[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [patch 058/209] audit: rework execve audit



Hi,

I was testing our rawhide kernel and I'm scrolling these errors:

WARNING: at kernel/auditsc.c:859 audit_log_execve_info() (Not tainted)

Call Trace:
 [<ffffffff8106b06f>] audit_log_exit+0x5d7/0x964
 [<ffffffff81050805>] trace_hardirqs_on+0x12e/0x151
 [<ffffffff8106b60b>] audit_syscall_exit+0x9b/0x300
 [<ffffffff8100ee62>] syscall_trace_leave+0x2c/0x87
 [<ffffffff8100beb1>] int_very_careful+0x3a/0x43


> From: Peter Zijlstra <a p zijlstra chello nl>
> diff -puN kernel/auditsc.c~audit-rework-execve-audit kernel/auditsc.c
> --- a/kernel/auditsc.c~audit-rework-execve-audit
> +++ a/kernel/auditsc.c
> @@ -831,6 +831,55 @@ static int audit_log_pid_context(struct
>  	return rc;
>  }
>
> +static void audit_log_execve_info(struct audit_buffer *ab,
> +		struct audit_aux_data_execve *axi)
> +{
> +	int i;
> +	long len, ret;
> +	const char __user *p = (const char __user *)axi->mm->arg_start;
> +	char *buf;
> +
> +	if (axi->mm != current->mm)
> +		return; /* execve failed, no additional info */
> +
> +	for (i = 0; i < axi->argc; i++, p += len) {
> +		len = strnlen_user(p, MAX_ARG_PAGES*PAGE_SIZE);
> +		/*
> +		 * We just created this mm, if we can't find the strings
> +		 * we just copied into it something is _very_ wrong. Similar
> +		 * for strings that are too long, we should not have created
> +		 * any.
> +		 */
> +		if (!len || len > MAX_ARG_STRLEN) {
> +			WARN_ON(1);
> +			send_sig(SIGKILL, current, 0);
> +		}

Which is right here ^^^

Any ideas?

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]