--- /dev/null
+From c92cdeb45eea38515e82187f48c2e4f435fb4e25 Mon Sep 17 00:00:00 2001
+From: Richard Guy Briggs <rgb@redhat.com>
+Date: Tue, 10 Dec 2013 22:10:41 -0500
+Subject: audit: convert PPIDs to the inital PID namespace.
+
+From: Richard Guy Briggs <rgb@redhat.com>
+
+commit c92cdeb45eea38515e82187f48c2e4f435fb4e25 upstream.
+
+sys_getppid() returns the parent pid of the current process in its own pid
+namespace. Since audit filters are based in the init pid namespace, a process
+could avoid a filter or trigger an unintended one by being in an alternate pid
+namespace or log meaningless information.
+
+Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the
+init_pid_ns.
+
+(informed by ebiederman's 6c621b7e)
+Cc: Eric W. Biederman <ebiederm@xmission.com>
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/audit.c | 4 ++--
+ kernel/auditsc.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -1829,10 +1829,10 @@ void audit_log_task_info(struct audit_bu
+ spin_unlock_irq(&tsk->sighand->siglock);
+
+ audit_log_format(ab,
+- " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
++ " ppid=%d pid=%d auid=%u uid=%u gid=%u"
+ " euid=%u suid=%u fsuid=%u"
+ " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
+- sys_getppid(),
++ task_ppid_nr(tsk),
+ tsk->pid,
+ from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
+ from_kuid(&init_user_ns, cred->uid),
+--- a/kernel/auditsc.c
++++ b/kernel/auditsc.c
+@@ -459,7 +459,7 @@ static int audit_filter_rules(struct tas
+ case AUDIT_PPID:
+ if (ctx) {
+ if (!ctx->ppid)
+- ctx->ppid = sys_getppid();
++ ctx->ppid = task_ppid_nr(tsk);
+ result = audit_comparator(ctx->ppid, f->op, f->val);
+ }
+ break;
--- /dev/null
+From ad36d28293936b03d6b7996e9d6aadfd73c0eb08 Mon Sep 17 00:00:00 2001
+From: Richard Guy Briggs <rgb@redhat.com>
+Date: Thu, 15 Aug 2013 18:05:12 -0400
+Subject: pid: get pid_t ppid of task in init_pid_ns
+
+From: Richard Guy Briggs <rgb@redhat.com>
+
+commit ad36d28293936b03d6b7996e9d6aadfd73c0eb08 upstream.
+
+Added the functions task_ppid_nr_ns() and task_ppid_nr() to abstract the lookup
+of the PPID (real_parent's pid_t) of a process, including rcu locking, in the
+arbitrary and init_pid_ns.
+This provides an alternative to sys_getppid(), which is relative to the child
+process' pid namespace.
+
+(informed by ebiederman's 6c621b7e)
+Cc: Eric W. Biederman <ebiederm@xmission.com>
+Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/sched.h | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -1688,6 +1688,24 @@ static inline pid_t task_tgid_vnr(struct
+ }
+
+
++static int pid_alive(const struct task_struct *p);
++static inline pid_t task_ppid_nr_ns(const struct task_struct *tsk, struct pid_namespace *ns)
++{
++ pid_t pid = 0;
++
++ rcu_read_lock();
++ if (pid_alive(tsk))
++ pid = task_tgid_nr_ns(rcu_dereference(tsk->real_parent), ns);
++ rcu_read_unlock();
++
++ return pid;
++}
++
++static inline pid_t task_ppid_nr(const struct task_struct *tsk)
++{
++ return task_ppid_nr_ns(tsk, &init_pid_ns);
++}
++
+ static inline pid_t task_pgrp_nr_ns(struct task_struct *tsk,
+ struct pid_namespace *ns)
+ {
+@@ -1727,7 +1745,7 @@ static inline pid_t task_pgrp_nr(struct
+ *
+ * Return: 1 if the process is alive. 0 otherwise.
+ */
+-static inline int pid_alive(struct task_struct *p)
++static inline int pid_alive(const struct task_struct *p)
+ {
+ return p->pids[PIDTYPE_PID].pid != NULL;
+ }
scsi-megaraid-missing-bounds-check-in-mimd_to_kioc.patch
kvm-x86-remove-warn_on-from-get_kernel_ns.patch
tools-lib-traceevent-fix-memory-leak-in-pretty_print.patch
+pid-get-pid_t-ppid-of-task-in-init_pid_ns.patch
+audit-convert-ppids-to-the-inital-pid-namespace.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
