android_kernel_samsung_a7y1.../kernel
Paul Moore 2b2be5dc79 audit: fix error handling in audit_data_to_entry()
commit 2ad3e17ebf94b7b7f3f64c050ff168f9915345eb upstream.

Commit 219ca39427bf ("audit: use union for audit_field values since
they are mutually exclusive") combined a number of separate fields in
the audit_field struct into a single union.  Generally this worked
just fine because they are generally mutually exclusive.
Unfortunately in audit_data_to_entry() the overlap can be a problem
when a specific error case is triggered that causes the error path
code to attempt to cleanup an audit_field struct and the cleanup
involves attempting to free a stored LSM string (the lsm_str field).
Currently the code always has a non-NULL value in the
audit_field.lsm_str field as the top of the for-loop transfers a
value into audit_field.val (both .lsm_str and .val are part of the
same union); if audit_data_to_entry() fails and the audit_field
struct is specified to contain a LSM string, but the
audit_field.lsm_str has not yet been properly set, the error handling
code will attempt to free the bogus audit_field.lsm_str value that
was set with audit_field.val at the top of the for-loop.

This patch corrects this by ensuring that the audit_field.val is only
set when needed (it is cleared when the audit_field struct is
allocated with kcalloc()).  It also corrects a few other issues to
ensure that in case of error the proper error code is returned.

Cc: stable@vger.kernel.org
Fixes: 219ca39427bf ("audit: use union for audit_field values since they are mutually exclusive")
Reported-by: syzbot+1f4d90ead370d72e450b@syzkaller.appspotmail.com
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-07 14:04:43 +02:00
..
bpf bpf: silence warning messages in core 2020-04-06 19:54:55 +02:00
configs A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
debug kdb: do a sanity check on the cpu in kdb_per_cpu() 2020-04-07 13:41:56 +02:00
events perf/core: Fix mlock accounting in perf_mmap() 2020-04-07 13:51:39 +02:00
gcov A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
irq genirq: Prevent NULL pointer dereference in resend_irqs() 2020-04-06 21:35:35 +02:00
livepatch A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
locking locking/spinlock/debug: Fix various data races 2020-04-07 13:28:27 +02:00
power PM / Hibernate: Call flush_icache_range() on pages restored in-place 2020-04-06 12:52:20 +02:00
printk printk: fix integer overflow in setup_log_buf() 2020-04-07 12:34:15 +02:00
rcu rcutorture: Fix cleanup path for invalid torture_type strings 2020-04-06 18:20:15 +02:00
sched sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision 2020-04-07 12:45:36 +02:00
time clocksource: Prevent double add_timer_on() for watchdog_timer 2020-04-07 13:51:37 +02:00
trace trigger_next should increase position index 2020-04-07 13:57:16 +02:00
acct.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
async.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
audit_fsnotify.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
audit_tree.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
audit_watch.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
audit.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
audit.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
auditfilter.c audit: fix error handling in audit_data_to_entry() 2020-04-07 14:04:43 +02:00
auditsc.c audit: print empty EXECVE args 2020-04-07 12:36:13 +02:00
backtracetest.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bounds.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
capability.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cgroup_freezer.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cgroup_pids.c cgroup: pids: use atomic64_t for pids->limit 2020-04-07 13:07:11 +02:00
cgroup.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
compat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
configs.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
context_tracking.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cpu_pm.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cpu.c cpu/speculation: Warn on unsupported mitigations= parameter 2020-04-06 19:17:21 +02:00
cpuset.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
crash_dump.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cred.c access: avoid the RCU grace period for the temporary subjective credentials 2020-04-06 20:24:58 +02:00
delayacct.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
dma.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
elfcore.c kernel/elfcore.c: include proper prototypes 2020-04-07 08:08:10 +02:00
exec_domain.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
exit.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
extable.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
fork.c kernel/sysctl.c: do not override max_threads provided by userspace 2020-04-07 08:09:55 +02:00
freezer.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
futex_compat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
futex.c futex: Fix futex lock the wrong page 2020-04-06 19:02:46 +02:00
groups.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hung_task.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
irq_work.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
jump_label.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kallsyms.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kaslr.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kcmp.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Kconfig.freezer A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Kconfig.hz A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Kconfig.locks A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Kconfig.preempt A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kcov.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kexec_core.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kexec_file.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kexec_internal.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kexec.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kmod.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kprobes.c kprobes: Don't call BUG_ON() if there is a kprobe in use on free list 2020-04-07 12:27:35 +02:00
ksysfs.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
kthread.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
latencytop.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Makefile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
membarrier.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
memremap.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
module_signing.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
module-internal.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
module.c kernel/module.c: wakeup processes in module_wq on module unload 2020-04-07 13:08:13 +02:00
notifier.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
nsproxy.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
padata.c padata: Remove broken queue flushing 2020-04-07 13:55:17 +02:00
panic.c panic: ensure preemption is disabled during panic() 2020-04-07 08:08:25 +02:00
params.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pid_namespace.c signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig 2020-04-06 19:54:23 +02:00
pid.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
profile.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ptrace.c ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME 2020-04-06 19:20:56 +02:00
range.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
reboot.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
relay.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
resource.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
seccomp.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
signal.c signal: Allow cifs and drbd to receive their terminating signals 2020-04-07 13:42:54 +02:00
smp.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
smpboot.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
smpboot.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
softirq.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
stacktrace.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
stop_machine.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sys_ni.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sys.c kernel/sys.c: prctl: fix false positive in validate_prctl_map() 2020-04-06 19:01:43 +02:00
sysctl_binary.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sysctl.c kernel: sysctl: make drop_caches write-only 2020-04-07 13:23:45 +02:00
task_work.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
taskstats.c taskstats: fix data-race 2020-04-07 13:24:32 +02:00
test_kprobes.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
torture.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tracepoint.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tsacct.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
uid16.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
up.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
user_namespace.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
user-return-notifier.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
user.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
utsname_sysctl.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
utsname.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
watchdog.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
workqueue_internal.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
workqueue.c workqueue: Fix missing kfree(rescuer) in destroy_workqueue() 2020-04-07 13:08:09 +02:00