[PATCH] x86: Fix dmi detection of MacBookPro and iMac

[cascardo/linux.git] / kernel / auditsc.c

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b939ed2..efc1b74 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -85,6 +85,9 @@ extern int audit_enabled;
 /* Indicates that audit should log the full pathname. */
 #define AUDIT_NAME_FULL -1
 
+/* number of audit rules */
+int audit_n_rules;
+
 /* When fs/namei.c:getname() is called, we store the pointer in name and
  * we don't let putname() free it (instead we free all of the saved
  * pointers at syscall exit time).
@@ -174,6 +177,7 @@ struct audit_aux_data_path {
 
 /* The per-task audit context. */
 struct audit_context {
+       int                 dummy;      /* must be the first element */
        int                 in_syscall; /* 1 if task is in a syscall */
        enum audit_state    state;
        unsigned int        serial;     /* serial number for record */
@@ -514,7 +518,7 @@ static inline struct audit_context *audit_get_context(struct task_struct *tsk,
        context->return_valid = return_valid;
        context->return_code  = return_code;
 
-       if (context->in_syscall && !context->auditable) {
+       if (context->in_syscall && !context->dummy && !context->auditable) {
                enum audit_state state;
 
                state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_EXIT]);
@@ -530,17 +534,7 @@ static inline struct audit_context *audit_get_context(struct task_struct *tsk,
        }
 
 get_context:
-       context->pid = tsk->pid;
-       context->ppid = sys_getppid();  /* sic.  tsk == current in all cases */
-       context->uid = tsk->uid;
-       context->gid = tsk->gid;
-       context->euid = tsk->euid;
-       context->suid = tsk->suid;
-       context->fsuid = tsk->fsuid;
-       context->egid = tsk->egid;
-       context->sgid = tsk->sgid;
-       context->fsgid = tsk->fsgid;
-       context->personality = tsk->personality;
+
        tsk->audit_context = NULL;
        return context;
 }
@@ -749,6 +743,17 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
        const char *tty;
 
        /* tsk == current */
+       context->pid = tsk->pid;
+       context->ppid = sys_getppid();  /* sic.  tsk == current in all cases */
+       context->uid = tsk->uid;
+       context->gid = tsk->gid;
+       context->euid = tsk->euid;
+       context->suid = tsk->suid;
+       context->fsuid = tsk->fsuid;
+       context->egid = tsk->egid;
+       context->sgid = tsk->sgid;
+       context->fsgid = tsk->fsgid;
+       context->personality = tsk->personality;
 
        ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
        if (!ab)
@@ -1066,7 +1071,8 @@ void audit_syscall_entry(int arch, int major,
        context->argv[3]    = a4;
 
        state = context->state;
-       if (state == AUDIT_SETUP_CONTEXT || state == AUDIT_BUILD_CONTEXT)
+       context->dummy = !audit_n_rules;
+       if (!context->dummy && (state == AUDIT_SETUP_CONTEXT || state == AUDIT_BUILD_CONTEXT))
                state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_ENTRY]);
        if (likely(state == AUDIT_DISABLED))
                return;
@@ -1251,7 +1257,7 @@ void __audit_inode(const char *name, const struct inode *inode)
  * audit_inode_child - collect inode info for created/removed objects
  * @dname: inode's dentry name
  * @inode: inode being audited
- * @pino: inode number of dentry parent
+ * @parent: inode of dentry parent
  *
  * For syscalls that create or remove filesystem objects, audit_inode
  * can only collect information for the filesystem object's parent.
@@ -1262,7 +1268,7 @@ void __audit_inode(const char *name, const struct inode *inode)
  * unsuccessful attempts.
  */
 void __audit_inode_child(const char *dname, const struct inode *inode,
-                        unsigned long pino)
+                        const struct inode *parent)
 {
        int idx;
        struct audit_context *context = current->audit_context;
@@ -1276,7 +1282,7 @@ void __audit_inode_child(const char *dname, const struct inode *inode,
        if (!dname)
                goto update_context;
        for (idx = 0; idx < context->name_count; idx++)
-               if (context->names[idx].ino == pino) {
+               if (context->names[idx].ino == parent->i_ino) {
                        const char *name = context->names[idx].name;
 
                        if (!name)
@@ -1304,6 +1310,16 @@ update_context:
                context->names[idx].ino = (unsigned long)-1;
        else
                audit_copy_inode(&context->names[idx], inode);
+
+       /* A parent was not found in audit_names, so copy the inode data for the
+        * provided parent. */
+       if (!found_name) {
+               idx = context->name_count++;
+#if AUDIT_DEBUG
+               context->ino_count++;
+#endif
+               audit_copy_inode(&context->names[idx], parent);
+       }
 }
 
 /**
@@ -1661,7 +1677,7 @@ int audit_bprm(struct linux_binprm *bprm)
        unsigned long p, next;
        void *to;
 
-       if (likely(!audit_enabled || !context))
+       if (likely(!audit_enabled || !context || context->dummy))
                return 0;
 
        ax = kmalloc(sizeof(*ax) + PAGE_SIZE * MAX_ARG_PAGES - bprm->p,
@@ -1699,7 +1715,7 @@ int audit_socketcall(int nargs, unsigned long *args)
        struct audit_aux_data_socketcall *ax;
        struct audit_context *context = current->audit_context;
 
-       if (likely(!context))
+       if (likely(!context || context->dummy))
                return 0;
 
        ax = kmalloc(sizeof(*ax) + nargs * sizeof(unsigned long), GFP_KERNEL);
@@ -1727,7 +1743,7 @@ int audit_sockaddr(int len, void *a)
        struct audit_aux_data_sockaddr *ax;
        struct audit_context *context = current->audit_context;
 
-       if (likely(!context))
+       if (likely(!context || context->dummy))
                return 0;
 
        ax = kmalloc(sizeof(*ax) + len, GFP_KERNEL);