From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: amy.griffis@hp.com, tony.luck@intel.com,
linux-ia64@vger.kernel.org, dwmw2@infradead.org
Subject: [03/08] fix ia64 syscall auditing
Date: Tue, 05 Apr 2005 16:46:48 +0000 [thread overview]
Message-ID: <20050405164647.GD17299@kroah.com> (raw)
In-Reply-To: <20050405164539.GA17299@kroah.com>
-stable review patch. If anyone has any objections, please let us know.
------------------
Attached is a patch against David's audit.17 kernel that adds checks
for the TIF_SYSCALL_AUDIT thread flag to the ia64 system call and
signal handling code paths. The patch enables auditing of system
calls set up via fsys_bubble_down, as well as ensuring that
audit_syscall_exit() is called on return from sigreturn.
Neglecting to check for TIF_SYSCALL_AUDIT at these points results in
incorrect information in audit_context, causing frequent system panics
when system call auditing is enabled on an ia64 system.
I have tested this patch and have seen no problems with it.
[Original patch from Amy Griffis ported to current kernel by David Woodhouse]
From: Amy Griffis <amy.griffis@hp.com>
From: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
--- 1.34/arch/ia64/kernel/fsys.S 2005-01-22 22:19:11 +00:00
+++ edited/arch/ia64/kernel/fsys.S 2005-04-01 00:20:32 +01:00
@@ -611,8 +611,10 @@
movl r2=ia64_ret_from_syscall
;;
mov rp=r2 // set the real return addr
- tbit.z p8,p0=r3,TIF_SYSCALL_TRACE
+ and r3=_TIF_SYSCALL_TRACEAUDIT,r3
;;
+ cmp.eq p8,p0=r3,r0
+
(p10) br.cond.spnt.many ia64_ret_from_syscall // p10=true means out registers are more than 8
(p8) br.call.sptk.many b6¶ // ignore this return addr
br.cond.sptk ia64_trace_syscall
=== arch/ia64/kernel/signal.c 1.49 vs edited ==--- 1.49/arch/ia64/kernel/signal.c 2005-01-25 20:23:45 +00:00
+++ edited/arch/ia64/kernel/signal.c 2005-04-01 00:18:29 +01:00
@@ -224,7 +224,8 @@
* could be corrupted.
*/
retval = (long) &ia64_leave_kernel;
- if (test_thread_flag(TIF_SYSCALL_TRACE))
+ if (test_thread_flag(TIF_SYSCALL_TRACE)
+ || test_thread_flag(TIF_SYSCALL_AUDIT))
/*
* strace expects to be notified after sigreturn returns even though the
* context to which we return may not be in the middle of a syscall.
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: amy.griffis@hp.com, tony.luck@intel.com,
linux-ia64@vger.kernel.org, dwmw2@infradead.org
Subject: [03/08] fix ia64 syscall auditing
Date: Tue, 5 Apr 2005 09:46:48 -0700 [thread overview]
Message-ID: <20050405164647.GD17299@kroah.com> (raw)
In-Reply-To: <20050405164539.GA17299@kroah.com>
-stable review patch. If anyone has any objections, please let us know.
------------------
Attached is a patch against David's audit.17 kernel that adds checks
for the TIF_SYSCALL_AUDIT thread flag to the ia64 system call and
signal handling code paths. The patch enables auditing of system
calls set up via fsys_bubble_down, as well as ensuring that
audit_syscall_exit() is called on return from sigreturn.
Neglecting to check for TIF_SYSCALL_AUDIT at these points results in
incorrect information in audit_context, causing frequent system panics
when system call auditing is enabled on an ia64 system.
I have tested this patch and have seen no problems with it.
[Original patch from Amy Griffis ported to current kernel by David Woodhouse]
From: Amy Griffis <amy.griffis@hp.com>
From: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
--- 1.34/arch/ia64/kernel/fsys.S 2005-01-22 22:19:11 +00:00
+++ edited/arch/ia64/kernel/fsys.S 2005-04-01 00:20:32 +01:00
@@ -611,8 +611,10 @@
movl r2=ia64_ret_from_syscall
;;
mov rp=r2 // set the real return addr
- tbit.z p8,p0=r3,TIF_SYSCALL_TRACE
+ and r3=_TIF_SYSCALL_TRACEAUDIT,r3
;;
+ cmp.eq p8,p0=r3,r0
+
(p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8
(p8) br.call.sptk.many b6=b6 // ignore this return addr
br.cond.sptk ia64_trace_syscall
===== arch/ia64/kernel/signal.c 1.49 vs edited =====
--- 1.49/arch/ia64/kernel/signal.c 2005-01-25 20:23:45 +00:00
+++ edited/arch/ia64/kernel/signal.c 2005-04-01 00:18:29 +01:00
@@ -224,7 +224,8 @@
* could be corrupted.
*/
retval = (long) &ia64_leave_kernel;
- if (test_thread_flag(TIF_SYSCALL_TRACE))
+ if (test_thread_flag(TIF_SYSCALL_TRACE)
+ || test_thread_flag(TIF_SYSCALL_AUDIT))
/*
* strace expects to be notified after sigreturn returns even though the
* context to which we return may not be in the middle of a syscall.
next prev parent reply other threads:[~2005-04-05 16:46 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-05 16:45 [00/11] -stable review Greg KH
2005-04-05 16:46 ` [01/08] Fix Oops with ALSA timer event notification Greg KH
2005-04-05 16:46 ` Greg KH
2005-04-05 16:46 ` [02/08] Prevent race condition in jbd Greg KH
2005-04-05 16:46 ` Greg KH [this message]
2005-04-05 16:46 ` [03/08] fix ia64 syscall auditing Greg KH
2005-04-05 20:27 ` David Mosberger
2005-04-05 20:27 ` David Mosberger
2005-04-05 20:49 ` Greg KH
2005-04-05 20:49 ` Greg KH
2005-04-05 21:01 ` Randy.Dunlap
2005-04-05 21:01 ` Randy.Dunlap
2005-04-05 23:46 ` Ryan Anderson
2005-04-05 23:46 ` Ryan Anderson
2005-04-06 0:05 ` Greg KH
2005-04-06 0:05 ` Greg KH
2005-04-06 0:48 ` Dave Jones
2005-04-06 0:48 ` Dave Jones
2005-04-06 22:43 ` Andrew Morton
2005-04-06 22:43 ` Andrew Morton
2005-04-05 16:47 ` [04/08] I2C: Fix oops in eeprom driver Greg KH
2005-05-19 6:25 ` Greg KH
2005-04-05 16:47 ` [05/08] [IPSEC]: Do not hold state lock while checking size Greg KH
2005-04-05 16:47 ` [06/08] rwsem fix Greg KH
2005-04-05 16:47 ` [07/08] [TCP] Fix BIC congestion avoidance algorithm error Greg KH
2005-04-05 18:22 ` Theodore Ts'o
2005-04-05 18:26 ` David S. Miller
2005-04-05 18:32 ` Stephen Hemminger
2005-04-05 16:48 ` [08/08] uml: va_copy fix Greg KH
2005-04-05 18:47 ` Renate Meijer
2005-04-05 18:53 ` Blaisorblade
2005-04-05 20:18 ` Renate Meijer
2005-04-06 11:32 ` Jörn Engel
2005-04-06 12:04 ` Renate Meijer
2005-04-06 12:27 ` Jörn Engel
2005-04-06 15:46 ` [stable] " Greg KH
2005-04-06 17:29 ` Renate Meijer
2005-04-06 17:33 ` Jörn Engel
2005-04-06 17:58 ` Renate Meijer
2005-04-06 18:13 ` Jörn Engel
2005-04-06 19:13 ` Blaisorblade
2005-04-06 19:09 ` Blaisorblade
2005-04-06 19:30 ` Jörn Engel
2005-04-07 9:16 ` Renate Meijer
2005-04-07 18:25 ` Blaisorblade
2005-04-05 17:28 ` [00/11] -stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050405164647.GD17299@kroah.com \
--to=gregkh@suse.de \
--cc=amy.griffis@hp.com \
--cc=dwmw2@infradead.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@kernel.org \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.