mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-07-23 15:27:29 +00:00
Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit
Pull audit updates from Paul Moore:
"After the small number of patches for v4.9, we've got a much bigger
pile for v4.10.
The bulk of these patches involve a rework of the audit backlog queue
to enable us to move the netlink multicasting out of the task/thread
that generates the audit record and into the kernel thread that emits
the record (just like we do for the audit unicast to auditd).
While we were playing with the backlog queue(s) we fixed a number of
other little problems with the code, and from all the testing so far
things look to be in much better shape now. Doing this also allowed us
to re-enable disabling IRQs for some netns operations ("netns: avoid
disabling irq for netns id").
The remaining patches fix some small problems that are well documented
in the commit descriptions, as well as adding session ID filtering
support"
* 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit:
audit: use proper refcount locking on audit_sock
netns: avoid disabling irq for netns id
audit: don't ever sleep on a command record/message
audit: handle a clean auditd shutdown with grace
audit: wake up kauditd_thread after auditd registers
audit: rework audit_log_start()
audit: rework the audit queue handling
audit: rename the queues and kauditd related functions
audit: queue netlink multicast sends just like we do for unicast sends
audit: fixup audit_init()
audit: move kaudit thread start from auditd registration to kaudit init (#2)
audit: add support for session ID user filter
audit: fix formatting of AUDIT_CONFIG_CHANGE events
audit: skip sessionid sentinel value when auto-incrementing
audit: tame initialization warning len_abuf in audit_log_execve_info
audit: less stack usage for /proc/*/loginuid
This commit is contained in:
Linus Torvalds
commit
dcdaa2f948
9 changed files with 361 additions and 243 deletions
|
|
@ -218,16 +218,15 @@ static void rtnl_net_notifyid(struct net *net, int cmd, int id);
|
|||
*/
|
||||
int peernet2id_alloc(struct net *net, struct net *peer)
|
||||
{
|
||||
unsigned long flags;
|
||||
bool alloc;
|
||||
int id;
|
||||
|
||||
if (atomic_read(&net->count) == 0)
|
||||
return NETNSA_NSID_NOT_ASSIGNED;
|
||||
spin_lock_irqsave(&net->nsid_lock, flags);
|
||||
spin_lock_bh(&net->nsid_lock);
|
||||
alloc = atomic_read(&peer->count) == 0 ? false : true;
|
||||
id = __peernet2id_alloc(net, peer, &alloc);
|
||||
spin_unlock_irqrestore(&net->nsid_lock, flags);
|
||||
spin_unlock_bh(&net->nsid_lock);
|
||||
if (alloc && id >= 0)
|
||||
rtnl_net_notifyid(net, RTM_NEWNSID, id);
|
||||
return id;
|
||||
|
|
@ -236,12 +235,11 @@ int peernet2id_alloc(struct net *net, struct net *peer)
|
|||
/* This function returns, if assigned, the id of a peer netns. */
|
||||
int peernet2id(struct net *net, struct net *peer)
|
||||
{
|
||||
unsigned long flags;
|
||||
int id;
|
||||
|
||||
spin_lock_irqsave(&net->nsid_lock, flags);
|
||||
spin_lock_bh(&net->nsid_lock);
|
||||
id = __peernet2id(net, peer);
|
||||
spin_unlock_irqrestore(&net->nsid_lock, flags);
|
||||
spin_unlock_bh(&net->nsid_lock);
|
||||
return id;
|
||||
}
|
||||
EXPORT_SYMBOL(peernet2id);
|
||||
|
|
@ -256,18 +254,17 @@ bool peernet_has_id(struct net *net, struct net *peer)
|
|||
|
||||
struct net *get_net_ns_by_id(struct net *net, int id)
|
||||
{
|
||||
unsigned long flags;
|
||||
struct net *peer;
|
||||
|
||||
if (id < 0)
|
||||
return NULL;
|
||||
|
||||
rcu_read_lock();
|
||||
spin_lock_irqsave(&net->nsid_lock, flags);
|
||||
spin_lock_bh(&net->nsid_lock);
|
||||
peer = idr_find(&net->netns_ids, id);
|
||||
if (peer)
|
||||
get_net(peer);
|
||||
spin_unlock_irqrestore(&net->nsid_lock, flags);
|
||||
spin_unlock_bh(&net->nsid_lock);
|
||||
rcu_read_unlock();
|
||||
|
||||
return peer;
|
||||
|
|
@ -437,17 +434,17 @@ static void cleanup_net(struct work_struct *work)
|
|||
for_each_net(tmp) {
|
||||
int id;
|
||||
|
||||
spin_lock_irq(&tmp->nsid_lock);
|
||||
spin_lock_bh(&tmp->nsid_lock);
|
||||
id = __peernet2id(tmp, net);
|
||||
if (id >= 0)
|
||||
idr_remove(&tmp->netns_ids, id);
|
||||
spin_unlock_irq(&tmp->nsid_lock);
|
||||
spin_unlock_bh(&tmp->nsid_lock);
|
||||
if (id >= 0)
|
||||
rtnl_net_notifyid(tmp, RTM_DELNSID, id);
|
||||
}
|
||||
spin_lock_irq(&net->nsid_lock);
|
||||
spin_lock_bh(&net->nsid_lock);
|
||||
idr_destroy(&net->netns_ids);
|
||||
spin_unlock_irq(&net->nsid_lock);
|
||||
spin_unlock_bh(&net->nsid_lock);
|
||||
|
||||
}
|
||||
rtnl_unlock();
|
||||
|
|
@ -576,7 +573,6 @@ static int rtnl_net_newid(struct sk_buff *skb, struct nlmsghdr *nlh)
|
|||
{
|
||||
struct net *net = sock_net(skb->sk);
|
||||
struct nlattr *tb[NETNSA_MAX + 1];
|
||||
unsigned long flags;
|
||||
struct net *peer;
|
||||
int nsid, err;
|
||||
|
||||
|
|
@ -597,15 +593,15 @@ static int rtnl_net_newid(struct sk_buff *skb, struct nlmsghdr *nlh)
|
|||
if (IS_ERR(peer))
|
||||
return PTR_ERR(peer);
|
||||
|
||||
spin_lock_irqsave(&net->nsid_lock, flags);
|
||||
spin_lock_bh(&net->nsid_lock);
|
||||
if (__peernet2id(net, peer) >= 0) {
|
||||
spin_unlock_irqrestore(&net->nsid_lock, flags);
|
||||
spin_unlock_bh(&net->nsid_lock);
|
||||
err = -EEXIST;
|
||||
goto out;
|
||||
}
|
||||
|
||||
err = alloc_netid(net, peer, nsid);
|
||||
spin_unlock_irqrestore(&net->nsid_lock, flags);
|
||||
spin_unlock_bh(&net->nsid_lock);
|
||||
if (err >= 0) {
|
||||
rtnl_net_notifyid(net, RTM_NEWNSID, err);
|
||||
err = 0;
|
||||
|
|
@ -727,11 +723,10 @@ static int rtnl_net_dumpid(struct sk_buff *skb, struct netlink_callback *cb)
|
|||
.idx = 0,
|
||||
.s_idx = cb->args[0],
|
||||
};
|
||||
unsigned long flags;
|
||||
|
||||
spin_lock_irqsave(&net->nsid_lock, flags);
|
||||
spin_lock_bh(&net->nsid_lock);
|
||||
idr_for_each(&net->netns_ids, rtnl_net_dumpid_one, &net_cb);
|
||||
spin_unlock_irqrestore(&net->nsid_lock, flags);
|
||||
spin_unlock_bh(&net->nsid_lock);
|
||||
|
||||
cb->args[0] = net_cb.idx;
|
||||
return skb->len;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue