On Tue, Jul 28, 2020 at 5:09 PM Paul Moore <[email protected]> wrote: > > Unfortunately the commit listed in the subject line above failed > to ensure that the task's audit_context was properly initialized/set > before enabling the "accompanying records". Depending on the > sitation, the resulting audit_context could have invalid values in > some of it's fields which could cause a kernel panic/oops when the > task/syscall exists and the audit records are generated. > > We will revisit the original patch, with the necessary fixes, in a > future kernel but right now we just want to fix the kernel panic > with the least amount of added risk. > > Cc: [email protected] > Fixes: 1320a4052ea1 ("audit: trigger accompanying records when no rules > present") > Reported-by: [email protected] > Signed-off-by: Paul Moore <[email protected]> > --- > kernel/audit.c | 1 - > kernel/audit.h | 8 -------- > kernel/auditsc.c | 3 +++ > 3 files changed, 3 insertions(+), 9 deletions(-)
William pointed out a misspelling in the patch description above, which I just fixed. Unfortunately I had already pushed the patch to audit/stable-5.8 so I did a force-push to correct the spelling; normally I wouldn't do something like that for such a trivial matter, but since it is unlikely anyone is based of the audit/stable-5.8 branch this seemed like an okay time to do that. I'll be sending a PR to Linus shortly. -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
