Set an arbitrary limit on the number of audit container identifiers to limit abuse. Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx> --- kernel/audit.c | 8 ++++++++ kernel/audit.h | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index 53d13d638c63..329916534dd2 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -139,6 +139,7 @@ struct audit_net { struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS]; /* Hash for contid-based rules */ struct list_head audit_contid_hash[AUDIT_CONTID_BUCKETS]; +int audit_contid_count = 0; static struct kmem_cache *audit_buffer_cache; @@ -2384,6 +2385,7 @@ void audit_cont_put(struct audit_cont *cont) put_task_struct(cont->owner); list_del_rcu(&cont->list); kfree_rcu(cont, rcu); + audit_contid_count--; } } @@ -2456,6 +2458,11 @@ int audit_set_contid(struct task_struct *task, u64 contid) goto conterror; } } + /* Set max contids */ + if (audit_contid_count > AUDIT_CONTID_COUNT) { + rc = -ENOSPC; + goto conterror; + } if (!newcont) { newcont = kmalloc(sizeof(struct audit_cont), GFP_ATOMIC); if (newcont) { @@ -2465,6 +2472,7 @@ int audit_set_contid(struct task_struct *task, u64 contid) newcont->owner = current; refcount_set(&newcont->refcount, 1); list_add_rcu(&newcont->list, &audit_contid_hash[h]); + audit_contid_count++; } else { rc = -ENOMEM; goto conterror; diff --git a/kernel/audit.h b/kernel/audit.h index 162de8366b32..543f1334ba47 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -219,6 +219,10 @@ static inline int audit_hash_contid(u64 contid) return (contid & (AUDIT_CONTID_BUCKETS-1)); } +extern int audit_contid_count; + +#define AUDIT_CONTID_COUNT 1 << 16 + /* Indicates that audit should log the full pathname. */ #define AUDIT_NAME_FULL -1 -- 1.8.3.1