Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

[~andy/linux] / security / lsm_audit.c

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 90c129b0102f5cbe43129695bde3c3b924b84987..9a62045e6282467493567a52f546d1e8d269bcd6 100644 (file)
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -213,12 +213,15 @@ static void dump_common_audit_data(struct audit_buffer *ab,
 {
        struct task_struct *tsk = current;
 
-       if (a->tsk)
-               tsk = a->tsk;
-       if (tsk && tsk->pid) {
-               audit_log_format(ab, " pid=%d comm=", tsk->pid);
-               audit_log_untrustedstring(ab, tsk->comm);
-       }
+       /*
+        * To keep stack sizes in check force programers to notice if they
+        * start making this union too large!  See struct lsm_network_audit
+        * as an example of how to deal with large data.
+        */
+       BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
+
+       audit_log_format(ab, " pid=%d comm=", tsk->pid);
+       audit_log_untrustedstring(ab, tsk->comm);
 
        switch (a->type) {
        case LSM_AUDIT_DATA_NONE:
@@ -299,18 +302,19 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                                                "faddr", "fport");
                                break;
                        }
+#if IS_ENABLED(CONFIG_IPV6)
                        case AF_INET6: {
                                struct inet_sock *inet = inet_sk(sk);
-                               struct ipv6_pinfo *inet6 = inet6_sk(sk);
 
-                               print_ipv6_addr(ab, &inet6->rcv_saddr,
+                               print_ipv6_addr(ab, &sk->sk_v6_rcv_saddr,
                                                inet->inet_sport,
                                                "laddr", "lport");
-                               print_ipv6_addr(ab, &inet6->daddr,
+                               print_ipv6_addr(ab, &sk->sk_v6_daddr,
                                                inet->inet_dport,
                                                "faddr", "fport");
                                break;
                        }
+#endif
                        case AF_UNIX:
                                u = unix_sk(sk);
                                if (u->path.dentry) {
@@ -393,7 +397,8 @@ void common_lsm_audit(struct common_audit_data *a,
        if (a == NULL)
                return;
        /* we use GFP_ATOMIC so we won't sleep */
-       ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC);
+       ab = audit_log_start(current->audit_context, GFP_ATOMIC | __GFP_NOWARN,
+                            AUDIT_AVC);
 
        if (ab == NULL)
                return;