Merge tag 'audit-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit updates from Paul Moore:

 - Improved handling of unknown status requests from userspace

   The current kernel code ignores unknown/unused request bits sent from
   userspace and returns an error code based on the results of the
   request(s) it does understand. The patch from Ricardo fixes this so
   that unknown requests return an -EINVAL to userspace, making
   compatibility a bit easier moving forward.

 - A number of small style and formatting cleanups

* tag 'audit-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: handle unknown status requests in audit_receive_msg()
  audit: fix coding style issues
  audit: remove redundant initialization of static variables to 0
  audit: fix whitespace alignment in include/uapi/linux/audit.h

Author: torvalds

include/linux/audit.h

@@ -15,6 +15,15 @@
 #include <uapi/linux/audit.h>
 #include <uapi/linux/fanotify.h>
 
+#define AUDIT_STATUS_ALL (AUDIT_STATUS_ENABLED | \
+			  AUDIT_STATUS_FAILURE | \
+			  AUDIT_STATUS_PID | \
+			  AUDIT_STATUS_RATE_LIMIT | \
+			  AUDIT_STATUS_BACKLOG_LIMIT | \
+			  AUDIT_STATUS_BACKLOG_WAIT_TIME | \
+			  AUDIT_STATUS_LOST | \
+			  AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL)
+
 #define AUDIT_INO_UNSET ((u64)-1)
 #define AUDIT_DEV_UNSET ((dev_t)-1)
 

include/uapi/linux/audit.h

@@ -350,7 +350,7 @@ enum {
 #define AUDIT_STATUS_ENABLED			0x0001
 #define AUDIT_STATUS_FAILURE			0x0002
 #define AUDIT_STATUS_PID			0x0004
-#define AUDIT_STATUS_RATE_LIMIT		0x0008
+#define AUDIT_STATUS_RATE_LIMIT			0x0008
 #define AUDIT_STATUS_BACKLOG_LIMIT		0x0010
 #define AUDIT_STATUS_BACKLOG_WAIT_TIME		0x0020
 #define AUDIT_STATUS_LOST			0x0040
@@ -386,8 +386,8 @@ enum {
  * These bits disambiguate different calling conventions that share an
  * ELF machine type, bitness, and endianness
  */
-#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000
-#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000
+#define __AUDIT_ARCH_CONVENTION_MASK		0x30000000
+#define __AUDIT_ARCH_CONVENTION_MIPS64_N32	0x20000000
 
 /* distinguish syscall tables */
 #define __AUDIT_ARCH_64BIT 0x80000000
@@ -508,7 +508,7 @@ struct audit_tty_status {
 	__u32		log_passwd;	/* 1 = enabled, 0 = disabled */
 };
 
-#define AUDIT_UID_UNSET (unsigned int)-1
+#define AUDIT_UID_UNSET ((unsigned int)-1)
 #define AUDIT_SID_UNSET ((unsigned int)-1)
 
 /* audit_rule_data supports filter rules with both integer and string

kernel/audit.c

@@ -355,8 +355,8 @@ void audit_panic(const char *message)
 
 static inline int audit_rate_check(void)
 {
-	static unsigned long	last_check = 0;
-	static int		messages   = 0;
+	static unsigned long	last_check;
+	static int		messages;
 	static DEFINE_SPINLOCK(lock);
 	unsigned long		flags;
 	unsigned long		now;
@@ -391,7 +391,7 @@ static inline int audit_rate_check(void)
 */
 void audit_log_lost(const char *message)
 {
-	static unsigned long	last_msg = 0;
+	static unsigned long	last_msg;
 	static DEFINE_SPINLOCK(lock);
 	unsigned long		flags;
 	unsigned long		now;
@@ -1295,6 +1295,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
 		memset(&s, 0, sizeof(s));
 		/* guard against past and future API changes */
 		memcpy(&s, data, min_t(size_t, sizeof(s), data_len));
+		if (s.mask & ~AUDIT_STATUS_ALL)
+			return -EINVAL;
 		if (s.mask & AUDIT_STATUS_ENABLED) {
 			err = audit_set_enabled(s.enabled);
 			if (err < 0)

kernel/auditfilter.c

@@ -303,8 +303,7 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data *
 	return ERR_PTR(err);
 }
 
-static u32 audit_ops[] =
-{
+static u32 audit_ops[] = {
 	[Audit_equal] = AUDIT_EQUAL,
 	[Audit_not_equal] = AUDIT_NOT_EQUAL,
 	[Audit_bitmask] = AUDIT_BIT_MASK,

lib/audit.c

@@ -42,7 +42,7 @@ int audit_classify_syscall(int abi, unsigned syscall)
 	if (audit_is_compat(abi))
 		return audit_classify_compat_syscall(abi, syscall);
 
-	switch(syscall) {
+	switch (syscall) {
 #ifdef __NR_open
 	case __NR_open:
 		return AUDITSC_OPEN;