Oops from audit

All of lore.kernel.org
 help / color / mirror / Atom feed

* Oops from audit
@ 2006-08-01 18:36 Michael C Thompson
  2006-08-01 19:05 ` Timothy R. Chavez
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Michael C Thompson @ 2006-08-01 18:36 UTC (permalink / raw)
  To: Linux Audit, Amy Griffis, Steve Grubb, aviro

The follow oops is generated on the lspp.45 kernel with audit 1.2.5-5.

The trigger for this oops is:
# auditctl -a exit,always -S pread64 -F 'inode<1'

Oops: 0000 [#1]
SMP
CPU:    0
EIP is at audit_receive_filter+0x30d/0x949
eax: 00000000   ebx: 00000001   ecx: 00000008   edx: c046c62d
esi: 00000000   edi: 000003eb   ebp: cfce1cbc   esp: cfce1c68
ds: 007b   es: 007b   ss: 0068
Process auditctl (pid: 20197, ti=cfce1000 task=cd864aa0 task.ti=cfce1000)
Stack: 00000001 00004ee5 d4322ed4 00000000 cfce1cd0 c04c443a 40000000 
cfce1c8c
        cfce1c8c 00000003 00000000 0000001e 00000000 00000000 00000000 
00000000
        00000000 00000000 d8e2e0ac 0000031c 000503eb cfce1d4c c044af16 
00000001
Call Trace:
  [<c044af16>] audit_receive+0x658/0x781
  [<c05c2254>] netlink_data_ready+0x12/0x50
  [<c05c1200>] netlink_sendskb+0x1f/0x37
  [<c05c1bb1>] netlink_unicast+0x1a1/0x1bb
  [<c05c2235>] netlink_sendmsg+0x259/0x266
  [<c05a575a>] sock_sendmsg+0xe8/0x103
  [<c05a694b>] sys_sendto+0xbe/0xdc
  [<c05a70cb>] sys_socketcall+0xfb/0x186
  [<c0403faf>] syscall_call+0x7/0xb
Code: e9 be 05 00 00 81 ff eb 03 00 00 75 07 e8 14 ed ff ff eb 05 e8 54 
f6 ff ff 89 45 b8 8b 75 b8 81 fe 00 f0 ff ff 0f 87 32 06 00 00 <8b> 8e 
30 01 00 00 8b 46 18 8b b6 34 01 00 00 85 c9 89 75 c8 75

Message fEIP: [<c044cbdc>] audit_receive_filter+0x30d/0x949 SS:ESP 
0068:cfce1c68

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Oops from audit
  2006-08-01 18:36 Oops from audit Michael C Thompson
@ 2006-08-01 19:05 ` Timothy R. Chavez
  2006-08-01 19:08 ` Timothy R. Chavez
  2006-08-01 21:52 ` [PATCH] fix audit oops with invalid operator Amy Griffis
  2 siblings, 0 replies; 4+ messages in thread
From: Timothy R. Chavez @ 2006-08-01 19:05 UTC (permalink / raw)
  To: Michael C Thompson; +Cc: Linux Audit

On Tue, 2006-08-01 at 13:36 -0500, Michael C Thompson wrote:
> c044af16

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Oops from audit
  2006-08-01 18:36 Oops from audit Michael C Thompson
  2006-08-01 19:05 ` Timothy R. Chavez
@ 2006-08-01 19:08 ` Timothy R. Chavez
  2006-08-01 21:52 ` [PATCH] fix audit oops with invalid operator Amy Griffis
  2 siblings, 0 replies; 4+ messages in thread
From: Timothy R. Chavez @ 2006-08-01 19:08 UTC (permalink / raw)
  To: Michael C Thompson; +Cc: Linux Audit

On Tue, 2006-08-01 at 13:36 -0500, Michael C Thompson wrote:
> The follow oops is generated on the lspp.45 kernel with audit 1.2.5-5.
> 
> The trigger for this oops is:
> # auditctl -a exit,always -S pread64 -F 'inode<1'

Hey Mike,

This may prove to be useful..

gdb /path/to/vmlinux
list *0xc044af16

-tim

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] fix audit oops with invalid operator
  2006-08-01 18:36 Oops from audit Michael C Thompson
  2006-08-01 19:05 ` Timothy R. Chavez
  2006-08-01 19:08 ` Timothy R. Chavez
@ 2006-08-01 21:52 ` Amy Griffis
  2 siblings, 0 replies; 4+ messages in thread
From: Amy Griffis @ 2006-08-01 21:52 UTC (permalink / raw)
  To: Michael C Thompson; +Cc: Linux Audit

Michael C Thompson wrote:  [Tue Aug 01 2006, 02:36:36PM EDT]
> The trigger for this oops is:
> # auditctl -a exit,always -S pread64 -F 'inode<1'

Setting the err value will fix it.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 7322f34..6a9a5c5 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -442,6 +442,7 @@ static struct audit_entry *audit_rule_to
 		case AUDIT_EQUAL:
 			break;
 		default:
+			err = -EINVAL;
 			goto exit_free;
 		}
 	}
@@ -579,6 +580,7 @@ static struct audit_entry *audit_data_to
 		case AUDIT_EQUAL:
 			break;
 		default:
+			err = -EINVAL;
 			goto exit_free;
 		}
 	}

^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2006-08-01 21:52 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-01 18:36 Oops from audit Michael C Thompson
2006-08-01 19:05 ` Timothy R. Chavez
2006-08-01 19:08 ` Timothy R. Chavez
2006-08-01 21:52 ` [PATCH] fix audit oops with invalid operator Amy Griffis

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.