/[pkg-src]/trunk/kernel26-magellan/patches-2.6.16-r12/0103-2.6.16.12-vm86-call-audit_syscall_exit.patch |
Annotation of /trunk/kernel26-magellan/patches-2.6.16-r12/0103-2.6.16.12-vm86-call-audit_syscall_exit.patch
Parent Directory | Revision Log
Revision 72 -
(hide annotations)
(download)
Mon Jun 5 09:25:38 2006 UTC (18 years, 3 months ago) by niro
File size: 3589 byte(s)
Mon Jun 5 09:25:38 2006 UTC (18 years, 3 months ago) by niro
File size: 3589 byte(s)
ver bump to 2.6.16-r12: - updated to linux-2.6.16.19 - updated to ck11
1 | niro | 72 | From: Jason Baron <jbaron@redhat.com> |
2 | Date: Tue, 31 Jan 2006 21:56:28 +0000 (-0500) | ||
3 | Subject: [PATCH] make vm86 call audit_syscall_exit | ||
4 | X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commitdiff;h=f38f300d4a0698791bb11294903702ddb1c4e9d8 | ||
5 | |||
6 | [PATCH] make vm86 call audit_syscall_exit | ||
7 | |||
8 | hi, | ||
9 | |||
10 | The motivation behind the patch below was to address messages in | ||
11 | /var/log/messages such as: | ||
12 | |||
13 | Jan 31 10:54:15 mets kernel: audit(:0): major=252 name_count=0: freeing | ||
14 | multiple contexts (1) | ||
15 | Jan 31 10:54:15 mets kernel: audit(:0): major=113 name_count=0: freeing | ||
16 | multiple contexts (2) | ||
17 | |||
18 | I can reproduce by running 'get-edid' from: | ||
19 | http://john.fremlin.de/programs/linux/read-edid/. | ||
20 | |||
21 | These messages come about in the log b/c the vm86 calls do not exit via | ||
22 | the normal system call exit paths and thus do not call | ||
23 | 'audit_syscall_exit'. The next system call will then free the context for | ||
24 | itself and for the vm86 context, thus generating the above messages. This | ||
25 | patch addresses the issue by simply adding a call to 'audit_syscall_exit' | ||
26 | from the vm86 code. | ||
27 | |||
28 | Besides fixing the above error messages the patch also now allows vm86 | ||
29 | system calls to become auditable. This is useful since strace does not | ||
30 | appear to properly record the return values from sys_vm86. | ||
31 | |||
32 | I think this patch is also a step in the right direction in terms of | ||
33 | cleaning up some core auditing code. If we can correct any other paths | ||
34 | that do not properly call the audit exit and entries points, then we can | ||
35 | also eliminate the notion of context chaining. | ||
36 | |||
37 | I've tested this patch by verifying that the log messages no longer | ||
38 | appear, and that the audit records for sys_vm86 appear to be correct. | ||
39 | Also, 'read_edid' produces itentical output. | ||
40 | |||
41 | thanks, | ||
42 | |||
43 | -Jason | ||
44 | |||
45 | Signed-off-by: Jason Baron <jbaron@redhat.com> | ||
46 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | ||
47 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | ||
48 | --- | ||
49 | |||
50 | --- a/arch/i386/kernel/vm86.c | ||
51 | +++ b/arch/i386/kernel/vm86.c | ||
52 | @@ -43,6 +43,7 @@ | ||
53 | #include <linux/smp_lock.h> | ||
54 | #include <linux/highmem.h> | ||
55 | #include <linux/ptrace.h> | ||
56 | +#include <linux/audit.h> | ||
57 | |||
58 | #include <asm/uaccess.h> | ||
59 | #include <asm/io.h> | ||
60 | @@ -252,6 +253,7 @@ out: | ||
61 | static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk) | ||
62 | { | ||
63 | struct tss_struct *tss; | ||
64 | + long eax; | ||
65 | /* | ||
66 | * make sure the vm86() system call doesn't try to do anything silly | ||
67 | */ | ||
68 | @@ -305,13 +307,19 @@ static void do_sys_vm86(struct kernel_vm | ||
69 | tsk->thread.screen_bitmap = info->screen_bitmap; | ||
70 | if (info->flags & VM86_SCREEN_BITMAP) | ||
71 | mark_screen_rdonly(tsk->mm); | ||
72 | + __asm__ __volatile__("xorl %eax,%eax; movl %eax,%fs; movl %eax,%gs\n\t"); | ||
73 | + __asm__ __volatile__("movl %%eax, %0\n" :"=r"(eax)); | ||
74 | + | ||
75 | + /*call audit_syscall_exit since we do not exit via the normal paths */ | ||
76 | + if (unlikely(current->audit_context)) | ||
77 | + audit_syscall_exit(current, AUDITSC_RESULT(eax), eax); | ||
78 | + | ||
79 | __asm__ __volatile__( | ||
80 | - "xorl %%eax,%%eax; movl %%eax,%%fs; movl %%eax,%%gs\n\t" | ||
81 | "movl %0,%%esp\n\t" | ||
82 | "movl %1,%%ebp\n\t" | ||
83 | "jmp resume_userspace" | ||
84 | : /* no outputs */ | ||
85 | - :"r" (&info->regs), "r" (task_thread_info(tsk)) : "ax"); | ||
86 | + :"r" (&info->regs), "r" (task_thread_info(tsk))); | ||
87 | /* we never return here */ | ||
88 | } | ||
89 | |||
90 | --- a/kernel/auditsc.c | ||
91 | +++ b/kernel/auditsc.c | ||
92 | @@ -966,11 +966,6 @@ void audit_syscall_entry(struct task_str | ||
93 | if (context->in_syscall) { | ||
94 | struct audit_context *newctx; | ||
95 | |||
96 | -#if defined(__NR_vm86) && defined(__NR_vm86old) | ||
97 | - /* vm86 mode should only be entered once */ | ||
98 | - if (major == __NR_vm86 || major == __NR_vm86old) | ||
99 | - return; | ||
100 | -#endif | ||
101 | #if AUDIT_DEBUG | ||
102 | printk(KERN_ERR | ||
103 | "audit(:%d) pid=%d in syscall=%d;" |