Received: by 10.192.165.156 with SMTP id m28csp222330imm; Tue, 17 Apr 2018 09:04:16 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/uTCmIJw1h3swWstu3qcoC6v7+9N8jRnf0UacGtip3vTmYBTjBucf/rQ6MF+Xp352fzWye X-Received: by 10.99.103.67 with SMTP id b64mr2313948pgc.14.1523981056776; Tue, 17 Apr 2018 09:04:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523981056; cv=none; d=google.com; s=arc-20160816; b=q+UfK0ca/rJif0ZYt0mrKchf7BTEBtPogHNF6hX0xHJqNWtahdwd8ZWZWf140vZ1yN fg81w8pOs5E5Ws2nezv/P+2fvDR7NmpSZsluDIBcBpPzSZmO2BEOmdpxxSRtBH+0e4mi 4lDF8UT9uSoDrPVBuYvjpK6K2lfmKdxrVx8SG1m1j6MAXTCK+S6uB84xVFi5lm+oDtrB m8TET2AQ44wR5nukNhKTOaLhpzHGb7nN6+iYmrSV7f36sBsGfrJrCQLqNaoI/6lksW5J E37kJgmt4Z8+HwDbuYJeWsPsLbdFLvfWaqmJfxZGEYpU3kfNtyWD5kaKXDLoiXqVrwhX X5mA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Q77oqTzpPCtLWuzPi/qPbibkCXy4KOTvHtyEMIxUmr8=; b=bZxyLttR6EaY6bQ+HXNWSR7KkFU/q8xMoGfXP2WliupkDb7hLeA0ZAfdbN35wxMlqg yAaZjxx2g8hBLj2yCOh4Dqf4BFDoDEj2+2QTi/jGEP/W+kEvH/rICFhNt0OxNDnPT2mM 1mzywBYh5vCDUDbazV/QgIYl5oL1ubxkFpkEZd4e0FVRfDWsBDvK6Ny1xJU0i4ig+yMy EkjRXtUD7WuW5jia3QOwMKTsUfE/wEVQGsmU8wJ/1Qqng8ZUluqweuhBUS4YzIvs8eQ/ RsT5HZ9f9SC9ZSCwCs35sWYT+ymtMlhiUvkKa7SysgXoF4csxLufrYmYmsJY4Cmy6zWr lcUg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r63-v6si2107196plb.366.2018.04.17.09.03.58; Tue, 17 Apr 2018 09:04:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754018AbeDQQCT (ORCPT + 99 others); Tue, 17 Apr 2018 12:02:19 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:60732 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753166AbeDQQCP (ORCPT ); Tue, 17 Apr 2018 12:02:15 -0400 Received: from localhost (unknown [46.44.180.42]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id D5B64DF6; Tue, 17 Apr 2018 16:02:14 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, John Johansen Subject: [PATCH 4.16 56/68] apparmor: fix resource audit messages when auditing peer Date: Tue, 17 Apr 2018 17:58:09 +0200 Message-Id: <20180417155751.619661191@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180417155749.341779147@linuxfoundation.org> References: <20180417155749.341779147@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: John Johansen commit b5beb07ad32ab533027aa988d96a44965ec116f7 upstream. Resource auditing is using the peer field which is not available when the rlim data struct is used, because it is a different element of the same union. Accessing peer during resource auditing could cause garbage log entries or even oops the kernel. Move the rlim data block into the same struct as the peer field so they can be used together. CC: Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels") Signed-off-by: John Johansen Signed-off-by: Greg Kroah-Hartman --- security/apparmor/include/audit.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -126,6 +126,10 @@ struct apparmor_audit_data { const char *target; kuid_t ouid; } fs; + struct { + int rlim; + unsigned long max; + } rlim; int signal; }; }; @@ -135,10 +139,6 @@ struct apparmor_audit_data { long pos; } iface; struct { - int rlim; - unsigned long max; - } rlim; - struct { const char *src_name; const char *type; const char *trans;