diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-08-31 22:55:50 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-08-31 22:55:50 +0300 |
commit | 8e0cd9525ca7ab8ba87135d85b10596e61b10e63 (patch) | |
tree | cc0b05527b04e0262aac03a6e99d88eddb7eb659 | |
parent | befa491ce6954adadb181c464d0318925f18e499 (diff) | |
parent | 67d69e9d1a6c889d98951c1d74b19332ce0565af (diff) | |
download | linux-8e0cd9525ca7ab8ba87135d85b10596e61b10e63.tar.xz |
Merge tag 'audit-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit updates from Paul Moore:
"Two patches in the audit pull request for v5.15; one is trivial
("header protection") but the second is a real patch that fixes a
refcounting problem.
The refcount fix normally would have been sent up during the -rcX
cycle, but since we merged it less than a week before v5.14 proper I
felt it was better to wait for the merge window to open; the patch is
marked with the usual -stable markings"
* tag 'audit-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: move put_tree() to avoid trim_trees refcount underflow and UAF
audit: add header protection to kernel/audit.h
-rw-r--r-- | kernel/audit.h | 5 | ||||
-rw-r--r-- | kernel/audit_tree.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index b565ea16c0a5..d6a2c899a8db 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -6,6 +6,9 @@ * Copyright 2005 IBM Corporation */ +#ifndef _KERNEL_AUDIT_H_ +#define _KERNEL_AUDIT_H_ + #include <linux/fs.h> #include <linux/audit.h> #include <linux/skbuff.h> @@ -331,3 +334,5 @@ extern int audit_filter(int msgtype, unsigned int listtype); extern void audit_ctl_lock(void); extern void audit_ctl_unlock(void); + +#endif diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index b2be4e978ba3..2cd7b5694422 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c @@ -593,7 +593,6 @@ static void prune_tree_chunks(struct audit_tree *victim, bool tagged) spin_lock(&hash_lock); } spin_unlock(&hash_lock); - put_tree(victim); } /* @@ -602,6 +601,7 @@ static void prune_tree_chunks(struct audit_tree *victim, bool tagged) static void prune_one(struct audit_tree *victim) { prune_tree_chunks(victim, false); + put_tree(victim); } /* trim the uncommitted chunks from tree */ |