[RFC][PATCH 1/3] (#7U1) file system auditing

Stephen Smalley sds at tycho.nsa.gov
Fri Apr 22 15:22:00 UTC 2005 

On Thu, 2005-04-21 at 22:46 +0000, Timothy R. Chavez wrote:
> Updated patches... Please patch, compile and give a quick test so we can push 
> this all to LKML.  Please be weary, these haven't been tested on an SMP 
> machine yet.  I'm hoping my changes fixed the deadlock issue, though.
> 
> [PATCH 1/3]  
> 
> At the bottom of this message, below the changelog, is the kernel patch for 
> file systeming auditing diffed against linux-2.6.12-mm2-rc1

Oopses for me upon auditctl -l with the updated auditctl.

Apr 22 11:27:51 moss-huskers kernel: eip: c014602a
Apr 22 11:27:51 moss-huskers kernel: ------------[ cut here ]------------
Apr 22 11:27:51 moss-huskers kernel: kernel BUG at include/asm/spinlock.h:136!
Apr 22 11:27:51 moss-huskers kernel: invalid operand: 0000 [#1]
Apr 22 11:27:51 moss-huskers kernel: SMP
Apr 22 11:27:51 moss-huskers kernel: Modules linked in: radeon parport_pc lp parport autofs4 i2c_dev i2c_core nfs lockd sunrpc ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables dm_mod video hotkey button battery ac md5 ipv6 uhci_hcd snd_intel8x0m snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc 3c59x mii floppy ext3 jbd
Apr 22 11:27:51 moss-huskers kernel: CPU:    0
Apr 22 11:27:51 moss-huskers kernel: EIP:    0060:[<c0334919>]    Not tainted VLI
Apr 22 11:27:51 moss-huskers kernel: EFLAGS: 00010292   (2.6.12-rc2-mm1)
Apr 22 11:27:51 moss-huskers kernel: EIP is at _spin_lock+0x39/0x50
Apr 22 11:27:51 moss-huskers kernel: eax: 00000011   ebx: c049bd14   ecx: c0387a04   edx: 00000200
Apr 22 11:27:51 moss-huskers kernel: esi: 00000000   edi: 00000001   ebp: f0f6cca0   esp: f0f6cc94
Apr 22 11:27:51 moss-huskers kernel: ds: 007b   es: 007b   ss: 0068
Apr 22 11:27:51 moss-huskers kernel: Process auditctl (pid: 16028, threadinfo=f0f6c000 task=f7c52550)
Apr 22 11:27:51 moss-huskers kernel: Stack: c0349739 c014602a f3d93800 f0f6ccc8 c014602a f0f6ccfc f0f6cd10 c01c81e0
Apr 22 11:27:51 moss-huskers kernel:        00400000 00003e9c f3d93800 f25d2680 000003ea f0f6cd2c c01434a0 f1e11200
Apr 22 11:27:51 moss-huskers kernel:        00000000 00000000 00000000 00000000 00000000 03ea0000 00000000 f3d93810
Apr 22 11:27:51 moss-huskers kernel: Call Trace:
Apr 22 11:27:51 moss-huskers kernel:  [<c010505a>] show_stack+0x7a/0x90
Apr 22 11:27:51 moss-huskers kernel:  [<c01051e2>] show_registers+0x152/0x1d0
Apr 22 11:27:51 moss-huskers kernel:  [<c01053fd>] die+0xed/0x170
Apr 22 11:27:51 moss-huskers kernel:  [<c01057f5>] do_invalid_op+0xa5/0xb0
Apr 22 11:27:51 moss-huskers kernel:  [<c0104c93>] error_code+0x4f/0x54
Apr 22 11:27:51 moss-huskers kernel:  [<c014602a>] audit_list_watches+0x1a/0x80
Apr 22 11:27:51 moss-huskers kernel:  [<c01434a0>] audit_receive_msg+0x90/0x290
Apr 22 11:27:51 moss-huskers kernel:  [<c01436d5>] audit_receive_skb+0x35/0x80
Apr 22 11:27:51 moss-huskers kernel:  [<c0143757>] audit_receive+0x37/0xc0
Apr 22 11:27:51 moss-huskers kernel:  [<c02e33c2>] netlink_data_ready+0x52/0x60
Apr 22 11:27:51 moss-huskers kernel:  [<c02e2723>] netlink_sendskb+0x23/0x70
Apr 22 11:27:51 moss-huskers kernel:  [<c02e30dd>] netlink_sendmsg+0x25d/0x2e0
Apr 22 11:27:51 moss-huskers kernel:  [<c02c4727>] sock_sendmsg+0xe7/0x110
Apr 22 11:27:51 moss-huskers kernel:  [<c02c5c2b>] sys_sendto+0xcb/0xf0
Apr 22 11:27:51 moss-huskers kernel:  [<c02c64d2>] sys_socketcall+0x182/0x230
Apr 22 11:27:51 moss-huskers kernel:  [<c01040b3>] sysenter_past_esp+0x54/0x75
Apr 22 11:27:51 moss-huskers kernel: Code: ad de 75 14 f0 fe 0b 79 09 f3 90 80 3b 00 7e f9 eb f2 83 c4 08 5b 5d c3 c7 04 24 39 97 34 c0 8b 45 04 89 44 24 04
e8 a7 f8 de ff <0f> 0b 88 00 76 8e 34 c0 eb cf 8d b6 00 00 00 00 8d bc 27 00 00

-- 
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency

More information about the Linux-audit mailing list