summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2017-01-17 11:07:15 -0500
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2017-10-08 10:14:18 +0200
commit093fe104c5bbd99b4934bd80216b6e6d7371c4fc (patch)
treed8755608cfc7d0fe3881997742c3d5b7a21df722 /net
parentaf3749456042cc38c80902e849421451b27215f6 (diff)
downloadlinux-stable-093fe104c5bbd99b4934bd80216b6e6d7371c4fc.tar.gz
linux-stable-093fe104c5bbd99b4934bd80216b6e6d7371c4fc.tar.bz2
linux-stable-093fe104c5bbd99b4934bd80216b6e6d7371c4fc.zip
audit: log 32-bit socketcalls
[ Upstream commit 62bc306e2083436675e33b5bdeb6a77907d35971 ] 32-bit socketcalls were not being logged by audit on x86_64 systems. Log them. This is basically a duplicate of the call from net/socket.c:sys_socketcall(), but it addresses the impedance mismatch between 32-bit userspace process and 64-bit kernel audit. See: https://github.com/linux-audit/audit-kernel/issues/14 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
-rw-r--r--net/compat.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/net/compat.c b/net/compat.c
index 5cfd26a0006f..0ccf3ecf6bbb 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -22,6 +22,7 @@
#include <linux/filter.h>
#include <linux/compat.h>
#include <linux/security.h>
+#include <linux/audit.h>
#include <linux/export.h>
#include <net/scm.h>
@@ -767,14 +768,24 @@ COMPAT_SYSCALL_DEFINE5(recvmmsg, int, fd, struct compat_mmsghdr __user *, mmsg,
COMPAT_SYSCALL_DEFINE2(socketcall, int, call, u32 __user *, args)
{
- int ret;
- u32 a[6];
+ u32 a[AUDITSC_ARGS];
+ unsigned int len;
u32 a0, a1;
+ int ret;
if (call < SYS_SOCKET || call > SYS_SENDMMSG)
return -EINVAL;
- if (copy_from_user(a, args, nas[call]))
+ len = nas[call];
+ if (len > sizeof(a))
+ return -EINVAL;
+
+ if (copy_from_user(a, args, len))
return -EFAULT;
+
+ ret = audit_socketcall_compat(len / sizeof(a[0]), a);
+ if (ret)
+ return ret;
+
a0 = a[0];
a1 = a[1];