Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit

[sfrench/cifs-2.6.git] / kernel / audit.c

diff --git a/kernel/audit.c b/kernel/audit.c
index 25dd70a588b27b6ede925fce4244f4bc173012e6..e794544f5e63334afccadf6cc70f5fb2541e1e2e 100644 (file)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -125,7 +125,7 @@ static atomic_t     audit_lost = ATOMIC_INIT(0);
 
 /* The netlink socket. */
 static struct sock *audit_sock;
-static int audit_net_id;
+static unsigned int audit_net_id;
 
 /* Hash for inode-based rules */
 struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
@@ -1007,6 +1007,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                                return err;
                }
                if (s.mask & AUDIT_STATUS_PID) {
+                       /* NOTE: we are using task_tgid_vnr() below because
+                        *       the s.pid value is relative to the namespace
+                        *       of the caller; at present this doesn't matter
+                        *       much since you can really only run auditd
+                        *       from the initial pid namespace, but something
+                        *       to keep in mind if this changes */
                        int new_pid = s.pid;
                        pid_t requesting_pid = task_tgid_vnr(current);
 
@@ -1310,9 +1316,8 @@ static void __net_exit audit_net_exit(struct net *net)
                auditd_reset();
        mutex_unlock(&audit_cmd_mutex);
 
-       RCU_INIT_POINTER(aunet->nlsk, NULL);
-       synchronize_net();
        netlink_kernel_release(sock);
+       aunet->nlsk = NULL;
 }
 
 static struct pernet_operations audit_net_ops __net_initdata = {
@@ -1896,7 +1901,7 @@ void audit_copy_inode(struct audit_names *name, const struct dentry *dentry,
  * @call_panic: optional pointer to int that will be updated if secid fails
  */
 void audit_log_name(struct audit_context *context, struct audit_names *n,
-                   struct path *path, int record_num, int *call_panic)
+                   const struct path *path, int record_num, int *call_panic)
 {
        struct audit_buffer *ab;
        ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
@@ -2059,7 +2064,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
                         " euid=%u suid=%u fsuid=%u"
                         " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
                         task_ppid_nr(tsk),
-                        task_pid_nr(tsk),
+                        task_tgid_nr(tsk),
                         from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
                         from_kuid(&init_user_ns, cred->uid),
                         from_kgid(&init_user_ns, cred->gid),
@@ -2084,7 +2089,7 @@ EXPORT_SYMBOL(audit_log_task_info);
  * @operation: specific link operation
  * @link: the path that triggered the restriction
  */
-void audit_log_link_denied(const char *operation, struct path *link)
+void audit_log_link_denied(const char *operation, const struct path *link)
 {
        struct audit_buffer *ab;
        struct audit_names *name;