[GIT PULL] Audit patches for v5.2

From: Paul Moore
Date: Tue May 07 2019 - 13:24:13 EST


Hi Linus,

We've got a reasonably broad set of audit patches for the v5.2 merge
window, the highlights are below:

- The biggest change, and the source of all the arch/* changes, is the
patchset from Dmitry to help enable some of the work he is doing
around PTRACE_GET_SYSCALL_INFO. To be honest, including this in the
audit tree is a bit of a stretch, but it does help move audit a little
further along towards proper syscall auditing for all arches, and
everyone else seemed to agree that audit was a "good" spot for this to
land (or maybe they just didn't want to merge it? dunno.).

- We can now audit time/NTP adjustments.

- We continue the work to connect associated audit records into a single event.

As a FYI, you will likely run into two minor merge problems in
kernel/seccomp.c and arch/mips/kernel/ptrace.c; both are very similar
and have to do with the change to syscall_get_arch() and
syscall_get_arguments(). It should be easy to sort this out (you'll
see what I mean), but if you have any questions just let us know.

Please pull this for v5.2,
-Paul

--
The following changes since commit 9e98c678c2d6ae3a17cb2de55d17f69dddaa231b:

Linux 5.1-rc1 (2019-03-17 14:22:26 -0700)

are available in the Git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
tags/audit-pr-20190507

for you to fetch changes up to 70c4cf17e445264453bc5323db3e50aa0ac9e81f:

audit: fix a memory leak bug (2019-04-22 11:22:03 -0400)

----------------------------------------------------------------
audit/stable-5.2 PR 20190507

----------------------------------------------------------------
Dmitry V. Levin (13):
Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h
arc: define syscall_get_arch()
c6x: define syscall_get_arch()
h8300: define syscall_get_arch()
Move EM_HEXAGON to uapi/linux/elf-em.h
hexagon: define syscall_get_arch()
m68k: define syscall_get_arch()
Move EM_NDS32 to uapi/linux/elf-em.h
nds32: define syscall_get_arch()
nios2: define syscall_get_arch()
Move EM_UNICORE to uapi/linux/elf-em.h
unicore32: define syscall_get_arch()
syscall_get_arch: add "struct task_struct *" argument

Li RongQing (1):
audit: fix a memleak caused by auditing load module

Ondrej Mosnacek (2):
timekeeping: Audit clock adjustments
ntp: Audit NTP parameters adjustment

Richard Guy Briggs (3):
audit: connect LOGIN record to its syscall record
audit: link integrity evm_write_xattrs record to syscall event
audit: purge unnecessary list_empty calls

Wenwen Wang (1):
audit: fix a memory leak bug

YueHaibing (1):
audit: Make audit_log_cap and audit_copy_inode static

arch/alpha/include/asm/syscall.h | 2 +-
arch/arc/include/asm/elf.h | 6 +-
arch/arc/include/asm/syscall.h | 11 ++++
arch/arm/include/asm/syscall.h | 2 +-
arch/arm64/include/asm/syscall.h | 4 +-
arch/c6x/include/asm/syscall.h | 7 +++
arch/csky/include/asm/syscall.h | 2 +-
arch/h8300/include/asm/syscall.h | 6 ++
arch/hexagon/include/asm/elf.h | 6 +-
arch/hexagon/include/asm/syscall.h | 8 +++
arch/ia64/include/asm/syscall.h | 2 +-
arch/m68k/include/asm/syscall.h | 12 ++++
arch/microblaze/include/asm/syscall.h | 2 +-
arch/mips/include/asm/syscall.h | 6 +-
arch/mips/kernel/ptrace.c | 2 +-
arch/nds32/include/asm/elf.h | 3 +-
arch/nds32/include/asm/syscall.h | 9 +++
arch/nios2/include/asm/syscall.h | 6 ++
arch/openrisc/include/asm/syscall.h | 2 +-
arch/parisc/include/asm/syscall.h | 4 +-
arch/powerpc/include/asm/syscall.h | 10 ++-
arch/riscv/include/asm/syscall.h | 2 +-
arch/s390/include/asm/syscall.h | 4 +-
arch/sh/include/asm/syscall_32.h | 2 +-
arch/sh/include/asm/syscall_64.h | 2 +-
arch/sparc/include/asm/syscall.h | 5 +-
arch/unicore32/include/asm/elf.h | 3 +-
arch/unicore32/include/asm/syscall.h | 12 ++++
arch/x86/include/asm/syscall.h | 8 ++-
arch/x86/um/asm/syscall.h | 2 +-
arch/xtensa/include/asm/syscall.h | 2 +-
include/asm-generic/syscall.h | 5 +-
include/linux/audit.h | 75 +++++++++++++++++++++++
include/uapi/linux/audit.h | 14 +++++
include/uapi/linux/elf-em.h | 6 ++
kernel/audit.c | 2 +-
kernel/auditfilter.c | 14 ++---
kernel/auditsc.c | 115 +++++++++++++++++++++------------
kernel/seccomp.c | 4 +-
kernel/time/ntp.c | 22 ++++++-
kernel/time/ntp_internal.h | 4 +-
kernel/time/timekeeping.c | 13 +++-
security/integrity/evm/evm_secfs.c | 10 +--
43 files changed, 331 insertions(+), 107 deletions(-)
create mode 100644 arch/m68k/include/asm/syscall.h
create mode 100644 arch/unicore32/include/asm/syscall.h

--
paul moore
www.paul-moore.com