Re: [PATCH] audit: ia32entry.S drops useful return value sign bits

On 05/23/2011 09:19 PM, H. Peter Anvin wrote: Possibly so (I'm not convinced), but not a fixable problem given the bug for bug compatibility requirements of the kernel. The syscall return value (either rax or eax) is passed to audit_syscall_exit() which believes it is a long (aka s64). It builds a string buffer using sprintf("%ld") and then exports that buffer to userspace via a netlink socket. That buffer gets dumped as a raw string into a file. Some tools may later process the strings. Getting the right string into the netlink socket is what I consider the unchangeable ABI. Prior to 5cbf1565f29eb57a this was all handled by normal 64bit C code which did exactly what I'm describing here. It never needlessly truncated the return code to 32 bits on ia32exit. Solving that regression is what I'm fixing. This is at syscall exit, in 64bit mode, so rax is going to contain a 64bit version of the return code. I'm not trying to hand 64 bit values back to a 32 bit process. The code converts the return value using %ld and then dumps it as a string to auditd. Even if auditd was 32bit, it's not processing the string, just writing it to a file. Obviously we agree there is a second problem not addressed in this patch (that many arches uses +/- instead of >=-MAX_ERRNO) but the fact that we have a regression in which the assembly removes the sign and then passes the now truncated value to a function expecting a long is the problem of this patch. I could paper over the problem in the audit code, doing my own sign craziness based on the arch, but I think the real problem is in the assembly dropping information needlessly..... -Eric