First Last Prev Next    This bug is not in your last search results.
Bug 234426 - LSPP: Interrupted syscalls do not have the correct errno value in the audit log
LSPP: Interrupted syscalls do not have the correct errno value in the audit log
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Eric Paris
Martin Jenner
:
Depends On:
Blocks: 425461
  Show dependency treegraph
 
Reported: 2007-03-29 01:31 EDT by Paul Moore
Modified: 2008-05-21 10:42 EDT (History)
5 users (show)

See Also:
Fixed In Version: RHBA-2008-0314
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 10:42:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Simple test case (2.27 KB, text/x-csrc)
2007-05-07 10:31 EDT, Paul Moore 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Paul Moore 2007-03-29 01:31:07 EDT 
Description of problem:
If a syscall is interrupted by a signal the errno value recorded in the audit 
log is -512 (-ERESTARTSYS) which is a private, kernel-only errno value and 
does not reflect what is seen in userspace, 4 (EINTR).  I would expect that 
the errno value recorded in the audit log should match what is seen in 
userspace.

Version-Release number of selected component (if applicable):
RHEL5 lspp.70 kernel

How reproducible:
Every time, both if syscall is restarted or not

Steps to Reproduce:
1. Run an application which does the following:
   * Installs a signal handler for SIGALRM
   * Disable syscall restarts for SIGALRM
   * Set an alarm for a future time
   * Block in a syscall
2. Check audit logs and notice that the syscall failed with errno=-512
  
Actual results:
The audit log reports an errno of -512 (-ERESTARTSYS).

Expected results:
The audit log reports an errno of -4 (-EINTR).

Additional info:
This bug is *not* blocking the LSPP certification efforts of HP, Red Hat, and 
IBM.
Comment 1 Jay Turner 2007-05-03 15:17:43 EDT 
QE ack for RHEL5.1.  Would be good to get a testcase generated and aligned
against this issue.
Comment 2 Paul Moore 2007-05-07 10:31:25 EDT 
Created attachment 154267 [details]
Simple test case

As outlined in the original bug description, the test for this is rather
trivial; a crude test case is attached.  Simply compile the testcase, run the
resulting binary, and wait for it to timeout via the self-generated alarm
signal.  Check the audit log and viola, one strange audit record.
Comment 6 RHEL Product and Program Management 2007-11-01 14:25:36 EDT 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 7 Eric Paris 2007-11-14 15:23:03 EST 
potential patch sent to linux-audit Nov 14 from Eric Paris
Comment 9 Don Zickus 2008-01-10 15:39:42 EST 
in 2.6.18-66.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 11 Mike Gahagan 2008-05-05 16:44:26 EDT 
verified using the test case on the -92.el5 kernel.
Comment 13 errata-xmlrpc 2008-05-21 10:42:14 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0314.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.