lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110608163653.GA9592@redhat.com>
Date:	Wed, 8 Jun 2011 18:36:53 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Eric Paris <eparis@...hat.com>
Cc:	linux-kernel@...r.kernel.org, tony.luck@...el.com,
	fenghua.yu@...el.com, monstr@...str.eu, ralf@...ux-mips.org,
	benh@...nel.crashing.org, paulus@...ba.org, schwidefsky@...ibm.com,
	heiko.carstens@...ibm.com, linux390@...ibm.com,
	lethal@...ux-sh.org, davem@...emloft.net, jdike@...toit.com,
	richard@....at, tglx@...utronix.de, mingo@...hat.com,
	hpa@...or.com, x86@...nel.org, viro@...iv.linux.org.uk,
	akpm@...ux-foundation.org, linux-ia64@...r.kernel.org,
	microblaze-uclinux@...e.uq.edu.au, linux-mips@...ux-mips.org,
	linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
	linux-sh@...r.kernel.org, sparclinux@...r.kernel.org,
	user-mode-linux-devel@...ts.sourceforge.net
Subject: Re: [PATCH -v2] Audit: push audit success and retcode into arch
	ptrace.h

On 06/07, Eric Paris wrote:
>
> On Tue, 2011-06-07 at 19:19 +0200, Oleg Nesterov wrote:
> >
> > With or without this patch, can't we call audit_syscall_exit() twice
> > if there is something else in _TIF_WORK_SYSCALL_EXIT mask apart from
> > SYSCALL_AUDIT ? First time it is called from asm, then from
> > syscall_trace_leave(), no?
> >
> > For example. The task has TIF_SYSCALL_AUDIT and nothing else, it does
> > system_call->auditsys->system_call_fastpath. What if it gets, say,
> > TIF_SYSCALL_TRACE before ret_from_sys_call?
>
> No harm is done calling twice.  The first call will do the real work and
> cleanup.  It will set a flag in the audit data that the work has been
> done (in_syscall == 0) thus the second call will then not do any real
> work and won't have anything to clean up.

Hmm... and I assume context->previous != NULL is not possible on x86_64.
OK, thanks.

And I guess, all CONFIG_AUDITSYSCALL code in entry.S is only needed to
microoptimize the case when TIF_SYSCALL_AUDIT is the only reason for the
slow path. I wonder if it really makes the measureble difference...

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ