From: Eric Paris <eparis@redhat.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-audit@redhat.com, Richard Guy Briggs <rgb@redhat.com>,
Intel Graphics Development <intel-gfx@lists.freedesktop.org>,
x86@kernel.org,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: Regression: audit: x86: drop arch from __audit_syscall_entry() interface
Date: Wed, 22 Oct 2014 17:38:17 -0400 [thread overview]
Message-ID: <1414013897.30946.102.camel@localhost> (raw)
In-Reply-To: <alpine.DEB.2.11.1410222323500.5308@nanos>
On Wed, 2014-10-22 at 23:36 +0200, Thomas Gleixner wrote:
> On Wed, 22 Oct 2014, Eric Paris wrote:
>
> > That's really serious. Looking now.
>
> Indeed its serious. And it's even more serious as this masterpiece of
> assembly wreckage was pulled in via your tree w/o having an acked-by
> one of the x86 maintainers.
>
> > On Wed, 2014-10-22 at 16:08 -0200, Paulo Zanoni wrote:
> > > commit b4f0d3755c5e9cc86292d5fd78261903b4f23d4a
> > > Author: Richard Guy Briggs
> > > Date: Tue Mar 4 10:38:06 2014 -0500
> > > audit: x86: drop arch from __audit_syscall_entry() interface
> > >
> > > According to our QA, their i386 machine doesn't boot anymore. I tried
> > > to write my own revert for the patch, asked QA to test, and they
> > > confirmed it "solves" the problem.
>
> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
> index 0d0c9d4ab6d5..f9e3fabc8716 100644
> --- a/arch/x86/kernel/entry_32.S
> +++ b/arch/x86/kernel/entry_32.S
> @@ -449,12 +449,11 @@ sysenter_audit:
> jnz syscall_trace_entry
> addl $4,%esp
> CFI_ADJUST_CFA_OFFSET -4
> - /* %esi already in 8(%esp) 6th arg: 4th syscall arg */
> - /* %edx already in 4(%esp) 5th arg: 3rd syscall arg */
> - /* %ecx already in 0(%esp) 4th arg: 2nd syscall arg */
> - movl %ebx,%ecx /* 3rd arg: 1st syscall arg */
> - movl %eax,%edx /* 2nd arg: syscall number */
> - movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
> + movl %esi,4(%esp) /* 5th arg: 4th syscall arg */
> + movl %edx,(%esp) /* 4th arg: 3rd syscall arg */
>
> Bilndly overwriting the stack which holds the syscall arguments is
> really a brilliant way to ensure security.
It was sent, numerous times, to the x86 list for reviews, and lived in
-next for 2 complete devel cycles without a complaint. I'm trying to
get an i386 system to test a fix. But yes, it's total crap.
-Eric
next prev parent reply other threads:[~2014-10-22 21:38 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-22 18:08 Regression: audit: x86: drop arch from __audit_syscall_entry() interface Paulo Zanoni
2014-10-22 18:23 ` Eric Paris
2014-10-22 19:01 ` Andy Lutomirski
2014-10-22 19:16 ` Richard Guy Briggs
2014-10-22 19:20 ` Andy Lutomirski
2014-10-22 21:36 ` Thomas Gleixner
2014-10-22 21:38 ` Eric Paris [this message]
2014-10-22 21:43 ` H. Peter Anvin
2014-10-22 21:44 ` Eric Paris
2014-10-22 22:44 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1414013897.30946.102.camel@localhost \
--to=eparis@redhat.com \
--cc=hpa@zytor.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=rgb@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox