Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit

Pull audit updates from Paul Moore:
 "After the small number of patches for v4.9, we've got a much bigger
  pile for v4.10.

  The bulk of these patches involve a rework of the audit backlog queue
  to enable us to move the netlink multicasting out of the task/thread
  that generates the audit record and into the kernel thread that emits
  the record (just like we do for the audit unicast to auditd).

  While we were playing with the backlog queue(s) we fixed a number of
  other little problems with the code, and from all the testing so far
  things look to be in much better shape now. Doing this also allowed us
  to re-enable disabling IRQs for some netns operations ("netns: avoid
  disabling irq for netns id").

  The remaining patches fix some small problems that are well documented
  in the commit descriptions, as well as adding session ID filtering
  support"

* 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit:
  audit: use proper refcount locking on audit_sock
  netns: avoid disabling irq for netns id
  audit: don't ever sleep on a command record/message
  audit: handle a clean auditd shutdown with grace
  audit: wake up kauditd_thread after auditd registers
  audit: rework audit_log_start()
  audit: rework the audit queue handling
  audit: rename the queues and kauditd related functions
  audit: queue netlink multicast sends just like we do for unicast sends
  audit: fixup audit_init()
  audit: move kaudit thread start from auditd registration to kaudit init (#2)
  audit: add support for session ID user filter
  audit: fix formatting of AUDIT_CONFIG_CHANGE events
  audit: skip sessionid sentinel value when auto-incrementing
  audit: tame initialization warning len_abuf in audit_log_execve_info
  audit: less stack usage for /proc/*/loginuid

diff --cc fs/proc/base.c
Simple merge

diff --cc include/uapi/linux/audit.h
index 208df7b44e90f03efe41409069ab2d207acabdfa,c8dc97bc2c1bb19c71f3422a0df437f63488b2b9..1c107cb1c83f80236cac0234a456d665bb9b7a15
--- 1/include/uapi/linux/audit.h
--- 2/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -329,11 -330,11 +330,13 @@@ enum 
  #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT    0x00000001
  #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME        0x00000002
  #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH  0x00000004
 +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND   0x00000008
+ #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x00000010
  #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
                                  AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
                                  AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
-                                 AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND)
++                                AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
+                                 AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
  
  /* deprecated: AUDIT_VERSION_* */
  #define AUDIT_VERSION_LATEST          AUDIT_FEATURE_BITMAP_ALL

diff --cc kernel/audit.c
index 67b9fbd871be8ec0d9e557f654fe7463a29f82b5,41017685f9f2836754d2338dfd75882d4f9be49a..91bff3c0b368c4ac6584c8cbad6b5b40e9a338ed
--- 1/kernel/audit.c
--- 2/kernel/audit.c
+++ b/kernel/audit.c
@@@ -1167,13 -1299,14 +1305,13 @@@ static void __net_exit audit_net_exit(s
  {
        struct audit_net *aunet = net_generic(net, audit_net_id);
        struct sock *sock = aunet->nlsk;
-       if (sock == audit_sock) {
-               audit_pid = 0;
-               audit_sock = NULL;
-       }
+       mutex_lock(&audit_cmd_mutex);
+       if (sock == audit_sock)
+               auditd_reset();
+       mutex_unlock(&audit_cmd_mutex);
  
 -      RCU_INIT_POINTER(aunet->nlsk, NULL);
 -      synchronize_net();
        netlink_kernel_release(sock);
 +      aunet->nlsk = NULL;
  }
  
  static struct pernet_operations audit_net_ops __net_initdata = {

diff --cc kernel/auditsc.c
Simple merge

diff --cc net/core/net_namespace.c
index 50fdc1b59777e42a5f36cf7145e8457d7b62fe6e,10608dd1489fb8f4f7e943db9423e2955a7f53eb..3c4bbec3971309d545f8c72ac90552c6d68298e9
--- 1/net/core/net_namespace.c
--- 2/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@@ -221,13 -216,10 +221,12 @@@ int peernet2id_alloc(struct net *net, s
        bool alloc;
        int id;
  
-       spin_lock_irqsave(&net->nsid_lock, flags);
 +      if (atomic_read(&net->count) == 0)
 +              return NETNSA_NSID_NOT_ASSIGNED;
+       spin_lock_bh(&net->nsid_lock);
        alloc = atomic_read(&peer->count) == 0 ? false : true;
        id = __peernet2id_alloc(net, peer, &alloc);
-       spin_unlock_irqrestore(&net->nsid_lock, flags);
+       spin_unlock_bh(&net->nsid_lock);
        if (alloc && id >= 0)
                rtnl_net_notifyid(net, RTM_NEWNSID, id);
        return id;
@@@ -236,15 -229,13 +235,14 @@@
  /* This function returns, if assigned, the id of a peer netns. */
  int peernet2id(struct net *net, struct net *peer)
  {
-       unsigned long flags;
        int id;
  
-       spin_lock_irqsave(&net->nsid_lock, flags);
+       spin_lock_bh(&net->nsid_lock);
        id = __peernet2id(net, peer);
-       spin_unlock_irqrestore(&net->nsid_lock, flags);
+       spin_unlock_bh(&net->nsid_lock);
        return id;
  }
 +EXPORT_SYMBOL(peernet2id);
  
  /* This function returns true is the peer netns has an id assigned into the
   * current netns.