Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3596374pxj; Tue, 11 May 2021 07:53:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxZHVCNXksuWLti/L5h0llAuh44qzwhS4vK2RAVcCQxC/lIZEVixPdN54pJ6hXdmVJ7c+KE X-Received: by 2002:aa7:cd90:: with SMTP id x16mr36743878edv.182.1620744785699; Tue, 11 May 2021 07:53:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620744785; cv=none; d=google.com; s=arc-20160816; b=tM1uaHwz3VIYl++pm+DkBhBvTVps27CNdxtmySkjY0Vloj6jK4OiCDpenKTMpfQNTx 2jkfmEVSNUcTots6UPmc+wpHY6tpxLnj4ngXMZ4eVksiPQXp0R4F3SplRx50xtNYmuNL VAkqrOWKk0DZazdxZQ9ZjBvHz6kPSPh/h9sXfM7mGfS5YTeQfFdOfMZxbAwddNr3Nm5H G+++XawBy1Z1thF12XSi7I/br//4PXKBdXPTfFDM8G3o9JnT0+5Zt7aXY2HUXrjto83E VREeNgg6lCN0I+YbLk7Cmu2JCQVhv76SaLeJNi8lmETax9CiqlowWzaCUdxw5sZ+PRsf /Fjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9kHw7pNQPBdOqfK9M7S599Sb7absGKA5ntaivvMQmEc=; b=IZCOGEfcZHIXOAZm0YIkXuXCFn/ZZxkQoLViUbuFQdj+ATY9c0tnjG5vhugD9Pnmct kpIGGYatzz2s933teVbO5gKt7rNwX+mLh2NOWIKCsK+gNoJSFhjTJfI48lIASt9bu/Ht R426Cy1ZDfs0/AGUcxt4wj3tKC758gSo45RJlept7A3RgpolgqobpmrrPMOTAcWPJO3v gny3lnPP1WhcXEC52rWlNwj6aOawiPs0QT2L54mXyj7kMnqBG6y0WLYTNtziqaU+CcgE Z3R/kbig+xge3B65k91P4GpikpdANQda//+qN922S2DxfW/V8M+ni+B6rF52DzfOOjXn cw1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=l0Aj1l8G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gu8si17343985ejb.497.2021.05.11.07.52.41; Tue, 11 May 2021 07:53:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=l0Aj1l8G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231681AbhEKOwl (ORCPT + 99 others); Tue, 11 May 2021 10:52:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53944 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231461AbhEKOwk (ORCPT ); Tue, 11 May 2021 10:52:40 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1A3DC061574 for ; Tue, 11 May 2021 07:51:33 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id c22so2077416ejd.12 for ; Tue, 11 May 2021 07:51:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9kHw7pNQPBdOqfK9M7S599Sb7absGKA5ntaivvMQmEc=; b=l0Aj1l8G2tqpw7hRA4dGCHbFOrXIZiYU2naM9qT3fCkEMGIc0gXlGSAv8a+WQdIAPY ZGV9xQLO3HDfolvdpmkZBDovyF0nTVTrPLC/IYDex1QtrZ/hJvOb1asl0eAEu/HPMI4c SXKdR1Q6XrkIMOQU4RaChHHCvrg7axYULBh24acONkhEXfGIKZCCQNsbe+7PWYGBYmD/ Uid2ak7cToXSBBgmMo9AgcvEWSGBe/mLETiEFrUMqet3oqqedVlfqOPeEUKuTlbiK7XF LsVk96OWZsH4/fVQDWbbnSyZSKkeR3rb6wKSQCJl6l+N/OQB52UBi4GquM7UIPrYpd1g 5P0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9kHw7pNQPBdOqfK9M7S599Sb7absGKA5ntaivvMQmEc=; b=QwDx3ykfOvSUCQuACt0PMc/8tEvm9gFRrBvLjMyCRWIzoMeWt0IaCPDlMRZFyGZA4b ZKWZ+pSyxZdZ9YmduCE8Ti8LQSbSCXK7gIzrtXy1vzzUTACGdxFBuBAXPWMODcBvXGTT mxdYOBe3GykK3+0QUQ3W+YvTSSO6zf8Foa8OKhVceqA3YlAxLNiIKR59WAQoH7lwST4f mPoCsyRU4ROE2fqGFGgmxsmyK9M4nCCuJ13riUeJWGw61Mj9CEEEpB2/1draPB9BoB3z E4bbqxxEozEEixpjkXEMhJl1vVcSMGZXWf8boe8pw3u7XpuhD1b39t03grpH/PhwwhdA Bimg== X-Gm-Message-State: AOAM533UHPy3qoGmnv/83WOffJW6cVcuPle9ZRnrfb5MuGzMkI+RtNFS C4Df8ZG/nnxPM/o/t2GQVzrLFpntskD1caAbxMO0 X-Received: by 2002:a17:906:f283:: with SMTP id gu3mr31849943ejb.91.1620744692432; Tue, 11 May 2021 07:51:32 -0700 (PDT) MIME-Version: 1.0 References: <20210423103533.30121-1-zhe.he@windriver.com> <20210423103533.30121-3-zhe.he@windriver.com> In-Reply-To: From: Paul Moore Date: Tue, 11 May 2021 10:51:21 -0400 Message-ID: Subject: Re: [PATCH v2 3/3] audit: Use syscall_get_return_value to get syscall return code in audit_syscall_exit To: He Zhe Cc: oleg@redhat.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, Eric Paris , linux-audit@redhat.com, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 10, 2021 at 11:19 PM He Zhe wrote: > On 5/11/21 6:38 AM, Paul Moore wrote: > > On Fri, Apr 23, 2021 at 6:36 AM He Zhe wrote: > >> regs_return_value for some architectures like arm64 simply retrieve > >> register value from pt_regs without sign extension in 32-bit compatible > >> case and cause audit to have false syscall return code. For example, > >> 32-bit -13 would be treated as 4294967283 below. > >> > >> type=SYSCALL msg=audit(1611110715.887:582): arch=40000028 syscall=322 > >> success=yes exit=4294967283 > >> > >> We just added proper sign extension in syscall_get_return_value which > >> should be used instead. > >> > >> Signed-off-by: He Zhe > >> --- > >> v1 to v2: No change > >> > >> include/linux/audit.h | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > > > > Perhaps I missed it but did you address the compile error that was > > found by the kernel test robot? > > I sent a patch adding syscall_get_return_value for alpha to fix this bot warning. > https://lore.kernel.org/lkml/20210426091629.45020-1-zhe.he@windriver.com/ > which can be found in this mail thread. At the very least you should respin the patchset with the alpha fix included in the patchset; it's a bit messy otherwise. > >> diff --git a/include/linux/audit.h b/include/linux/audit.h > >> index 82b7c1116a85..135adbe22c19 100644 > >> --- a/include/linux/audit.h > >> +++ b/include/linux/audit.h > >> @@ -334,7 +334,7 @@ static inline void audit_syscall_exit(void *pt_regs) > >> { > >> if (unlikely(audit_context())) { > >> int success = is_syscall_success(pt_regs); > > > > Since we are shifting to use syscall_get_return_value() below, would > > it also make sense to shift to using syscall_get_error() here instead > > of is_syscall_success()? > > In [PATCH v2 1/3], is_syscall_success calls syscall_get_return_value to take > care of the sign extension issue. Keeping using is_syscall_success is to not > potentially changing other architectures' behavior. That was only for aarch64, right? What about all the other architectures? The comment block for syscall_get_return_value() advises that syscall_get_error() should be used and that appears to be what is done in the ptrace code. -- paul moore www.paul-moore.com