Hi Linus, We've got a reasonably broad set of audit patches for the v5.2 merge window, the highlights are below:
- The biggest change, and the source of all the arch/* changes, is the patchset from Dmitry to help enable some of the work he is doing around PTRACE_GET_SYSCALL_INFO. To be honest, including this in the audit tree is a bit of a stretch, but it does help move audit a little further along towards proper syscall auditing for all arches, and everyone else seemed to agree that audit was a "good" spot for this to land (or maybe they just didn't want to merge it? dunno.). - We can now audit time/NTP adjustments. - We continue the work to connect associated audit records into a single event. As a FYI, you will likely run into two minor merge problems in kernel/seccomp.c and arch/mips/kernel/ptrace.c; both are very similar and have to do with the change to syscall_get_arch() and syscall_get_arguments(). It should be easy to sort this out (you'll see what I mean), but if you have any questions just let us know. Please pull this for v5.2, -Paul -- The following changes since commit 9e98c678c2d6ae3a17cb2de55d17f69dddaa231b: Linux 5.1-rc1 (2019-03-17 14:22:26 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git tags/audit-pr-20190507 for you to fetch changes up to 70c4cf17e445264453bc5323db3e50aa0ac9e81f: audit: fix a memory leak bug (2019-04-22 11:22:03 -0400) ---------------------------------------------------------------- audit/stable-5.2 PR 20190507 ---------------------------------------------------------------- Dmitry V. Levin (13): Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h arc: define syscall_get_arch() c6x: define syscall_get_arch() h8300: define syscall_get_arch() Move EM_HEXAGON to uapi/linux/elf-em.h hexagon: define syscall_get_arch() m68k: define syscall_get_arch() Move EM_NDS32 to uapi/linux/elf-em.h nds32: define syscall_get_arch() nios2: define syscall_get_arch() Move EM_UNICORE to uapi/linux/elf-em.h unicore32: define syscall_get_arch() syscall_get_arch: add "struct task_struct *" argument Li RongQing (1): audit: fix a memleak caused by auditing load module Ondrej Mosnacek (2): timekeeping: Audit clock adjustments ntp: Audit NTP parameters adjustment Richard Guy Briggs (3): audit: connect LOGIN record to its syscall record audit: link integrity evm_write_xattrs record to syscall event audit: purge unnecessary list_empty calls Wenwen Wang (1): audit: fix a memory leak bug YueHaibing (1): audit: Make audit_log_cap and audit_copy_inode static arch/alpha/include/asm/syscall.h | 2 +- arch/arc/include/asm/elf.h | 6 +- arch/arc/include/asm/syscall.h | 11 ++++ arch/arm/include/asm/syscall.h | 2 +- arch/arm64/include/asm/syscall.h | 4 +- arch/c6x/include/asm/syscall.h | 7 +++ arch/csky/include/asm/syscall.h | 2 +- arch/h8300/include/asm/syscall.h | 6 ++ arch/hexagon/include/asm/elf.h | 6 +- arch/hexagon/include/asm/syscall.h | 8 +++ arch/ia64/include/asm/syscall.h | 2 +- arch/m68k/include/asm/syscall.h | 12 ++++ arch/microblaze/include/asm/syscall.h | 2 +- arch/mips/include/asm/syscall.h | 6 +- arch/mips/kernel/ptrace.c | 2 +- arch/nds32/include/asm/elf.h | 3 +- arch/nds32/include/asm/syscall.h | 9 +++ arch/nios2/include/asm/syscall.h | 6 ++ arch/openrisc/include/asm/syscall.h | 2 +- arch/parisc/include/asm/syscall.h | 4 +- arch/powerpc/include/asm/syscall.h | 10 ++- arch/riscv/include/asm/syscall.h | 2 +- arch/s390/include/asm/syscall.h | 4 +- arch/sh/include/asm/syscall_32.h | 2 +- arch/sh/include/asm/syscall_64.h | 2 +- arch/sparc/include/asm/syscall.h | 5 +- arch/unicore32/include/asm/elf.h | 3 +- arch/unicore32/include/asm/syscall.h | 12 ++++ arch/x86/include/asm/syscall.h | 8 ++- arch/x86/um/asm/syscall.h | 2 +- arch/xtensa/include/asm/syscall.h | 2 +- include/asm-generic/syscall.h | 5 +- include/linux/audit.h | 75 +++++++++++++++++++++++ include/uapi/linux/audit.h | 14 +++++ include/uapi/linux/elf-em.h | 6 ++ kernel/audit.c | 2 +- kernel/auditfilter.c | 14 ++--- kernel/auditsc.c | 115 +++++++++++++++++++++------------ kernel/seccomp.c | 4 +- kernel/time/ntp.c | 22 ++++++- kernel/time/ntp_internal.h | 4 +- kernel/time/timekeeping.c | 13 +++- security/integrity/evm/evm_secfs.c | 10 +-- 43 files changed, 331 insertions(+), 107 deletions(-) create mode 100644 arch/m68k/include/asm/syscall.h create mode 100644 arch/unicore32/include/asm/syscall.h -- paul moore www.paul-moore.com