From: Eric Paris <eparis@redhat.com>
To: linux-audit@redhat.com
Cc: pmoore@hp.com
Subject: [PATCH] Audit: EINTR instead of kernel private return codes in audit records
Date: Wed, 14 Nov 2007 15:22:08 -0500 [thread overview]
Message-ID: <1195071728.2924.40.camel@localhost.localdomain> (raw)
When a syscall gets interrupted by a signal and that signal is set to
not restart the syscall its return code will get collected by the audit
system before the registers are changed to the userspace valid EINTR;
See the discussion in include/linux/errno.h
Thus it is possible to get a syscall audit such as:
type=SYSCALL msg=audit(11/13/2007 23:47:34.648:80314) : arch=x86_64
syscall=accept success=no exit=-512(Unknown error 512) a0=3 [snip]
with this patch we clean up those kernel only return codes and give the
userspace equivalent.
type=SYSCALL msg=audit(11/13/2007 23:06:04.017:898) : arch=x86_64
syscall=accept success=no exit=-4(Interrupted system call) a0=3 [snip]
Signed-off-by: Eric Paris <eparis@redhat.com>
---
kernel/auditsc.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index bce9ecd..447ad65 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -702,7 +702,14 @@ static inline struct audit_context *audit_get_context(struct task_struct *tsk,
if (likely(!context))
return NULL;
context->return_valid = return_valid;
- context->return_code = return_code;
+
+ if (unlikely((return_code == -ERESTART_RESTARTBLOCK) ||
+ (return_code == -ERESTARTNOHAND) ||
+ (return_code == -ERESTARTSYS) ||
+ (return_code == -ERESTARTNOINTR)))
+ context->return_code = -EINTR;
+ else
+ context->return_code = return_code;
if (context->in_syscall && !context->dummy && !context->auditable) {
enum audit_state state;
next reply other threads:[~2007-11-14 20:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-14 20:22 Eric Paris [this message]
2007-11-14 20:29 ` [PATCH] Audit: EINTR instead of kernel private return codes in audit records Paul Moore
2007-11-14 20:30 ` Steve Grubb
2007-11-14 21:07 ` Eric Paris
2007-11-14 21:17 ` Steve Grubb
2007-11-18 1:58 ` Eric Paris
2007-11-18 10:58 ` Steve Grubb
2007-11-18 16:52 ` Eric Paris
2007-11-14 21:13 ` Miloslav Trmac
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1195071728.2924.40.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=pmoore@hp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox