From: chrisw@osdl.org Date: Mon, 4 Apr 2005 06:52:43 +0000 (-0700) Subject: [PATCH] add fix-ia64-syscall-auditing.patch X-Git-Tag: v2.6.11.9~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91a4de7e193383bb452707ee1aa040a21d7651b5;p=thirdparty%2Fkernel%2Fstable-queue.git [PATCH] add fix-ia64-syscall-auditing.patch --- diff --git a/queue/fix-ia64-syscall-auditing.patch b/queue/fix-ia64-syscall-auditing.patch new file mode 100644 index 00000000000..d932a43fe4e --- /dev/null +++ b/queue/fix-ia64-syscall-auditing.patch @@ -0,0 +1,53 @@ +From linux-audit-bounces@redhat.com Thu Mar 31 13:30:01 2005 +Date: Thu, 31 Mar 2005 16:30:09 -0500 +From: Amy Griffis +To: linux-audit@redhat.com +Subject: [PATCH] fix ia64 syscall auditing + +Attached is a patch against David's audit.17 kernel that adds checks +for the TIF_SYSCALL_AUDIT thread flag to the ia64 system call and +signal handling code paths. The patch enables auditing of system +calls set up via fsys_bubble_down, as well as ensuring that +audit_syscall_exit() is called on return from sigreturn. + +Neglecting to check for TIF_SYSCALL_AUDIT at these points results in +incorrect information in audit_context, causing frequent system panics +when system call auditing is enabled on an ia64 system. + +I have tested this patch and have seen no problems with it. + +[Original patch from Amy Griffis ported to current kernel by David Woodhouse] + +From: Amy Griffis +From: David Woodhouse +Signed-off-by: Chris Wright +--- + +===== arch/ia64/kernel/fsys.S 1.34 vs edited ===== +--- 1.34/arch/ia64/kernel/fsys.S 2005-01-22 22:19:11 +00:00 ++++ edited/arch/ia64/kernel/fsys.S 2005-04-01 00:20:32 +01:00 +@@ -611,8 +611,10 @@ + movl r2=ia64_ret_from_syscall + ;; + mov rp=r2 // set the real return addr +- tbit.z p8,p0=r3,TIF_SYSCALL_TRACE ++ and r3=_TIF_SYSCALL_TRACEAUDIT,r3 + ;; ++ cmp.eq p8,p0=r3,r0 ++ + (p10) br.cond.spnt.many ia64_ret_from_syscall // p10==true means out registers are more than 8 + (p8) br.call.sptk.many b6=b6 // ignore this return addr + br.cond.sptk ia64_trace_syscall +===== arch/ia64/kernel/signal.c 1.49 vs edited ===== +--- 1.49/arch/ia64/kernel/signal.c 2005-01-25 20:23:45 +00:00 ++++ edited/arch/ia64/kernel/signal.c 2005-04-01 00:18:29 +01:00 +@@ -224,7 +224,8 @@ + * could be corrupted. + */ + retval = (long) &ia64_leave_kernel; +- if (test_thread_flag(TIF_SYSCALL_TRACE)) ++ if (test_thread_flag(TIF_SYSCALL_TRACE) ++ || test_thread_flag(TIF_SYSCALL_AUDIT)) + /* + * strace expects to be notified after sigreturn returns even though the + * context to which we return may not be in the middle of a syscall.