From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter Zijlstra <a.p.zijlstra@chello.nl>
Subject: [PATCH] audit: fix two bugs in the new execve audit code
Date: Sat, 28 Jul 2007 00:55:18 +0200
Message-ID: <1185576918.15205.68.camel@lappy>
References: <200707190848.l6J8mFQf023098@imap1.linux-foundation.org>
	<200707271613.10753.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <200707271613.10753.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>, Linus Torvalds <torvalds@linux-foundation.org>, Andrew Morton <akpm@linux-foundation.org>
Cc: linux-audit@redhat.com, aaw@google.com
List-Id: linux-audit@redhat.com

On Fri, 2007-07-27 at 16:13 -0400, Steve Grubb wrote:
> Hi,
> 
> I was testing our rawhide kernel and I'm scrolling these errors:
> 
> WARNING: at kernel/auditsc.c:859 audit_log_execve_info() (Not tainted)
> 
> Call Trace:
>  [<ffffffff8106b06f>] audit_log_exit+0x5d7/0x964
>  [<ffffffff81050805>] trace_hardirqs_on+0x12e/0x151
>  [<ffffffff8106b60b>] audit_syscall_exit+0x9b/0x300
>  [<ffffffff8100ee62>] syscall_trace_leave+0x2c/0x87
>  [<ffffffff8100beb1>] int_very_careful+0x3a/0x43
> 

--

copy_from_user() returns the number of bytes not copied, hence 0 is the
expected output.

axi->mm might not be valid anymore when not equal to current->mm, do not
dereference before checking that - thanks to Al for spotting that.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
---
 kernel/auditsc.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Index: linux-2.6/kernel/auditsc.c
===================================================================
--- linux-2.6.orig/kernel/auditsc.c
+++ linux-2.6/kernel/auditsc.c
@@ -824,12 +824,14 @@ static void audit_log_execve_info(struct
 {
 	int i;
 	long len, ret;
-	const char __user *p = (const char __user *)axi->mm->arg_start;
+	const char __user *p;
 	char *buf;
 
 	if (axi->mm != current->mm)
 		return; /* execve failed, no additional info */
 
+	p = (const char __user *)axi->mm->arg_start;
+
 	for (i = 0; i < axi->argc; i++, p += len) {
 		len = strnlen_user(p, MAX_ARG_STRLEN);
 		/*
@@ -855,7 +857,7 @@ static void audit_log_execve_info(struct
 		 * copied them here, and the mm hasn't been exposed to user-
 		 * space yet.
 		 */
-		if (!ret) {
+		if (ret) {
 			WARN_ON(1);
 			send_sig(SIGKILL, current, 0);
 		}