From: Eric Paris <eparis@redhat.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Linux-MIPS <linux-mips@linux-mips.org>,
Richard Guy Briggs <rgb@redhat.com>,
linux-audit@redhat.com, Manuel Lauss <manuel.lauss@gmail.com>
Subject: Re: [RESEND PATCH 1/2] MIPS syscall auditing patches
Date: Thu, 03 Apr 2014 09:58:31 -0400 [thread overview]
Message-ID: <1396533511.24733.28.camel@flatline.rdu.redhat.com> (raw)
In-Reply-To: <1396532936.3615.124.camel@i7.infradead.org>
On Thu, 2014-04-03 at 14:48 +0100, David Woodhouse wrote:
> On Thu, 2014-04-03 at 11:32 +0200, Ralf Baechle wrote:
> >
> > There's probably the odd bitfield or similar where it might matter? I
> > did dig a bit in the history of the auditing code and found no code
> > that uses __AUDIT_ARCH_LE other than setting that flag.
> >
> > David - you introduced __AUDIT_ARCH_LE in kernel commit 2fd6f58ba6e
> > "[AUDIT] Don't allow ptrace to fool auditing, log arch of audited
> > syscalls." on April 29 2005. Do you still recall the purpose of this
> > flag?
>
> Obviously I remember nothing. But I really can't see the point in the
> little-endian flag. Perhaps it just seemed like a good idea at the time.
>
> The __AUDIT_ARCH_64BIT flag does allow you to distinguish between 32-bit
> and 64-bit system calls on architectures where you can't tell them apart
> by syscall number alone (e.g. S390?). But even that isn't really needed
> on MIPS because the syscall number tells you *everything* you need to
> know, doesn't it?
>
> Even if we started supporting little-endian system calls on a big-endian
> kernel, __AUDIT_ARCH_LE would help with interpreting the output, since
> it's never in a bytewise/binary form *anyway*. It would let you filter
> on LE vs. BE system calls I suppose, but I'm not sure if that's a
> required feature.
The only point of these flags is to uniquely identify the arch. If the
arch has LE and BE, but it doesn't change the API in any way, it doesn't
matter. Don't worry about it.
Same for the 64BIT flag. Do what makes sense to identify the arch and
don't worry to much about it. (sounds to me like MIPS has 3 arches)
-Eric
next prev parent reply other threads:[~2014-04-03 13:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-02 10:13 [RESEND PATCH 0/2] MIPS syscall auditing patches Manuel Lauss
2014-04-02 10:13 ` [RESEND PATCH 1/2] " Manuel Lauss
2014-04-02 15:56 ` Richard Guy Briggs
2014-04-03 9:32 ` Ralf Baechle
2014-04-03 13:12 ` Steve Grubb
2014-04-03 13:48 ` David Woodhouse
2014-04-03 13:58 ` Eric Paris [this message]
2014-04-03 14:36 ` David Woodhouse
2014-04-03 15:13 ` Richard Guy Briggs
2014-04-03 14:04 ` Eric Paris
2014-04-02 10:13 ` [RESEND PATCH 2/2] " Manuel Lauss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1396533511.24733.28.camel@flatline.rdu.redhat.com \
--to=eparis@redhat.com \
--cc=dwmw2@infradead.org \
--cc=linux-audit@redhat.com \
--cc=linux-mips@linux-mips.org \
--cc=manuel.lauss@gmail.com \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox