path: root/kernel/auditsc.c
diff options
authorLinus Torvalds <>2015-07-08 09:33:38 -0700
committerLinus Torvalds <>2015-07-08 09:33:38 -0700
commit45820c294fe1b1a9df495d57f40585ef2d069a39 (patch)
tree2d0571307e1124aa5b76d27767f547e3c4d11578 /kernel/auditsc.c
parentd6ac4ffc61ace6ed6f183e9fd7f207c0ddafb897 (diff)
Fix broken audit tests for exec arg len
The "fix" in commit 0b08c5e5944 ("audit: Fix check of return value of strnlen_user()") didn't fix anything, it broke things. As reported by Steven Rostedt: "Yes, strnlen_user() returns 0 on fault, but if you look at what len is set to, than you would notice that on fault len would be -1" because we just subtracted one from the return value. So testing against 0 doesn't test for a fault condition, it tests against a perfectly valid empty string. Also fix up the usual braindamage wrt using WARN_ON() inside a conditional - make it part of the conditional and remove the explicit unlikely() (which is already part of the WARN_ON*() logic, exactly so that you don't have to write unreadable code. Reported-and-tested-by: Steven Rostedt <> Cc: Jan Kara <> Cc: Paul Moore <> Signed-off-by: Linus Torvalds <>
Diffstat (limited to 'kernel/auditsc.c')
1 files changed, 1 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 09c65640cad6..e85bdfd15fed 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1021,8 +1021,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
* for strings that are too long, we should not have created
* any.
- if (unlikely((len == 0) || len > MAX_ARG_STRLEN - 1)) {
- WARN_ON(1);
+ if (WARN_ON_ONCE(len < 0 || len > MAX_ARG_STRLEN - 1)) {
send_sig(SIGKILL, current, 0);
return -1;