[PATCH 6.19 041/844] audit: add missing syscalls to read class

Next message: Sasha Levin: "[PATCH 6.19 044/844] i3c: mipi-i3c-hci: Stop reading Extended Capabilities if capability ID is 0"
Previous message: Sasha Levin: "[PATCH 6.19 048/844] dlm: validate length in dlm_search_rsb_tree"
In reply to: Sasha Levin: "[PATCH 6.19 048/844] dlm: validate length in dlm_search_rsb_tree"
Next in thread: Sasha Levin: "[PATCH 6.19 044/844] i3c: mipi-i3c-hci: Stop reading Extended Capabilities if capability ID is 0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sasha Levin

Date: Sat Feb 28 2026 - 12:46:13 EST

From: Jeffrey Bencteux <jeff@xxxxxxxxxxx>

[ Upstream commit bcb90a2834c7393c26df9609b889a3097b7700cd ]

The "at" variant of getxattr() and listxattr() are missing from the
audit read class. Calling getxattrat() or listxattrat() on a file to
read its extended attributes will bypass audit rules such as:

-w /tmp/test -p rwa -k test_rwa

The current patch adds missing syscalls to the audit read class.

Signed-off-by: Jeffrey Bencteux <jeff@xxxxxxxxxxx>
Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
include/asm-generic/audit_read.h | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/include/asm-generic/audit_read.h b/include/asm-generic/audit_read.h
index 7bb7b5a83ae2e..fb9991f53fb6f 100644
--- a/include/asm-generic/audit_read.h
+++ b/include/asm-generic/audit_read.h
@@ -4,9 +4,15 @@ __NR_readlink,
#endif
__NR_quotactl,
__NR_listxattr,
+#ifdef __NR_listxattrat
+__NR_listxattrat,
+#endif
__NR_llistxattr,
__NR_flistxattr,
__NR_getxattr,
+#ifdef __NR_getxattrat
+__NR_getxattrat,
+#endif
__NR_lgetxattr,
__NR_fgetxattr,
#ifdef __NR_readlinkat
--
2.51.0