In the ia32entry syscall exit audit fastpath we have assembly code which calls
audit_syscall_exit directly. This code was, however, incorrectly zeroing
the upper 32 bits of the return code. It then proceeded to do a 32bit check
for positive/negative to determine the syscalls success. This meant that
syscalls like mmap2 which might return a very large 32 bit address as the
pointer would be mistaken for a negative return code. It also meant that
negative return codes would be mistaken for 32 bit numbers on output.
The fix is to not zero the upper 32 bits of the return value and to do a full
64bit negative/postive determination for syscall success.
Old record returning a pointer:
type=SYSCALL msg=audit(1305733850.639:224): arch=40000003 syscall=192 success=no
exit=4151844864
New Record with positive/negative test fixing "success":
type=SYSCALL msg=audit(1305733850.639:224): arch=40000003 syscall=192 success=yes
exit=4151844864
Old record returning an error:
type=SYSCALL msg=audit(1306197182.256:281): arch=40000003 syscall=192 success=no
exit=4294967283
New record returning -13:
type=SYSCALL msg=audit(1306197182.256:281): arch=40000003 syscall=192 success=no exit=-13
Signed-off-by: Eric Paris <eparis(a)redhat.com>
---
arch/x86/ia32/ia32entry.S | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index c1870dd..b2bea0a 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -209,14 +209,14 @@ sysexit_from_sys_call:
jnz ia32_ret_from_sys_call
TRACE_IRQS_ON
sti
- movl %eax,%esi /* second arg, syscall return value */
- cmpl $0,%eax /* is it < 0? */
+ movq %rax,%rsi /* second arg, syscall return value */
+ cmpq $0,%rax /* is it < 0? */
setl %al /* 1 if so, 0 if not */
movzbl %al,%edi /* zero-extend that into %edi */
inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
call audit_syscall_exit
GET_THREAD_INFO(%r10)
- movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */
+ movq RAX-ARGOFFSET(%rsp),%rax /* reload syscall return value */
movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi
cli
TRACE_IRQS_OFF