On Thu, Feb 08, 2007 at 06:59:16PM +0000, Linux Kernel Mailing List wrote: > Commit: cfcd1705b61ecce1ab102b9593cf733fef314a19 > Parent: 0e47e3cca100e7c8e8124378e4e44969c2e042fd > Author: David Woodhouse <[EMAIL PROTECTED]> > AuthorDate: Sun Jan 14 09:38:18 2007 +0800 > Committer: Paul Mackerras <[EMAIL PROTECTED]> > CommitDate: Wed Jan 24 21:13:58 2007 +1100 > > [POWERPC] Mask 32-bit system call arguments to 32 bits on PPC64 in audit > code > > The system call entry code will clear the high bits of argument > registers before invoking the system call; don't report whatever noise > happens to be in the high bits of the register before that happens. > > Signed-off-by: David Woodhouse <[EMAIL PROTECTED]> > Signed-off-by: Paul Mackerras <[EMAIL PROTECTED]> > --- > arch/powerpc/kernel/ptrace.c | 24 +++++++++++++++--------- > 1 files changed, 15 insertions(+), 9 deletions(-) > > diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c > index 975102a..cc44c7b 100644 > --- a/arch/powerpc/kernel/ptrace.c > +++ b/arch/powerpc/kernel/ptrace.c > @@ -532,16 +532,22 @@ void do_syscall_trace_enter(struct pt_regs *regs) > && (current->ptrace & PT_PTRACED)) > do_syscall_trace(); > > - if (unlikely(current->audit_context)) > - audit_syscall_entry( > -#ifdef CONFIG_PPC32 > - AUDIT_ARCH_PPC, > -#else > - > test_thread_flag(TIF_32BIT)?AUDIT_ARCH_PPC:AUDIT_ARCH_PPC64, > + if (unlikely(current->audit_context)) { > +#ifdef CONFIG_PPC64 > + if (!test_thread_flag(TIF_32BIT)) > + audit_syscall_entry(AUDIT_ARCH_PPC64, > + regs->gpr[0], > + regs->gpr[3], regs->gpr[4], > + regs->gpr[5], regs->gpr[6]); > + else > #endif > - regs->gpr[0], > - regs->gpr[3], regs->gpr[4], > - regs->gpr[5], regs->gpr[6]); > + audit_syscall_entry(AUDIT_ARCH_PPC, > + regs->gpr[0], > + regs->gpr[3] & 0xffffffff, > + regs->gpr[4] & 0xffffffff, > + regs->gpr[5] & 0xffffffff, > + regs->gpr[6] & 0xffffffff); > + } > } > > void do_syscall_trace_leave(struct pt_regs *regs)
Why is this needed? The audit code is not supposed to look at the high bits if the audited task is a compat task. It does that at at least one place in kernel/auditsc.c: case 4: /* socketcall */ return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND); So does the audit code assume that the high bits are cleared or is this a bug in the audit code? -- Heiko Carstens Linux on System z Development IBM Deutschland Entwicklung GmbH Vorsitzender des Aufsichtsrats: Johann Weihen Geschaeftsfuehrung : Herbert Kircher Sitz der Gesellschaft: Boeblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/