audit(2018-03-21 04:29:54.714:318) : arch=x86_64 syscall=linkat success=no exit=EPERM(Operation not permitted) a0=0xffffff9c a1=0x7ffc06b99db9 a2=0xffffff9c a3=0x7ffc06b99dbe items=2 ppid=661 pid=719 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=ttyS0 ses=5 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=ANOM_LINK msg=audit(2018-03-21 04:29:54.714:318) : op=linkat ppid=661 pid=719 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=ttyS0 ses=5 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no ---- See: https://github.com/linux-audit/audit-kernel/issues/21 See also: https://github.com/linux-audit/audit-kernel/issues/51 Changelog: v4: - fix call from may_follow_link() to audit_log_link_denied() param count v3: - rebase on previously accepted 1/4 and 2/4 patches and drop them - drop parent record audit_log_symlink_denied() v2: - remove now supperfluous struct path * parameter from audit_log_link_denied() - refactor audit_log_symlink_denied() to properly free memory (pathname, filename) Richard Guy Briggs (2): audit: remove path param from link denied function audit: add refused symlink to audit_names fs/namei.c | 5 +++-- include/linux/audit.h | 6 ++---- kernel/audit.c | 3 +-- 3 files changed, 6 insertions(+), 8 deletions(-) -- 1.8.3.1

6 years, 8 months

3
6
0 / 0

CONFIG_CHANGE record formats

by Richard Guy Briggs

Hi Steve, Paul, Looking at some AUDIT_CONFIG_CHANGE record formats, a couple of things stand out as potential problems: For ADD_RULE and DEL_RULE case when audit_enabled is in the AUDIT_LOCKED state, it just outputs "audit_enabled=2 res=0" to indicate locked and failure, but doesn't appear to actually give the normal "op=<mumble>" to indicate a rule change was attempted and refused due to immutability of the rule set. Will this be a problem for the parser, and should an attempted rule change be logged as such? The other is AUDIT_TTY_SET that has non-standard old-* and new-* fields, but since there are two, I think it is unavoidable and can't be fixed. Another is that other than a change to the enabled status and maybe auditd PID changes, every other config change should not be logged if audit is disabled. Furthermore, if CONFFIG_CHANGE records are to be accompanied by syscall records, they should obey audit_dummy_context() to avoid unaccompanied records. Does this reasoning make sense? - RGB -- Richard Guy Briggs <rgb(a)redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635

6 years, 8 months

3
6
0 / 0

[trivial PATCH V2] treewide: Align function definition open/close braces

by Joe Perches

Some functions definitions have either the initial open brace and/or the closing brace outside of column 1. Move those braces to column 1. This allows various function analyzers like gnu complexity to work properly for these modified functions. Signed-off-by: Joe Perches <joe(a)perches.com> Acked-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Acked-by: Paul Moore <paul(a)paul-moore.com> Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Acked-by: Dave Chinner <dchinner(a)redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Acked-by: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Acked-by: Martin K. Petersen <martin.petersen(a)oracle.com> Acked-by: Takashi Iwai <tiwai(a)suse.de> Acked-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> --- git diff -w still shows no difference. This patch was sent but December and not applied. As the trivial maintainer seems not active, it'd be nice if Andrew Morton picks this up. V2: Remove fs/xfs/libxfs/xfs_alloc.c as it's updated and remerge the rest arch/x86/include/asm/atomic64_32.h | 2 +- drivers/acpi/custom_method.c | 2 +- drivers/acpi/fan.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- drivers/media/i2c/msp3400-kthreads.c | 2 +- drivers/message/fusion/mptsas.c | 2 +- drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c | 2 +- drivers/net/wireless/ath/ath9k/xmit.c | 2 +- drivers/platform/x86/eeepc-laptop.c | 2 +- drivers/rtc/rtc-ab-b5ze-s3.c | 2 +- drivers/scsi/dpt_i2o.c | 2 +- drivers/scsi/sym53c8xx_2/sym_glue.c | 2 +- fs/locks.c | 2 +- fs/ocfs2/stack_user.c | 2 +- fs/xfs/xfs_export.c | 2 +- kernel/audit.c | 6 +++--- kernel/trace/trace_printk.c | 4 ++-- lib/raid6/sse2.c | 14 +++++++------- sound/soc/fsl/fsl_dma.c | 2 +- 19 files changed, 28 insertions(+), 28 deletions(-) diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h index 46e1ef17d92d..92212bf0484f 100644 --- a/arch/x86/include/asm/atomic64_32.h +++ b/arch/x86/include/asm/atomic64_32.h @@ -123,7 +123,7 @@ static inline long long arch_atomic64_read(const atomic64_t *v) long long r; alternative_atomic64(read, "=&A" (r), "c" (v) : "memory"); return r; - } +} /** * arch_atomic64_add_return - add and return diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c index b33fba70ec51..a07fbe999eb6 100644 --- a/drivers/acpi/custom_method.c +++ b/drivers/acpi/custom_method.c @@ -97,7 +97,7 @@ static void __exit acpi_custom_method_exit(void) { if (cm_dentry) debugfs_remove(cm_dentry); - } +} module_init(acpi_custom_method_init); module_exit(acpi_custom_method_exit); diff --git a/drivers/acpi/fan.c b/drivers/acpi/fan.c index 6cf4988206f2..3563103590c6 100644 --- a/drivers/acpi/fan.c +++ b/drivers/acpi/fan.c @@ -219,7 +219,7 @@ fan_set_cur_state(struct thermal_cooling_device *cdev, unsigned long state) return fan_set_state_acpi4(device, state); else return fan_set_state(device, state); - } +} static const struct thermal_cooling_device_ops fan_cooling_ops = { .get_max_state = fan_get_max_state, diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 8394d69b963f..e934326a95d3 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -588,7 +588,7 @@ static void disable_dangling_plane(struct dc *dc, struct dc_state *context) ******************************************************************************/ struct dc *dc_create(const struct dc_init_data *init_params) - { +{ struct dc *dc = kzalloc(sizeof(*dc), GFP_KERNEL); unsigned int full_pipe_count; diff --git a/drivers/media/i2c/msp3400-kthreads.c b/drivers/media/i2c/msp3400-kthreads.c index 4dd01e9f553b..dc6cb8d475b3 100644 --- a/drivers/media/i2c/msp3400-kthreads.c +++ b/drivers/media/i2c/msp3400-kthreads.c @@ -885,7 +885,7 @@ static int msp34xxg_modus(struct i2c_client *client) } static void msp34xxg_set_source(struct i2c_client *client, u16 reg, int in) - { +{ struct msp_state *state = to_state(i2c_get_clientdata(client)); int source, matrix; diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c index 439ee9c5f535..231f3a1e27bf 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -2967,7 +2967,7 @@ mptsas_exp_repmanufacture_info(MPT_ADAPTER *ioc, mutex_unlock(&ioc->sas_mgmt.mutex); out: return ret; - } +} static void mptsas_parse_device_info(struct sas_identify *identify, diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c index 3dd973475125..0ea141ece19e 100644 --- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c +++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c @@ -603,7 +603,7 @@ static struct uni_table_desc *nx_get_table_desc(const u8 *unirom, int section) static int netxen_nic_validate_header(struct netxen_adapter *adapter) - { +{ const u8 *unirom = adapter->fw->data; struct uni_table_desc *directory = (struct uni_table_desc *) &unirom[0]; u32 fw_file_size = adapter->fw->size; diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c index 396bf05c6bf6..88be55ed5b4d 100644 --- a/drivers/net/wireless/ath/ath9k/xmit.c +++ b/drivers/net/wireless/ath/ath9k/xmit.c @@ -252,7 +252,7 @@ ath_tid_pull(struct ath_atx_tid *tid) } return skb; - } +} static bool ath_tid_has_buffered(struct ath_atx_tid *tid) diff --git a/drivers/platform/x86/eeepc-laptop.c b/drivers/platform/x86/eeepc-laptop.c index 5a681962899c..4c38904a8a32 100644 --- a/drivers/platform/x86/eeepc-laptop.c +++ b/drivers/platform/x86/eeepc-laptop.c @@ -492,7 +492,7 @@ static void eeepc_platform_exit(struct eeepc_laptop *eeepc) * potentially bad time, such as a timer interrupt. */ static void tpd_led_update(struct work_struct *work) - { +{ struct eeepc_laptop *eeepc; eeepc = container_of(work, struct eeepc_laptop, tpd_led_work); diff --git a/drivers/rtc/rtc-ab-b5ze-s3.c b/drivers/rtc/rtc-ab-b5ze-s3.c index e55f35fa0b58..8dc451932446 100644 --- a/drivers/rtc/rtc-ab-b5ze-s3.c +++ b/drivers/rtc/rtc-ab-b5ze-s3.c @@ -646,7 +646,7 @@ static int abb5zes3_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alarm) ret); return ret; - } +} /* Enable or disable battery low irq generation */ static inline int _abb5zes3_rtc_battery_low_irq_enable(struct regmap *regmap, diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c index 0f30792d74c4..cc5fa99a6530 100644 --- a/drivers/scsi/dpt_i2o.c +++ b/drivers/scsi/dpt_i2o.c @@ -3521,7 +3521,7 @@ static int adpt_i2o_systab_send(adpt_hba* pHba) #endif return ret; - } +} /*============================================================================ diff --git a/drivers/scsi/sym53c8xx_2/sym_glue.c b/drivers/scsi/sym53c8xx_2/sym_glue.c index 791a2182de53..7320d5fe4cbc 100644 --- a/drivers/scsi/sym53c8xx_2/sym_glue.c +++ b/drivers/scsi/sym53c8xx_2/sym_glue.c @@ -1393,7 +1393,7 @@ static struct Scsi_Host *sym_attach(struct scsi_host_template *tpnt, int unit, scsi_host_put(shost); return NULL; - } +} /* diff --git a/fs/locks.c b/fs/locks.c index d56a14894fb2..0feaed9f589b 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -559,7 +559,7 @@ static const struct lock_manager_operations lease_manager_ops = { * Initialize a lease, use the default lock manager operations */ static int lease_init(struct file *filp, long type, struct file_lock *fl) - { +{ if (assign_type(fl, type) != 0) return -EINVAL; diff --git a/fs/ocfs2/stack_user.c b/fs/ocfs2/stack_user.c index dae9eb7c441e..d2fb97b173da 100644 --- a/fs/ocfs2/stack_user.c +++ b/fs/ocfs2/stack_user.c @@ -398,7 +398,7 @@ static int ocfs2_control_do_setnode_msg(struct file *file, static int ocfs2_control_do_setversion_msg(struct file *file, struct ocfs2_control_message_setv *msg) - { +{ long major, minor; char *ptr = NULL; struct ocfs2_control_private *p = file->private_data; diff --git a/fs/xfs/xfs_export.c b/fs/xfs/xfs_export.c index 761f3189eff2..eed698aa9f16 100644 --- a/fs/xfs/xfs_export.c +++ b/fs/xfs/xfs_export.c @@ -122,7 +122,7 @@ xfs_nfs_get_inode( struct super_block *sb, u64 ino, u32 generation) - { +{ xfs_mount_t *mp = XFS_M(sb); xfs_inode_t *ip; int error; diff --git a/kernel/audit.c b/kernel/audit.c index 8fe6dfb67a94..a97d004375e3 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -486,15 +486,15 @@ static int audit_set_failure(u32 state) * Drop any references inside the auditd connection tracking struct and free * the memory. */ - static void auditd_conn_free(struct rcu_head *rcu) - { +static void auditd_conn_free(struct rcu_head *rcu) +{ struct auditd_connection *ac; ac = container_of(rcu, struct auditd_connection, rcu); put_pid(ac->pid); put_net(ac->net); kfree(ac); - } +} /** * auditd_set - Set/Reset the auditd connection state diff --git a/kernel/trace/trace_printk.c b/kernel/trace/trace_printk.c index ad1d6164e946..50f44b7b2b32 100644 --- a/kernel/trace/trace_printk.c +++ b/kernel/trace/trace_printk.c @@ -196,7 +196,7 @@ struct notifier_block module_trace_bprintk_format_nb = { }; int __trace_bprintk(unsigned long ip, const char *fmt, ...) - { +{ int ret; va_list ap; @@ -214,7 +214,7 @@ int __trace_bprintk(unsigned long ip, const char *fmt, ...) EXPORT_SYMBOL_GPL(__trace_bprintk); int __ftrace_vbprintk(unsigned long ip, const char *fmt, va_list ap) - { +{ if (unlikely(!fmt)) return 0; diff --git a/lib/raid6/sse2.c b/lib/raid6/sse2.c index 1d2276b007ee..8191e1d0d2fb 100644 --- a/lib/raid6/sse2.c +++ b/lib/raid6/sse2.c @@ -91,7 +91,7 @@ static void raid6_sse21_gen_syndrome(int disks, size_t bytes, void **ptrs) static void raid6_sse21_xor_syndrome(int disks, int start, int stop, size_t bytes, void **ptrs) - { +{ u8 **dptr = (u8 **)ptrs; u8 *p, *q; int d, z, z0; @@ -200,9 +200,9 @@ static void raid6_sse22_gen_syndrome(int disks, size_t bytes, void **ptrs) kernel_fpu_end(); } - static void raid6_sse22_xor_syndrome(int disks, int start, int stop, +static void raid6_sse22_xor_syndrome(int disks, int start, int stop, size_t bytes, void **ptrs) - { +{ u8 **dptr = (u8 **)ptrs; u8 *p, *q; int d, z, z0; @@ -265,7 +265,7 @@ static void raid6_sse22_gen_syndrome(int disks, size_t bytes, void **ptrs) asm volatile("sfence" : : : "memory"); kernel_fpu_end(); - } +} const struct raid6_calls raid6_sse2x2 = { raid6_sse22_gen_syndrome, @@ -366,9 +366,9 @@ static void raid6_sse24_gen_syndrome(int disks, size_t bytes, void **ptrs) kernel_fpu_end(); } - static void raid6_sse24_xor_syndrome(int disks, int start, int stop, +static void raid6_sse24_xor_syndrome(int disks, int start, int stop, size_t bytes, void **ptrs) - { +{ u8 **dptr = (u8 **)ptrs; u8 *p, *q; int d, z, z0; @@ -471,7 +471,7 @@ static void raid6_sse24_gen_syndrome(int disks, size_t bytes, void **ptrs) } asm volatile("sfence" : : : "memory"); kernel_fpu_end(); - } +} const struct raid6_calls raid6_sse2x4 = { diff --git a/sound/soc/fsl/fsl_dma.c b/sound/soc/fsl/fsl_dma.c index fce2010d3c53..78871de35086 100644 --- a/sound/soc/fsl/fsl_dma.c +++ b/sound/soc/fsl/fsl_dma.c @@ -886,7 +886,7 @@ static const struct snd_pcm_ops fsl_dma_ops = { }; static int fsl_soc_dma_probe(struct platform_device *pdev) - { +{ struct dma_object *dma; struct device_node *np = pdev->dev.of_node; struct device_node *ssi_np; -- 2.15.0

6 years, 9 months

5
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Linux-audit March 2018