On Thu, Feb 22, 2007 at 12:20:40PM +0100, Heiko Carstens wrote:
> On Thu, Feb 08, 2007 at 06:59:16PM +0000, Linux Kernel Mailing List wrote:
> > Commit: cfcd1705b61ecce1ab102b9593cf733fef314a19
> > Parent: 0e47e3cca100e7c8e8124378e4e44969c2e042fd
> > Author: David Woodhouse <[EMAIL PROTECTED]>
> > AuthorDate: Sun Jan 14 09:38:18 2007 +0800
> > Committer: Paul Mackerras <[EMAIL PROTECTED]>
> > CommitDate: Wed Jan 24 21:13:58 2007 +1100
> >
> > [POWERPC] Mask 32-bit system call arguments to 32 bits on PPC64 in
> > audit code
> >
> > The system call entry code will clear the high bits of argument
> > registers before invoking the system call; don't report whatever noise
> > happens to be in the high bits of the register before that happens.
> >
> > Signed-off-by: David Woodhouse <[EMAIL PROTECTED]>
> > Signed-off-by: Paul Mackerras <[EMAIL PROTECTED]>
> > ---
> > arch/powerpc/kernel/ptrace.c | 24 +++++++++++++++---------
> > 1 files changed, 15 insertions(+), 9 deletions(-)
> >
> > diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
> > index 975102a..cc44c7b 100644
> > --- a/arch/powerpc/kernel/ptrace.c
> > +++ b/arch/powerpc/kernel/ptrace.c
> > @@ -532,16 +532,22 @@ void do_syscall_trace_enter(struct pt_regs *regs)
> > && (current->ptrace & PT_PTRACED))
> > do_syscall_trace();
> >
> > - if (unlikely(current->audit_context))
> > - audit_syscall_entry(
> > -#ifdef CONFIG_PPC32
> > - AUDIT_ARCH_PPC,
> > -#else
> > -
> > test_thread_flag(TIF_32BIT)?AUDIT_ARCH_PPC:AUDIT_ARCH_PPC64,
> > + if (unlikely(current->audit_context)) {
> > +#ifdef CONFIG_PPC64
> > + if (!test_thread_flag(TIF_32BIT))
> > + audit_syscall_entry(AUDIT_ARCH_PPC64,
> > + regs->gpr[0],
> > + regs->gpr[3], regs->gpr[4],
> > + regs->gpr[5], regs->gpr[6]);
> > + else
> > #endif
> > - regs->gpr[0],
> > - regs->gpr[3], regs->gpr[4],
> > - regs->gpr[5], regs->gpr[6]);
> > + audit_syscall_entry(AUDIT_ARCH_PPC,
> > + regs->gpr[0],
> > + regs->gpr[3] & 0xffffffff,
> > + regs->gpr[4] & 0xffffffff,
> > + regs->gpr[5] & 0xffffffff,
> > + regs->gpr[6] & 0xffffffff);
> > + }
> > }
> >
> > void do_syscall_trace_leave(struct pt_regs *regs)
>
> Why is this needed? The audit code is not supposed to look at the high bits
> if the audited task is a compat task.
> It does that at at least one place in kernel/auditsc.c:
>
> case 4: /* socketcall */
> return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND);
>
> So does the audit code assume that the high bits are cleared or is this
> a bug in the audit code?
Extended the cc list with a few people that recently worked on the audit code,
maybe somebody could answer my question above?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
