From: Gaosheng Cui <cuigaosheng1@huawei.com>
Date: Sat, 16 Oct 2021 07:23:51 +0000 (+0800)
Subject: audit: return early if the filter rule has a lower priority
X-Git-Tag: v5.16-rc1~161^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9516f346e8b8e9c7dd37976a06a5bde1a871d6f;p=thirdparty%2Fkernel%2Flinux.git

audit: return early if the filter rule has a lower priority

It is not necessary for audit_filter_rules() functions to check
audit fileds of the rule with a lower priority, and if we did,
there might be some unintended effects, such as the ctx->ppid
may be changed unexpectedly, so return early if the rule has
a lower priority.

Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
[PM: slight tweak to the subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a4ba53f5354ea..6efb0bb909d09 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk,
 	u32 sid;
 	unsigned int sessionid;
 
+	if (ctx && rule->prio <= ctx->prio)
+		return 0;
+
 	cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation);
 
 	for (i = 0; i < rule->field_count; i++) {
@@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk,
 	}
 
 	if (ctx) {
-		if (rule->prio <= ctx->prio)
-			return 0;
 		if (rule->filterkey) {
 			kfree(ctx->filterkey);
 			ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC);