[PATCH] audit: fix broken class-based syscall audit The sanity check in audit_match_class() is wrong. We are able to audit 2048 syscalls but in audit_match_class() we were accidentally using sizeof(_u32) instead of number of bits in _u32 when deciding how many syscalls were valid. On ia64 in particular we were hitting syscall numbers over the (wrong) limit of 256. Fixing the audit_match_class check takes care of the problem. Signed-off-by: Klaus Weidner <klaus@atsec.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: c926e4f432af0f61ac2b9b637fb51a4871a3fc91 [log] [tgz]
author: Klaus Weidner <klaus@atsec.com> Wed May 16 17:45:42 2007 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> Sun Jul 22 09:57:02 2007 -0400
tree: 732a5e76f2405ed84915997b59f8bad921d7ac04
parent: 5b9a4262232d632c28990fcdf4f36d0e0ade5f18 [diff] [blame]
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 1bf093d..0ea96ba 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c

@@ -304,7 +304,7 @@
 
 int audit_match_class(int class, unsigned syscall)
 {
-	if (unlikely(syscall >= AUDIT_BITMASK_SIZE * sizeof(__u32)))
+	if (unlikely(syscall >= AUDIT_BITMASK_SIZE * 32))
 		return 0;
 	if (unlikely(class >= AUDIT_SYSCALL_CLASSES || !classes[class]))
 		return 0;
commit	c926e4f432af0f61ac2b9b637fb51a4871a3fc91	[log] [tgz]
author	Klaus Weidner <klaus@atsec.com>	Wed May 16 17:45:42 2007 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	Sun Jul 22 09:57:02 2007 -0400
tree	732a5e76f2405ed84915997b59f8bad921d7ac04
parent	5b9a4262232d632c28990fcdf4f36d0e0ade5f18 [diff] [blame]