Re: [PATCH] revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present")
On Tue, Jul 28, 2020 at 5:09 PM Paul Moore <paul(a)paul-moore.com> wrote:
Unfortunately the commit listed in the subject line above failed
to ensure that the task's audit_context was properly initialized/set
before enabling the "accompanying records". Depending on the
sitation, the resulting audit_context could have invalid values in
some of it's fields which could cause a kernel panic/oops when the
task/syscall exists and the audit records are generated.
We will revisit the original patch, with the necessary fixes, in a
future kernel but right now we just want to fix the kernel panic
with the least amount of added risk.
Cc: stable(a)vger.kernel.org
Fixes: 1320a4052ea1 ("audit: trigger accompanying records when no rules
present")
Reported-by: j2468h(a)googlemail.com
Signed-off-by: Paul Moore <paul(a)paul-moore.com>
---
kernel/audit.c | 1 -
kernel/audit.h | 8 --------
kernel/auditsc.c | 3 +++
3 files changed, 3 insertions(+), 9 deletions(-)
William pointed out a misspelling in the patch description above,
which I just fixed. Unfortunately I had already pushed the patch to
audit/stable-5.8 so I did a force-push to correct the spelling;
normally I wouldn't do something like that for such a trivial matter,
but since it is unlikely anyone is based of the audit/stable-5.8
branch this seemed like an okay time to do that.
I'll be sending a PR to Linus shortly.
--
paul moore
www.paul-moore.com