From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 178D7C433B4 for ; Tue, 11 May 2021 12:05:56 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 69F8B615FF for ; Tue, 11 May 2021 12:05:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 69F8B615FF Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=windriver.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-338-f2cV671EMIiWeWpSFRSj4Q-1; Tue, 11 May 2021 08:05:52 -0400 X-MC-Unique: f2cV671EMIiWeWpSFRSj4Q-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 03B2814EE; Tue, 11 May 2021 12:05:49 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5873E5D9D7; Tue, 11 May 2021 12:05:48 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7916A44A6B; Tue, 11 May 2021 12:05:46 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14B3Jd3l009901 for ; Mon, 10 May 2021 23:19:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id AE9A7208BDCE; Tue, 11 May 2021 03:19:39 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A8ECF208BDCB for ; Tue, 11 May 2021 03:19:36 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A122E9124CB for ; Tue, 11 May 2021 03:19:36 +0000 (UTC) Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-132-NpM-_jSBNxiPkf5YtQpLBg-1; Mon, 10 May 2021 23:19:32 -0400 X-MC-Unique: NpM-_jSBNxiPkf5YtQpLBg-1 Received: from MWHPR1101MB2351.namprd11.prod.outlook.com (2603:10b6:300:74::18) by CO1PR11MB4772.namprd11.prod.outlook.com (2603:10b6:303:97::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25; Tue, 11 May 2021 03:19:29 +0000 Received: from MWHPR1101MB2351.namprd11.prod.outlook.com ([fe80::c156:455d:860e:ba87]) by MWHPR1101MB2351.namprd11.prod.outlook.com ([fe80::c156:455d:860e:ba87%4]) with mapi id 15.20.4108.031; Tue, 11 May 2021 03:19:29 +0000 Subject: Re: [PATCH v2 3/3] audit: Use syscall_get_return_value to get syscall return code in audit_syscall_exit To: Paul Moore References: <20210423103533.30121-1-zhe.he@windriver.com> <20210423103533.30121-3-zhe.he@windriver.com> From: He Zhe Message-ID: Date: Tue, 11 May 2021 11:19:21 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: X-Originating-IP: [60.247.85.82] X-ClientProxiedBy: SJ0PR05CA0024.namprd05.prod.outlook.com (2603:10b6:a03:33b::29) To MWHPR1101MB2351.namprd11.prod.outlook.com (2603:10b6:300:74::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [128.224.162.175] (60.247.85.82) by SJ0PR05CA0024.namprd05.prod.outlook.com (2603:10b6:a03:33b::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.20 via Frontend Transport; Tue, 11 May 2021 03:19:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0725d13f-5b25-4160-ebe4-08d9142b96a1 X-MS-TrafficTypeDiagnostic: CO1PR11MB4772: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: RrboQVA0q1ci8W1M+TL1MDAWPRJBAJFTsHtM5xSNG870pWOxlNZvG+9pnNdO6UxKOlpICC/TEnXG5RbHwCE+XEco8M7LU3MIFEwr4viOIB6vcwmTkMTsW9Ow2UzfSqnI313yrQQd3CnFkoIXw5zUemlm/eXBJdy5i53gZMWC4zlPFbifzGVyXxeziNfzrhOHWVOjnwXBmDMP6fhWzKsKbaxsM+3CbZRv4ENyEnyafuVjPxJzG3LLa0Z6tlRDVKMM7s3t8+HtL9+8qBBks66g2oMVwzFEtMPeuYCdE+/4V23XKZEq4cYOV4MdczHXyWeFLbEjKB/PmcJxmgb5T2ivPDtfoJ/OYJOj7+cj41ArKrzn8P4Tl9tD0be1LU/Hh9EQciRJiV33CEW14SdQkPf+5oJs8u8KVN2ACT99rJzJhX5E1MkY82yhl7rWC9Lp7objnp5RHIuPN9nld6R+KA7+dQDtr1KMTxIOLmyZXVmjiGpYJQX8VnKYQsi5x9va355ODGf/V7fzyX1jTvM3WRkcr4wvD1Z20uYtpehZ4BCb/FFiAFcOItKAf/vtCyC4ngzv7jbTgKCNdKFK6OIxznkbAj4IPfTghLWXQXwPpEcniVomFAWH6gV9mpCe5ow1myqXVMUjsSazt+3SbhLJQ4RaUqcyhu6HqTZS4oYgGk1BxvYfvc5MB9IMkRc/RFeXQhpoJ0UUDMSSRY8PjUFQ6oQMjFouMnMf/8SLP4soWA7dCJ50PuF1DTm1xbLb+MmuncyXQ+vduSmufnP4yCXxEnUkuKE1GmZaXpHx+ELuRAUTvelBpHnMnyQoU6McofWE0u2S X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR1101MB2351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(39850400004)(346002)(366004)(376002)(2616005)(66946007)(956004)(26005)(31686004)(4326008)(16576012)(478600001)(6666004)(316002)(8676002)(8936002)(6916009)(83380400001)(52116002)(6706004)(66556008)(53546011)(36756003)(966005)(66476007)(2906002)(86362001)(6486002)(38350700002)(38100700002)(5660300002)(31696002)(186003)(16526019)(78286007)(43740500002)(45980500001); DIR:OUT; SFP:1101 X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?L0NYQ3lIdTFuYkQyTXRLU0JPT05LejZUNzd2a3lpMFRlVWZRbEdlTzUxMUJT?= =?utf-8?B?Yk1zTmVPRHVReUw5UWNPSWZNcnVodVJuTFZtWU51WlI5ZHBOMmE1NHNMcWxG?= =?utf-8?B?TmY2bHFXOXNPcHpmckI0U1hwSGVOMTlGeS9XdGVuSXVhM3QwcEsrVkR0TStF?= =?utf-8?B?N0hLYmdPQmdyUEFhTStBN3NnSnlVNXJLZDUwdUdFN1dNRnQxYUhZbmxiZktl?= =?utf-8?B?b0NvUHAvMHZJUVNqdWdwS1gvWGdycVVncTh1U1ZGTDl4d3hZSjNreDVrakxs?= =?utf-8?B?NXZoRDl4UEJxWTlRdmxHbE5zSFRGa2I0T1dMT1NmOW5CVS9paGpUaklCdUFj?= =?utf-8?B?aEsxbjc5OVhsUnhSb3M2WEI5QjhxVHFwUWZqa2FPT3Q4ZCt1MUJkNy91dmcz?= =?utf-8?B?MURhV2F5Q2pTN3orSkUyUVlOK3kyVERDMVhwMTIwV1d1eTMrTUNHeVMrMnlR?= =?utf-8?B?VUxKOHBsbXJrQmt0d2pFbmVvelZKUER6WWlnRlNXc0hkVDBYZzE3ZkJpSTFR?= =?utf-8?B?SmpBZVJBMFRKZFRCbDEyM1JmNVdPYnl2RGtsQ1RLTW1FVzlQOXRTUzJqOWZu?= =?utf-8?B?WXhtbXVjOGlqSWZwQm9Ja3lOVjBLL0g3anFnOHpheHVaYzdUZk84NURKeFZW?= =?utf-8?B?ZWEwT2ZpUWUzT2Qzc2RObWV2UzkrakwyNlFwelpUMHBNZ0kzZ3BFcjZtd2VH?= =?utf-8?B?N29vcmlzamhLSEtwQ1dacDBHTWJGaHRpTUdQd2Z1MWl0ME82TEF0QW9FbVpR?= =?utf-8?B?eHl1bU1ITGRscHMweHgra3BmSDkveE5UYit1TzdlWjFBbDIwemtjbDd5VlE2?= =?utf-8?B?U05wMzMycWs1SVN0ZEI5Y3M3ZjZ1Ny94cHBEa2JuQkhGaGo5V1JtL0hVKzZW?= =?utf-8?B?bTlsSGFDbEljZE9NdEF0YkMzeW92R2VtNDlZSjE3Rm9OK0NWcjNubE1BMmNN?= =?utf-8?B?K0xMQ2VkMDAwSW9jTnMyQmIxMSs5bWxraDFSem9vQm10Rzg3Sm5XRERhVTQ2?= =?utf-8?B?enhWVUJXOFVyK0JuYnNRM25MM2g4QjJhLyt1S1B2VUNUN29JWkkrYjBwUDgy?= =?utf-8?B?cHovR2tZdEZzYUxJeHZmaDRDOE9EYmdSN3Q4NTZTSnZlUVRzdjFocHBuWW5N?= =?utf-8?B?dnAzM2pEVGZYZ1RMVW9jS1Zmckh6M0tYdGRteEFhMCtXQkprOW1ab1RxYUVE?= =?utf-8?B?RXlPSDJhbGRmaGNVRmloMm9oYTN3ZGhHVU9kQkZFMXZpUklwSUhnN3RMV3Nt?= =?utf-8?B?dG93emI4M3lBR3dvcE9LVUIvVXM3a3FuWG5aMExlemt5bkoydzh1U1hManYx?= =?utf-8?B?ejR6Zkg5bTJ5KzFWeXdOQXVscmt5QUFJbDB6akhnWWM2V0VZUUlsa05LL1pQ?= =?utf-8?B?ZWJTUzhkN2JGT0xSYUFVcG1pTU15d29jOUtNOENTQ2V1YjUxZy9Ec2l3QlpH?= =?utf-8?B?TGE4TitLNFdSRTYwazZNSDE3bGxWbE9rNGhCWkEySnplaGVscGRRbE03cGc3?= =?utf-8?B?UUdVRWdHcWozUzQ1bERjUnlRS0FiZDlDNEp5OHJsZHowdy9pY0FqdE8wQkZs?= =?utf-8?B?UGc2RTgvREFLTHZ2b2FFQkJUTVl6MnpJdldUTDhGaW5KbUhCMlQ5c1dOVGk1?= =?utf-8?B?ZkowaXdMb1ZCZVU2VnpmdVptajdrUWNnU3ZrWjRXYzhVYnlhVWF6WDJ4aytN?= =?utf-8?B?eFFGclJ3RlFLTndGb0piSjdSd0UvTHNRMnpxcUxuaXV3R3QzbmxURXZPRTJm?= =?utf-8?Q?guHmxgl7slUfyfVj/AGBxRiqyr3ATcCFcWmTh1o?= X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0725d13f-5b25-4160-ebe4-08d9142b96a1 X-MS-Exchange-CrossTenant-AuthSource: MWHPR1101MB2351.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2021 03:19:29.4278 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: DRhSiEoghj6i6icqV1A3XpJSnSaeoLQAMmfVSPDCYV985OhEowoVrZvFDptToZwt1gragB5rgyUlUvc5YJ41Ag== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4772 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Tue, 11 May 2021 08:05:45 -0400 Cc: catalin.marinas@arm.com, oleg@redhat.com, Eric Paris , linux-kernel@vger.kernel.org, linux-audit@redhat.com, will@kernel.org, linux-arm-kernel@lists.infradead.org X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 5/11/21 6:38 AM, Paul Moore wrote: > On Fri, Apr 23, 2021 at 6:36 AM He Zhe wrote: >> regs_return_value for some architectures like arm64 simply retrieve >> register value from pt_regs without sign extension in 32-bit compatible >> case and cause audit to have false syscall return code. For example, >> 32-bit -13 would be treated as 4294967283 below. >> >> type=SYSCALL msg=audit(1611110715.887:582): arch=40000028 syscall=322 >> success=yes exit=4294967283 >> >> We just added proper sign extension in syscall_get_return_value which >> should be used instead. >> >> Signed-off-by: He Zhe >> --- >> v1 to v2: No change >> >> include/linux/audit.h | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) > Perhaps I missed it but did you address the compile error that was > found by the kernel test robot? I sent a patch adding syscall_get_return_value for alpha to fix this bot warning. https://lore.kernel.org/lkml/20210426091629.45020-1-zhe.he@windriver.com/ which can be found in this mail thread. > > Regardless, one comment inline below ... > >> diff --git a/include/linux/audit.h b/include/linux/audit.h >> index 82b7c1116a85..135adbe22c19 100644 >> --- a/include/linux/audit.h >> +++ b/include/linux/audit.h >> @@ -334,7 +334,7 @@ static inline void audit_syscall_exit(void *pt_regs) >> { >> if (unlikely(audit_context())) { >> int success = is_syscall_success(pt_regs); > Since we are shifting to use syscall_get_return_value() below, would > it also make sense to shift to using syscall_get_error() here instead > of is_syscall_success()? In [PATCH v2 1/3], is_syscall_success calls syscall_get_return_value to take care of the sign extension issue. Keeping using is_syscall_success is to not potentially changing other architectures' behavior. Thanks, Zhe > >> - long return_code = regs_return_value(pt_regs); >> + long return_code = syscall_get_return_value(current, pt_regs); >> >> __audit_syscall_exit(success, return_code); >> } -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit