From 015d991f7d97783f7220445960c0369b3e54ed08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=94=A1=E6=AD=A3=E9=BE=99?= Date: Fri, 20 Dec 2013 10:04:10 +0800 Subject: alpha: Enable system-call auditing support. Signed-off-by: Zhenglong.cai Signed-off-by: Matt Turner --- arch/alpha/Kconfig | 3 ++ arch/alpha/include/asm/ptrace.h | 5 +++ arch/alpha/include/asm/thread_info.h | 2 ++ arch/alpha/kernel/Makefile | 1 + arch/alpha/kernel/audit.c | 60 ++++++++++++++++++++++++++++++++++++ arch/alpha/kernel/entry.S | 6 +++- arch/alpha/kernel/ptrace.c | 4 +++ 7 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 arch/alpha/kernel/audit.c (limited to 'arch') diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig index d39dc9b..f23ab8b 100644 --- a/arch/alpha/Kconfig +++ b/arch/alpha/Kconfig @@ -16,6 +16,7 @@ config ALPHA select ARCH_WANT_IPC_PARSE_VERSION select ARCH_HAVE_NMI_SAFE_CMPXCHG select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE + select AUDIT_ARCH select GENERIC_CLOCKEVENTS select GENERIC_SMP_IDLE_THREAD select GENERIC_STRNCPY_FROM_USER @@ -76,6 +77,8 @@ config GENERIC_ISA_DMA source "init/Kconfig" source "kernel/Kconfig.freezer" +config AUDIT_ARCH + bool menu "System setup" diff --git a/arch/alpha/include/asm/ptrace.h b/arch/alpha/include/asm/ptrace.h index 2112850..9047c2f 100644 --- a/arch/alpha/include/asm/ptrace.h +++ b/arch/alpha/include/asm/ptrace.h @@ -19,4 +19,9 @@ #define force_successful_syscall_return() (current_pt_regs()->r0 = 0) +static inline unsigned long regs_return_value(struct pt_regs *regs) +{ + return regs->r0; +} + #endif diff --git a/arch/alpha/include/asm/thread_info.h b/arch/alpha/include/asm/thread_info.h index 453597b..3d6ce6d 100644 --- a/arch/alpha/include/asm/thread_info.h +++ b/arch/alpha/include/asm/thread_info.h @@ -70,6 +70,7 @@ register struct thread_info *__current_thread_info __asm__("$8"); #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ #define TIF_SIGPENDING 2 /* signal pending */ #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ +#define TIF_SYSCALL_AUDIT 4 /* syscall audit active */ #define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */ #define TIF_MEMDIE 13 /* is terminating due to OOM killer */ @@ -77,6 +78,7 @@ register struct thread_info *__current_thread_info __asm__("$8"); #define _TIF_SIGPENDING (1< +#include +#include +#include + +static unsigned dir_class[] = { +#include +~0U +}; + +static unsigned read_class[] = { +#include +~0U +}; + +static unsigned write_class[] = { +#include +~0U +}; + +static unsigned chattr_class[] = { +#include +~0U +}; + +static unsigned signal_class[] = { +#include +~0U +}; + +int audit_classify_arch(int arch) +{ + return 0; +} + +int audit_classify_syscall(int abi, unsigned syscall) +{ + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_execve: + return 5; + default: + return 0; + } +} + +static int __init audit_classes_init(void) +{ + audit_register_class(AUDIT_CLASS_WRITE, write_class); + audit_register_class(AUDIT_CLASS_READ, read_class); + audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); + audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); + audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); + return 0; +} + +__initcall(audit_classes_init); diff --git a/arch/alpha/kernel/entry.S b/arch/alpha/kernel/entry.S index a969b95..98703d9 100644 --- a/arch/alpha/kernel/entry.S +++ b/arch/alpha/kernel/entry.S @@ -465,7 +465,11 @@ entSys: .cfi_rel_offset $16, SP_OFF+24 .cfi_rel_offset $17, SP_OFF+32 .cfi_rel_offset $18, SP_OFF+40 - blbs $3, strace +#ifdef CONFIG_AUDITSYSCALL + lda $6, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT + and $3, $6, $3 +#endif + bne $3, strace beq $4, 1f ldq $27, 0($5) 1: jsr $26, ($27), alpha_ni_syscall diff --git a/arch/alpha/kernel/ptrace.c b/arch/alpha/kernel/ptrace.c index 2a4a80f..86d8351 100644 --- a/arch/alpha/kernel/ptrace.c +++ b/arch/alpha/kernel/ptrace.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -316,15 +317,18 @@ long arch_ptrace(struct task_struct *child, long request, asmlinkage unsigned long syscall_trace_enter(void) { unsigned long ret = 0; + struct pt_regs *regs = current_pt_regs(); if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(current_pt_regs())) ret = -1UL; + audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19); return ret ?: current_pt_regs()->r0; } asmlinkage void syscall_trace_leave(void) { + audit_syscall_exit(current_pt_regs()); if (test_thread_flag(TIF_SYSCALL_TRACE)) tracehook_report_syscall_exit(current_pt_regs(), 0); } -- cgit v1.1 From 7a017721283d3fd011a41884fd8e99beae8fe831 Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Tue, 25 Feb 2014 18:16:24 +0900 Subject: audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL Currently AUDITSYSCALL has a long list of architecture depencency: depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT) || ALPHA) The purpose of this patch is to replace it with HAVE_ARCH_AUDITSYSCALL for simplicity. Signed-off-by: AKASHI Takahiro Acked-by: Will Deacon (arm) Acked-by: Richard Guy Briggs (audit) Acked-by: Matt Turner (alpha) Acked-by: Michael Ellerman (powerpc) Signed-off-by: Eric Paris --- arch/alpha/Kconfig | 1 + arch/arm/Kconfig | 1 + arch/ia64/Kconfig | 1 + arch/parisc/Kconfig | 1 + arch/powerpc/Kconfig | 1 + arch/s390/Kconfig | 1 + arch/sh/Kconfig | 1 + arch/sparc/Kconfig | 1 + arch/um/Kconfig.common | 1 + arch/x86/Kconfig | 1 + 10 files changed, 10 insertions(+) (limited to 'arch') diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig index f23ab8b..437ef0d 100644 --- a/arch/alpha/Kconfig +++ b/arch/alpha/Kconfig @@ -21,6 +21,7 @@ config ALPHA select GENERIC_SMP_IDLE_THREAD select GENERIC_STRNCPY_FROM_USER select GENERIC_STRNLEN_USER + select HAVE_ARCH_AUDITSYSCALL select HAVE_MOD_ARCH_SPECIFIC select MODULES_USE_ELF_RELA select ODD_RT_SIGACTION diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index c1f1a7e..cf69f89 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -23,6 +23,7 @@ config ARM select GENERIC_STRNCPY_FROM_USER select GENERIC_STRNLEN_USER select HARDIRQS_SW_RESEND + select HAVE_ARCH_AUDITSYSCALL if (AEABI && !OABI_COMPAT) select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL select HAVE_ARCH_KGDB select HAVE_ARCH_SECCOMP_FILTER if (AEABI && !OABI_COMPAT) diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig index 4e4119b..9143d91 100644 --- a/arch/ia64/Kconfig +++ b/arch/ia64/Kconfig @@ -43,6 +43,7 @@ config IA64 select HAVE_MOD_ARCH_SPECIFIC select MODULES_USE_ELF_RELA select ARCH_USE_CMPXCHG_LOCKREF + select HAVE_ARCH_AUDITSYSCALL default y help The Itanium Processor Family is Intel's 64-bit successor to diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index b5f1858..0821e83 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -28,6 +28,7 @@ config PARISC select CLONE_BACKWARDS select TTY # Needed for pdc_cons.c select HAVE_DEBUG_STACKOVERFLOW + select HAVE_ARCH_AUDITSYSCALL help The PA-RISC microprocessor is designed by Hewlett-Packard and used diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index b44b52c..96627d6 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -139,6 +139,7 @@ config PPC select OLD_SIGACTION if PPC32 select HAVE_DEBUG_STACKOVERFLOW select HAVE_IRQ_EXIT_ON_IRQ_STACK + select HAVE_ARCH_AUDITSYSCALL config GENERIC_CSUM def_bool CPU_LITTLE_ENDIAN diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index e9f3125..a17c7f5 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -103,6 +103,7 @@ config S390 select GENERIC_SMP_IDLE_THREAD select GENERIC_TIME_VSYSCALL select HAVE_ALIGNED_STRUCT_PAGE if SLUB + select HAVE_ARCH_AUDITSYSCALL select HAVE_ARCH_JUMP_LABEL if !MARCH_G5 select HAVE_ARCH_SECCOMP_FILTER select HAVE_ARCH_TRACEHOOK diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index 9b0979f..675fb7c 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig @@ -42,6 +42,7 @@ config SUPERH select MODULES_USE_ELF_RELA select OLD_SIGSUSPEND select OLD_SIGACTION + select HAVE_ARCH_AUDITSYSCALL help The SuperH is a RISC processor targeted for use in embedded systems and consumer electronics; it was also used in the Sega Dreamcast diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig index d4f7a6a..7f7ad7e 100644 --- a/arch/sparc/Kconfig +++ b/arch/sparc/Kconfig @@ -76,6 +76,7 @@ config SPARC64 select ARCH_HAVE_NMI_SAFE_CMPXCHG select HAVE_C_RECORDMCOUNT select NO_BOOTMEM + select HAVE_ARCH_AUDITSYSCALL config ARCH_DEFCONFIG string diff --git a/arch/um/Kconfig.common b/arch/um/Kconfig.common index 21ca44c..6915d28 100644 --- a/arch/um/Kconfig.common +++ b/arch/um/Kconfig.common @@ -1,6 +1,7 @@ config UML bool default y + select HAVE_ARCH_AUDITSYSCALL select HAVE_UID16 select GENERIC_IRQ_SHOW select GENERIC_CPU_DEVICES diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 0952ecd..56f47caf 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -125,6 +125,7 @@ config X86 select RTC_LIB select HAVE_DEBUG_STACKOVERFLOW select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 + select HAVE_ARCH_AUDITSYSCALL config INSTRUCTION_DECODER def_bool y -- cgit v1.1 From 5e937a9ae9137899c6641d718bd3820861099a09 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Tue, 11 Mar 2014 12:48:43 -0400 Subject: syscall_get_arch: remove useless function arguments Every caller of syscall_get_arch() uses current for the task and no implementors of the function need args. So just get rid of both of those things. Admittedly, since these are inline functions we aren't wasting stack space, but it just makes the prototypes better. Signed-off-by: Eric Paris Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux390@de.ibm.com Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linux-arch@vger.kernel.org --- arch/arm/include/asm/syscall.h | 3 +-- arch/mips/include/asm/syscall.h | 2 +- arch/mips/kernel/ptrace.c | 2 +- arch/s390/include/asm/syscall.h | 5 ++--- arch/x86/include/asm/syscall.h | 8 +++----- 5 files changed, 8 insertions(+), 12 deletions(-) (limited to 'arch') diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h index 73ddd723..ed805f1 100644 --- a/arch/arm/include/asm/syscall.h +++ b/arch/arm/include/asm/syscall.h @@ -103,8 +103,7 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0])); } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { /* ARM tasks don't change audit architectures on the fly. */ return AUDIT_ARCH_ARM; diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h index 81c8913..625e709 100644 --- a/arch/mips/include/asm/syscall.h +++ b/arch/mips/include/asm/syscall.h @@ -101,7 +101,7 @@ extern const unsigned long sys_call_table[]; extern const unsigned long sys32_call_table[]; extern const unsigned long sysn32_call_table[]; -static inline int __syscall_get_arch(void) +static inline int syscall_get_arch(void) { int arch = EM_MIPS; #ifdef CONFIG_64BIT diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c index b52e1d2..65ba622 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c @@ -671,7 +671,7 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->regs[2]); - audit_syscall_entry(__syscall_get_arch(), + audit_syscall_entry(syscall_get_arch(), regs->regs[2], regs->regs[4], regs->regs[5], regs->regs[6], regs->regs[7]); diff --git a/arch/s390/include/asm/syscall.h b/arch/s390/include/asm/syscall.h index cd29d2f..bebc0bd 100644 --- a/arch/s390/include/asm/syscall.h +++ b/arch/s390/include/asm/syscall.h @@ -89,11 +89,10 @@ static inline void syscall_set_arguments(struct task_struct *task, regs->orig_gpr2 = args[0]; } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { #ifdef CONFIG_COMPAT - if (test_tsk_thread_flag(task, TIF_31BIT)) + if (test_tsk_thread_flag(current, TIF_31BIT)) return AUDIT_ARCH_S390; #endif return sizeof(long) == 8 ? AUDIT_ARCH_S390X : AUDIT_ARCH_S390; diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h index aea284b..7e6d0c4 100644 --- a/arch/x86/include/asm/syscall.h +++ b/arch/x86/include/asm/syscall.h @@ -91,8 +91,7 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s->bx + i, args, n * sizeof(args[0])); } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { return AUDIT_ARCH_I386; } @@ -221,8 +220,7 @@ static inline void syscall_set_arguments(struct task_struct *task, } } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { #ifdef CONFIG_IA32_EMULATION /* @@ -234,7 +232,7 @@ static inline int syscall_get_arch(struct task_struct *task, * * x32 tasks should be considered AUDIT_ARCH_X86_64. */ - if (task_thread_info(task)->status & TS_COMPAT) + if (task_thread_info(current)->status & TS_COMPAT) return AUDIT_ARCH_I386; #endif /* Both x32 and x86_64 are considered "64-bit". */ -- cgit v1.1 From 579ec9e1ab0bdca2dbc3c942aa1a530a6ec8c349 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Tue, 11 Mar 2014 12:55:42 -0400 Subject: audit: use uapi/linux/audit.h for AUDIT_ARCH declarations The syscall.h headers were including linux/audit.h but really only needed the uapi/linux/audit.h to get the requisite defines. Switch to the uapi headers. Signed-off-by: Eric Paris Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux-s390@vger.kernel.org Cc: x86@kernel.org --- arch/arm/include/asm/syscall.h | 2 +- arch/mips/include/asm/syscall.h | 2 +- arch/s390/include/asm/syscall.h | 2 +- arch/x86/include/asm/syscall.h | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'arch') diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h index ed805f1..4651f69 100644 --- a/arch/arm/include/asm/syscall.h +++ b/arch/arm/include/asm/syscall.h @@ -7,7 +7,7 @@ #ifndef _ASM_ARM_SYSCALL_H #define _ASM_ARM_SYSCALL_H -#include /* for AUDIT_ARCH_* */ +#include /* for AUDIT_ARCH_* */ #include /* for ELF_EM */ #include #include diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h index 625e709..fc556d8 100644 --- a/arch/mips/include/asm/syscall.h +++ b/arch/mips/include/asm/syscall.h @@ -13,7 +13,7 @@ #ifndef __ASM_MIPS_SYSCALL_H #define __ASM_MIPS_SYSCALL_H -#include +#include #include #include #include diff --git a/arch/s390/include/asm/syscall.h b/arch/s390/include/asm/syscall.h index bebc0bd..7776870 100644 --- a/arch/s390/include/asm/syscall.h +++ b/arch/s390/include/asm/syscall.h @@ -12,7 +12,7 @@ #ifndef _ASM_SYSCALL_H #define _ASM_SYSCALL_H 1 -#include +#include #include #include #include diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h index 7e6d0c4..d6a756a 100644 --- a/arch/x86/include/asm/syscall.h +++ b/arch/x86/include/asm/syscall.h @@ -13,7 +13,7 @@ #ifndef _ASM_X86_SYSCALL_H #define _ASM_X86_SYSCALL_H -#include +#include #include #include #include /* For NR_syscalls */ -- cgit v1.1