From: Klaus Weidner Date: Wed, 16 May 2007 22:45:42 +0000 (-0500) Subject: [PATCH] audit: fix broken class-based syscall audit X-Git-Tag: v2.6.23-rc1~11^2~2 X-Git-Url: http://www.pilppa.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=c926e4f432af0f61ac2b9b637fb51a4871a3fc91;p=linux-2.6-omap-h63xx.git [PATCH] audit: fix broken class-based syscall audit The sanity check in audit_match_class() is wrong. We are able to audit 2048 syscalls but in audit_match_class() we were accidentally using sizeof(_u32) instead of number of bits in _u32 when deciding how many syscalls were valid. On ia64 in particular we were hitting syscall numbers over the (wrong) limit of 256. Fixing the audit_match_class check takes care of the problem. Signed-off-by: Klaus Weidner Signed-off-by: Al Viro --- diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 1bf093dcffe..0ea96bab91c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -304,7 +304,7 @@ int __init audit_register_class(int class, unsigned *list) int audit_match_class(int class, unsigned syscall) { - if (unlikely(syscall >= AUDIT_BITMASK_SIZE * sizeof(__u32))) + if (unlikely(syscall >= AUDIT_BITMASK_SIZE * 32)) return 0; if (unlikely(class >= AUDIT_SYSCALL_CLASSES || !classes[class])) return 0;