Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 25, 2015 at 5:16 AM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> [NOTE: Adding the linux-arm folks to this thread just in case they are
> interested.]
>
> I'm not an ARM expert, but the kernel #define for AUDIT_ARCH_ARMEB
> (below) seems reasonable to me based on the other audit machine
> definitions.  There is clearly a mismatch between the kernel and the
> audit userspace, but I wonder if the issue should be addressed in the
> userspace tools.  Further, you mention kernel 3.14, what happens with
> kernel 3.19 and the most recent audit userspace tools?
>
>   > grep "AUDIT_ARCH_ARMEB" include/uapi/linux/audit.h
>   #define AUDIT_ARCH_ARMEB        (EM_ARM)


1.
if no the below commit, audit-2.3.2 is working;
but after the below commit, audit-2.3.2 is not working.

commit 2f978366984a418f38fcf44137be1fbc5a89cfd9
Author: Will Deacon <will.deacon@xxxxxxx>
Date:   Fri May 4 17:53:52 2012 +0100

    ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless of endianness

    The machine endianness has no direct correspondence to the syscall ABI,
    so use only AUDIT_ARCH_ARM when identifying the ABI to the audit tools
    in userspace.

    Cc: stable@xxxxxxxxxxxxxxx
    Signed-off-by: Will Deacon <will.deacon@xxxxxxx>
    Signed-off-by: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx>

diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index d8dbe9c..9650c14 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -906,12 +906,6 @@ long arch_ptrace(struct task_struct *child, long request,
        return ret;
 }

-#ifdef __ARMEB__
-#define AUDIT_ARCH_NR AUDIT_ARCH_ARMEB
-#else
-#define AUDIT_ARCH_NR AUDIT_ARCH_ARM
-#endif
-
 asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
 {
        unsigned long ip;
@@ -919,7 +913,7 @@ asmlinkage int syscall_trace(int why, struct
pt_regs *regs, int scno)
        if (why)
                audit_syscall_exit(regs);
        else
-               audit_syscall_entry(AUDIT_ARCH_NR, scno, regs->ARM_r0,
+               audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0,
                                    regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);

        if (!test_thread_flag(TIF_SYSCALL_TRACE))


2.

The latest audit has the changeset of 931 [Improve ARM and AARCH64 support],
so audit can work again.


-Roy
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux