On Tue, May 17, 2022 at 9:12 AM Paul Moore <p...@paul-moore.com> wrote:
> On Tue, May 17, 2022 at 6:33 AM Julian Orth <ju.o...@gmail.com> wrote:
> >
> > Not calling the function for dummy contexts will cause the context to
> > not be reset. During the next syscall, this will cause an error in
> > __audit_syscall_entry:
> >
> > WARN_ON(context->context != AUDIT_CTX_UNUSED);
> > WARN_ON(context->name_count);
> > if (context->context != AUDIT_CTX_UNUSED || context->name_count) {
> > audit_panic("unrecoverable error in audit_syscall_entry()");
> > return;
> > }
> >
> > These problematic dummy contexts are created via the following call
> > chain:
> >
> > exit_to_user_mode_prepare
> > -> arch_do_signal_or_restart
> > -> get_signal
> > -> task_work_run
> > -> tctx_task_work
> > -> io_req_task_submit
> > -> io_issue_sqe
> > -> audit_uring_entry
> >
> > Fixes: 5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to
> > io_uring")
> > Signed-off-by: Julian Orth <ju.o...@gmail.com>
> > ---
> > include/linux/audit.h | 2 +-
> > kernel/auditsc.c | 6 ++++++
> > 2 files changed, 7 insertions(+), 1 deletion(-)
>
> Hi Julian,
>
> Thanks for the report and the patch too! I agree that it does seem a
> little odd that we haven't seen this before, let me dig into this a
> bit more today and respond back.
The patch looks good to me, thanks again. I just merged this into the
audit/stable-5.18 branch and added a stable tag; assuming the test
runs go okay I'll send this up to Linus tomorrow.
--
paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
