Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Mon, Apr 8, 2019 at 1:15 PM Dmitry V. Levin  wrote:
> On Mon, Apr 08, 2019 at 11:31:31AM +1000, Stephen Rothwell wrote:
> > Hi all,
> >
> > Today's linux-next merge of the audit tree got conflicts in:
> >
> >   arch/mips/kernel/ptrace.c
> >   kernel/seccomp.c
> >
> > between commit:
> >
> >   b35f549df1d7 ("syscalls: Remove start and number from 
> > syscall_get_arguments() args")
> >
> > from Linus' tree and commit:
> >
> >   16add411645c ("syscall_get_arch: add "struct task_struct *" argument")
> >
> > from the audit tree.
> >
> > I fixed it up (see below) and can carry the fix as necessary. This
> > is now fixed as far as linux-next is concerned, but any non trivial
> > conflicts should be mentioned to your upstream maintainer when your tree
> > is submitted for merging.  You may also want to consider cooperating
> > with the maintainer of the conflicting tree to minimise any particularly
> > complex conflicts.
>
> Thanks, the merge fix is correct.
> I've also re-tested it using the new selftests/ptrace test
> from PTRACE_GET_SYSCALL_INFO patchset.

Thanks for the verification Dmitry.

Stephen, thanks for the heads-up, I'll pass this along to Linus come merge time.

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

[Dmitry V. Levin]

On Mon, Apr 08, 2019 at 11:31:31AM +1000, Stephen Rothwell wrote:
> Hi all,
> 
> Today's linux-next merge of the audit tree got conflicts in:
> 
>   arch/mips/kernel/ptrace.c
>   kernel/seccomp.c
> 
> between commit:
> 
>   b35f549df1d7 ("syscalls: Remove start and number from 
> syscall_get_arguments() args")
> 
> from Linus' tree and commit:
> 
>   16add411645c ("syscall_get_arch: add "struct task_struct *" argument")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

Thanks, the merge fix is correct.
I've also re-tested it using the new selftests/ptrace test
from PTRACE_GET_SYSCALL_INFO patchset.


-- 
ldv


signature.asc
Description: PGP signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi all,

Today's linux-next merge of the audit tree got conflicts in:

  arch/mips/kernel/ptrace.c
  kernel/seccomp.c

between commit:

  b35f549df1d7 ("syscalls: Remove start and number from syscall_get_arguments() 
args")

from Linus' tree and commit:

  16add411645c ("syscall_get_arch: add "struct task_struct *" argument")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc arch/mips/kernel/ptrace.c
index 3a62f80958e1,2ead6ff919b7..
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@@ -1418,8 -1418,8 +1418,8 @@@ asmlinkage long syscall_trace_enter(str
unsigned long args[6];
  
sd.nr = syscall;
-   sd.arch = syscall_get_arch();
+   sd.arch = syscall_get_arch(current);
 -  syscall_get_arguments(current, regs, 0, 6, args);
 +  syscall_get_arguments(current, regs, args);
for (i = 0; i < 6; i++)
sd.args[i] = args[i];
sd.instruction_pointer = KSTK_EIP(current);
diff --cc kernel/seccomp.c
index df27e499956a,36f36ab00f48..
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@@ -148,8 -148,8 +148,8 @@@ static void populate_seccomp_data(struc
unsigned long args[6];
  
sd->nr = syscall_get_nr(task, regs);
-   sd->arch = syscall_get_arch();
+   sd->arch = syscall_get_arch(task);
 -  syscall_get_arguments(task, regs, 0, 6, args);
 +  syscall_get_arguments(task, regs, args);
sd->args[0] = args[0];
sd->args[1] = args[1];
sd->args[2] = args[2];


pgpzceiLMortN.pgp
Description: OpenPGP digital signature

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Thu, Mar 23, 2017 at 10:18 PM, Stephen Rothwell  
wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   net/netfilter/xt_AUDIT.c
>
> between commit:
>
>   613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
> structure")
>
> from Linus' tree and commit:
>
>   36fe46d172e5 ("audit: normalize NETFILTER_PKT")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
>
> P.S. You may want to consider a newer base for your tree ...

FWIW, the audit/next tree's base is old-ish for a reason; it is that
way out of awkwardness and not neglect.  Depending on how things go
today/this-weekend there are some audit patches in the queue which
will require a rebase to a much more current point in time (likely a
4.11-rcX tag, which presents its own challenges, but oh well).

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Thu, Mar 23, 2017 at 10:18 PM, Stephen Rothwell  
wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   net/netfilter/xt_AUDIT.c
>
> between commit:
>
>   613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
> structure")
>
> from Linus' tree and commit:
>
>   36fe46d172e5 ("audit: normalize NETFILTER_PKT")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
>
> P.S. You may want to consider a newer base for your tree ...

FWIW, the audit/next tree's base is old-ish for a reason; it is that
way out of awkwardness and not neglect.  Depending on how things go
today/this-weekend there are some audit patches in the queue which
will require a rebase to a much more current point in time (likely a
4.11-rcX tag, which presents its own challenges, but oh well).

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 2017-03-24 13:18, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   net/netfilter/xt_AUDIT.c
> 
> between commit:
> 
>   613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
> structure")
> 
> from Linus' tree and commit:
> 
>   36fe46d172e5 ("audit: normalize NETFILTER_PKT")
> 
> from the audit tree.

Lovely.  The fix looks fine to me.  Thanks!

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> P.S. You may want to consider a newer base for your tree ...
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc net/netfilter/xt_AUDIT.c
> index 19247a17e511,582ee54f6664..
> --- a/net/netfilter/xt_AUDIT.c
> +++ b/net/netfilter/xt_AUDIT.c
> @@@ -131,39 -78,24 +78,24 @@@ audit_tg(struct sk_buff *skb, const str
>   if (ab == NULL)
>   goto errout;
>   
> - audit_log_format(ab, "action=%hhu hook=%u len=%u inif=%s outif=%s",
> -  info->type, xt_hooknum(par), skb->len,
> -  xt_in(par) ? xt_inname(par) : "?",
> -  xt_out(par) ? xt_outname(par) : "?");
> - 
> - if (skb->mark)
> - audit_log_format(ab, " mark=%#x", skb->mark);
> - 
> - if (skb->dev && skb->dev->type == ARPHRD_ETHER) {
> - audit_log_format(ab, " smac=%pM dmac=%pM macproto=0x%04x",
> -  eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
> -  ntohs(eth_hdr(skb)->h_proto));
> - 
> - if (xt_family(par) == NFPROTO_BRIDGE) {
> - switch (eth_hdr(skb)->h_proto) {
> - case htons(ETH_P_IP):
> - audit_ip4(ab, skb);
> - break;
> - 
> - case htons(ETH_P_IPV6):
> - audit_ip6(ab, skb);
> - break;
> - }
> - }
> - }
> + audit_log_format(ab, "mark=%#x", skb->mark);
>   
>  -switch (par->family) {
>  +switch (xt_family(par)) {
> + case NFPROTO_BRIDGE:
> + switch (eth_hdr(skb)->h_proto) {
> + case htons(ETH_P_IP):
> + fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
> + break;
> + case htons(ETH_P_IPV6):
> + fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
> + break;
> + }
> + break;
>   case NFPROTO_IPV4:
> - audit_ip4(ab, skb);
> + fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
>   break;
> - 
>   case NFPROTO_IPV6:
> - audit_ip6(ab, skb);
> + fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
>   break;
>   }
>   

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 2017-03-24 13:18, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   net/netfilter/xt_AUDIT.c
> 
> between commit:
> 
>   613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
> structure")
> 
> from Linus' tree and commit:
> 
>   36fe46d172e5 ("audit: normalize NETFILTER_PKT")
> 
> from the audit tree.

Lovely.  The fix looks fine to me.  Thanks!

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> P.S. You may want to consider a newer base for your tree ...
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc net/netfilter/xt_AUDIT.c
> index 19247a17e511,582ee54f6664..
> --- a/net/netfilter/xt_AUDIT.c
> +++ b/net/netfilter/xt_AUDIT.c
> @@@ -131,39 -78,24 +78,24 @@@ audit_tg(struct sk_buff *skb, const str
>   if (ab == NULL)
>   goto errout;
>   
> - audit_log_format(ab, "action=%hhu hook=%u len=%u inif=%s outif=%s",
> -  info->type, xt_hooknum(par), skb->len,
> -  xt_in(par) ? xt_inname(par) : "?",
> -  xt_out(par) ? xt_outname(par) : "?");
> - 
> - if (skb->mark)
> - audit_log_format(ab, " mark=%#x", skb->mark);
> - 
> - if (skb->dev && skb->dev->type == ARPHRD_ETHER) {
> - audit_log_format(ab, " smac=%pM dmac=%pM macproto=0x%04x",
> -  eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
> -  ntohs(eth_hdr(skb)->h_proto));
> - 
> - if (xt_family(par) == NFPROTO_BRIDGE) {
> - switch (eth_hdr(skb)->h_proto) {
> - case htons(ETH_P_IP):
> - audit_ip4(ab, skb);
> - break;
> - 
> - case htons(ETH_P_IPV6):
> - audit_ip6(ab, skb);
> - break;
> - }
> - }
> - }
> + audit_log_format(ab, "mark=%#x", skb->mark);
>   
>  -switch (par->family) {
>  +switch (xt_family(par)) {
> + case NFPROTO_BRIDGE:
> + switch (eth_hdr(skb)->h_proto) {
> + case htons(ETH_P_IP):
> + fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
> + break;
> + case htons(ETH_P_IPV6):
> + fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
> + break;
> + }
> + break;
>   case NFPROTO_IPV4:
> - audit_ip4(ab, skb);
> + fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
>   break;
> - 
>   case NFPROTO_IPV6:
> - audit_ip6(ab, skb);
> + fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
>   break;
>   }
>   

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  net/netfilter/xt_AUDIT.c

between commit:

  613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
structure")

from Linus' tree and commit:

  36fe46d172e5 ("audit: normalize NETFILTER_PKT")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

P.S. You may want to consider a newer base for your tree ...
-- 
Cheers,
Stephen Rothwell

diff --cc net/netfilter/xt_AUDIT.c
index 19247a17e511,582ee54f6664..
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@@ -131,39 -78,24 +78,24 @@@ audit_tg(struct sk_buff *skb, const str
if (ab == NULL)
goto errout;
  
-   audit_log_format(ab, "action=%hhu hook=%u len=%u inif=%s outif=%s",
-info->type, xt_hooknum(par), skb->len,
-xt_in(par) ? xt_inname(par) : "?",
-xt_out(par) ? xt_outname(par) : "?");
- 
-   if (skb->mark)
-   audit_log_format(ab, " mark=%#x", skb->mark);
- 
-   if (skb->dev && skb->dev->type == ARPHRD_ETHER) {
-   audit_log_format(ab, " smac=%pM dmac=%pM macproto=0x%04x",
-eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
-ntohs(eth_hdr(skb)->h_proto));
- 
-   if (xt_family(par) == NFPROTO_BRIDGE) {
-   switch (eth_hdr(skb)->h_proto) {
-   case htons(ETH_P_IP):
-   audit_ip4(ab, skb);
-   break;
- 
-   case htons(ETH_P_IPV6):
-   audit_ip6(ab, skb);
-   break;
-   }
-   }
-   }
+   audit_log_format(ab, "mark=%#x", skb->mark);
  
 -  switch (par->family) {
 +  switch (xt_family(par)) {
+   case NFPROTO_BRIDGE:
+   switch (eth_hdr(skb)->h_proto) {
+   case htons(ETH_P_IP):
+   fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
+   break;
+   case htons(ETH_P_IPV6):
+   fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
+   break;
+   }
+   break;
case NFPROTO_IPV4:
-   audit_ip4(ab, skb);
+   fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
break;
- 
case NFPROTO_IPV6:
-   audit_ip6(ab, skb);
+   fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
break;
}
  

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  net/netfilter/xt_AUDIT.c

between commit:

  613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
structure")

from Linus' tree and commit:

  36fe46d172e5 ("audit: normalize NETFILTER_PKT")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

P.S. You may want to consider a newer base for your tree ...
-- 
Cheers,
Stephen Rothwell

diff --cc net/netfilter/xt_AUDIT.c
index 19247a17e511,582ee54f6664..
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@@ -131,39 -78,24 +78,24 @@@ audit_tg(struct sk_buff *skb, const str
if (ab == NULL)
goto errout;
  
-   audit_log_format(ab, "action=%hhu hook=%u len=%u inif=%s outif=%s",
-info->type, xt_hooknum(par), skb->len,
-xt_in(par) ? xt_inname(par) : "?",
-xt_out(par) ? xt_outname(par) : "?");
- 
-   if (skb->mark)
-   audit_log_format(ab, " mark=%#x", skb->mark);
- 
-   if (skb->dev && skb->dev->type == ARPHRD_ETHER) {
-   audit_log_format(ab, " smac=%pM dmac=%pM macproto=0x%04x",
-eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
-ntohs(eth_hdr(skb)->h_proto));
- 
-   if (xt_family(par) == NFPROTO_BRIDGE) {
-   switch (eth_hdr(skb)->h_proto) {
-   case htons(ETH_P_IP):
-   audit_ip4(ab, skb);
-   break;
- 
-   case htons(ETH_P_IPV6):
-   audit_ip6(ab, skb);
-   break;
-   }
-   }
-   }
+   audit_log_format(ab, "mark=%#x", skb->mark);
  
 -  switch (par->family) {
 +  switch (xt_family(par)) {
+   case NFPROTO_BRIDGE:
+   switch (eth_hdr(skb)->h_proto) {
+   case htons(ETH_P_IP):
+   fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
+   break;
+   case htons(ETH_P_IPV6):
+   fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
+   break;
+   }
+   break;
case NFPROTO_IPV4:
-   audit_ip4(ab, skb);
+   fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
break;
- 
case NFPROTO_IPV6:
-   audit_ip6(ab, skb);
+   fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
break;
}
  

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 2017-01-19 13:51, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/uapi/linux/audit.h
> 
> between commits:
> 
>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
>   dcdaa2f9480c ("Merge branch 'stable-4.10' of 
> git://git.infradead.org/users/pcmoore/audit")
> 
> from Linus' tree and commit:
> 
>   92c82e8a322b ("audit: add feature audit_lost reset")
> 
> from the audit tree.

This merge conflict was expected.

Your fix below looks as expected.

Thanks!  Sorry for the trouble.

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc include/uapi/linux/audit.h
> index 1c107cb1c83f,3f24110ae63c..
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -330,13 -331,14 +331,16 @@@ enum 
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT  0x0001
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME  0x0002
>   #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH0x0004
>  +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x0008
>   #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x0010
> + #define AUDIT_FEATURE_BITMAP_LOST_RESET 0x0020
> + 
>   #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
> AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
>  +  AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
> -   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
> +   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \
> +   AUDIT_FEATURE_BITMAP_LOST_RESET)
>   
>   /* deprecated: AUDIT_VERSION_* */
>   #define AUDIT_VERSION_LATESTAUDIT_FEATURE_BITMAP_ALL

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 2017-01-19 13:51, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/uapi/linux/audit.h
> 
> between commits:
> 
>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
>   dcdaa2f9480c ("Merge branch 'stable-4.10' of 
> git://git.infradead.org/users/pcmoore/audit")
> 
> from Linus' tree and commit:
> 
>   92c82e8a322b ("audit: add feature audit_lost reset")
> 
> from the audit tree.

This merge conflict was expected.

Your fix below looks as expected.

Thanks!  Sorry for the trouble.

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc include/uapi/linux/audit.h
> index 1c107cb1c83f,3f24110ae63c..
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -330,13 -331,14 +331,16 @@@ enum 
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT  0x0001
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME  0x0002
>   #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH0x0004
>  +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x0008
>   #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x0010
> + #define AUDIT_FEATURE_BITMAP_LOST_RESET 0x0020
> + 
>   #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
> AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
>  +  AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
> -   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
> +   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \
> +   AUDIT_FEATURE_BITMAP_LOST_RESET)
>   
>   /* deprecated: AUDIT_VERSION_* */
>   #define AUDIT_VERSION_LATESTAUDIT_FEATURE_BITMAP_ALL

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  include/uapi/linux/audit.h

between commits:

  7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
  dcdaa2f9480c ("Merge branch 'stable-4.10' of 
git://git.infradead.org/users/pcmoore/audit")

from Linus' tree and commit:

  92c82e8a322b ("audit: add feature audit_lost reset")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/uapi/linux/audit.h
index 1c107cb1c83f,3f24110ae63c..
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -330,13 -331,14 +331,16 @@@ enum 
  #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT0x0001
  #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME0x0002
  #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH  0x0004
 +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND   0x0008
  #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x0010
+ #define AUDIT_FEATURE_BITMAP_LOST_RESET   0x0020
+ 
  #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
  AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
  AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
 +AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
- AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
+ AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \
+ AUDIT_FEATURE_BITMAP_LOST_RESET)
  
  /* deprecated: AUDIT_VERSION_* */
  #define AUDIT_VERSION_LATEST  AUDIT_FEATURE_BITMAP_ALL

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  include/uapi/linux/audit.h

between commits:

  7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
  dcdaa2f9480c ("Merge branch 'stable-4.10' of 
git://git.infradead.org/users/pcmoore/audit")

from Linus' tree and commit:

  92c82e8a322b ("audit: add feature audit_lost reset")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/uapi/linux/audit.h
index 1c107cb1c83f,3f24110ae63c..
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -330,13 -331,14 +331,16 @@@ enum 
  #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT0x0001
  #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME0x0002
  #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH  0x0004
 +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND   0x0008
  #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x0010
+ #define AUDIT_FEATURE_BITMAP_LOST_RESET   0x0020
+ 
  #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
  AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
  AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
 +AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
- AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
+ AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \
+ AUDIT_FEATURE_BITMAP_LOST_RESET)
  
  /* deprecated: AUDIT_VERSION_* */
  #define AUDIT_VERSION_LATEST  AUDIT_FEATURE_BITMAP_ALL

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Tue, Nov 22, 2016 at 5:35 AM, Richard Guy Briggs  wrote:
> On 2016-11-22 16:29, Stephen Rothwell wrote:
>> Hi Paul,
>
> Hi Stephen,
>
>> Today's linux-next merge of the audit tree got a conflict in:
>>
>>   include/uapi/linux/audit.h
>>
>> between commit:
>>
>>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
>>
>> from Linus' tree and commit:
>>
>>   0489410368df ("audit: add support for session ID user filter")
>>
>> from the audit tree.
>
> Ok, I expected this conflict...
>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging.  You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
>
> The fix looks as expected.  Thanks!

Yes, +1 to what Richard already said; I've had to apply similar
patches for some of my test kernels.

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Tue, Nov 22, 2016 at 5:35 AM, Richard Guy Briggs  wrote:
> On 2016-11-22 16:29, Stephen Rothwell wrote:
>> Hi Paul,
>
> Hi Stephen,
>
>> Today's linux-next merge of the audit tree got a conflict in:
>>
>>   include/uapi/linux/audit.h
>>
>> between commit:
>>
>>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
>>
>> from Linus' tree and commit:
>>
>>   0489410368df ("audit: add support for session ID user filter")
>>
>> from the audit tree.
>
> Ok, I expected this conflict...
>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging.  You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
>
> The fix looks as expected.  Thanks!

Yes, +1 to what Richard already said; I've had to apply similar
patches for some of my test kernels.

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 2016-11-22 16:29, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/uapi/linux/audit.h
> 
> between commit:
> 
>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
> 
> from Linus' tree and commit:
> 
>   0489410368df ("audit: add support for session ID user filter")
> 
> from the audit tree.

Ok, I expected this conflict...

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

The fix looks as expected.  Thanks!

> Stephen Rothwell
> 
> diff --cc include/uapi/linux/audit.h
> index 208df7b44e90,c8dc97bc2c1b..
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -329,11 -330,11 +330,13 @@@ enum 
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT  0x0001
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME  0x0002
>   #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH0x0004
>  +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x0008
> + #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x0010
>   #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
> AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
> -   AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND)
> ++  AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
> +   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
>   
>   /* deprecated: AUDIT_VERSION_* */
>   #define AUDIT_VERSION_LATESTAUDIT_FEATURE_BITMAP_ALL

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 2016-11-22 16:29, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/uapi/linux/audit.h
> 
> between commit:
> 
>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
> 
> from Linus' tree and commit:
> 
>   0489410368df ("audit: add support for session ID user filter")
> 
> from the audit tree.

Ok, I expected this conflict...

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

The fix looks as expected.  Thanks!

> Stephen Rothwell
> 
> diff --cc include/uapi/linux/audit.h
> index 208df7b44e90,c8dc97bc2c1b..
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -329,11 -330,11 +330,13 @@@ enum 
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT  0x0001
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME  0x0002
>   #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH0x0004
>  +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x0008
> + #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x0010
>   #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
> AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
> -   AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND)
> ++  AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
> +   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
>   
>   /* deprecated: AUDIT_VERSION_* */
>   #define AUDIT_VERSION_LATESTAUDIT_FEATURE_BITMAP_ALL

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  include/uapi/linux/audit.h

between commit:

  7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")

from Linus' tree and commit:

  0489410368df ("audit: add support for session ID user filter")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/uapi/linux/audit.h
index 208df7b44e90,c8dc97bc2c1b..
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -329,11 -330,11 +330,13 @@@ enum 
  #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT0x0001
  #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME0x0002
  #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH  0x0004
 +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND   0x0008
+ #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x0010
  #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
  AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
  AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
- AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND)
++AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
+ AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
  
  /* deprecated: AUDIT_VERSION_* */
  #define AUDIT_VERSION_LATEST  AUDIT_FEATURE_BITMAP_ALL

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  include/uapi/linux/audit.h

between commit:

  7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")

from Linus' tree and commit:

  0489410368df ("audit: add support for session ID user filter")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/uapi/linux/audit.h
index 208df7b44e90,c8dc97bc2c1b..
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -329,11 -330,11 +330,13 @@@ enum 
  #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT0x0001
  #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME0x0002
  #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH  0x0004
 +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND   0x0008
+ #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x0010
  #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
  AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
  AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
- AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND)
++AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
+ AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
  
  /* deprecated: AUDIT_VERSION_* */
  #define AUDIT_VERSION_LATEST  AUDIT_FEATURE_BITMAP_ALL

Re: linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Richard,

On Thu, 19 Nov 2015 13:30:12 -0500 Richard Guy Briggs  wrote:
>
> Stephen, your patch looks fine to me.  I had some minor concerns about
> deeper issues as to whether the original intent of that part of the
> audit subsystem was affected by this change, but that is WRT the
> conflicting patch rather than your merge.  After poking around a bit, I
> don't have any outstanding concerns.

Thanks for checking.
-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 15/11/19, Paul Moore wrote:
> On Wed, Nov 18, 2015 at 8:06 PM, Stephen Rothwell  
> wrote:
> > Hi Paul,
> >
> > Today's linux-next merge of the audit tree got a conflict in:
> >
> >   kernel/audit.c
> >
> > between commit:
> >
> >   d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
> > unwilling to sleep and avoiding waking kswapd")
> >
> > from Linus' tree and commit:
> >
> >   14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
> > exception")
> >
> > from the audit tree.
> >
> > I fixed it up (see below) and can carry the fix as necessary (no action
> > is required).
> 
> Thanks Stephen, I found the same thing yesterday while doing some
> testing; your patch looks good to me.

Stephen, your patch looks fine to me.  I had some minor concerns about
deeper issues as to whether the original intent of that part of the
audit subsystem was affected by this change, but that is WRT the
conflicting patch rather than your merge.  After poking around a bit, I
don't have any outstanding concerns.

> > diff --cc kernel/audit.c
> > index bc2ff61bc1d6,ca1b9cda2766..
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
> > if (unlikely(audit_filter_type(type)))
> > return NULL;
> >
> >  -  if (gfp_mask & __GFP_WAIT) {
> >  +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
> > -   if (audit_pid && audit_pid == current->pid)
> > +   if (audit_pid && audit_pid == current->tgid)
> >  -  gfp_mask &= ~__GFP_WAIT;
> >  +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
> > else
> > reserve = 0;
> > }
> 
> paul moore

- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Wed, Nov 18, 2015 at 8:06 PM, Stephen Rothwell  wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   kernel/audit.c
>
> between commit:
>
>   d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
> unwilling to sleep and avoiding waking kswapd")
>
> from Linus' tree and commit:
>
>   14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
> exception")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Thanks Stephen, I found the same thing yesterday while doing some
testing; your patch looks good to me.

> diff --cc kernel/audit.c
> index bc2ff61bc1d6,ca1b9cda2766..
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
> if (unlikely(audit_filter_type(type)))
> return NULL;
>
>  -  if (gfp_mask & __GFP_WAIT) {
>  +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
> -   if (audit_pid && audit_pid == current->pid)
> +   if (audit_pid && audit_pid == current->tgid)
>  -  gfp_mask &= ~__GFP_WAIT;
>  +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
> else
> reserve = 0;
> }



-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 15/11/19, Paul Moore wrote:
> On Wed, Nov 18, 2015 at 8:06 PM, Stephen Rothwell  
> wrote:
> > Hi Paul,
> >
> > Today's linux-next merge of the audit tree got a conflict in:
> >
> >   kernel/audit.c
> >
> > between commit:
> >
> >   d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
> > unwilling to sleep and avoiding waking kswapd")
> >
> > from Linus' tree and commit:
> >
> >   14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
> > exception")
> >
> > from the audit tree.
> >
> > I fixed it up (see below) and can carry the fix as necessary (no action
> > is required).
> 
> Thanks Stephen, I found the same thing yesterday while doing some
> testing; your patch looks good to me.

Stephen, your patch looks fine to me.  I had some minor concerns about
deeper issues as to whether the original intent of that part of the
audit subsystem was affected by this change, but that is WRT the
conflicting patch rather than your merge.  After poking around a bit, I
don't have any outstanding concerns.

> > diff --cc kernel/audit.c
> > index bc2ff61bc1d6,ca1b9cda2766..
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
> > if (unlikely(audit_filter_type(type)))
> > return NULL;
> >
> >  -  if (gfp_mask & __GFP_WAIT) {
> >  +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
> > -   if (audit_pid && audit_pid == current->pid)
> > +   if (audit_pid && audit_pid == current->tgid)
> >  -  gfp_mask &= ~__GFP_WAIT;
> >  +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
> > else
> > reserve = 0;
> > }
> 
> paul moore

- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Richard,

On Thu, 19 Nov 2015 13:30:12 -0500 Richard Guy Briggs  wrote:
>
> Stephen, your patch looks fine to me.  I had some minor concerns about
> deeper issues as to whether the original intent of that part of the
> audit subsystem was affected by this change, but that is WRT the
> conflicting patch rather than your merge.  After poking around a bit, I
> don't have any outstanding concerns.

Thanks for checking.
-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Wed, Nov 18, 2015 at 8:06 PM, Stephen Rothwell  wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   kernel/audit.c
>
> between commit:
>
>   d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
> unwilling to sleep and avoiding waking kswapd")
>
> from Linus' tree and commit:
>
>   14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
> exception")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Thanks Stephen, I found the same thing yesterday while doing some
testing; your patch looks good to me.

> diff --cc kernel/audit.c
> index bc2ff61bc1d6,ca1b9cda2766..
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
> if (unlikely(audit_filter_type(type)))
> return NULL;
>
>  -  if (gfp_mask & __GFP_WAIT) {
>  +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
> -   if (audit_pid && audit_pid == current->pid)
> +   if (audit_pid && audit_pid == current->tgid)
>  -  gfp_mask &= ~__GFP_WAIT;
>  +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
> else
> reserve = 0;
> }



-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  kernel/audit.c

between commit:

  d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
unwilling to sleep and avoiding waking kswapd")

from Linus' tree and commit:

  14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
exception")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc kernel/audit.c
index bc2ff61bc1d6,ca1b9cda2766..
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
if (unlikely(audit_filter_type(type)))
return NULL;
  
 -  if (gfp_mask & __GFP_WAIT) {
 +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
-   if (audit_pid && audit_pid == current->pid)
+   if (audit_pid && audit_pid == current->tgid)
 -  gfp_mask &= ~__GFP_WAIT;
 +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
else
reserve = 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  kernel/audit.c

between commit:

  d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
unwilling to sleep and avoiding waking kswapd")

from Linus' tree and commit:

  14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
exception")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc kernel/audit.c
index bc2ff61bc1d6,ca1b9cda2766..
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
if (unlikely(audit_filter_type(type)))
return NULL;
  
 -  if (gfp_mask & __GFP_WAIT) {
 +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
-   if (audit_pid && audit_pid == current->pid)
+   if (audit_pid && audit_pid == current->tgid)
 -  gfp_mask &= ~__GFP_WAIT;
 +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
else
reserve = 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Tuesday, October 06, 2015 01:55:01 PM Stephen Rothwell wrote:
> Hi Paul,
> 
> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/linux/lsm_audit.h
> 
> between commit:
> 
>   671a2781ff01 ("security: add ioctl specific auditing to lsm_audit")
> 
> from Linus' tree and commit:
> 
>   43cfd5e38587 ("audit: constify parts of common_audit_data and
> lsm_network_audit")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Thanks, that patch looks correct, although I'm going to drop the patch causing 
this problem for the time being as there are some oddities with the build 
warning that you posted which aren't immediately obvious to me.  Something 
weird is causing it to work in audit#next but throw a warning when applied on 
top of Linus' current ... I'll reapply the patch once I've resolved the issue.

-- 
paul moore
www.paul-moore.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Tuesday, October 06, 2015 01:55:01 PM Stephen Rothwell wrote:
> Hi Paul,
> 
> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/linux/lsm_audit.h
> 
> between commit:
> 
>   671a2781ff01 ("security: add ioctl specific auditing to lsm_audit")
> 
> from Linus' tree and commit:
> 
>   43cfd5e38587 ("audit: constify parts of common_audit_data and
> lsm_network_audit")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Thanks, that patch looks correct, although I'm going to drop the patch causing 
this problem for the time being as there are some oddities with the build 
warning that you posted which aren't immediately obvious to me.  Something 
weird is causing it to work in audit#next but throw a warning when applied on 
top of Linus' current ... I'll reapply the patch once I've resolved the issue.

-- 
paul moore
www.paul-moore.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  include/linux/lsm_audit.h

between commit:

  671a2781ff01 ("security: add ioctl specific auditing to lsm_audit")

from Linus' tree and commit:

  43cfd5e38587 ("audit: constify parts of common_audit_data and 
lsm_network_audit")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc include/linux/lsm_audit.h
index ffb9c9da4f39,6c4c7acd0e5e..
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@@ -58,10 -53,9 +58,10 @@@ struct common_audit_data 
  #define LSM_AUDIT_DATA_KMOD   8
  #define LSM_AUDIT_DATA_INODE  9
  #define LSM_AUDIT_DATA_DENTRY 10
 +#define LSM_AUDIT_DATA_IOCTL_OP   11
union   {
struct path path;
-   struct dentry *dentry;
+   const struct dentry *dentry;
struct inode *inode;
struct lsm_network_audit *net;
int cap;
@@@ -70,11 -64,10 +70,11 @@@
  #ifdef CONFIG_KEYS
struct {
key_serial_t key;
-   char *key_desc;
+   const char *key_desc;
} key_struct;
  #endif
-   char *kmod_name;
+   const char *kmod_name;
 +  struct lsm_ioctlop_audit *op;
} u;
/* this union contains LSM specific data */
union {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  include/linux/lsm_audit.h

between commit:

  671a2781ff01 ("security: add ioctl specific auditing to lsm_audit")

from Linus' tree and commit:

  43cfd5e38587 ("audit: constify parts of common_audit_data and 
lsm_network_audit")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc include/linux/lsm_audit.h
index ffb9c9da4f39,6c4c7acd0e5e..
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@@ -58,10 -53,9 +58,10 @@@ struct common_audit_data 
  #define LSM_AUDIT_DATA_KMOD   8
  #define LSM_AUDIT_DATA_INODE  9
  #define LSM_AUDIT_DATA_DENTRY 10
 +#define LSM_AUDIT_DATA_IOCTL_OP   11
union   {
struct path path;
-   struct dentry *dentry;
+   const struct dentry *dentry;
struct inode *inode;
struct lsm_network_audit *net;
int cap;
@@@ -70,11 -64,10 +70,11 @@@
  #ifdef CONFIG_KEYS
struct {
key_serial_t key;
-   char *key_desc;
+   const char *key_desc;
} key_struct;
  #endif
-   char *kmod_name;
+   const char *kmod_name;
 +  struct lsm_ioctlop_audit *op;
} u;
/* this union contains LSM specific data */
union {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 15/08/07, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   kernel/audit.c
> 
> between commit:
> 
>   5985de6754a6 ("audit: code clean up")
> 
> from Linus' tree and commit:
> 
>   84cb777e6781 ("audit: use macros for unset inode and device values")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Yup, looks good, thanks!  :)

> -- 
> Cheers,
> Stephen Rothwells...@canb.auug.org.au
> 
> diff --cc kernel/audit.c
> index f9e6065346db,060153dc47d4..
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@@ -1761,7 -1759,7 +1761,7 @@@ void audit_log_name(struct audit_contex
>   } else
>   audit_log_format(ab, " name=(null)");
>   
> - if (n->ino != (unsigned long)-1)
>  -if (n->ino != AUDIT_INO_UNSET) {
> ++if (n->ino != AUDIT_INO_UNSET)
>   audit_log_format(ab, " inode=%lu"
>" dev=%02x:%02x mode=%#ho"
>" ouid=%u ogid=%u rdev=%02x:%02x",

- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 15/08/07, Stephen Rothwell wrote:
 Hi Paul,

Hi Stephen,

 Today's linux-next merge of the audit tree got a conflict in:
 
   kernel/audit.c
 
 between commit:
 
   5985de6754a6 (audit: code clean up)
 
 from Linus' tree and commit:
 
   84cb777e6781 (audit: use macros for unset inode and device values)
 
 from the audit tree.
 
 I fixed it up (see below) and can carry the fix as necessary (no action
 is required).

Yup, looks good, thanks!  :)

 -- 
 Cheers,
 Stephen Rothwells...@canb.auug.org.au
 
 diff --cc kernel/audit.c
 index f9e6065346db,060153dc47d4..
 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@@ -1761,7 -1759,7 +1761,7 @@@ void audit_log_name(struct audit_contex
   } else
   audit_log_format(ab,  name=(null));
   
 - if (n-ino != (unsigned long)-1)
  -if (n-ino != AUDIT_INO_UNSET) {
 ++if (n-ino != AUDIT_INO_UNSET)
   audit_log_format(ab,  inode=%lu
 dev=%02x:%02x mode=%#ho
 ouid=%u ogid=%u rdev=%02x:%02x,

- RGB

--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  kernel/audit.c

between commit:

  5985de6754a6 ("audit: code clean up")

from Linus' tree and commit:

  84cb777e6781 ("audit: use macros for unset inode and device values")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc kernel/audit.c
index f9e6065346db,060153dc47d4..
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@@ -1761,7 -1759,7 +1761,7 @@@ void audit_log_name(struct audit_contex
} else
audit_log_format(ab, " name=(null)");
  
-   if (n->ino != (unsigned long)-1)
 -  if (n->ino != AUDIT_INO_UNSET) {
++  if (n->ino != AUDIT_INO_UNSET)
audit_log_format(ab, " inode=%lu"
 " dev=%02x:%02x mode=%#ho"
 " ouid=%u ogid=%u rdev=%02x:%02x",
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  kernel/audit.c

between commit:

  5985de6754a6 (audit: code clean up)

from Linus' tree and commit:

  84cb777e6781 (audit: use macros for unset inode and device values)

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc kernel/audit.c
index f9e6065346db,060153dc47d4..
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@@ -1761,7 -1759,7 +1761,7 @@@ void audit_log_name(struct audit_contex
} else
audit_log_format(ab,  name=(null));
  
-   if (n-ino != (unsigned long)-1)
 -  if (n-ino != AUDIT_INO_UNSET) {
++  if (n-ino != AUDIT_INO_UNSET)
audit_log_format(ab,  inode=%lu
  dev=%02x:%02x mode=%#ho
  ouid=%u ogid=%u rdev=%02x:%02x,
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 15/06/01, Stephen Rothwell wrote:
> Hi Paul,
> 
> Today's linux-next merge of the audit tree got a conflict in
> security/lsm_audit.c between commit 5deeb5cece3f ("lsm: copy comm
> before calling audit_log to avoid race in string printing") from Linus'
> tree and commit 5c5bc97e2fc8 ("lsm: rename duplicate labels in
> LSM_AUDIT_DATA_TASK audit message type") from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Perfect, thanks, fix looks right.  Cheers!

> Stephen Rothwells...@canb.auug.org.au
> 
> diff --cc security/lsm_audit.c
> index 1d34277dc402,07fc99724d41..
> --- a/security/lsm_audit.c
> +++ b/security/lsm_audit.c
> @@@ -281,10 -281,8 +281,10 @@@ static void dump_common_audit_data(stru
>   if (tsk) {
>   pid_t pid = task_pid_nr(tsk);
>   if (pid) {
>  +char comm[sizeof(tsk->comm)];
> - audit_log_format(ab, " pid=%d comm=", pid);
> + audit_log_format(ab, " opid=%d ocomm=", pid);
>  -audit_log_untrustedstring(ab, tsk->comm);
>  +audit_log_untrustedstring(ab,
>  +memcpy(comm, tsk->comm, sizeof(comm)));
>   }
>   }
>   break;



- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in
security/lsm_audit.c between commit 5deeb5cece3f ("lsm: copy comm
before calling audit_log to avoid race in string printing") from Linus'
tree and commit 5c5bc97e2fc8 ("lsm: rename duplicate labels in
LSM_AUDIT_DATA_TASK audit message type") from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc security/lsm_audit.c
index 1d34277dc402,07fc99724d41..
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@@ -281,10 -281,8 +281,10 @@@ static void dump_common_audit_data(stru
if (tsk) {
pid_t pid = task_pid_nr(tsk);
if (pid) {
 +  char comm[sizeof(tsk->comm)];
-   audit_log_format(ab, " pid=%d comm=", pid);
+   audit_log_format(ab, " opid=%d ocomm=", pid);
 -  audit_log_untrustedstring(ab, tsk->comm);
 +  audit_log_untrustedstring(ab,
 +  memcpy(comm, tsk->comm, sizeof(comm)));
}
}
break;


pgphJsRyaC6Ul.pgp
Description: OpenPGP digital signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in
security/lsm_audit.c between commit 5deeb5cece3f (lsm: copy comm
before calling audit_log to avoid race in string printing) from Linus'
tree and commit 5c5bc97e2fc8 (lsm: rename duplicate labels in
LSM_AUDIT_DATA_TASK audit message type) from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc security/lsm_audit.c
index 1d34277dc402,07fc99724d41..
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@@ -281,10 -281,8 +281,10 @@@ static void dump_common_audit_data(stru
if (tsk) {
pid_t pid = task_pid_nr(tsk);
if (pid) {
 +  char comm[sizeof(tsk-comm)];
-   audit_log_format(ab,  pid=%d comm=, pid);
+   audit_log_format(ab,  opid=%d ocomm=, pid);
 -  audit_log_untrustedstring(ab, tsk-comm);
 +  audit_log_untrustedstring(ab,
 +  memcpy(comm, tsk-comm, sizeof(comm)));
}
}
break;


pgphJsRyaC6Ul.pgp
Description: OpenPGP digital signature

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 15/06/01, Stephen Rothwell wrote:
 Hi Paul,
 
 Today's linux-next merge of the audit tree got a conflict in
 security/lsm_audit.c between commit 5deeb5cece3f (lsm: copy comm
 before calling audit_log to avoid race in string printing) from Linus'
 tree and commit 5c5bc97e2fc8 (lsm: rename duplicate labels in
 LSM_AUDIT_DATA_TASK audit message type) from the audit tree.
 
 I fixed it up (see below) and can carry the fix as necessary (no action
 is required).

Perfect, thanks, fix looks right.  Cheers!

 Stephen Rothwells...@canb.auug.org.au
 
 diff --cc security/lsm_audit.c
 index 1d34277dc402,07fc99724d41..
 --- a/security/lsm_audit.c
 +++ b/security/lsm_audit.c
 @@@ -281,10 -281,8 +281,10 @@@ static void dump_common_audit_data(stru
   if (tsk) {
   pid_t pid = task_pid_nr(tsk);
   if (pid) {
  +char comm[sizeof(tsk-comm)];
 - audit_log_format(ab,  pid=%d comm=, pid);
 + audit_log_format(ab,  opid=%d ocomm=, pid);
  -audit_log_untrustedstring(ab, tsk-comm);
  +audit_log_untrustedstring(ab,
  +memcpy(comm, tsk-comm, sizeof(comm)));
   }
   }
   break;



- RGB

--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Mon, Jan 19, 2015 at 11:04 PM, Stephen Rothwell  
wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in
> include/linux/audit.h between commit 041d7b98ffe5 ("audit: restore
> AUDIT_LOGINUID unset ABI") from Linus' tree and commit e80da768eae4
> ("audit: remove vestiges of vers_ops") from the audit tree.

I suspect rebasing the audit next branch will resolve this issue as well.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Paul Moore]

On Mon, Jan 19, 2015 at 11:04 PM, Stephen Rothwell s...@canb.auug.org.au 
wrote:
 Hi Paul,

 Today's linux-next merge of the audit tree got a conflict in
 include/linux/audit.h between commit 041d7b98ffe5 (audit: restore
 AUDIT_LOGINUID unset ABI) from Linus' tree and commit e80da768eae4
 (audit: remove vestiges of vers_ops) from the audit tree.

I suspect rebasing the audit next branch will resolve this issue as well.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in
include/linux/audit.h between commit 041d7b98ffe5 ("audit: restore
AUDIT_LOGINUID unset ABI") from Linus' tree and commit e80da768eae4
("audit: remove vestiges of vers_ops") from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc include/linux/audit.h
index af84234e1f6e,26710c5b9443..
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@@ -46,8 -46,6 +46,7 @@@ struct audit_tree
  struct sk_buff;
  
  struct audit_krule {
-   int vers_ops;
 +  u32 pflags;
u32 flags;
u32 listnr;
u32 action;


pgpQnucCiVshD.pgp
Description: OpenPGP digital signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in fs/exec.c
between commit 51f39a1f0cea ("syscalls: implement execveat() system
call") from Linus' tree and commit 5dc5218840e1 ("fs: create proper
filename objects using getname_kernel()") from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc fs/exec.c
index ad8798e26be9,d067771af6d4..
--- a/fs/exec.c
+++ b/fs/exec.c
@@@ -794,8 -789,15 +794,15 @@@ exit
  
  struct file *open_exec(const char *name)
  {
-   struct filename tmp = { .name = name };
-   return do_open_execat(AT_FDCWD, , 0);
+   struct file *file;
+   struct filename *tmp;
+ 
+   tmp = getname_kernel(name);
+   if (unlikely(IS_ERR(tmp)))
+   return (void *)tmp;
 -  file = do_open_exec(tmp);
++  file = do_open_execat(AT_FDCWD, tmp, 0);
+   putname(tmp);
+   return file;
  }
  EXPORT_SYMBOL(open_exec);
  


pgpVRt02SUbD_.pgp
Description: OpenPGP digital signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in
kernel/auditsc.c between commit 4a92843601ad ("audit: correctly record
file names with different path name types") and fcf22d8267ad ("audit:
create private file name copies when auditing inodes") from Linus' tree
and commits 997f7ee82a98 ("audit: enable filename recording via
getname_kernel()"), 2b1b63a2b7d3 ("audit: fix filename matching in
__audit_inode() and __audit_inode_child()") and 49463ee9d929 ("audit:
replace getname()/putname() hacks with reference counters") from the
audit tree.

It would have been nice if these new audit tree commits had been based
on v3.19-rc3 instead of v3.16 ... (especially since their Author dates
match their Committer dates).

I fixed it up (basically I used the audit tree versions - based on the
commit comments - see below) and can carry the fix as necessary (no
action is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc kernel/auditsc.c
index 55f82fce2526,459a54555151..
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@@ -1878,48 -1802,17 +1804,15 @@@ void __audit_inode(struct filename *nam
}
  
  out_alloc:
 -  /* unable to find the name from a previous getname(). Allocate a new
 -   * anonymous entry.
 -   */
 +  /* unable to find an entry with both a matching name and type */
-   n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN);
+   n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
if (!n)
return;
-   /* unfortunately, while we may have a path name to record with the
-* inode, we can't always rely on the string lasting until the end of
-* the syscall so we need to create our own copy, it may fail due to
-* memory allocation issues, but we do our best */
if (name) {
-   /* we can't use getname_kernel() due to size limits */
-   size_t len = strlen(name->name) + 1;
-   struct filename *new = __getname();
- 
-   if (unlikely(!new))
-   goto out;
- 
-   if (len <= (PATH_MAX - sizeof(*new))) {
-   new->name = (char *)(new) + sizeof(*new);
-   new->separate = false;
-   } else if (len <= PATH_MAX) {
-   /* this looks odd, but is due to final_putname() */
-   struct filename *new2;
- 
-   new2 = kmalloc(sizeof(*new2), GFP_KERNEL);
-   if (unlikely(!new2)) {
-   __putname(new);
-   goto out;
-   }
-   new2->name = (char *)new;
-   new2->separate = true;
-   new = new2;
-   } else {
-   /* we should never get here, but let's be safe */
-   __putname(new);
-   goto out;
-   }
-   strlcpy((char *)new->name, name->name, len);
-   new->uptr = NULL;
-   new->aname = n;
-   n->name = new;
-   n->name_put = true;
+   n->name = name;
+   name->refcnt++;
}
+ 
  out:
if (parent) {
n->name_len = n->name ? parent_len(n->name->name) : 
AUDIT_NAME_FULL;


pgp6_OmcN6TBN.pgp
Description: OpenPGP digital signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in fs/exec.c
between commit 51f39a1f0cea (syscalls: implement execveat() system
call) from Linus' tree and commit 5dc5218840e1 (fs: create proper
filename objects using getname_kernel()) from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc fs/exec.c
index ad8798e26be9,d067771af6d4..
--- a/fs/exec.c
+++ b/fs/exec.c
@@@ -794,8 -789,15 +794,15 @@@ exit
  
  struct file *open_exec(const char *name)
  {
-   struct filename tmp = { .name = name };
-   return do_open_execat(AT_FDCWD, tmp, 0);
+   struct file *file;
+   struct filename *tmp;
+ 
+   tmp = getname_kernel(name);
+   if (unlikely(IS_ERR(tmp)))
+   return (void *)tmp;
 -  file = do_open_exec(tmp);
++  file = do_open_execat(AT_FDCWD, tmp, 0);
+   putname(tmp);
+   return file;
  }
  EXPORT_SYMBOL(open_exec);
  


pgpVRt02SUbD_.pgp
Description: OpenPGP digital signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in
include/linux/audit.h between commit 041d7b98ffe5 (audit: restore
AUDIT_LOGINUID unset ABI) from Linus' tree and commit e80da768eae4
(audit: remove vestiges of vers_ops) from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc include/linux/audit.h
index af84234e1f6e,26710c5b9443..
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@@ -46,8 -46,6 +46,7 @@@ struct audit_tree
  struct sk_buff;
  
  struct audit_krule {
-   int vers_ops;
 +  u32 pflags;
u32 flags;
u32 listnr;
u32 action;


pgpQnucCiVshD.pgp
Description: OpenPGP digital signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in
kernel/auditsc.c between commit 4a92843601ad (audit: correctly record
file names with different path name types) and fcf22d8267ad (audit:
create private file name copies when auditing inodes) from Linus' tree
and commits 997f7ee82a98 (audit: enable filename recording via
getname_kernel()), 2b1b63a2b7d3 (audit: fix filename matching in
__audit_inode() and __audit_inode_child()) and 49463ee9d929 (audit:
replace getname()/putname() hacks with reference counters) from the
audit tree.

It would have been nice if these new audit tree commits had been based
on v3.19-rc3 instead of v3.16 ... (especially since their Author dates
match their Committer dates).

I fixed it up (basically I used the audit tree versions - based on the
commit comments - see below) and can carry the fix as necessary (no
action is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc kernel/auditsc.c
index 55f82fce2526,459a54555151..
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@@ -1878,48 -1802,17 +1804,15 @@@ void __audit_inode(struct filename *nam
}
  
  out_alloc:
 -  /* unable to find the name from a previous getname(). Allocate a new
 -   * anonymous entry.
 -   */
 +  /* unable to find an entry with both a matching name and type */
-   n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN);
+   n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
if (!n)
return;
-   /* unfortunately, while we may have a path name to record with the
-* inode, we can't always rely on the string lasting until the end of
-* the syscall so we need to create our own copy, it may fail due to
-* memory allocation issues, but we do our best */
if (name) {
-   /* we can't use getname_kernel() due to size limits */
-   size_t len = strlen(name-name) + 1;
-   struct filename *new = __getname();
- 
-   if (unlikely(!new))
-   goto out;
- 
-   if (len = (PATH_MAX - sizeof(*new))) {
-   new-name = (char *)(new) + sizeof(*new);
-   new-separate = false;
-   } else if (len = PATH_MAX) {
-   /* this looks odd, but is due to final_putname() */
-   struct filename *new2;
- 
-   new2 = kmalloc(sizeof(*new2), GFP_KERNEL);
-   if (unlikely(!new2)) {
-   __putname(new);
-   goto out;
-   }
-   new2-name = (char *)new;
-   new2-separate = true;
-   new = new2;
-   } else {
-   /* we should never get here, but let's be safe */
-   __putname(new);
-   goto out;
-   }
-   strlcpy((char *)new-name, name-name, len);
-   new-uptr = NULL;
-   new-aname = n;
-   n-name = new;
-   n-name_put = true;
+   n-name = name;
+   name-refcnt++;
}
+ 
  out:
if (parent) {
n-name_len = n-name ? parent_len(n-name-name) : 
AUDIT_NAME_FULL;


pgp6_OmcN6TBN.pgp
Description: OpenPGP digital signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got a conflict in
arch/mips/kernel/ptrace.c between commits 6e34574603f6 ("MIPS: asm:
syscall: Define syscall_get_arch") and 1225eb825208("MIPS: ptrace: Move
away from secure_computing_strict") from Linus' tree and commit
8ea408a0c1e7 ("ARCH: AUDIT: audit_syscall_entry() should not require the
arch") from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc arch/mips/kernel/ptrace.c
index 71f85f427034,8b393bcf7919..
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@@ -649,11 -677,8 +649,9 @@@ asmlinkage long syscall_trace_enter(str
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
trace_sys_enter(regs, regs->regs[2]);
  
-   audit_syscall_entry(syscall_get_arch(),
-   syscall,
-   regs->regs[4], regs->regs[5],
 -  audit_syscall_entry(regs->regs[2], regs->regs[4], regs->regs[5],
++  audit_syscall_entry(syscall, regs->regs[4], regs->regs[5],
regs->regs[6], regs->regs[7]);
 +  return syscall;
  }
  
  /*


pgpm_h4k4dA2y.pgp
Description: PGP signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got a conflict in
arch/mips/kernel/ptrace.c between commits 6e34574603f6 (MIPS: asm:
syscall: Define syscall_get_arch) and 1225eb825208(MIPS: ptrace: Move
away from secure_computing_strict) from Linus' tree and commit
8ea408a0c1e7 (ARCH: AUDIT: audit_syscall_entry() should not require the
arch) from the audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc arch/mips/kernel/ptrace.c
index 71f85f427034,8b393bcf7919..
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@@ -649,11 -677,8 +649,9 @@@ asmlinkage long syscall_trace_enter(str
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
trace_sys_enter(regs, regs-regs[2]);
  
-   audit_syscall_entry(syscall_get_arch(),
-   syscall,
-   regs-regs[4], regs-regs[5],
 -  audit_syscall_entry(regs-regs[2], regs-regs[4], regs-regs[5],
++  audit_syscall_entry(syscall, regs-regs[4], regs-regs[5],
regs-regs[6], regs-regs[7]);
 +  return syscall;
  }
  
  /*


pgpm_h4k4dA2y.pgp
Description: PGP signature

Re: linux-next: manual merge of the audit tree with Linus' tree

[Eric Paris]

On Wed, 2014-04-16 at 14:02 +1000, Stephen Rothwell wrote:

> You could have avoided this by doing a fast forward merge of v3.15-rc1
> instead of the v3.14 merge (since everything in your tree before that
> merge was also in Linus' tree by v3.15-rc1).

This is a situation I've never really known the right way to handle.  I
certainly could/can fast forward to 3.15-rc1, but then I have a random
crap development base for the audit tree.  Which is especially bad sine
-rc1 doesn't even boot on my main machine.

What I've always done is to merge the last release right after the pull
and go from there, but it clearly leaves conflict potential

Which is preferred?  I've always enjoyed having my trees based on a
release

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Eric Paris]

On Wed, 2014-04-16 at 14:02 +1000, Stephen Rothwell wrote:

 You could have avoided this by doing a fast forward merge of v3.15-rc1
 instead of the v3.14 merge (since everything in your tree before that
 merge was also in Linus' tree by v3.15-rc1).

This is a situation I've never really known the right way to handle.  I
certainly could/can fast forward to 3.15-rc1, but then I have a random
crap development base for the audit tree.  Which is especially bad sine
-rc1 doesn't even boot on my main machine.

What I've always done is to merge the last release right after the pull
and go from there, but it clearly leaves conflict potential

Which is preferred?  I've always enjoyed having my trees based on a
release

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got conflicts in
arch/mips/include/asm/syscall.h, arch/x86/Kconfig and kernel/audit.c
between commits from Linus' tree and commit 596b0569084b ("Merge tag
'v3.14' into mergeing") from the audit tree.

This happened because you merged Linus' tag v3.14 into your tree.  In
this case, that merge had conflicts that you resolved differently to the
way Linus had resolved them when he merged your tree for v3.15-rc1.  I
fixed it up (by using Linus' version) and can carry the fix as necessary
(no action is required).

You could have avoided this by doing a fast forward merge of v3.15-rc1
instead of the v3.14 merge (since everything in your tree before that
merge was also in Linus' tree by v3.15-rc1).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au


pgp3sjGSfJRsq.pgp
Description: PGP signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got conflicts in
arch/mips/include/asm/syscall.h, arch/x86/Kconfig and kernel/audit.c
between commits from Linus' tree and commit 596b0569084b (Merge tag
'v3.14' into mergeing) from the audit tree.

This happened because you merged Linus' tag v3.14 into your tree.  In
this case, that merge had conflicts that you resolved differently to the
way Linus had resolved them when he merged your tree for v3.15-rc1.  I
fixed it up (by using Linus' version) and can carry the fix as necessary
(no action is required).

You could have avoided this by doing a fast forward merge of v3.15-rc1
instead of the v3.14 merge (since everything in your tree before that
merge was also in Linus' tree by v3.15-rc1).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au


pgp3sjGSfJRsq.pgp
Description: PGP signature

Re: linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Richard,

On Tue, 1 Apr 2014 08:54:13 -0400 Richard Guy Briggs  wrote:
>
> > [Eric: that audit tree commit has no Signed-off-by from you even though
> > you committed it ... there are a few like that]
> 
> I added my Signed-off to the list posting.

The point is that Eric (Paris) committed your patch to his "audit" tree
(at least the commit in his tree indicates that he was the committer) and
(presumably) will ask Linus to pull his tree, but did not add his
Signed-off-by to the commit (which he should have done).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au


pgp2E7KNcWauN.pgp
Description: PGP signature

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 14/04/01, Stephen Rothwell wrote:
> Hi Eric,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in
> kernel/audit.c between commit aa4af831bb4f ("AUDIT: Allow login in
> non-init namespaces") from Linus' tree and commit 5a3cb3b6c3a0 ("audit:
> allow user processes to log from another PID namespace") from the audit
> tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

I expected this conflict.  Thanks for fixing it up!

> [Eric: that audit tree commit has no Signed-off-by from you even though
> you committed it ... there are a few like that]

I added my Signed-off to the list posting.

> -- 
> Cheers,
> Stephen Rothwells...@canb.auug.org.au
> 
> diff --cc kernel/audit.c
> index 95a20f3f52f1,ad77d1e80895..
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@@ -607,20 -607,9 +607,19 @@@ static int audit_netlink_ok(struct sk_b
>   {
>   int err = 0;
>   
> - /* Only support the initial namespaces for now. */
> + /* Only support initial user namespace for now. */
>  +/*
>  + * We return ECONNREFUSED because it tricks userspace into thinking
>  + * that audit was not configured into the kernel.  Lots of users
>  + * configure their PAM stack (because that's what the distro does)
>  + * to reject login if unable to send messages to audit.  If we return
>  + * ECONNREFUSED the PAM stack thinks the kernel does not have audit
>  + * configured in and will let login proceed.  If we return EPERM
>  + * userspace will reject all logins.  This should be removed when we
>  + * support non init namespaces!!
>  + */
> - if ((current_user_ns() != _user_ns) ||
> - (task_active_pid_ns(current) != _pid_ns))
> + if ((current_user_ns() != _user_ns))
>  -return -EPERM;
>  +return -ECONNREFUSED;
>   
>   switch (msg_type) {
>   case AUDIT_LIST:



- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Richard Guy Briggs]

On 14/04/01, Stephen Rothwell wrote:
 Hi Eric,

Hi Stephen,

 Today's linux-next merge of the audit tree got a conflict in
 kernel/audit.c between commit aa4af831bb4f (AUDIT: Allow login in
 non-init namespaces) from Linus' tree and commit 5a3cb3b6c3a0 (audit:
 allow user processes to log from another PID namespace) from the audit
 tree.
 
 I fixed it up (see below) and can carry the fix as necessary (no action
 is required).

I expected this conflict.  Thanks for fixing it up!

 [Eric: that audit tree commit has no Signed-off-by from you even though
 you committed it ... there are a few like that]

I added my Signed-off to the list posting.

 -- 
 Cheers,
 Stephen Rothwells...@canb.auug.org.au
 
 diff --cc kernel/audit.c
 index 95a20f3f52f1,ad77d1e80895..
 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@@ -607,20 -607,9 +607,19 @@@ static int audit_netlink_ok(struct sk_b
   {
   int err = 0;
   
 - /* Only support the initial namespaces for now. */
 + /* Only support initial user namespace for now. */
  +/*
  + * We return ECONNREFUSED because it tricks userspace into thinking
  + * that audit was not configured into the kernel.  Lots of users
  + * configure their PAM stack (because that's what the distro does)
  + * to reject login if unable to send messages to audit.  If we return
  + * ECONNREFUSED the PAM stack thinks the kernel does not have audit
  + * configured in and will let login proceed.  If we return EPERM
  + * userspace will reject all logins.  This should be removed when we
  + * support non init namespaces!!
  + */
 - if ((current_user_ns() != init_user_ns) ||
 - (task_active_pid_ns(current) != init_pid_ns))
 + if ((current_user_ns() != init_user_ns))
  -return -EPERM;
  +return -ECONNREFUSED;
   
   switch (msg_type) {
   case AUDIT_LIST:



- RGB

--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Richard,

On Tue, 1 Apr 2014 08:54:13 -0400 Richard Guy Briggs r...@redhat.com wrote:

  [Eric: that audit tree commit has no Signed-off-by from you even though
  you committed it ... there are a few like that]
 
 I added my Signed-off to the list posting.

The point is that Eric (Paris) committed your patch to his audit tree
(at least the commit in his tree indicates that he was the committer) and
(presumably) will ask Linus to pull his tree, but did not add his
Signed-off-by to the commit (which he should have done).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au


pgp2E7KNcWauN.pgp
Description: PGP signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got a conflict in
kernel/audit.c between commit aa4af831bb4f ("AUDIT: Allow login in
non-init namespaces") from Linus' tree and commit 5a3cb3b6c3a0 ("audit:
allow user processes to log from another PID namespace") from the audit
tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

[Eric: that audit tree commit has no Signed-off-by from you even though
you committed it ... there are a few like that]
-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc kernel/audit.c
index 95a20f3f52f1,ad77d1e80895..
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@@ -607,20 -607,9 +607,19 @@@ static int audit_netlink_ok(struct sk_b
  {
int err = 0;
  
-   /* Only support the initial namespaces for now. */
+   /* Only support initial user namespace for now. */
 +  /*
 +   * We return ECONNREFUSED because it tricks userspace into thinking
 +   * that audit was not configured into the kernel.  Lots of users
 +   * configure their PAM stack (because that's what the distro does)
 +   * to reject login if unable to send messages to audit.  If we return
 +   * ECONNREFUSED the PAM stack thinks the kernel does not have audit
 +   * configured in and will let login proceed.  If we return EPERM
 +   * userspace will reject all logins.  This should be removed when we
 +   * support non init namespaces!!
 +   */
-   if ((current_user_ns() != _user_ns) ||
-   (task_active_pid_ns(current) != _pid_ns))
+   if ((current_user_ns() != _user_ns))
 -  return -EPERM;
 +  return -ECONNREFUSED;
  
switch (msg_type) {
case AUDIT_LIST:


pgp7HzzL6q27v.pgp
Description: PGP signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got a conflict in
kernel/audit.c between commit aa4af831bb4f (AUDIT: Allow login in
non-init namespaces) from Linus' tree and commit 5a3cb3b6c3a0 (audit:
allow user processes to log from another PID namespace) from the audit
tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

[Eric: that audit tree commit has no Signed-off-by from you even though
you committed it ... there are a few like that]
-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc kernel/audit.c
index 95a20f3f52f1,ad77d1e80895..
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@@ -607,20 -607,9 +607,19 @@@ static int audit_netlink_ok(struct sk_b
  {
int err = 0;
  
-   /* Only support the initial namespaces for now. */
+   /* Only support initial user namespace for now. */
 +  /*
 +   * We return ECONNREFUSED because it tricks userspace into thinking
 +   * that audit was not configured into the kernel.  Lots of users
 +   * configure their PAM stack (because that's what the distro does)
 +   * to reject login if unable to send messages to audit.  If we return
 +   * ECONNREFUSED the PAM stack thinks the kernel does not have audit
 +   * configured in and will let login proceed.  If we return EPERM
 +   * userspace will reject all logins.  This should be removed when we
 +   * support non init namespaces!!
 +   */
-   if ((current_user_ns() != init_user_ns) ||
-   (task_active_pid_ns(current) != init_pid_ns))
+   if ((current_user_ns() != init_user_ns))
 -  return -EPERM;
 +  return -ECONNREFUSED;
  
switch (msg_type) {
case AUDIT_LIST:


pgp7HzzL6q27v.pgp
Description: PGP signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got a conflict in
include/net/xfrm.h between commit d511337a1eda ("xfrm.h: Remove extern
from function prototypes") from Linus' tree and commit 4440e8548153
("audit: convert all sessionid declaration to unsigned int") from the
audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc include/net/xfrm.h
index cd7c46ff6f1f,f8d32b908423..
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@@ -714,23 -713,23 +714,23 @@@ static inline void xfrm_audit_helper_us
audit_log_task_context(audit_buf);
  }
  
 -extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
 -kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
 -kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
 -   kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
 -  kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
 -   struct sk_buff *skb);
 -extern void xfrm_audit_state_replay(struct xfrm_state *x,
 -  struct sk_buff *skb, __be32 net_seq);
 -extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
 -extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
 -__be32 net_spi, __be32 net_seq);
 -extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
 -   struct sk_buff *skb, u8 proto);
 +void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, kuid_t auid,
-  u32 ses, u32 secid);
++ unsigned int ses, u32 secid);
 +void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, kuid_t auid,
- u32 ses, u32 secid);
++unsigned int ses, u32 secid);
 +void xfrm_audit_state_add(struct xfrm_state *x, int result, kuid_t auid,
- u32 ses, u32 secid);
++unsigned int ses, u32 secid);
 +void xfrm_audit_state_delete(struct xfrm_state *x, int result, kuid_t auid,
-u32 ses, u32 secid);
++   unsigned int ses, u32 secid);
 +void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
 +struct sk_buff *skb);
 +void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb,
 +   __be32 net_seq);
 +void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
 +void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, __be32 
net_spi,
 + __be32 net_seq);
 +void xfrm_audit_state_icvfail(struct xfrm_state *x, struct sk_buff *skb,
 +u8 proto);
  #else
  
  static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,


pgpaVLYDBxn9h.pgp
Description: PGP signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got a conflict in
include/net/xfrm.h between commit d511337a1eda (xfrm.h: Remove extern
from function prototypes) from Linus' tree and commit 4440e8548153
(audit: convert all sessionid declaration to unsigned int) from the
audit tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc include/net/xfrm.h
index cd7c46ff6f1f,f8d32b908423..
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@@ -714,23 -713,23 +714,23 @@@ static inline void xfrm_audit_helper_us
audit_log_task_context(audit_buf);
  }
  
 -extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
 -kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
 -kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
 -   kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
 -  kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
 -   struct sk_buff *skb);
 -extern void xfrm_audit_state_replay(struct xfrm_state *x,
 -  struct sk_buff *skb, __be32 net_seq);
 -extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
 -extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
 -__be32 net_spi, __be32 net_seq);
 -extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
 -   struct sk_buff *skb, u8 proto);
 +void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, kuid_t auid,
-  u32 ses, u32 secid);
++ unsigned int ses, u32 secid);
 +void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, kuid_t auid,
- u32 ses, u32 secid);
++unsigned int ses, u32 secid);
 +void xfrm_audit_state_add(struct xfrm_state *x, int result, kuid_t auid,
- u32 ses, u32 secid);
++unsigned int ses, u32 secid);
 +void xfrm_audit_state_delete(struct xfrm_state *x, int result, kuid_t auid,
-u32 ses, u32 secid);
++   unsigned int ses, u32 secid);
 +void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
 +struct sk_buff *skb);
 +void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb,
 +   __be32 net_seq);
 +void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
 +void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, __be32 
net_spi,
 + __be32 net_seq);
 +void xfrm_audit_state_icvfail(struct xfrm_state *x, struct sk_buff *skb,
 +u8 proto);
  #else
  
  static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,


pgpaVLYDBxn9h.pgp
Description: PGP signature

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got a conflict in fs/exec.c
between commit(s) from Linus' tree and commit 9410d228a4cf ("audit: call
audit_bprm() only once to add AUDIT_EXECVE information") from the audit
tree.

I fixed it up (using the supplied resolution - thanks - see below) and can
carry the fix as necessary (no action is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc fs/exec.c
index 8875dd10ae7a,c5c24f2fc44a..
--- a/fs/exec.c
+++ b/fs/exec.c
@@@ -1385,71 -1383,72 +1385,68 @@@ int search_binary_handler(struct linux_
if (retval)
return retval;
  
-   retval = audit_bprm(bprm);
-   if (retval)
-   return retval;
- 
 +  retval = -ENOENT;
 + retry:
 +  read_lock(_lock);
 +  list_for_each_entry(fmt, , lh) {
 +  if (!try_module_get(fmt->module))
 +  continue;
 +  read_unlock(_lock);
 +  bprm->recursion_depth++;
 +  retval = fmt->load_binary(bprm);
 +  bprm->recursion_depth--;
 +  if (retval >= 0 || retval != -ENOEXEC ||
 +  bprm->mm == NULL || bprm->file == NULL) {
 +  put_binfmt(fmt);
 +  return retval;
 +  }
 +  read_lock(_lock);
 +  put_binfmt(fmt);
 +  }
 +  read_unlock(_lock);
 +
 +  if (need_retry && retval == -ENOEXEC) {
 +  if (printable(bprm->buf[0]) && printable(bprm->buf[1]) &&
 +  printable(bprm->buf[2]) && printable(bprm->buf[3]))
 +  return retval;
 +  if (request_module("binfmt-%04x", *(ushort *)(bprm->buf + 2)) < 
0)
 +  return retval;
 +  need_retry = false;
 +  goto retry;
 +  }
 +
 +  return retval;
 +}
 +EXPORT_SYMBOL(search_binary_handler);
 +
 +static int exec_binprm(struct linux_binprm *bprm)
 +{
 +  pid_t old_pid, old_vpid;
 +  int ret;
 +
/* Need to fetch pid before load_binary changes it */
old_pid = current->pid;
rcu_read_lock();
old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
rcu_read_unlock();
  
 -  retval = -ENOENT;
 -  for (try=0; try<2; try++) {
 -  read_lock(_lock);
 -  list_for_each_entry(fmt, , lh) {
 -  int (*fn)(struct linux_binprm *) = fmt->load_binary;
 -  if (!fn)
 -  continue;
 -  if (!try_module_get(fmt->module))
 -  continue;
 -  read_unlock(_lock);
 -  bprm->recursion_depth = depth + 1;
 -  retval = fn(bprm);
 -  bprm->recursion_depth = depth;
 -  if (retval >= 0) {
 -  if (depth == 0) {
 -  audit_bprm(bprm);
 -  trace_sched_process_exec(current, 
old_pid, bprm);
 -  ptrace_event(PTRACE_EVENT_EXEC, 
old_vpid);
 -  }
 -  put_binfmt(fmt);
 -  allow_write_access(bprm->file);
 -  if (bprm->file)
 -  fput(bprm->file);
 -  bprm->file = NULL;
 -  current->did_exec = 1;
 -  proc_exec_connector(current);
 -  return retval;
 -  }
 -  read_lock(_lock);
 -  put_binfmt(fmt);
 -  if (retval != -ENOEXEC || bprm->mm == NULL)
 -  break;
 -  if (!bprm->file) {
 -  read_unlock(_lock);
 -  return retval;
 -  }
 +  ret = search_binary_handler(bprm);
 +  if (ret >= 0) {
++  audit_bprm(bprm);
 +  trace_sched_process_exec(current, old_pid, bprm);
 +  ptrace_event(PTRACE_EVENT_EXEC, old_vpid);
 +  current->did_exec = 1;
 +  proc_exec_connector(current);
 +
 +  if (bprm->file) {
 +  allow_write_access(bprm->file);
 +  fput(bprm->file);
 +  bprm->file = NULL; /* to catch use-after-free */
}
 -  read_unlock(_lock);
 -#ifdef CONFIG_MODULES
 -  if (retval != -ENOEXEC || bprm->mm == NULL) {
 -  break;
 -  } else {
 -#define printable(c) (((c)=='\t') || ((c)=='\n') || (0x20<=(c) && (c)<=0x7e))
 -  if (printable(bprm->buf[0]) &&
 -  printable(bprm->buf[1]) &&
 -  

linux-next: manual merge of the audit tree with Linus' tree

[Stephen Rothwell]

Hi Eric,

Today's linux-next merge of the audit tree got a conflict in fs/exec.c
between commit(s) from Linus' tree and commit 9410d228a4cf (audit: call
audit_bprm() only once to add AUDIT_EXECVE information) from the audit
tree.

I fixed it up (using the supplied resolution - thanks - see below) and can
carry the fix as necessary (no action is required).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au

diff --cc fs/exec.c
index 8875dd10ae7a,c5c24f2fc44a..
--- a/fs/exec.c
+++ b/fs/exec.c
@@@ -1385,71 -1383,72 +1385,68 @@@ int search_binary_handler(struct linux_
if (retval)
return retval;
  
-   retval = audit_bprm(bprm);
-   if (retval)
-   return retval;
- 
 +  retval = -ENOENT;
 + retry:
 +  read_lock(binfmt_lock);
 +  list_for_each_entry(fmt, formats, lh) {
 +  if (!try_module_get(fmt-module))
 +  continue;
 +  read_unlock(binfmt_lock);
 +  bprm-recursion_depth++;
 +  retval = fmt-load_binary(bprm);
 +  bprm-recursion_depth--;
 +  if (retval = 0 || retval != -ENOEXEC ||
 +  bprm-mm == NULL || bprm-file == NULL) {
 +  put_binfmt(fmt);
 +  return retval;
 +  }
 +  read_lock(binfmt_lock);
 +  put_binfmt(fmt);
 +  }
 +  read_unlock(binfmt_lock);
 +
 +  if (need_retry  retval == -ENOEXEC) {
 +  if (printable(bprm-buf[0])  printable(bprm-buf[1]) 
 +  printable(bprm-buf[2])  printable(bprm-buf[3]))
 +  return retval;
 +  if (request_module(binfmt-%04x, *(ushort *)(bprm-buf + 2))  
0)
 +  return retval;
 +  need_retry = false;
 +  goto retry;
 +  }
 +
 +  return retval;
 +}
 +EXPORT_SYMBOL(search_binary_handler);
 +
 +static int exec_binprm(struct linux_binprm *bprm)
 +{
 +  pid_t old_pid, old_vpid;
 +  int ret;
 +
/* Need to fetch pid before load_binary changes it */
old_pid = current-pid;
rcu_read_lock();
old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current-parent));
rcu_read_unlock();
  
 -  retval = -ENOENT;
 -  for (try=0; try2; try++) {
 -  read_lock(binfmt_lock);
 -  list_for_each_entry(fmt, formats, lh) {
 -  int (*fn)(struct linux_binprm *) = fmt-load_binary;
 -  if (!fn)
 -  continue;
 -  if (!try_module_get(fmt-module))
 -  continue;
 -  read_unlock(binfmt_lock);
 -  bprm-recursion_depth = depth + 1;
 -  retval = fn(bprm);
 -  bprm-recursion_depth = depth;
 -  if (retval = 0) {
 -  if (depth == 0) {
 -  audit_bprm(bprm);
 -  trace_sched_process_exec(current, 
old_pid, bprm);
 -  ptrace_event(PTRACE_EVENT_EXEC, 
old_vpid);
 -  }
 -  put_binfmt(fmt);
 -  allow_write_access(bprm-file);
 -  if (bprm-file)
 -  fput(bprm-file);
 -  bprm-file = NULL;
 -  current-did_exec = 1;
 -  proc_exec_connector(current);
 -  return retval;
 -  }
 -  read_lock(binfmt_lock);
 -  put_binfmt(fmt);
 -  if (retval != -ENOEXEC || bprm-mm == NULL)
 -  break;
 -  if (!bprm-file) {
 -  read_unlock(binfmt_lock);
 -  return retval;
 -  }
 +  ret = search_binary_handler(bprm);
 +  if (ret = 0) {
++  audit_bprm(bprm);
 +  trace_sched_process_exec(current, old_pid, bprm);
 +  ptrace_event(PTRACE_EVENT_EXEC, old_vpid);
 +  current-did_exec = 1;
 +  proc_exec_connector(current);
 +
 +  if (bprm-file) {
 +  allow_write_access(bprm-file);
 +  fput(bprm-file);
 +  bprm-file = NULL; /* to catch use-after-free */
}
 -  read_unlock(binfmt_lock);
 -#ifdef CONFIG_MODULES
 -  if (retval != -ENOEXEC || bprm-mm == NULL) {
 -  break;
 -  } else {
 -#define printable(c) (((c)=='\t') || ((c)=='\n') || (0x20=(c)  (c)=0x7e))
 -  if (printable(bprm-buf[0]) 
 -  printable(bprm-buf[1]) 
 -