summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2021-08-31 22:55:50 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2021-08-31 22:55:50 +0300
commit8e0cd9525ca7ab8ba87135d85b10596e61b10e63 (patch)
treecc0b05527b04e0262aac03a6e99d88eddb7eb659
parentbefa491ce6954adadb181c464d0318925f18e499 (diff)
parent67d69e9d1a6c889d98951c1d74b19332ce0565af (diff)
downloadlinux-8e0cd9525ca7ab8ba87135d85b10596e61b10e63.tar.xz
Merge tag 'audit-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit updates from Paul Moore: "Two patches in the audit pull request for v5.15; one is trivial ("header protection") but the second is a real patch that fixes a refcounting problem. The refcount fix normally would have been sent up during the -rcX cycle, but since we merged it less than a week before v5.14 proper I felt it was better to wait for the merge window to open; the patch is marked with the usual -stable markings" * tag 'audit-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: move put_tree() to avoid trim_trees refcount underflow and UAF audit: add header protection to kernel/audit.h
-rw-r--r--kernel/audit.h5
-rw-r--r--kernel/audit_tree.c2
2 files changed, 6 insertions, 1 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index b565ea16c0a5..d6a2c899a8db 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -6,6 +6,9 @@
* Copyright 2005 IBM Corporation
*/
+#ifndef _KERNEL_AUDIT_H_
+#define _KERNEL_AUDIT_H_
+
#include <linux/fs.h>
#include <linux/audit.h>
#include <linux/skbuff.h>
@@ -331,3 +334,5 @@ extern int audit_filter(int msgtype, unsigned int listtype);
extern void audit_ctl_lock(void);
extern void audit_ctl_unlock(void);
+
+#endif
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index b2be4e978ba3..2cd7b5694422 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -593,7 +593,6 @@ static void prune_tree_chunks(struct audit_tree *victim, bool tagged)
spin_lock(&hash_lock);
}
spin_unlock(&hash_lock);
- put_tree(victim);
}
/*
@@ -602,6 +601,7 @@ static void prune_tree_chunks(struct audit_tree *victim, bool tagged)
static void prune_one(struct audit_tree *victim)
{
prune_tree_chunks(victim, false);
+ put_tree(victim);
}
/* trim the uncommitted chunks from tree */