[PATCH] Audit: EINTR instead of kernel private return codes in audit records
Eric Paris
eparis at redhat.com
Sun Nov 18 01:58:33 UTC 2007
On Wed, 2007-11-14 at 16:17 -0500, Steve Grubb wrote:
> On Wednesday 14 November 2007 16:07:42 Eric Paris wrote:
> > It should be slightly faster <snip>
> >
> > We would also be picking up ENOIOCTLCMD but that shoudln't be seen on
> > this code path, so I guess it doesn't matter.
>
> Right, the note in the top of include/linux/errno.h says these should not be
> seen by userspace. So, ENOIOCTLCMD is invalid if we ever saw it. But what
> about the NFSv3 errnos (in the same file)? Do we need to worry about those?
So I started looking at these and I like my patch the way I sent it.
Although ENOIOCTLCMD, ENOTSUPP, ETOOSMALL, ESERVERFAULT, EIOCBQUEUED,
and EIOCBRETRY are not supposed to be valid return codes first glance
leads me to believe they could all slip back into userspace. None of
them are later rewritten after we collect the return code in the audit
system. It would be absolutely wrong for the audit system to translate
even ENOIOCTLCMD to anything else if this is what was actually returned
to the process.
I suggest the patch be added exactly the way I sent it, as the speed up
suggested (using >= && <=) could give incorrect audit messages vs what
actually happened.
-Eric
More information about the Linux-audit
mailing list