]> git.baikalelectronics.ru Git - kernel.git/commitdiff
audit: don't deref the syscall args when checking the openat2 open_how::flags
authorPaul Moore <paul@paul-moore.com>
Wed, 9 Feb 2022 19:49:38 +0000 (14:49 -0500)
committerPaul Moore <paul@paul-moore.com>
Wed, 9 Feb 2022 21:04:26 +0000 (16:04 -0500)
As reported by Jeff, dereferencing the openat2 syscall argument in
audit_match_perm() to obtain the open_how::flags can result in an
oops/page-fault.  This patch fixes this by using the open_how struct
that we store in the audit_context with audit_openat2_how().

Independent of this patch, Richard Guy Briggs posted a similar patch
to the audit mailing list roughly 40 minutes after this patch was
posted.

Cc: stable@vger.kernel.org
Fixes: e1818c914d97 ("audit: add support for the openat2 syscall")
Reported-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
kernel/auditsc.c

index fce5d43a933f0000df654edd3a6d95481dd319e8..a83928cbdcb7cd2e52d3bf40db5e794db39499a7 100644 (file)
@@ -185,7 +185,7 @@ static int audit_match_perm(struct audit_context *ctx, int mask)
        case AUDITSC_EXECVE:
                return mask & AUDIT_PERM_EXEC;
        case AUDITSC_OPENAT2:
-               return mask & ACC_MODE((u32)((struct open_how *)ctx->argv[2])->flags);
+               return mask & ACC_MODE((u32)ctx->openat2.flags);
        default:
                return 0;
        }