Re: audit.50 kernel
On Thu, 2005-05-26 at 11:11 -0500, Timothy R. Chavez wrote:
I'm fine with the hash table piece. It will require more
testing, yes. However,
I'd just like to get the i_audit implementation to a state where Steve can run
it and not crash ;-)... ya know, make sure I address those bugs first and
not allow them to burrow deeper.
OK, let's just do it then. I've asked Steve to try my debugging patch
because I can't reproduce the problem myself -- I get other memory
corruption which might in fact turn out to be related. Once I enable
CONFIG_DEBUG_SLAB I start to see problems when _all_ I do is add one
watch...
passion /root # auditctl -w /var/run/dbus/system_bus_socket -k dbus-test -p rwea
audit(1117124301.017:2): auid=4294967295 inserted watch
slab error in cache_free_debugcheck(): cache `size-32': double free, or memory outside
object was overwritten
[<c014503a>] cache_free_debugcheck+0xc7/0x1b1
[<c0145b47>] kfree+0x4f/0x83
[<c013cd37>] audit_receive_watch+0x3c3/0x3ec
[<c0132f90>] kthread_create+0xed/0xf8
[<c011c2d6>] recalc_task_prio+0x128/0x133
[<c011c7f6>] try_to_wake_up+0x225/0x230
[<c013a4ee>] audit_receive_msg+0x2b1/0x30b
[<c0143fe4>] check_poison_obj+0x28/0x177
[<c013a57a>] audit_receive_skb+0x32/0x70
[<c013a5e1>] audit_receive+0x29/0x80
[<c02886d7>] netlink_data_ready+0x14/0x44
[<c0287d9b>] netlink_sendskb+0x52/0x6c
[<c02884f2>] netlink_sendmsg+0x269/0x278
[<c026e459>] sock_sendmsg+0xdb/0xf7
[<c0141060>] buffered_rmqueue+0x17d/0x1a5
[<c011f6ee>] autoremove_wake_function+0x0/0x2d
[<c026f723>] sys_sendto+0xc7/0xe2
[<c011a65b>] do_page_fault+0x1ae/0x5b6
[<c01a1c17>] avc_has_perm_noaudit+0x2d/0xda
[<c026e1a6>] sock_map_file+0x98/0x107
[<c014cc71>] __vma_link+0x59/0x66
[<c014ccc2>] vma_link+0x44/0xbc
[<c026ff3a>] sys_socketcall+0x16a/0x1fb
[<c02c9f3b>] syscall_call+0x7/0xb
e9c168dc: redzone 1: 0x170fc2a5, redzone 2: 0x170fc200.
No rules
AUDIT_WATCH_LIST: dev=3:1, path=/var/run/dbus/system_bus_socket, filterkey=dbus-test,
perms=rwea, valid=0
passion /root #
--
dwmw2