[GIT PULL] Audit patches for v4.12

Paul Moore paul at paul-moore.com
Wed May 3 14:17:54 UTC 2017 

Hi Linus,

Fourteen audit patches for v4.12 that span the full range of fixes,
new features, and internal cleanups.  We have a patches to move to
64-bit timestamps, convert refcounts from atomic_t to refcount_t,
track PIDs using the pid struct instead of pid_t, convert our own
private audit buffer cache to a standard kmem_cache, log kernel module
names when they are unloaded, and normalize the NETFILTER_PKT to make
the userspace folks happier.  From a fixes perspective, the most
important is likely the auditd connection tracking RCU fix; it was a
rather brain dead bug that I'll take the blame for, but thankfully it
didn't seem to affect many people (only one report).  I think the
patch subject lines and commit descriptions do a pretty good job of
explaining the details and why the changes are important so I'll point
you there instead of duplicating it here; as usual, if you have any
questions you know where to find us.

We also manage to take out more code than we put in this time, that
always makes me happy :)

Please merge for v4.12.

-Paul

---
The following changes since commit a351e9b9fc24e982ec2f0e76379a49826036da12:

 Linux 4.11 (2017-04-30 19:47:48 -0700)

are available in the git repository at:

 git://git.infradead.org/users/pcmoore/audit stable-4.12

for you to fetch changes up to 48d0e023af9799cd7220335baf8e3ba61eeafbeb:

 audit: fix the RCU locking for the auditd_connection structure
        (2017-05-02 10:16:05 -0400)

----------------------------------------------------------------
Deepa Dinamani (1):
     audit: Use timespec64 to represent audit timestamps

Elena Reshetova (2):
     audit: convert audit_tree.count from atomic_t to refcount_t
     audit: convert audit_watch.count from atomic_t to refcount_t

Nicholas Mc Guire (3):
     audit: remove unnecessary semicolon in audit_field_valid()
     audit: remove unnecessary semicolon in audit_mark_handle_event()
     audit: remove unnecessary semicolon in audit_watch_handle_event()

Paul Moore (5):
     audit: combine audit_receive() and audit_receive_skb()
     audit: kernel generated netlink traffic should have a portid of 0
     audit: store the auditd PID as a pid struct instead of pid_t
     audit: use kmem_cache to manage the audit_buffer cache
     audit: fix the RCU locking for the auditd_connection structure

Richard Guy Briggs (3):
     audit: log module name on delete_module
     netfilter: use consistent ipv4 network offset in xt_AUDIT
     audit: normalize NETFILTER_PKT

include/linux/audit.h    |   7 +-
kernel/audit.c           | 319 +++++++++++++++++++++++--------------------
kernel/audit.h           |   7 +-
kernel/audit_fsnotify.c  |   2 +-
kernel/audit_tree.c      |   9 +-
kernel/audit_watch.c     |  11 +-
kernel/auditfilter.c     |  18 ++-
kernel/auditsc.c         |   6 +-
kernel/module.c          |   2 +
net/netfilter/xt_AUDIT.c | 126 +++++--------------
10 files changed, 232 insertions(+), 275 deletions(-)

-- 
paul moore
www.paul-moore.com

More information about the Linux-audit mailing list