From: John Johansen <john.johansen@canonical.com>

Date:   Fri Feb 9 04:57:39 2018 -0800

Subject: apparmor: fix resource audit messages when auditing peer

Patch-mainline: v4.17-rc1

Git-commit: b5beb07ad32ab533027aa988d96a44965ec116f7

References: bsc#1084839

Resource auditing is using the peer field which is not available

when the rlim data struct is used, because it is a different element

of the same union. Accessing peer during resource auditing could

cause garbage log entries or even oops the kernel.

Move the rlim data block into the same struct as the peer field

so they can be used together.

CC: <stable@vger.kernel.org>

Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")

Signed-off-by: John Johansen <john.johansen@canonical.com>

Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>

diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h

index 4ac095118717..2ebc00a579fd 100644

--- a/security/apparmor/include/audit.h

+++ b/security/apparmor/include/audit.h

@@ -126,6 +126,10 @@ struct apparmor_audit_data {

 					const char *target;

 					kuid_t ouid;

 				} fs;

+				struct {

+					int rlim;

+					unsigned long max;

+				} rlim;

 				int signal;

 			};

 		};

@@ -134,10 +138,6 @@ struct apparmor_audit_data {

 			const char *ns;

 			long pos;

 		} iface;

-		struct {

-			int rlim;

-			unsigned long max;

-		} rlim;

 		struct {

 			const char *src_name;

 			const char *type;