Oops from audit

Linux-audit Archive on lore.kernel.org
 help / color / mirror / Atom feed

* Oops from audit
@ 2006-08-01 18:36 Michael C Thompson
  2006-08-01 19:05 ` Timothy R. Chavez
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Michael C Thompson @ 2006-08-01 18:36 UTC (permalink / raw)
  To: Linux Audit, Amy Griffis, Steve Grubb, aviro

The follow oops is generated on the lspp.45 kernel with audit 1.2.5-5.

The trigger for this oops is:
# auditctl -a exit,always -S pread64 -F 'inode<1'

Oops: 0000 [#1]
SMP
CPU:    0
EIP is at audit_receive_filter+0x30d/0x949
eax: 00000000   ebx: 00000001   ecx: 00000008   edx: c046c62d
esi: 00000000   edi: 000003eb   ebp: cfce1cbc   esp: cfce1c68
ds: 007b   es: 007b   ss: 0068
Process auditctl (pid: 20197, ti=cfce1000 task=cd864aa0 task.ti=cfce1000)
Stack: 00000001 00004ee5 d4322ed4 00000000 cfce1cd0 c04c443a 40000000 
cfce1c8c
        cfce1c8c 00000003 00000000 0000001e 00000000 00000000 00000000 
00000000
        00000000 00000000 d8e2e0ac 0000031c 000503eb cfce1d4c c044af16 
00000001
Call Trace:
  [<c044af16>] audit_receive+0x658/0x781
  [<c05c2254>] netlink_data_ready+0x12/0x50
  [<c05c1200>] netlink_sendskb+0x1f/0x37
  [<c05c1bb1>] netlink_unicast+0x1a1/0x1bb
  [<c05c2235>] netlink_sendmsg+0x259/0x266
  [<c05a575a>] sock_sendmsg+0xe8/0x103
  [<c05a694b>] sys_sendto+0xbe/0xdc
  [<c05a70cb>] sys_socketcall+0xfb/0x186
  [<c0403faf>] syscall_call+0x7/0xb
Code: e9 be 05 00 00 81 ff eb 03 00 00 75 07 e8 14 ed ff ff eb 05 e8 54 
f6 ff ff 89 45 b8 8b 75 b8 81 fe 00 f0 ff ff 0f 87 32 06 00 00 <8b> 8e 
30 01 00 00 8b 46 18 8b b6 34 01 00 00 85 c9 89 75 c8 75

Message fEIP: [<c044cbdc>] audit_receive_filter+0x30d/0x949 SS:ESP 
0068:cfce1c68

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Oops from audit
  2006-08-01 18:36 Oops from audit Michael C Thompson
@ 2006-08-01 19:05 ` Timothy R. Chavez
  2006-08-01 19:08 ` Timothy R. Chavez
  2006-08-01 21:52 ` [PATCH] fix audit oops with invalid operator Amy Griffis
  2 siblings, 0 replies; 4+ messages in thread
From: Timothy R. Chavez @ 2006-08-01 19:05 UTC (permalink / raw)
  To: Michael C Thompson; +Cc: Linux Audit

On Tue, 2006-08-01 at 13:36 -0500, Michael C Thompson wrote:
> c044af16

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Oops from audit
  2006-08-01 18:36 Oops from audit Michael C Thompson
  2006-08-01 19:05 ` Timothy R. Chavez
@ 2006-08-01 19:08 ` Timothy R. Chavez
  2006-08-01 21:52 ` [PATCH] fix audit oops with invalid operator Amy Griffis
  2 siblings, 0 replies; 4+ messages in thread
From: Timothy R. Chavez @ 2006-08-01 19:08 UTC (permalink / raw)
  To: Michael C Thompson; +Cc: Linux Audit

On Tue, 2006-08-01 at 13:36 -0500, Michael C Thompson wrote:
> The follow oops is generated on the lspp.45 kernel with audit 1.2.5-5.
> 
> The trigger for this oops is:
> # auditctl -a exit,always -S pread64 -F 'inode<1'

Hey Mike,

This may prove to be useful..

gdb /path/to/vmlinux
list *0xc044af16

-tim

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] fix audit oops with invalid operator
  2006-08-01 18:36 Oops from audit Michael C Thompson
  2006-08-01 19:05 ` Timothy R. Chavez
  2006-08-01 19:08 ` Timothy R. Chavez
@ 2006-08-01 21:52 ` Amy Griffis
  2 siblings, 0 replies; 4+ messages in thread
From: Amy Griffis @ 2006-08-01 21:52 UTC (permalink / raw)
  To: Michael C Thompson; +Cc: Linux Audit

Michael C Thompson wrote:  [Tue Aug 01 2006, 02:36:36PM EDT]
> The trigger for this oops is:
> # auditctl -a exit,always -S pread64 -F 'inode<1'

Setting the err value will fix it.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 7322f34..6a9a5c5 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -442,6 +442,7 @@ static struct audit_entry *audit_rule_to
 		case AUDIT_EQUAL:
 			break;
 		default:
+			err = -EINVAL;
 			goto exit_free;
 		}
 	}
@@ -579,6 +580,7 @@ static struct audit_entry *audit_data_to
 		case AUDIT_EQUAL:
 			break;
 		default:
+			err = -EINVAL;
 			goto exit_free;
 		}
 	}

^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2006-08-01 21:52 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-01 18:36 Oops from audit Michael C Thompson
2006-08-01 19:05 ` Timothy R. Chavez
2006-08-01 19:08 ` Timothy R. Chavez
2006-08-01 21:52 ` [PATCH] fix audit oops with invalid operator Amy Griffis

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox