From: Eric Paris <eparis@redhat.com>
To: viro@zeniv.linux.org.uk
Cc: x86@kernel.org, tglx@linutronix.de, linux-audit@redhat.com,
mingo@redhat.com, hpa@zytor.com
Subject: [PATCH] audit: ia32entry.S drops useful return value sign bits
Date: Mon, 23 May 2011 20:41:35 -0400 [thread overview]
Message-ID: <20110524004135.6110.61381.stgit@paris.rdu.redhat.com> (raw)
In the ia32entry syscall exit audit fastpath we have assembly code which calls
audit_syscall_exit directly. This code was, however, incorrectly zeroing
the upper 32 bits of the return code. It then proceeded to do a 32bit check
for positive/negative to determine the syscalls success. This meant that
syscalls like mmap2 which might return a very large 32 bit address as the
pointer would be mistaken for a negative return code. It also meant that
negative return codes would be mistaken for 32 bit numbers on output.
The fix is to not zero the upper 32 bits of the return value and to do a full
64bit negative/postive determination for syscall success.
Old record returning a pointer:
type=SYSCALL msg=audit(1305733850.639:224): arch=40000003 syscall=192 success=no exit=4151844864
New Record with positive/negative test fixing "success":
type=SYSCALL msg=audit(1305733850.639:224): arch=40000003 syscall=192 success=yes exit=4151844864
Old record returning an error:
type=SYSCALL msg=audit(1306197182.256:281): arch=40000003 syscall=192 success=no exit=4294967283
New record returning -13:
type=SYSCALL msg=audit(1306197182.256:281): arch=40000003 syscall=192 success=no exit=-13
Signed-off-by: Eric Paris <eparis@redhat.com>
---
arch/x86/ia32/ia32entry.S | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index c1870dd..b2bea0a 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -209,14 +209,14 @@ sysexit_from_sys_call:
jnz ia32_ret_from_sys_call
TRACE_IRQS_ON
sti
- movl %eax,%esi /* second arg, syscall return value */
- cmpl $0,%eax /* is it < 0? */
+ movq %rax,%rsi /* second arg, syscall return value */
+ cmpq $0,%rax /* is it < 0? */
setl %al /* 1 if so, 0 if not */
movzbl %al,%edi /* zero-extend that into %edi */
inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
call audit_syscall_exit
GET_THREAD_INFO(%r10)
- movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */
+ movq RAX-ARGOFFSET(%rsp),%rax /* reload syscall return value */
movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi
cli
TRACE_IRQS_OFF
next reply other threads:[~2011-05-24 0:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-24 0:41 Eric Paris [this message]
[not found] ` <4DDB00CC.1050802@zytor.com>
2011-05-24 1:04 ` [PATCH] audit: ia32entry.S drops useful return value sign bits Eric Paris
[not found] ` <4DDB07B2.2080400@zytor.com>
2011-05-24 13:13 ` Eric Paris
[not found] ` <alpine.LFD.2.02.1105241544390.3078@ionos>
[not found] ` <4DDBDA62.3000303@zytor.com>
2011-05-24 19:13 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110524004135.6110.61381.stgit@paris.rdu.redhat.com \
--to=eparis@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-audit@redhat.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox