bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 14:53:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

audit: widen ino fields to u64

Browse Source 
inode->i_ino is being widened from unsigned long to u64. The audit
subsystem uses unsigned long ino in struct fields, function parameters,
and local variables that store inode numbers from arbitrary filesystems.
On 32-bit platforms this truncates inode numbers that exceed 32 bits,
which will cause incorrect audit log entries and broken watch/mark
comparisons.

Widen all audit ino fields, parameters, and locals to u64, and update
the inode format string from %lu to %llu to match.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
Link: https://patch.msgid.link/20260304-iino-u64-v3-2-2257ad83d372@kernel.org
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
This commit is contained in:
Jeff Layton
2026-03-04 10:32:32 -05:00
committed by Christian Brauner
parent 96fefcabf3
commit 125dfa2181
5 changed files with 17 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/audit.h
View File

@@ -15,7 +15,7 @@
#include <uapi/linux/audit.h> #include <uapi/linux/audit.h>
#include <uapi/linux/fanotify.h> #include <uapi/linux/fanotify.h>
#define AUDIT_INO_UNSET ((unsigned long)-1) #define AUDIT_INO_UNSET ((u64)-1)
#define AUDIT_DEV_UNSET ((dev_t)-1) #define AUDIT_DEV_UNSET ((dev_t)-1)
struct audit_sig_info { struct audit_sig_info {

13
kernel/audit.h
View File

@@ -76,7 +76,7 @@ struct audit_names {
int name_len; /* number of chars to log */ int name_len; /* number of chars to log */
bool hidden; /* don't log this record */ bool hidden; /* don't log this record */
unsigned long ino; u64 ino;
dev_t dev; dev_t dev;
umode_t mode; umode_t mode;
kuid_t uid; kuid_t uid;
@@ -225,9 +225,9 @@ extern int auditd_test_task(struct task_struct *task);
#define AUDIT_INODE_BUCKETS 32 #define AUDIT_INODE_BUCKETS 32
extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS]; extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
static inline int audit_hash_ino(u32 ino) static inline int audit_hash_ino(u64 ino)
{ {
return (ino & (AUDIT_INODE_BUCKETS-1)); return ((u32)ino & (AUDIT_INODE_BUCKETS-1));
} }
/* Indicates that audit should log the full pathname. */ /* Indicates that audit should log the full pathname. */
@@ -277,16 +277,15 @@ extern int audit_to_watch(struct audit_krule *krule, char *path, int len,
extern int audit_add_watch(struct audit_krule *krule, struct list_head **list); extern int audit_add_watch(struct audit_krule *krule, struct list_head **list);
extern void audit_remove_watch_rule(struct audit_krule *krule); extern void audit_remove_watch_rule(struct audit_krule *krule);
extern char *audit_watch_path(struct audit_watch *watch); extern char *audit_watch_path(struct audit_watch *watch);
extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino, extern int audit_watch_compare(struct audit_watch *watch, u64 ino, dev_t dev);
dev_t dev);
extern struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, extern struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule,
char *pathname, int len); char *pathname, int len);
extern char *audit_mark_path(struct audit_fsnotify_mark *mark); extern char *audit_mark_path(struct audit_fsnotify_mark *mark);
extern void audit_remove_mark(struct audit_fsnotify_mark *audit_mark); extern void audit_remove_mark(struct audit_fsnotify_mark *audit_mark);
extern void audit_remove_mark_rule(struct audit_krule *krule); extern void audit_remove_mark_rule(struct audit_krule *krule);
extern int audit_mark_compare(struct audit_fsnotify_mark *mark, extern int audit_mark_compare(struct audit_fsnotify_mark *mark, u64 ino,
unsigned long ino, dev_t dev); dev_t dev);
extern int audit_dupe_exe(struct audit_krule *new, struct audit_krule *old); extern int audit_dupe_exe(struct audit_krule *new, struct audit_krule *old);
extern int audit_exe_compare(struct task_struct *tsk, extern int audit_exe_compare(struct task_struct *tsk,
struct audit_fsnotify_mark *mark); struct audit_fsnotify_mark *mark);

4
kernel/audit_fsnotify.c
View File

@@ -25,7 +25,7 @@
*/ */
struct audit_fsnotify_mark { struct audit_fsnotify_mark {
dev_t dev; /* associated superblock device */ dev_t dev; /* associated superblock device */
unsigned long ino; /* associated inode number */ u64 ino; /* associated inode number */
char *path; /* insertion path */ char *path; /* insertion path */
struct fsnotify_mark mark; /* fsnotify mark on the inode */ struct fsnotify_mark mark; /* fsnotify mark on the inode */
struct audit_krule *rule; struct audit_krule *rule;
@@ -57,7 +57,7 @@ char *audit_mark_path(struct audit_fsnotify_mark *mark)
return mark->path; return mark->path;
} }
int audit_mark_compare(struct audit_fsnotify_mark *mark, unsigned long ino, dev_t dev) int audit_mark_compare(struct audit_fsnotify_mark *mark, u64 ino, dev_t dev)
{ {
if (mark->ino == AUDIT_INO_UNSET) if (mark->ino == AUDIT_INO_UNSET)
return 0; return 0;

12
kernel/audit_watch.c
View File

@@ -37,7 +37,7 @@ struct audit_watch {
refcount_t count; /* reference count */ refcount_t count; /* reference count */
dev_t dev; /* associated superblock device */ dev_t dev; /* associated superblock device */
char *path; /* insertion path */ char *path; /* insertion path */
unsigned long ino; /* associated inode number */ u64 ino; /* associated inode number */
struct audit_parent *parent; /* associated parent */ struct audit_parent *parent; /* associated parent */
struct list_head wlist; /* entry in parent->watches list */ struct list_head wlist; /* entry in parent->watches list */
struct list_head rules; /* anchor for krule->rlist */ struct list_head rules; /* anchor for krule->rlist */
@@ -125,7 +125,7 @@ char *audit_watch_path(struct audit_watch *watch)
return watch->path; return watch->path;
} }
int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev) int audit_watch_compare(struct audit_watch *watch, u64 ino, dev_t dev)
{ {
return (watch->ino != AUDIT_INO_UNSET) && return (watch->ino != AUDIT_INO_UNSET) &&
(watch->ino == ino) && (watch->ino == ino) &&
@@ -244,7 +244,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc
/* Update inode info in audit rules based on filesystem event. */ /* Update inode info in audit rules based on filesystem event. */
static void audit_update_watch(struct audit_parent *parent, static void audit_update_watch(struct audit_parent *parent,
const struct qstr *dname, dev_t dev, const struct qstr *dname, dev_t dev,
unsigned long ino, unsigned invalidating) u64 ino, unsigned invalidating)
{ {
struct audit_watch *owatch, *nwatch, *nextw; struct audit_watch *owatch, *nwatch, *nextw;
struct audit_krule *r, *nextr; struct audit_krule *r, *nextr;
@@ -285,7 +285,7 @@ static void audit_update_watch(struct audit_parent *parent,
list_del(&oentry->rule.list); list_del(&oentry->rule.list);
audit_panic("error updating watch, removing"); audit_panic("error updating watch, removing");
} else { } else {
int h = audit_hash_ino((u32)ino); int h = audit_hash_ino(ino);
/* /*
* nentry->rule.watch == oentry->rule.watch so * nentry->rule.watch == oentry->rule.watch so
@@ -439,7 +439,7 @@ int audit_add_watch(struct audit_krule *krule, struct list_head **list)
audit_add_to_parent(krule, parent); audit_add_to_parent(krule, parent);
h = audit_hash_ino((u32)watch->ino); h = audit_hash_ino(watch->ino);
*list = &audit_inode_hash[h]; *list = &audit_inode_hash[h];
error: error:
path_put(&parent_path); path_put(&parent_path);
@@ -527,7 +527,7 @@ int audit_dupe_exe(struct audit_krule *new, struct audit_krule *old)
int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark *mark) int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark *mark)
{ {
struct file *exe_file; struct file *exe_file;
unsigned long ino; u64 ino;
dev_t dev; dev_t dev;
/* only do exe filtering if we are recording @current events/records */ /* only do exe filtering if we are recording @current events/records */

4
kernel/auditsc.c
View File

@@ -886,7 +886,7 @@ static int audit_filter_inode_name(struct task_struct *tsk,
struct audit_names *n, struct audit_names *n,
struct audit_context *ctx) struct audit_context *ctx)
{ {
int h = audit_hash_ino((u32)n->ino); int h = audit_hash_ino(n->ino);
struct list_head *list = &audit_inode_hash[h]; struct list_head *list = &audit_inode_hash[h];
return __audit_filter_op(tsk, ctx, list, n, ctx->major); return __audit_filter_op(tsk, ctx, list, n, ctx->major);
@@ -1534,7 +1534,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
audit_log_format(ab, " name=(null)"); audit_log_format(ab, " name=(null)");
if (n->ino != AUDIT_INO_UNSET) if (n->ino != AUDIT_INO_UNSET)
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#ho ouid=%u ogid=%u rdev=%02x:%02x", audit_log_format(ab, " inode=%llu dev=%02x:%02x mode=%#ho ouid=%u ogid=%u rdev=%02x:%02x",
n->ino, n->ino,
MAJOR(n->dev), MAJOR(n->dev),
MINOR(n->dev), MINOR(n->dev),