[PATCH] audit: always enable syscall auditing when supported and audit is enabled
by Paul Moore
To the best of our knowledge, everyone who enables audit at compile
time also enables syscall auditing; this patch simplifies the Kconfig
menus by removing the option to disable syscall auditing when audit
is selected and the target arch supports it.
Signed-off-by: Paul Moore <pmoore(a)redhat.com>
---
init/Kconfig | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index c24b6f7..d4663b1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -299,20 +299,15 @@ config AUDIT
help
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
- logging of avc messages output). Does not do system-call
- auditing without CONFIG_AUDITSYSCALL.
+ logging of avc messages output). System call auditing is included
+ on architectures which support it.
config HAVE_ARCH_AUDITSYSCALL
bool
config AUDITSYSCALL
- bool "Enable system-call auditing support"
+ def_bool y
depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
- default y if SECURITY_SELINUX
- help
- Enable low-overhead system-call auditing infrastructure that
- can be used independently or with another kernel subsystem,
- such as SELinux.
config AUDIT_WATCH
def_bool y
5 years, 9 months
[RFC PATCH 0/3] simplify struct audit_krule reveals bug
by Richard Guy Briggs
In the process of trying to track down a potential bug altering the
registered arch for a syscall rule, a simplification of struct
audit_krule that removes a seemingly unnecessary member has revealed a
surprising NULL pointer dereference.
The struct audit_field *arch_f member should not be necessary since it
is the first field present if it is present at all, and is only
necessary for syscall rules, so iterating over the fields to find it is
simple and only happens when adding or deleting a rule. Shrinking the
struct audit_krule seemed to be a good idea, but appears to have openned
a can of worms. The first patch triggered this OOPS:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
IP: audit_match_signal+0x42/0x120
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
Modules linked in: sunrpc 8139too i2c_piix4 pcspkr virtio_balloon 8139cp i2c_core mii sch_fq_codel floppy serio_raw ata_generic pata_acpi
CPU: 1 PID: 325 Comm: auditctl Not tainted 4.15.0-bz1462178-arch-changed+ #636
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:audit_match_signal+0x42/0x120
RSP: 0018:ffffc900003dfc08 EFLAGS: 00010202
RAX: 0000000000000003 RBX: ffff880036588000 RCX: 0000000000000003
RDX: ffff88003c7f02e0 RSI: ffff88003c7f02a0 RDI: ffff880036588000
RBP: ffff88003671de00 R08: 0000000000000001 R09: 0000000000000000
R10: ffff880036a0b190 R11: 0000000000000000 R12: 0000000000000000
R13: ffff880036588178 R14: ffff880036588000 R15: ffffffff8247f880
FS: 00007fa53c6d9740(0000) GS:ffff88003e400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000009 CR3: 00000000347ba000 CR4: 00000000000006e0
Call Trace:
audit_rule_change+0xb32/0xce0
audit_receive_msg+0x163/0x1090
? netlink_deliver_tap+0x90/0x350
? kvm_sched_clock_read+0x5/0x10
? sched_clock+0x5/0x10
audit_receive+0x4d/0xa0
netlink_unicast+0x195/0x250
netlink_sendmsg+0x2fe/0x3f0
sock_sendmsg+0x32/0x60
SYSC_sendto+0xda/0x140
? syscall_trace_enter+0x2dc/0x400
? return_from_SYSCALL_64+0x10/0x75
do_syscall_64+0x83/0x360
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x7fa53bbb1607
RSP: 002b:00007fff33f48c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000444 RCX: 00007fa53bbb1607
RDX: 0000000000000444 RSI: 00007fff33f48cb0 RDI: 0000000000000003
RBP: 0000000000000431 R08: 00007fff33f48c9c R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 00007fff33f48cb0 R14: 00007fff33f48c9c R15: 00000000000003f3
Code: 01 00 00 83 3e 0b 0f 84 ef 00 00 00 31 c0 eb 0f 48 63 d0 48 c1 e2 05 48 01 f2 83 3a 0b 74 7d 83 c0 01 39 c8 75 ea 4d 85 c0 74 79 <41> 8b 78 08 e8 25 ff ed ff 85 c0 74 31 83 f8 01 75 58 48 8b 0d
RIP: audit_match_signal+0x42/0x120 RSP: ffffc900003dfc08
CR2: 0000000000000009
The second patch surprisingly fixes the OOPS.
Adding debug output, the OOPS is consistently happenning in the 7th STIG rule
that includes an arch parameter, but the value that causes the OOPS
dereferences, copies and prints out fine:
-a always,exit -F arch=b32 -S adjtimex,settimeofday,stime -F key=time-change
ams_: i=0 f=00000000e5612893 type=11 op=0 val=40000003 key="time-change"
-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=time-change
ams_: i=0 f=00000000cf222aca type=11 op=0 val=c000003e key="time-change"
-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change
ams_: i=0 f=00000000ad39bfc6 type=11 op=0 val=40000003 key="time-change"
-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change
ams_: i=0 f=00000000c9f83209 type=11 op=0 val=c000003e key="time-change"
-a always,exit -F arch=b32 -S sethostname,setdomainname -F key=system-locale
ams_: i=0 f=000000005a19d216 type=11 op=0 val=40000003 key="system-locale"
-a always,exit -F arch=b64 -S sethostname,setdomainname -F key=system-locale
ams_: i=0 f=000000003280e47a type=11 op=0 val=c000003e key="system-locale"
OOPS
-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod
ams_: i=0 f=000000008368170a type=11 op=0 val=40000003 key="perm_mod"
I'd let sleeping dogs lie, but I haven't tracked down the source of the
original rule that changes arch between addition and listing (nor reproduced it
yet since I don't have access to that HW arch), and it seems to reveal
potentially another bug.
Help! Any observations or hints?
Richard Guy Briggs (3):
audit: remove arch_f pointer from struct audit_krule
fixup! audit: remove arch_f pointer from struct audit_krule
debug! audit: remove arch_f pointer from struct audit_krule
include/linux/audit.h | 1 -
kernel/auditfilter.c | 18 +++++++++++++-----
2 files changed, 13 insertions(+), 6 deletions(-)
--
1.8.3.1
5 years, 11 months
[RFC PATCH ghak32 V2 00/13] audit: implement container id
by Richard Guy Briggs
Implement audit kernel container ID.
This patchset is a second RFC based on the proposal document (V3)
posted:
https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html
The first patch implements the proc fs write to set the audit container
ID of a process, emitting an AUDIT_CONTAINER record to announce the
registration of that container ID on that process. This patch requires
userspace support for record acceptance and proper type display.
The second checks for children or co-threads and refuses to set the
container ID if either are present. (This policy could be changed to
set both with the same container ID provided they meet the rest of the
requirements.)
The third implements the auxiliary record AUDIT_CONTAINER_INFO if a
container ID is identifiable with an event. This patch requires
userspace support for proper type display.
The fourth adds container ID filtering to the exit, exclude and user
lists. This patch requires auditctil userspace support for the
--containerid option.
The 5th adds signal and ptrace support.
The 6th creates a local audit context to be able to bind a standalone
record with a locally created auxiliary record.
The 7th, 8th, 9th, 10th patches add container ID records to standalone
records. Some of these may end up being syscall auxiliary records and
won't need this specific support since they'll be supported via
syscalls.
The 11th adds network namespace container ID labelling based on member
tasks' container ID labels.
The 12th adds container ID support to standalone netfilter records that
don't have a task context and lists each container to which that net
namespace belongs.
The 13th implements reading the container ID from the proc filesystem
for debugging. This patch isn't planned for upstream inclusion.
Feedback please!
Example: Set a container ID of 123456 to the "sleep" task:
sleep 2&
child=$!
echo 123456 > /proc/$child/containerid; echo $?
ausearch -ts recent -m container
echo child:$child contid:$( cat /proc/$child/containerid)
This should produce a record such as:
type=CONTAINER msg=audit(1521122590.315:222): op=set pid=689 uid=0 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 auid=0 tty=pts0 ses=3 opid=707 old-contid=18446744073709551615 contid=123456 res=1
Example: Set a filter on a container ID 123459 on /tmp/tmpcontainerid:
containerid=123459
key=tmpcontainerid
auditctl -a exit,always -F dir=/tmp -F perm=wa -F containerid=$containerid -F key=$key
perl -e "sleep 1; open(my \$tmpfile, '>', \"/tmp/$key\"); close(\$tmpfile);" &
child=$!
echo $containerid > /proc/$child/containerid
sleep 2
ausearch -i -ts recent -k $key
auditctl -d exit,always -F dir=/tmp -F perm=wa -F containerid=$containerid -F key=$key
rm -f /tmp/$key
This should produce an event such as:
type=CONTAINER_INFO msg=audit(1521122591.614:227): op=task contid=123459
type=PROCTITLE msg=audit(1521122591.614:227): proctitle=7065726C002D6500736C65657020313B206F70656E286D792024746D7066696C652C20273E272C20222F746D702F746D70636F6E7461696E6572696422293B20636C6F73652824746D7066696C65293B
type=PATH msg=audit(1521122591.614:227): item=1 name="/tmp/tmpcontainerid" inode=18427 dev=00:26 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1521122591.614:227): item=0 name="/tmp/" inode=13513 dev=00:26 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1521122591.614:227): cwd="/root"
type=SYSCALL msg=audit(1521122591.614:227): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9c a1=55db90a28900 a2=241 a3=1b6 items=2 ppid=689 pid=724 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="perl" exe="/usr/bin/perl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="tmpcontainerid"
See:
https://github.com/linux-audit/audit-kernel/issues/32
https://github.com/linux-audit/audit-userspace/issues/40
https://github.com/linux-audit/audit-testsuite/issues/64
Richard Guy Briggs (13):
audit: add container id
audit: check children and threading before allowing containerid
audit: log container info of syscalls
audit: add containerid filtering
audit: add containerid support for ptrace and signals
audit: add support for non-syscall auxiliary records
audit: add container aux record to watch/tree/mark
audit: add containerid support for tty_audit
audit: add containerid support for config/feature/user records
audit: add containerid support for seccomp and anom_abend records
audit: add support for containerid to network namespaces
audit: NETFILTER_PKT: record each container ID associated with a netNS
debug audit: read container ID of a process
drivers/tty/tty_audit.c | 5 +-
fs/proc/base.c | 53 ++++++++++++++++
include/linux/audit.h | 43 +++++++++++++
include/linux/init_task.h | 4 +-
include/linux/sched.h | 1 +
include/net/net_namespace.h | 12 ++++
include/uapi/linux/audit.h | 8 ++-
kernel/audit.c | 75 ++++++++++++++++++++---
kernel/audit.h | 3 +
kernel/audit_fsnotify.c | 5 +-
kernel/audit_tree.c | 5 +-
kernel/audit_watch.c | 33 +++++-----
kernel/auditfilter.c | 52 +++++++++++++++-
kernel/auditsc.c | 145 ++++++++++++++++++++++++++++++++++++++++++--
kernel/nsproxy.c | 6 ++
net/core/net_namespace.c | 45 ++++++++++++++
net/netfilter/xt_AUDIT.c | 15 ++++-
17 files changed, 473 insertions(+), 37 deletions(-)
--
1.8.3.1
6 years, 5 months
[PATCH] audit: add containerid support for IMA-audit
by Mimi Zohar
Hi Richard,
This patch has been compiled, but not runtime tested.
---
If the containerid is defined, include it in the IMA-audit record.
Signed-off-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com>
---
security/integrity/ima/ima_api.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 33b4458cdbef..41d29a06f28f 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -335,6 +335,9 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
audit_log_untrustedstring(ab, algo_hash);
audit_log_task_info(ab, current);
+ if (audit_containerid_set(current))
+ audit_log_format(ab, " contid=%llu",
+ audit_get_containerid(current));
audit_log_end(ab);
iint->flags |= IMA_AUDITED;
--
2.7.5
6 years, 5 months
What does audisp/plugins.d/syslog.conf LOG_WARN not show?
by leam hall
(RHEL 6, default audit rpms)
We're trying to cut down on spurious logging but have some logging
mandated (STIG environment). If the syslog.conf file in
audisp/plugins.d/syslog.conf is set with "args = LOG_WARN", will the
events in audit.rules still be logged?
Thanks!
Leam
6 years, 6 months
Limiting SECCOMP audit events
by Steve Grubb
Hello,
Over the last month, the amount of seccomp events in audit logs is sky-rocketing. I
have over a million events in the last 2 days. Most of this is generated by firefox and
qt webkit.
I am wondering if the audit package should ship a file for
/usr/lib/sysctl.d/60-auditd.conf
wherein it has
kernel.seccomp.actions_logged = kill_process kill_thread errno
Also, has anyone verified this sysctl is filtering audit events? Even with the above, I
have over a million events on a 4.14.3 kernel. Firefox alone is generating over
50,000 events per hour.
Thanks,
-Steve
6 years, 6 months
[RFC PATCH V1 00/12] audit: implement container id
by Richard Guy Briggs
Implement audit kernel container ID.
This patchset is a preliminary RFC based on the proposal document (V3)
posted:
https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html
The first patch implements the proc fs write to set the audit container
ID of a process, emitting an AUDIT_CONTAINER record.
The second implements an auxiliary syscall record AUDIT_CONTAINER_INFO
if a container ID is present on a task.
The third adds filtering to the exit, exclude and user lists.
The 4th, implements reading the container ID from the proc filesystem
for debugging. This isn't planned for upstream inclusion.
The 5th adds signal and ptrace support.
The 6th attempts to create a local audit context to be able to bind a
standalone record with the container ID record.
The 7th, 8th, 9th, 10th patches add container ID records to standalone
records. Some of these may end up being syscall auxiliary records and
won't need this specific support since they'll be supported via
syscalls.
The 11th is a temporary workaround due to the AUDIT_CONTAINER records
not showing up as do AUDIT_LOGIN records. I suspect this is due to its
range (1000 vs 1300), but the intent is to solve it.
The 12th adds debug information not intended for upstream for those
brave souls wanting to tinker with it in this early state.
Feedback please!
Here's a quick and dirty test script:
echo 123455 > /proc/$$/containerid; echo $?
sleep 4&
child=$!; sleep 1
echo 18446744073709551615 > /proc/$child/containerid; echo $?
echo 123456 > /proc/$child/containerid; echo $?
echo 123457 > /proc/$child/containerid; echo $?
sleep 1
ausearch -ts recent |grep " contid=18446744073709551615"; echo $?
ausearch -ts recent |grep " contid=123456"; echo $?
ausearch -ts recent |grep " contid=123457"; echo $?
echo self:$$ contid:$( cat /proc/$$/containerid)
echo child:$child contid:$( cat /proc/$child/containerid)
containerid=123458
key=tmpcontainerid
auditctl -a exit,always -F dir=/tmp -F perm=wa -F containerid=$containerid -F key=$key || echo failed to add containerid filter rule
bash -c "sleep 1; echo test > /tmp/$key"&
child=$!
echo $containerid > /proc/$child/containerid
sleep 2
rm -f /tmp/$key
ausearch -ts recent -k $key || echo failed to find CONTAINER_INFO record
auditctl -d exit,always -F dir=/tmp -F perm=wa -F containerid=$containerid -F key=$key || echo failed to add containerid filter rule
See:
https://github.com/linux-audit/audit-kernel/issues/32
https://github.com/linux-audit/audit-userspace/issues/40
https://github.com/linux-audit/audit-testsuite/issues/64
Richard Guy Briggs (12):
audit: add container id
audit: log container info of syscalls
audit: add containerid filtering
audit: read container ID of a process
audit: add containerid support for ptrace and signals
audit: add support for non-syscall auxiliary records
audit: add container aux record to watch/tree/mark
audit: add containerid support for tty_audit
audit: add containerid support for config/feature/user records
audit: add containerid support for seccomp and anom_abend records
debug audit: add container id
debug! audit: add container id
drivers/tty/tty_audit.c | 5 +-
fs/proc/base.c | 63 +++++++++++++++++++
include/linux/audit.h | 36 +++++++++++
include/linux/init_task.h | 4 +-
include/linux/sched.h | 1 +
include/uapi/linux/audit.h | 9 ++-
kernel/audit.c | 74 +++++++++++++++++++---
kernel/audit.h | 3 +
kernel/audit_fsnotify.c | 5 +-
kernel/audit_tree.c | 5 +-
kernel/audit_watch.c | 33 +++++-----
kernel/auditfilter.c | 52 ++++++++++++++-
kernel/auditsc.c | 154 +++++++++++++++++++++++++++++++++++++++++++--
13 files changed, 408 insertions(+), 36 deletions(-)
--
1.8.3.1
6 years, 6 months
[PATCH ghak21 V4 0/2] audit: address ANOM_LINK excess records
by Richard Guy Briggs
This V4 is a supplement to patches 1 and 2 of v1 already merged.
Audit link denied events were being unexpectedly produced in a disjoint
way when audit was disabled, and when they were expected, there were
duplicate PATH records. This patchset addresses both issues for
symlinks and hardlinks.
This was introduced with
commit b24a30a7305418ff138ff51776fc555ec57c011a
("audit: fix event coverage of AUDIT_ANOM_LINK")
commit a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc
("fs: add link restriction audit reporting")
Here are the original events for symlink and hardlink for each of
CWD!=PARENT and CWD=PARENT on 4.15.7-300.fc27.x86_64:
----
type=PROCTITLE msg=audit(2018-03-21 04:15:45.353:285) : proctitle=ls /tmp/my-passwd
type=PATH msg=audit(2018-03-21 04:15:45.353:285) : item=0 name=/tmp/my-passwd nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(2018-03-21 04:15:45.353:285) : cwd=/root
type=SYSCALL msg=audit(2018-03-21 04:15:45.353:285) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission denied) a0=0x7ffddb7c4de7 a1=0x557b4bb5f3c0 a2=0x557b4bb5f3c0 a3=0xdb7c4d00 items=1 ppid=621 pid=676 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=ttyS0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PATH msg=audit(2018-03-21 04:15:45.353:285) : item=0 name=/tmp/my-passwd inode=20618 dev=00:29 mode=link,777 ouid=rgb ogid=rgb rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=ANOM_LINK msg=audit(2018-03-21 04:15:45.353:285) : op=follow_link ppid=621 pid=676 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=ttyS0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no
----
type=PROCTITLE msg=audit(2018-03-21 04:15:45.356:286) : proctitle=ls my-passwd
type=PATH msg=audit(2018-03-21 04:15:45.356:286) : item=0 name=my-passwd nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(2018-03-21 04:15:45.356:286) : cwd=/tmp
type=SYSCALL msg=audit(2018-03-21 04:15:45.356:286) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission denied) a0=0x7ffe24d26de0 a1=0x55de0254b3c0 a2=0x55de0254b3c0 a3=0x24d26d00 items=1 ppid=621 pid=677 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=ttyS0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PATH msg=audit(2018-03-21 04:15:45.356:286) : item=0 name=/tmp/my-passwd inode=20618 dev=00:29 mode=link,777 ouid=rgb ogid=rgb rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=ANOM_LINK msg=audit(2018-03-21 04:15:45.356:286) : op=follow_link ppid=621 pid=677 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=ttyS0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no
----
type=PROCTITLE msg=audit(2018-03-21 04:15:56.688:287) : proctitle=ln /tmp/test /tmp/test-ln
type=PATH msg=audit(2018-03-21 04:15:56.688:287) : item=1 name=/tmp/ inode=15168 dev=00:29 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(2018-03-21 04:15:56.688:287) : item=0 name=/tmp/test inode=20018 dev=00:29 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(2018-03-21 04:15:56.688:287) : cwd=/home/rgb
type=SYSCALL msg=audit(2018-03-21 04:15:56.688:287) : arch=x86_64 syscall=linkat success=no exit=EPERM(Operation not permitted) a0=0xffffff9c a1=0x7fff7f3ac62e a2=0xffffff9c a3=0x7fff7f3ac638 items=2 ppid=650 pid=680 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=pts0 ses=3 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PATH msg=audit(2018-03-21 04:15:56.688:287) : item=0 name=/tmp/test inode=20018 dev=00:29 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=ANOM_LINK msg=audit(2018-03-21 04:15:56.688:287) : op=linkat ppid=650 pid=680 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=pts0 ses=3 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no
----
type=PROCTITLE msg=audit(2018-03-21 04:15:56.691:288) : proctitle=ln test test-ln
type=PATH msg=audit(2018-03-21 04:15:56.691:288) : item=1 name=/tmp inode=15168 dev=00:29 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(2018-03-21 04:15:56.691:288) : item=0 name=test inode=20018 dev=00:29 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=no ne cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(2018-03-21 04:15:56.691:288) : cwd=/tmp
type=SYSCALL msg=audit(2018-03-21 04:15:56.691:288) : arch=x86_64 syscall=linkat success=no exit=EPERM(Operation not permitted) a0=0xffffff9c a1=0x7ffd01e3e62c a2=0xffffff9c a3=0x7ffd01e3e631 items=2 ppid=650 pid=681 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=pts0 ses=3 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PATH msg=audit(2018-03-21 04:15:56.691:288) : item=0 name=/tmp/test inode=20018 dev=00:29 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=ANOM_LINK msg=audit(2018-03-21 04:15:56.691:288) : op=linkat ppid=650 pid=681 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=pts0 ses=3 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no
----
Here are the resulting events for symlink and hardlink for each of CWD!=PARENT
and CWD=PARENT based on audit/next 11dd266:
----
type=PROCTITLE msg=audit(2018-03-21 04:29:41.556:315) : proctitle=ls --color=auto /tmp/my-passwd
type=PATH msg=audit(2018-03-21 04:29:41.556:315) : item=0 name=/tmp/my-passwd inode=19641 dev=00:26 mode=link,777 ouid=rgb ogid=rgb rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(2018-03-21 04:29:41.556:315) : cwd=/root
type=SYSCALL msg=audit(2018-03-21 04:29:41.556:315) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission denied) a0=0x7ffd4585565a a1=0x5649fb468fd0 a2=0x5649fb468fd0 a3=0x45855600 items=1 ppid=694 pid=714 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=6 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=ANOM_LINK msg=audit(2018-03-21 04:29:41.556:315) : op=follow_link ppid=694 pid=714 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=6 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no
----
type=PROCTITLE msg=audit(2018-03-21 04:29:41.562:316) : proctitle=ls --color=auto my-passwd
type=PATH msg=audit(2018-03-21 04:29:41.562:316) : item=0 name=my-passwd inode=19641 dev=00:26 mode=link,777 ouid=rgb ogid=rgb rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(2018-03-21 04:29:41.562:316) : cwd=/tmp
type=SYSCALL msg=audit(2018-03-21 04:29:41.562:316) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission denied) a0=0x7fff7fe3c653 a1=0x55d9f875dfd0 a2=0x55d9f875dfd0 a3=0x7fe3c600 items=1 ppid=694 pid=715 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=6 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=ANOM_LINK msg=audit(2018-03-21 04:29:41.562:316) : op=follow_link ppid=694 pid=715 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=6 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no
----
type=PROCTITLE msg=audit(2018-03-21 04:29:54.709:317) : proctitle=ln /tmp/test /tmp/test-ln
type=PATH msg=audit(2018-03-21 04:29:54.709:317) : item=1 name=/tmp/ inode=13038 dev=00:26 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(2018-03-21 04:29:54.709:317) : item=0 name=/tmp/test inode=18720 dev=00:26 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(2018-03-21 04:29:54.709:317) : cwd=/home/rgb
type=SYSCALL msg=audit(2018-03-21 04:29:54.709:317) : arch=x86_64 syscall=linkat success=no exit=EPERM(Operation not permitted) a0=0xffffff9c a1=0x7ffc468b2dbb a2=0xffffff9c a3=0x7ffc468b2dc5 items=2 ppid=661 pid=718 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=ttyS0 ses=5 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=ANOM_LINK msg=audit(2018-03-21 04:29:54.709:317) : op=linkat ppid=661 pid=718 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=ttyS0 ses=5 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no
----
type=PROCTITLE msg=audit(2018-03-21 04:29:54.714:318) : proctitle=ln test test-ln
type=PATH msg=audit(2018-03-21 04:29:54.714:318) : item=1 name=/tmp inode=13038 dev=00:26 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(2018-03-21 04:29:54.714:318) : item=0 name=test inode=18720 dev=00:26 mode=file,700 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(2018-03-21 04:29:54.714:318) : cwd=/tmp
type=SYSCALL msg=audit(2018-03-21 04:29:54.714:318) : arch=x86_64 syscall=linkat success=no exit=EPERM(Operation not permitted) a0=0xffffff9c a1=0x7ffc06b99db9 a2=0xffffff9c a3=0x7ffc06b99dbe items=2 ppid=661 pid=719 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=ttyS0 ses=5 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=ANOM_LINK msg=audit(2018-03-21 04:29:54.714:318) : op=linkat ppid=661 pid=719 auid=rgb uid=rgb gid=rgb euid=rgb suid=rgb fsuid=rgb egid=rgb sgid=rgb fsgid=rgb tty=ttyS0 ses=5 comm=ln exe=/usr/bin/ln subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=no
----
See: https://github.com/linux-audit/audit-kernel/issues/21
See also: https://github.com/linux-audit/audit-kernel/issues/51
Changelog:
v4:
- fix call from may_follow_link() to audit_log_link_denied() param count
v3:
- rebase on previously accepted 1/4 and 2/4 patches and drop them
- drop parent record audit_log_symlink_denied()
v2:
- remove now supperfluous struct path * parameter from audit_log_link_denied()
- refactor audit_log_symlink_denied() to properly free memory (pathname, filename)
Richard Guy Briggs (2):
audit: remove path param from link denied function
audit: add refused symlink to audit_names
fs/namei.c | 5 +++--
include/linux/audit.h | 6 ++----
kernel/audit.c | 3 +--
3 files changed, 6 insertions(+), 8 deletions(-)
--
1.8.3.1
6 years, 6 months
CONFIG_CHANGE record formats
by Richard Guy Briggs
Hi Steve, Paul,
Looking at some AUDIT_CONFIG_CHANGE record formats, a couple of things
stand out as potential problems:
For ADD_RULE and DEL_RULE case when audit_enabled is in the AUDIT_LOCKED
state, it just outputs "audit_enabled=2 res=0" to indicate locked and
failure, but doesn't appear to actually give the normal "op=<mumble>" to
indicate a rule change was attempted and refused due to immutability of
the rule set. Will this be a problem for the parser, and should an
attempted rule change be logged as such?
The other is AUDIT_TTY_SET that has non-standard old-* and new-* fields,
but since there are two, I think it is unavoidable and can't be fixed.
Another is that other than a change to the enabled status and maybe
auditd PID changes, every other config change should not be logged if
audit is disabled. Furthermore, if CONFFIG_CHANGE records are to be
accompanied by syscall records, they should obey audit_dummy_context()
to avoid unaccompanied records. Does this reasoning make sense?
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
6 years, 7 months
[trivial PATCH V2] treewide: Align function definition open/close braces
by Joe Perches
Some functions definitions have either the initial open brace and/or
the closing brace outside of column 1.
Move those braces to column 1.
This allows various function analyzers like gnu complexity to work
properly for these modified functions.
Signed-off-by: Joe Perches <joe(a)perches.com>
Acked-by: Andy Shevchenko <andy.shevchenko(a)gmail.com>
Acked-by: Paul Moore <paul(a)paul-moore.com>
Acked-by: Alex Deucher <alexander.deucher(a)amd.com>
Acked-by: Dave Chinner <dchinner(a)redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com>
Acked-by: Alexandre Belloni <alexandre.belloni(a)free-electrons.com>
Acked-by: Martin K. Petersen <martin.petersen(a)oracle.com>
Acked-by: Takashi Iwai <tiwai(a)suse.de>
Acked-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com>
---
git diff -w still shows no difference.
This patch was sent but December and not applied.
As the trivial maintainer seems not active, it'd be nice if
Andrew Morton picks this up.
V2: Remove fs/xfs/libxfs/xfs_alloc.c as it's updated and remerge the rest
arch/x86/include/asm/atomic64_32.h | 2 +-
drivers/acpi/custom_method.c | 2 +-
drivers/acpi/fan.c | 2 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +-
drivers/media/i2c/msp3400-kthreads.c | 2 +-
drivers/message/fusion/mptsas.c | 2 +-
drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c | 2 +-
drivers/net/wireless/ath/ath9k/xmit.c | 2 +-
drivers/platform/x86/eeepc-laptop.c | 2 +-
drivers/rtc/rtc-ab-b5ze-s3.c | 2 +-
drivers/scsi/dpt_i2o.c | 2 +-
drivers/scsi/sym53c8xx_2/sym_glue.c | 2 +-
fs/locks.c | 2 +-
fs/ocfs2/stack_user.c | 2 +-
fs/xfs/xfs_export.c | 2 +-
kernel/audit.c | 6 +++---
kernel/trace/trace_printk.c | 4 ++--
lib/raid6/sse2.c | 14 +++++++-------
sound/soc/fsl/fsl_dma.c | 2 +-
19 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
index 46e1ef17d92d..92212bf0484f 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
@@ -123,7 +123,7 @@ static inline long long arch_atomic64_read(const atomic64_t *v)
long long r;
alternative_atomic64(read, "=&A" (r), "c" (v) : "memory");
return r;
- }
+}
/**
* arch_atomic64_add_return - add and return
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index b33fba70ec51..a07fbe999eb6 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -97,7 +97,7 @@ static void __exit acpi_custom_method_exit(void)
{
if (cm_dentry)
debugfs_remove(cm_dentry);
- }
+}
module_init(acpi_custom_method_init);
module_exit(acpi_custom_method_exit);
diff --git a/drivers/acpi/fan.c b/drivers/acpi/fan.c
index 6cf4988206f2..3563103590c6 100644
--- a/drivers/acpi/fan.c
+++ b/drivers/acpi/fan.c
@@ -219,7 +219,7 @@ fan_set_cur_state(struct thermal_cooling_device *cdev, unsigned long state)
return fan_set_state_acpi4(device, state);
else
return fan_set_state(device, state);
- }
+}
static const struct thermal_cooling_device_ops fan_cooling_ops = {
.get_max_state = fan_get_max_state,
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
index 8394d69b963f..e934326a95d3 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -588,7 +588,7 @@ static void disable_dangling_plane(struct dc *dc, struct dc_state *context)
******************************************************************************/
struct dc *dc_create(const struct dc_init_data *init_params)
- {
+{
struct dc *dc = kzalloc(sizeof(*dc), GFP_KERNEL);
unsigned int full_pipe_count;
diff --git a/drivers/media/i2c/msp3400-kthreads.c b/drivers/media/i2c/msp3400-kthreads.c
index 4dd01e9f553b..dc6cb8d475b3 100644
--- a/drivers/media/i2c/msp3400-kthreads.c
+++ b/drivers/media/i2c/msp3400-kthreads.c
@@ -885,7 +885,7 @@ static int msp34xxg_modus(struct i2c_client *client)
}
static void msp34xxg_set_source(struct i2c_client *client, u16 reg, int in)
- {
+{
struct msp_state *state = to_state(i2c_get_clientdata(client));
int source, matrix;
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
index 439ee9c5f535..231f3a1e27bf 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -2967,7 +2967,7 @@ mptsas_exp_repmanufacture_info(MPT_ADAPTER *ioc,
mutex_unlock(&ioc->sas_mgmt.mutex);
out:
return ret;
- }
+}
static void
mptsas_parse_device_info(struct sas_identify *identify,
diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c
index 3dd973475125..0ea141ece19e 100644
--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c
+++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c
@@ -603,7 +603,7 @@ static struct uni_table_desc *nx_get_table_desc(const u8 *unirom, int section)
static int
netxen_nic_validate_header(struct netxen_adapter *adapter)
- {
+{
const u8 *unirom = adapter->fw->data;
struct uni_table_desc *directory = (struct uni_table_desc *) &unirom[0];
u32 fw_file_size = adapter->fw->size;
diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
index 396bf05c6bf6..88be55ed5b4d 100644
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -252,7 +252,7 @@ ath_tid_pull(struct ath_atx_tid *tid)
}
return skb;
- }
+}
static bool ath_tid_has_buffered(struct ath_atx_tid *tid)
diff --git a/drivers/platform/x86/eeepc-laptop.c b/drivers/platform/x86/eeepc-laptop.c
index 5a681962899c..4c38904a8a32 100644
--- a/drivers/platform/x86/eeepc-laptop.c
+++ b/drivers/platform/x86/eeepc-laptop.c
@@ -492,7 +492,7 @@ static void eeepc_platform_exit(struct eeepc_laptop *eeepc)
* potentially bad time, such as a timer interrupt.
*/
static void tpd_led_update(struct work_struct *work)
- {
+{
struct eeepc_laptop *eeepc;
eeepc = container_of(work, struct eeepc_laptop, tpd_led_work);
diff --git a/drivers/rtc/rtc-ab-b5ze-s3.c b/drivers/rtc/rtc-ab-b5ze-s3.c
index e55f35fa0b58..8dc451932446 100644
--- a/drivers/rtc/rtc-ab-b5ze-s3.c
+++ b/drivers/rtc/rtc-ab-b5ze-s3.c
@@ -646,7 +646,7 @@ static int abb5zes3_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alarm)
ret);
return ret;
- }
+}
/* Enable or disable battery low irq generation */
static inline int _abb5zes3_rtc_battery_low_irq_enable(struct regmap *regmap,
diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c
index 0f30792d74c4..cc5fa99a6530 100644
--- a/drivers/scsi/dpt_i2o.c
+++ b/drivers/scsi/dpt_i2o.c
@@ -3521,7 +3521,7 @@ static int adpt_i2o_systab_send(adpt_hba* pHba)
#endif
return ret;
- }
+}
/*============================================================================
diff --git a/drivers/scsi/sym53c8xx_2/sym_glue.c b/drivers/scsi/sym53c8xx_2/sym_glue.c
index 791a2182de53..7320d5fe4cbc 100644
--- a/drivers/scsi/sym53c8xx_2/sym_glue.c
+++ b/drivers/scsi/sym53c8xx_2/sym_glue.c
@@ -1393,7 +1393,7 @@ static struct Scsi_Host *sym_attach(struct scsi_host_template *tpnt, int unit,
scsi_host_put(shost);
return NULL;
- }
+}
/*
diff --git a/fs/locks.c b/fs/locks.c
index d56a14894fb2..0feaed9f589b 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -559,7 +559,7 @@ static const struct lock_manager_operations lease_manager_ops = {
* Initialize a lease, use the default lock manager operations
*/
static int lease_init(struct file *filp, long type, struct file_lock *fl)
- {
+{
if (assign_type(fl, type) != 0)
return -EINVAL;
diff --git a/fs/ocfs2/stack_user.c b/fs/ocfs2/stack_user.c
index dae9eb7c441e..d2fb97b173da 100644
--- a/fs/ocfs2/stack_user.c
+++ b/fs/ocfs2/stack_user.c
@@ -398,7 +398,7 @@ static int ocfs2_control_do_setnode_msg(struct file *file,
static int ocfs2_control_do_setversion_msg(struct file *file,
struct ocfs2_control_message_setv *msg)
- {
+{
long major, minor;
char *ptr = NULL;
struct ocfs2_control_private *p = file->private_data;
diff --git a/fs/xfs/xfs_export.c b/fs/xfs/xfs_export.c
index 761f3189eff2..eed698aa9f16 100644
--- a/fs/xfs/xfs_export.c
+++ b/fs/xfs/xfs_export.c
@@ -122,7 +122,7 @@ xfs_nfs_get_inode(
struct super_block *sb,
u64 ino,
u32 generation)
- {
+{
xfs_mount_t *mp = XFS_M(sb);
xfs_inode_t *ip;
int error;
diff --git a/kernel/audit.c b/kernel/audit.c
index 8fe6dfb67a94..a97d004375e3 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -486,15 +486,15 @@ static int audit_set_failure(u32 state)
* Drop any references inside the auditd connection tracking struct and free
* the memory.
*/
- static void auditd_conn_free(struct rcu_head *rcu)
- {
+static void auditd_conn_free(struct rcu_head *rcu)
+{
struct auditd_connection *ac;
ac = container_of(rcu, struct auditd_connection, rcu);
put_pid(ac->pid);
put_net(ac->net);
kfree(ac);
- }
+}
/**
* auditd_set - Set/Reset the auditd connection state
diff --git a/kernel/trace/trace_printk.c b/kernel/trace/trace_printk.c
index ad1d6164e946..50f44b7b2b32 100644
--- a/kernel/trace/trace_printk.c
+++ b/kernel/trace/trace_printk.c
@@ -196,7 +196,7 @@ struct notifier_block module_trace_bprintk_format_nb = {
};
int __trace_bprintk(unsigned long ip, const char *fmt, ...)
- {
+{
int ret;
va_list ap;
@@ -214,7 +214,7 @@ int __trace_bprintk(unsigned long ip, const char *fmt, ...)
EXPORT_SYMBOL_GPL(__trace_bprintk);
int __ftrace_vbprintk(unsigned long ip, const char *fmt, va_list ap)
- {
+{
if (unlikely(!fmt))
return 0;
diff --git a/lib/raid6/sse2.c b/lib/raid6/sse2.c
index 1d2276b007ee..8191e1d0d2fb 100644
--- a/lib/raid6/sse2.c
+++ b/lib/raid6/sse2.c
@@ -91,7 +91,7 @@ static void raid6_sse21_gen_syndrome(int disks, size_t bytes, void **ptrs)
static void raid6_sse21_xor_syndrome(int disks, int start, int stop,
size_t bytes, void **ptrs)
- {
+{
u8 **dptr = (u8 **)ptrs;
u8 *p, *q;
int d, z, z0;
@@ -200,9 +200,9 @@ static void raid6_sse22_gen_syndrome(int disks, size_t bytes, void **ptrs)
kernel_fpu_end();
}
- static void raid6_sse22_xor_syndrome(int disks, int start, int stop,
+static void raid6_sse22_xor_syndrome(int disks, int start, int stop,
size_t bytes, void **ptrs)
- {
+{
u8 **dptr = (u8 **)ptrs;
u8 *p, *q;
int d, z, z0;
@@ -265,7 +265,7 @@ static void raid6_sse22_gen_syndrome(int disks, size_t bytes, void **ptrs)
asm volatile("sfence" : : : "memory");
kernel_fpu_end();
- }
+}
const struct raid6_calls raid6_sse2x2 = {
raid6_sse22_gen_syndrome,
@@ -366,9 +366,9 @@ static void raid6_sse24_gen_syndrome(int disks, size_t bytes, void **ptrs)
kernel_fpu_end();
}
- static void raid6_sse24_xor_syndrome(int disks, int start, int stop,
+static void raid6_sse24_xor_syndrome(int disks, int start, int stop,
size_t bytes, void **ptrs)
- {
+{
u8 **dptr = (u8 **)ptrs;
u8 *p, *q;
int d, z, z0;
@@ -471,7 +471,7 @@ static void raid6_sse24_gen_syndrome(int disks, size_t bytes, void **ptrs)
}
asm volatile("sfence" : : : "memory");
kernel_fpu_end();
- }
+}
const struct raid6_calls raid6_sse2x4 = {
diff --git a/sound/soc/fsl/fsl_dma.c b/sound/soc/fsl/fsl_dma.c
index fce2010d3c53..78871de35086 100644
--- a/sound/soc/fsl/fsl_dma.c
+++ b/sound/soc/fsl/fsl_dma.c
@@ -886,7 +886,7 @@ static const struct snd_pcm_ops fsl_dma_ops = {
};
static int fsl_soc_dma_probe(struct platform_device *pdev)
- {
+{
struct dma_object *dma;
struct device_node *np = pdev->dev.of_node;
struct device_node *ssi_np;
--
2.15.0
6 years, 7 months