From: jonathan@jonmasters.org (Jon Masters)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] ARM: Fix restoration of IP scratch register when auditing syscalls
Date: Wed, 02 May 2012 02:22:08 -0400 [thread overview]
Message-ID: <4FA0D290.90300@jonmasters.org> (raw)
In-Reply-To: <20120430100746.GA11080@mudshark.cambridge.arm.com>
Hi will,
First, for the record, I want to note that I had an actual nightmare
about this last night. Woke up at 5am in a cold sweat with a fear that
"register 12" was out to get me (WTF?). I am *not* joking... ;)
On 04/30/2012 06:07 AM, Will Deacon wrote:
>> The fix is simply to have an additional out when not ptracing.
I retract that. The way to avoid trashing userspace is to do that. But
now that this is identified, I've spent some quality time reading the
audit code and I now even understand what it's trying to do :)
> Actually, I don't understand why we have to update pt_regs so early given
> that I don't think the saved ip is used by audit_syscall_{entry,exit} at
> all. Perhaps we could just move the ip manipulation until after the thread
> flag checks [completely untested patch below]?
Yea. There's no reason I can see to include the IP there, even for the
mach-specific macros we'll use later to pull stuff out of regs (e.g.
regs_return_value, or r0 to its friends). Your patch boots on my test
system running auditd, and more to the point - paraphrasing what Russell
said - the existing code wasn't exactly the best there, since it wants
to use "why" (set in common) and not ip as a conditional.
Ship it. Or er, I dunno, perhaps:
Reported-by: Jon Masters <jcm@jonmasters.org>
Tested-by: Jon Masters <jcm@jonmasters.org>
(or whatever else you want to shove in there for my signoff)
Jon.
prev parent reply other threads:[~2012-05-02 6:22 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-29 6:38 Fixing audit on ARM Jon Masters
2012-04-29 6:38 ` [PATCH] ARM: Fix restoration of IP scratch register when auditing syscalls Jon Masters
2012-04-30 10:07 ` Will Deacon
2012-04-30 18:55 ` Jon Masters
2012-05-01 11:07 ` Will Deacon
2012-05-01 11:37 ` Russell King - ARM Linux
2012-05-01 16:52 ` Jon Masters
2012-05-02 6:27 ` Jon Masters
2012-05-02 8:58 ` Will Deacon
2012-05-02 14:10 ` Jon Masters
2012-05-02 14:48 ` Eric Paris
2012-05-02 15:39 ` Will Deacon
2012-05-02 17:37 ` Jon Masters
2012-04-30 19:00 ` Russell King - ARM Linux
2012-05-03 2:59 ` Jon Masters
2012-05-03 3:03 ` Al Viro
2012-05-03 8:55 ` Will Deacon
2012-05-03 7:34 ` Russell King - ARM Linux
2012-05-02 6:22 ` Jon Masters [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FA0D290.90300@jonmasters.org \
--to=jonathan@jonmasters.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.