Re. 2.6.15-mm1

Etienne Lorrain etienne_lorrain at yahoo.fr
Fri Jan 6 19:28:50 UTC 2006


--- David Woodhouse <dwmw2 at infradead.org> wrote:
> On Fri, 2006-01-06 at 11:18 +0100, Etienne Lorrain wrote:
> > > Please could you tell me the line of code which corresponds to
> > > '__audit_inode+0xba/0x190'? Assuming your kernel was compiled
> > > with debugging information, you can do this by loading your
> > > vmlinux into gdb and issuing the command
> > > 'list *__audit_inode+0xba'.
> > 
> >   I'll do that tonight, but I probably have to recompile.
> 
> OK, thanks. You shouldn't necessarily need to reproduce the problem;

 I did not have to recompile, here is the log of GDB session:

[etienne at localhost linux-2.6.15-mm1-1]$ gdb vmlinux
GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library
"/lib/libthread_db.so.1".

(gdb) list *__audit_inode+0xba
0xc013da3a is in __audit_inode (kernel/auditsc.c:998).
993                     context->names[idx].name = NULL;
994     #if AUDIT_DEBUG
995                     ++context->ino_count;
996     #endif
997             }
998             context->names[idx].dev   = inode->i_sb->s_dev;
999             context->names[idx].mode  = inode->i_mode;
1000            context->names[idx].uid   = inode->i_uid;
1001            context->names[idx].gid   = inode->i_gid;
1002            context->names[idx].rdev  = inode->i_rdev;
(gdb) x/16b __audit_inode+0xba
0xc013da3a <__audit_inode+186>: 0x8b    0x40    0x08    0x89    0x45    0x48    0x0f   
0xb7
0xc013da42 <__audit_inode+194>: 0x42    0x28    0x66    0x89    0x45    0x4c    0x8b   
0x42
(gdb) disas *__audit_inode
Dump of assembler code for function __audit_inode:
0xc013d980 <__audit_inode+0>:   sub    $0x1c,%esp
0xc013d983 <__audit_inode+3>:   mov    $0xfffff000,%eax
0xc013d988 <__audit_inode+8>:   mov    %ebx,0xc(%esp)
0xc013d98c <__audit_inode+12>:  mov    %esi,0x10(%esp)
0xc013d990 <__audit_inode+16>:  mov    %edi,0x14(%esp)
0xc013d994 <__audit_inode+20>:  mov    %ebp,0x18(%esp)
0xc013d998 <__audit_inode+24>:  and    %esp,%eax
0xc013d99a <__audit_inode+26>:  mov    (%eax),%eax
0xc013d99c <__audit_inode+28>:  mov    0x4ac(%eax),%eax
0xc013d9a2 <__audit_inode+34>:  mov    %eax,0x8(%esp)
0xc013d9a6 <__audit_inode+38>:  mov    (%eax),%edx
0xc013d9a8 <__audit_inode+40>:  test   %edx,%edx
0xc013d9aa <__audit_inode+42>:  je     0xc013dab8 <__audit_inode+312>
0xc013d9b0 <__audit_inode+48>:  mov    0x38(%eax),%ebx
0xc013d9b3 <__audit_inode+51>:  test   %ebx,%ebx
0xc013d9b5 <__audit_inode+53>:  je     0xc013d9d8 <__audit_inode+88>
0xc013d9b7 <__audit_inode+55>:  lea    0xffffffff(%ebx),%edx
0xc013d9ba <__audit_inode+58>:  mov    0x8(%esp),%ecx
0xc013d9be <__audit_inode+62>:  mov    %edx,%eax
0xc013d9c0 <__audit_inode+64>:  shl    $0x5,%eax
0xc013d9c3 <__audit_inode+67>:  lea    (%eax,%edx,4),%eax
0xc013d9c6 <__audit_inode+70>:  mov    0x3c(%eax,%ecx,1),%eax
0xc013d9ca <__audit_inode+74>:  test   %eax,%eax
0xc013d9cc <__audit_inode+76>:  je     0xc013d9d8 <__audit_inode+88>
0xc013d9ce <__audit_inode+78>:  cmp    %eax,0x20(%esp)
0xc013d9d2 <__audit_inode+82>:  je     0xc013db01 <__audit_inode+385>
0xc013d9d8 <__audit_inode+88>:  cmp    $0x1,%ebx
0xc013d9db <__audit_inode+91>:  jle    0xc013d9fe <__audit_inode+126>
0xc013d9dd <__audit_inode+93>:  lea    0xfffffffe(%ebx),%edx
0xc013d9e0 <__audit_inode+96>:  mov    0x8(%esp),%ecx
0xc013d9e4 <__audit_inode+100>: mov    %edx,%eax
0xc013d9e6 <__audit_inode+102>: shl    $0x5,%eax
0xc013d9e9 <__audit_inode+105>: lea    (%eax,%edx,4),%eax
0xc013d9ec <__audit_inode+108>: mov    0x3c(%eax,%ecx,1),%eax
0xc013d9f0 <__audit_inode+112>: test   %eax,%eax
0xc013d9f2 <__audit_inode+114>: je     0xc013d9fe <__audit_inode+126>
0xc013d9f4 <__audit_inode+116>: cmp    %eax,0x20(%esp)
0xc013d9f8 <__audit_inode+120>: je     0xc013db01 <__audit_inode+385>
0xc013d9fe <__audit_inode+126>: cmp    $0xc,%ebx
0xc013da01 <__audit_inode+129>: jg     0xc013dab8 <__audit_inode+312>
0xc013da07 <__audit_inode+135>: mov    0x8(%esp),%edx
0xc013da0b <__audit_inode+139>: lea    0x1(%ebx),%eax
0xc013da0e <__audit_inode+142>: mov    %eax,0x38(%edx)
0xc013da11 <__audit_inode+145>: mov    %ebx,%eax
0xc013da13 <__audit_inode+147>: shl    $0x5,%eax
0xc013da16 <__audit_inode+150>: lea    (%eax,%ebx,4),%eax
0xc013da19 <__audit_inode+153>: movl   $0x0,0x3c(%eax,%edx,1)
0xc013da21 <__audit_inode+161>: mov    %ebx,%eax
0xc013da23 <__audit_inode+163>: mov    0x24(%esp),%edx
0xc013da27 <__audit_inode+167>: mov    0x8(%esp),%ecx
0xc013da2b <__audit_inode+171>: shl    $0x5,%eax
0xc013da2e <__audit_inode+174>: lea    (%eax,%ebx,4),%eax
0xc013da31 <__audit_inode+177>: lea    (%eax,%ecx,1),%ebp
0xc013da34 <__audit_inode+180>: mov    0xc4(%edx),%eax
0xc013da3a <__audit_inode+186>: mov    0x8(%eax),%eax
0xc013da3d <__audit_inode+189>: mov    %eax,0x48(%ebp)
0xc013da40 <__audit_inode+192>: movzwl 0x28(%edx),%eax
0xc013da44 <__audit_inode+196>: mov    %ax,0x4c(%ebp)
0xc013da48 <__audit_inode+200>: mov    0x30(%edx),%eax
0xc013da4b <__audit_inode+203>: mov    %eax,0x50(%ebp)
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) quit
[etienne at localhost linux-2.6.15-mm1-1]$

  Hope that helps,
  Etienne.


	

	
		
___________________________________________________________________________ 
Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international.
Téléchargez sur http://fr.messenger.yahoo.com




More information about the Linux-audit mailing list