Re: [POWERPC] Mask 32-bit system call arguments to 32 bits on PPC64 in audit code

From: Heiko Carstens
Date: Thu Feb 22 2007 - 06:22:34 EST

Next message: Andi Kleen: "Re: [patch] x86: add -freg-struct-return to CFLAGS"
Previous message: Andi Kleen: "Re: -freg-struct-return?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 08, 2007 at 06:59:16PM +0000, Linux Kernel Mailing List wrote:
> Commit: cfcd1705b61ecce1ab102b9593cf733fef314a19
> Parent: 0e47e3cca100e7c8e8124378e4e44969c2e042fd
> Author: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
> AuthorDate: Sun Jan 14 09:38:18 2007 +0800
> Committer: Paul Mackerras <paulus@xxxxxxxxx>
> CommitDate: Wed Jan 24 21:13:58 2007 +1100
>
> [POWERPC] Mask 32-bit system call arguments to 32 bits on PPC64 in audit code
>
> The system call entry code will clear the high bits of argument
> registers before invoking the system call; don't report whatever noise
> happens to be in the high bits of the register before that happens.
>
> Signed-off-by: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
> Signed-off-by: Paul Mackerras <paulus@xxxxxxxxx>
> ---
> arch/powerpc/kernel/ptrace.c | 24 +++++++++++++++---------
> 1 files changed, 15 insertions(+), 9 deletions(-)
>
> diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
> index 975102a..cc44c7b 100644
> --- a/arch/powerpc/kernel/ptrace.c
> +++ b/arch/powerpc/kernel/ptrace.c
> @@ -532,16 +532,22 @@ void do_syscall_trace_enter(struct pt_regs *regs)
> && (current->ptrace & PT_PTRACED))
> do_syscall_trace();
>
> - if (unlikely(current->audit_context))
> - audit_syscall_entry(
> -#ifdef CONFIG_PPC32
> - AUDIT_ARCH_PPC,
> -#else
> - test_thread_flag(TIF_32BIT)?AUDIT_ARCH_PPC:AUDIT_ARCH_PPC64,
> + if (unlikely(current->audit_context)) {
> +#ifdef CONFIG_PPC64
> + if (!test_thread_flag(TIF_32BIT))
> + audit_syscall_entry(AUDIT_ARCH_PPC64,
> + regs->gpr[0],
> + regs->gpr[3], regs->gpr[4],
> + regs->gpr[5], regs->gpr[6]);
> + else
> #endif
> - regs->gpr[0],
> - regs->gpr[3], regs->gpr[4],
> - regs->gpr[5], regs->gpr[6]);
> + audit_syscall_entry(AUDIT_ARCH_PPC,
> + regs->gpr[0],
> + regs->gpr[3] & 0xffffffff,
> + regs->gpr[4] & 0xffffffff,
> + regs->gpr[5] & 0xffffffff,
> + regs->gpr[6] & 0xffffffff);
> + }
> }
>
> void do_syscall_trace_leave(struct pt_regs *regs)

Why is this needed? The audit code is not supposed to look at the high bits
if the audited task is a compat task.
It does that at at least one place in kernel/auditsc.c:

case 4: /* socketcall */
return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND);

So does the audit code assume that the high bits are cleared or is this
a bug in the audit code?

--
Heiko Carstens
Linux on System z Development

IBM Deutschland Entwicklung GmbH
Vorsitzender des Aufsichtsrats: Johann Weihen
Geschaeftsfuehrung : Herbert Kircher
Sitz der Gesellschaft: Boeblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [patch] x86: add -freg-struct-return to CFLAGS"
Previous message: Andi Kleen: "Re: -freg-struct-return?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]