[PATCH] fix ia64 syscall auditing (3ac3ed55) · Commits · 戴 / test

Attached is a patch against David's audit.17 kernel that adds checks for the TIF_SYSCALL_AUDIT thread flag to the ia64 system call and signal handling code paths.The patch enables auditing of system calls set up via fsys_bubble_down, as well as ensuring that audit_syscall_exit() is called on return from sigreturn. Neglecting to check for TIF_SYSCALL_AUDIT at these points results in incorrect information in audit_context, causing frequent system panics when system call auditing is enabled on an ia64 system. Signed-off-by:

Amy Griffis <amy.griffis@hp.com> Signed-off-by:

David Woodhouse <dwmw2@infradead.org>

arch/ia64/kernel/fsys.S

+3 −1

Original line number	Diff line number	Diff line
		@@ -611,8 +611,10 @@ GLOBAL_ENTRY(fsys_bubble_down)
		movl r2=ia64_ret_from_syscall
		;;
		mov rp=r2 // set the real return addr
		tbit.z p8,p0=r3,TIF_SYSCALL_TRACE
		and r3=_TIF_SYSCALL_TRACEAUDIT,r3
		;;
		cmp.eq p8,p0=r3,r0

		(p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8
		(p8) br.call.sptk.many b6=b6 // ignore this return addr
		br.cond.sptk ia64_trace_syscall

arch/ia64/kernel/signal.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -224,7 +224,8 @@ ia64_rt_sigreturn (struct sigscratch *scr)
		* could be corrupted.
		*/
		retval = (long) &ia64_leave_kernel;
		if (test_thread_flag(TIF_SYSCALL_TRACE))
		if (test_thread_flag(TIF_SYSCALL_TRACE)
		\|\| test_thread_flag(TIF_SYSCALL_AUDIT))
		/*
		* strace expects to be notified after sigreturn returns even though the
		* context to which we return may not be in the middle of a syscall.

Admin message