* [PATCH -next,v2 0/2] Audit: fix warning and check priority early @ 2021-10-13 9:12 Gaosheng Cui 2021-10-13 9:12 ` [PATCH -next, v2 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui 2021-10-13 9:12 ` [PATCH -next, v2 2/2] audit: return early if the rule has a lower priority Gaosheng Cui 0 siblings, 2 replies; 7+ messages in thread From: Gaosheng Cui @ 2021-10-13 9:12 UTC (permalink / raw) To: paul, eparis; +Cc: wangweiyang2, linux-audit, linux-kernel, xiujianfeng v2: audit: fix possible null-pointer dereference in audit_filter_rules audit: return early if the rule has a lower priority v1: audit: return early if the rule has a lower priority Gaosheng Cui (2): audit: fix possible null-pointer dereference in audit_filter_rules audit: return early if the rule has a lower priority kernel/auditsc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) -- 2.30.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH -next, v2 1/2] audit: fix possible null-pointer dereference in audit_filter_rules 2021-10-13 9:12 [PATCH -next,v2 0/2] Audit: fix warning and check priority early Gaosheng Cui @ 2021-10-13 9:12 ` Gaosheng Cui 2021-10-13 21:12 ` Paul Moore 2021-10-13 9:12 ` [PATCH -next, v2 2/2] audit: return early if the rule has a lower priority Gaosheng Cui 1 sibling, 1 reply; 7+ messages in thread From: Gaosheng Cui @ 2021-10-13 9:12 UTC (permalink / raw) To: paul, eparis; +Cc: wangweiyang2, linux-audit, linux-kernel, xiujianfeng Fix this possible null-pointer dereference in audit_filter_rules. If ctx is null, a null-pointer dereference will occur: case AUDIT_SADDR_FAM: if (ctx->sockaddr) ... break; audit_filter_rules() error: we previously assumed 'ctx' could be null Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4ba3b8573ff4..42d4a4320526 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -647,7 +647,7 @@ static int audit_filter_rules(struct task_struct *tsk, result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); break; case AUDIT_SADDR_FAM: - if (ctx->sockaddr) + if (ctx && ctx->sockaddr) result = audit_comparator(ctx->sockaddr->ss_family, f->op, f->val); break; -- 2.30.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH -next, v2 1/2] audit: fix possible null-pointer dereference in audit_filter_rules 2021-10-13 9:12 ` [PATCH -next, v2 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui @ 2021-10-13 21:12 ` Paul Moore 2021-10-16 7:47 ` cuigaosheng 0 siblings, 1 reply; 7+ messages in thread From: Paul Moore @ 2021-10-13 21:12 UTC (permalink / raw) To: Gaosheng Cui Cc: xiujianfeng, wangweiyang2, linux-audit, linux-kernel, Eric Paris On Wed, Oct 13, 2021 at 5:10 AM Gaosheng Cui <cuigaosheng1@huawei.com> wrote: > > Fix this possible null-pointer dereference in audit_filter_rules. Thanks for fixing this, just a couple of small comments: I think you can drop the description text below here, the code snippet is just a duplicate of the code and the error message is pretty obvious. > If ctx is null, a null-pointer dereference will occur: > case AUDIT_SADDR_FAM: > if (ctx->sockaddr) > ... > break; > > audit_filter_rules() error: we previously assumed 'ctx' could be null > > Reported-by: kernel test robot <lkp@intel.com> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> I would also add a Fixes tag, for example: Fixes: bf361231c295 ("audit: add saddr_fam filter field") > --- > kernel/auditsc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 4ba3b8573ff4..42d4a4320526 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -647,7 +647,7 @@ static int audit_filter_rules(struct task_struct *tsk, > result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); > break; > case AUDIT_SADDR_FAM: > - if (ctx->sockaddr) > + if (ctx && ctx->sockaddr) > result = audit_comparator(ctx->sockaddr->ss_family, > f->op, f->val); > break; > -- > 2.30.0 -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH -next, v2 1/2] audit: fix possible null-pointer dereference in audit_filter_rules 2021-10-13 21:12 ` Paul Moore @ 2021-10-16 7:47 ` cuigaosheng 0 siblings, 0 replies; 7+ messages in thread From: cuigaosheng @ 2021-10-16 7:47 UTC (permalink / raw) To: Paul Moore Cc: xiujianfeng, wangweiyang2, linux-audit, linux-kernel, Eric Paris Thanks for your review, and i have droped the redundant commit message and add a Fixes tag to the patch. https://patchwork.kernel.org/project/linux-audit/patch/20211016072351.237745-2-cuigaosheng1@huawei.com/ <https://patchwork.kernel.org/project/linux-audit/patch/20211016072351.237745-2-cuigaosheng1@huawei.com/> Gaosheng. 在 2021/10/14 5:12, Paul Moore 写道: > On Wed, Oct 13, 2021 at 5:10 AM Gaosheng Cui <cuigaosheng1@huawei.com> wrote: >> Fix this possible null-pointer dereference in audit_filter_rules. > Thanks for fixing this, just a couple of small comments: > > I think you can drop the description text below here, the code snippet > is just a duplicate of the code and the error message is pretty > obvious. > >> If ctx is null, a null-pointer dereference will occur: >> case AUDIT_SADDR_FAM: >> if (ctx->sockaddr) >> ... >> break; >> >> audit_filter_rules() error: we previously assumed 'ctx' could be null >> >> Reported-by: kernel test robot <lkp@intel.com> >> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> >> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> > I would also add a Fixes tag, for example: > > Fixes: bf361231c295 ("audit: add saddr_fam filter field") > >> --- >> kernel/auditsc.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c >> index 4ba3b8573ff4..42d4a4320526 100644 >> --- a/kernel/auditsc.c >> +++ b/kernel/auditsc.c >> @@ -647,7 +647,7 @@ static int audit_filter_rules(struct task_struct *tsk, >> result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); >> break; >> case AUDIT_SADDR_FAM: >> - if (ctx->sockaddr) >> + if (ctx && ctx->sockaddr) >> result = audit_comparator(ctx->sockaddr->ss_family, >> f->op, f->val); >> break; >> -- >> 2.30.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH -next, v2 2/2] audit: return early if the rule has a lower priority 2021-10-13 9:12 [PATCH -next,v2 0/2] Audit: fix warning and check priority early Gaosheng Cui 2021-10-13 9:12 ` [PATCH -next, v2 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui @ 2021-10-13 9:12 ` Gaosheng Cui 2021-10-13 21:15 ` Paul Moore 1 sibling, 1 reply; 7+ messages in thread From: Gaosheng Cui @ 2021-10-13 9:12 UTC (permalink / raw) To: paul, eparis; +Cc: wangweiyang2, linux-audit, linux-kernel, xiujianfeng It is not necessary for audit_filter_rules() functions to check audit fileds of the rule with a lower priority, and if we did, there might be some unintended effects, such as the ctx->ppid may be changed unexpectedly, so return early if the rule has a lower priority. Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> --- kernel/auditsc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 42d4a4320526..b517947bfa48 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk, u32 sid; unsigned int sessionid; + if (ctx && rule->prio <= ctx->prio) + return 0; + cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); for (i = 0; i < rule->field_count; i++) { @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk, } if (ctx) { - if (rule->prio <= ctx->prio) - return 0; if (rule->filterkey) { kfree(ctx->filterkey); ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); -- 2.30.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH -next, v2 2/2] audit: return early if the rule has a lower priority 2021-10-13 9:12 ` [PATCH -next, v2 2/2] audit: return early if the rule has a lower priority Gaosheng Cui @ 2021-10-13 21:15 ` Paul Moore 2021-10-16 8:02 ` cuigaosheng 0 siblings, 1 reply; 7+ messages in thread From: Paul Moore @ 2021-10-13 21:15 UTC (permalink / raw) To: Gaosheng Cui Cc: xiujianfeng, wangweiyang2, linux-audit, linux-kernel, Eric Paris On Wed, Oct 13, 2021 at 5:10 AM Gaosheng Cui <cuigaosheng1@huawei.com> wrote: > > It is not necessary for audit_filter_rules() functions to check > audit fileds of the rule with a lower priority, and if we did, > there might be some unintended effects, such as the ctx->ppid > may be changed unexpectedly, so return early if the rule has > a lower priority. > > Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> > --- > kernel/auditsc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) Thanks for this patch, it looks reasonable to me but have you done any testing with this patch? If so, what have you done? As a FYI, the audit-testsuite project lives here: * https://github.com/linux-audit/audit-testsuite > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 42d4a4320526..b517947bfa48 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk, > u32 sid; > unsigned int sessionid; > > + if (ctx && rule->prio <= ctx->prio) > + return 0; > + > cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); > > for (i = 0; i < rule->field_count; i++) { > @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk, > } > > if (ctx) { > - if (rule->prio <= ctx->prio) > - return 0; > if (rule->filterkey) { > kfree(ctx->filterkey); > ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); > -- > 2.30.0 -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH -next, v2 2/2] audit: return early if the rule has a lower priority 2021-10-13 21:15 ` Paul Moore @ 2021-10-16 8:02 ` cuigaosheng 0 siblings, 0 replies; 7+ messages in thread From: cuigaosheng @ 2021-10-16 8:02 UTC (permalink / raw) To: Paul Moore Cc: xiujianfeng, wangweiyang2, linux-audit, linux-kernel, Eric Paris I have done some testing with this patch, we have some testsuites to verify the function of audit, and i will test it with the audit-testsuite. Thanks. Gaosheng 在 2021/10/14 5:15, Paul Moore 写道: > On Wed, Oct 13, 2021 at 5:10 AM Gaosheng Cui <cuigaosheng1@huawei.com> wrote: >> It is not necessary for audit_filter_rules() functions to check >> audit fileds of the rule with a lower priority, and if we did, >> there might be some unintended effects, such as the ctx->ppid >> may be changed unexpectedly, so return early if the rule has >> a lower priority. >> >> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> >> --- >> kernel/auditsc.c | 5 +++-- >> 1 file changed, 3 insertions(+), 2 deletions(-) > Thanks for this patch, it looks reasonable to me but have you done any > testing with this patch? If so, what have you done? > > As a FYI, the audit-testsuite project lives here: > * https://github.com/linux-audit/audit-testsuite > >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c >> index 42d4a4320526..b517947bfa48 100644 >> --- a/kernel/auditsc.c >> +++ b/kernel/auditsc.c >> @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk, >> u32 sid; >> unsigned int sessionid; >> >> + if (ctx && rule->prio <= ctx->prio) >> + return 0; >> + >> cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); >> >> for (i = 0; i < rule->field_count; i++) { >> @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk, >> } >> >> if (ctx) { >> - if (rule->prio <= ctx->prio) >> - return 0; >> if (rule->filterkey) { >> kfree(ctx->filterkey); >> ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); >> -- >> 2.30.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-10-16 8:02 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-10-13 9:12 [PATCH -next,v2 0/2] Audit: fix warning and check priority early Gaosheng Cui 2021-10-13 9:12 ` [PATCH -next, v2 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui 2021-10-13 21:12 ` Paul Moore 2021-10-16 7:47 ` cuigaosheng 2021-10-13 9:12 ` [PATCH -next, v2 2/2] audit: return early if the rule has a lower priority Gaosheng Cui 2021-10-13 21:15 ` Paul Moore 2021-10-16 8:02 ` cuigaosheng
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).