linux-audit.redhat.com archive mirror
 help / color / mirror / Atom feed
* Re: [bug report] audit: log nftables configuration change events
       [not found] <20200626102242.GA313925@mwanda>
@ 2020-06-27 17:35 ` Richard Guy Briggs
  0 siblings, 0 replies; only message in thread
From: Richard Guy Briggs @ 2020-06-27 17:35 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-audit, netfilter-devel

On 2020-06-26 13:22, Dan Carpenter wrote:
> Hello Richard Guy Briggs,
> 
> The patch 8e6cf365e1d5: "audit: log nftables configuration change
> events" from Jun 4, 2020, leads to the following static checker
> warning:
> 
> 	net/netfilter/nf_tables_api.c:6160 nft_obj_notify()
> 	warn: use 'gfp' here instead of GFP_XXX?
> 
> net/netfilter/nf_tables_api.c
>   6153  void nft_obj_notify(struct net *net, const struct nft_table *table,
>   6154                      struct nft_object *obj, u32 portid, u32 seq, int event,
>   6155                      int family, int report, gfp_t gfp)
>                                                     ^^^^^^^^^
>   6156  {
>   6157          struct sk_buff *skb;
>   6158          int err;
>   6159          char *buf = kasprintf(GFP_KERNEL, "%s:%llu;?:0",
>                                       ^^^^^^^^^^
> This should probably be "gfp".

Agreed, nice catch.  Checking other similar uses from that patch
leads me to another bug and the need to extend audit_log_nfcfg() to
accept a GFP flag.  Patch coming...

>   6160                                table->name, table->handle);
>   6161  
>   6162          audit_log_nfcfg(buf,
>   6163                          family,
>   6164                          obj->handle,
>   6165                          event == NFT_MSG_NEWOBJ ?
>   6166                                  AUDIT_NFT_OP_OBJ_REGISTER :
>   6167                                  AUDIT_NFT_OP_OBJ_UNREGISTER);
>   6168          kfree(buf);
>   6169  
>   6170          if (!report &&
>   6171              !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
>   6172                  return;
>   6173  
>   6174          skb = nlmsg_new(NLMSG_GOODSIZE, gfp);
>                                                 ^^^
> 
>   6175          if (skb == NULL)
>   6176                  goto err;
>   6177  
>   6178          err = nf_tables_fill_obj_info(skb, net, portid, seq, event, 0, family,
>   6179                                        table, obj, false);
>   6180          if (err < 0) {
>   6181                  kfree_skb(skb);
>   6182                  goto err;
>   6183          }
>   6184  
>   6185          nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp);
>   6186          return;
>   6187  err:
>   6188          nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
>   6189  }
> 
> regards,
> dan carpenter

- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2020-06-27 17:35 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20200626102242.GA313925@mwanda>
2020-06-27 17:35 ` [bug report] audit: log nftables configuration change events Richard Guy Briggs

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).