/[pkg-src]/trunk/kernel26-magellan/patches-2.6.16-r12/0103-2.6.16.12-vm86-call-audit_syscall_exit.patch |
Contents of /trunk/kernel26-magellan/patches-2.6.16-r12/0103-2.6.16.12-vm86-call-audit_syscall_exit.patch
Parent Directory | Revision Log
Revision 72 -
(show annotations)
(download)
Mon Jun 5 09:25:38 2006 UTC (18 years, 3 months ago) by niro
File size: 3589 byte(s)
Mon Jun 5 09:25:38 2006 UTC (18 years, 3 months ago) by niro
File size: 3589 byte(s)
ver bump to 2.6.16-r12: - updated to linux-2.6.16.19 - updated to ck11
1 | From: Jason Baron <jbaron@redhat.com> |
2 | Date: Tue, 31 Jan 2006 21:56:28 +0000 (-0500) |
3 | Subject: [PATCH] make vm86 call audit_syscall_exit |
4 | X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commitdiff;h=f38f300d4a0698791bb11294903702ddb1c4e9d8 |
5 | |
6 | [PATCH] make vm86 call audit_syscall_exit |
7 | |
8 | hi, |
9 | |
10 | The motivation behind the patch below was to address messages in |
11 | /var/log/messages such as: |
12 | |
13 | Jan 31 10:54:15 mets kernel: audit(:0): major=252 name_count=0: freeing |
14 | multiple contexts (1) |
15 | Jan 31 10:54:15 mets kernel: audit(:0): major=113 name_count=0: freeing |
16 | multiple contexts (2) |
17 | |
18 | I can reproduce by running 'get-edid' from: |
19 | http://john.fremlin.de/programs/linux/read-edid/. |
20 | |
21 | These messages come about in the log b/c the vm86 calls do not exit via |
22 | the normal system call exit paths and thus do not call |
23 | 'audit_syscall_exit'. The next system call will then free the context for |
24 | itself and for the vm86 context, thus generating the above messages. This |
25 | patch addresses the issue by simply adding a call to 'audit_syscall_exit' |
26 | from the vm86 code. |
27 | |
28 | Besides fixing the above error messages the patch also now allows vm86 |
29 | system calls to become auditable. This is useful since strace does not |
30 | appear to properly record the return values from sys_vm86. |
31 | |
32 | I think this patch is also a step in the right direction in terms of |
33 | cleaning up some core auditing code. If we can correct any other paths |
34 | that do not properly call the audit exit and entries points, then we can |
35 | also eliminate the notion of context chaining. |
36 | |
37 | I've tested this patch by verifying that the log messages no longer |
38 | appear, and that the audit records for sys_vm86 appear to be correct. |
39 | Also, 'read_edid' produces itentical output. |
40 | |
41 | thanks, |
42 | |
43 | -Jason |
44 | |
45 | Signed-off-by: Jason Baron <jbaron@redhat.com> |
46 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
47 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
48 | --- |
49 | |
50 | --- a/arch/i386/kernel/vm86.c |
51 | +++ b/arch/i386/kernel/vm86.c |
52 | @@ -43,6 +43,7 @@ |
53 | #include <linux/smp_lock.h> |
54 | #include <linux/highmem.h> |
55 | #include <linux/ptrace.h> |
56 | +#include <linux/audit.h> |
57 | |
58 | #include <asm/uaccess.h> |
59 | #include <asm/io.h> |
60 | @@ -252,6 +253,7 @@ out: |
61 | static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk) |
62 | { |
63 | struct tss_struct *tss; |
64 | + long eax; |
65 | /* |
66 | * make sure the vm86() system call doesn't try to do anything silly |
67 | */ |
68 | @@ -305,13 +307,19 @@ static void do_sys_vm86(struct kernel_vm |
69 | tsk->thread.screen_bitmap = info->screen_bitmap; |
70 | if (info->flags & VM86_SCREEN_BITMAP) |
71 | mark_screen_rdonly(tsk->mm); |
72 | + __asm__ __volatile__("xorl %eax,%eax; movl %eax,%fs; movl %eax,%gs\n\t"); |
73 | + __asm__ __volatile__("movl %%eax, %0\n" :"=r"(eax)); |
74 | + |
75 | + /*call audit_syscall_exit since we do not exit via the normal paths */ |
76 | + if (unlikely(current->audit_context)) |
77 | + audit_syscall_exit(current, AUDITSC_RESULT(eax), eax); |
78 | + |
79 | __asm__ __volatile__( |
80 | - "xorl %%eax,%%eax; movl %%eax,%%fs; movl %%eax,%%gs\n\t" |
81 | "movl %0,%%esp\n\t" |
82 | "movl %1,%%ebp\n\t" |
83 | "jmp resume_userspace" |
84 | : /* no outputs */ |
85 | - :"r" (&info->regs), "r" (task_thread_info(tsk)) : "ax"); |
86 | + :"r" (&info->regs), "r" (task_thread_info(tsk))); |
87 | /* we never return here */ |
88 | } |
89 | |
90 | --- a/kernel/auditsc.c |
91 | +++ b/kernel/auditsc.c |
92 | @@ -966,11 +966,6 @@ void audit_syscall_entry(struct task_str |
93 | if (context->in_syscall) { |
94 | struct audit_context *newctx; |
95 | |
96 | -#if defined(__NR_vm86) && defined(__NR_vm86old) |
97 | - /* vm86 mode should only be entered once */ |
98 | - if (major == __NR_vm86 || major == __NR_vm86old) |
99 | - return; |
100 | -#endif |
101 | #if AUDIT_DEBUG |
102 | printk(KERN_ERR |
103 | "audit(:%d) pid=%d in syscall=%d;" |