3 files changed, 39 insertions, 21 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 426ab9f4dd85..6e1c533f9b46 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -430,6 +430,7 @@ extern void audit_putname(const char *name);
 extern void __audit_inode(const char *name, const struct dentry *dentry);
 extern void __audit_inode_child(const struct dentry *dentry,
                                const struct inode *parent);
+extern void __audit_seccomp(unsigned long syscall);
 extern void __audit_ptrace(struct task_struct *t);
 static inline int audit_dummy_context(void)
@@ -453,6 +454,12 @@ static inline void audit_inode_child(const struct dentry *dentry,
 }
 void audit_core_dumps(long signr);
+static inline void audit_seccomp(unsigned long syscall)
+{
+        if (unlikely(!audit_dummy_context()))
+                __audit_seccomp(syscall);
+}
 static inline void audit_ptrace(struct task_struct *t)
 {
        if (unlikely(!audit_dummy_context()))
@@ -558,6 +565,7 @@ extern int audit_signals;
 #define audit_inode(n,d) do { (void)(d); } while (0)
 #define audit_inode_child(i,p) do { ; } while (0)
 #define audit_core_dumps(i) do { ; } while (0)
+#define audit_seccomp(i) do { ; } while (0)
 #define auditsc_get_stamp(c,t,s) (0)
 #define audit_get_loginuid(t) (-1)
 #define audit_get_sessionid(t) (-1)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7c495147c3d9..e9bcb93800d8 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2529,6 +2529,25 @@ void __audit_mmap_fd(int fd, int flags)
        context->type = AUDIT_MMAP;
 }
+static void audit_log_abend(struct audit_buffer *ab, char *reason, long signr)
+{
+        uid_t auid, uid;
+        gid_t gid;
+        unsigned int sessionid;
+        auid = audit_get_loginuid(current);
+        sessionid = audit_get_sessionid(current);
+        current_uid_gid(&uid, &gid);
+        audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
+                         auid, uid, gid, sessionid);
+        audit_log_task_context(ab);
+        audit_log_format(ab, " pid=%d comm=", current->pid);
+        audit_log_untrustedstring(ab, current->comm);
+        audit_log_format(ab, " reason=");
+        audit_log_string(ab, reason);
+        audit_log_format(ab, " sig=%ld", signr);
+}
 /**
 * audit_core_dumps - record information about processes that end abnormally
 * @signr: signal value
@@ -2539,10 +2558,6 @@ void __audit_mmap_fd(int fd, int flags)
 void audit_core_dumps(long signr)
 {
        struct audit_buffer *ab;
-        u32 sid;
-        uid_t auid = audit_get_loginuid(current), uid;
-        gid_t gid;
-        unsigned int sessionid = audit_get_sessionid(current);
        if (!audit_enabled)
                return;
@@ -2551,24 +2566,17 @@ void audit_core_dumps(long signr)
                return;
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
-        current_uid_gid(&uid, &gid);
+        audit_log_abend(ab, "memory violation", signr);
-        audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
+        audit_log_end(ab);
-                         auid, uid, gid, sessionid);
+}
-        security_task_getsecid(current, &sid);
-        if (sid) {
-                char *ctx = NULL;
-                u32 len;
-                if (security_secid_to_secctx(sid, &ctx, &len))
+void __audit_seccomp(unsigned long syscall)
-                        audit_log_format(ab, " ssid=%u", sid);
+{
-                else {
+        struct audit_buffer *ab;
-                        audit_log_format(ab, " subj=%s", ctx);
-                        security_release_secctx(ctx, len);
+        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
-                }
+        audit_log_abend(ab, "seccomp", SIGKILL);
-        }
+        audit_log_format(ab, " syscall=%ld", syscall);
-        audit_log_format(ab, " pid=%d comm=", current->pid);
-        audit_log_untrustedstring(ab, current->comm);
-        audit_log_format(ab, " sig=%ld", signr);
        audit_log_end(ab);
 }
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 57d4b13b631d..e8d76c5895ea 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -6,6 +6,7 @@
 * This defines a simple but solid secure-computing mode.
 */
+#include <linux/audit.h>
 #include <linux/seccomp.h>
 #include <linux/sched.h>
 #include <linux/compat.h>
@@ -54,6 +55,7 @@ void __secure_computing(int this_syscall)
 #ifdef SECCOMP_DEBUG
        dump_stack();
 #endif
+        audit_seccomp(this_syscall);
        do_exit(SIGKILL);
 }

diff --git a/include/linux/audit.h b/include/linux/audit.h index 426ab9f4dd85..6e1c533f9b46 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -430,6 +430,7 @@ extern void audit_putname(const char *name);
430	extern void __audit_inode(const char name, const struct dentry dentry);	430	extern void __audit_inode(const char name, const struct dentry dentry);
431	extern void __audit_inode_child(const struct dentry *dentry,	431	extern void __audit_inode_child(const struct dentry *dentry,
432	const struct inode *parent);	432	const struct inode *parent);
		433	extern void __audit_seccomp(unsigned long syscall);
433	extern void __audit_ptrace(struct task_struct *t);	434	extern void __audit_ptrace(struct task_struct *t);
434		435
435	static inline int audit_dummy_context(void)	436	static inline int audit_dummy_context(void)
@@ -453,6 +454,12 @@ static inline void audit_inode_child(const struct dentry *dentry,
453	}	454	}
454	void audit_core_dumps(long signr);	455	void audit_core_dumps(long signr);
455		456
		457	static inline void audit_seccomp(unsigned long syscall)
		458	{
		459	if (unlikely(!audit_dummy_context()))
		460	__audit_seccomp(syscall);
		461	}
		462
456	static inline void audit_ptrace(struct task_struct *t)	463	static inline void audit_ptrace(struct task_struct *t)
457	{	464	{
458	if (unlikely(!audit_dummy_context()))	465	if (unlikely(!audit_dummy_context()))
@@ -558,6 +565,7 @@ extern int audit_signals;
558	#define audit_inode(n,d) do { (void)(d); } while (0)	565	#define audit_inode(n,d) do { (void)(d); } while (0)
559	#define audit_inode_child(i,p) do { ; } while (0)	566	#define audit_inode_child(i,p) do { ; } while (0)
560	#define audit_core_dumps(i) do { ; } while (0)	567	#define audit_core_dumps(i) do { ; } while (0)
		568	#define audit_seccomp(i) do { ; } while (0)
561	#define auditsc_get_stamp(c,t,s) (0)	569	#define auditsc_get_stamp(c,t,s) (0)
562	#define audit_get_loginuid(t) (-1)	570	#define audit_get_loginuid(t) (-1)
563	#define audit_get_sessionid(t) (-1)	571	#define audit_get_sessionid(t) (-1)


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7c495147c3d9..e9bcb93800d8 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -2529,6 +2529,25 @@ void __audit_mmap_fd(int fd, int flags)
2529	context->type = AUDIT_MMAP;	2529	context->type = AUDIT_MMAP;
2530	}	2530	}
2531		2531
		2532	static void audit_log_abend(struct audit_buffer ab, char reason, long signr)
		2533	{
		2534	uid_t auid, uid;
		2535	gid_t gid;
		2536	unsigned int sessionid;
		2537
		2538	auid = audit_get_loginuid(current);
		2539	sessionid = audit_get_sessionid(current);
		2540	current_uid_gid(&uid, &gid);
		2541
		2542	audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
		2543	auid, uid, gid, sessionid);
		2544	audit_log_task_context(ab);
		2545	audit_log_format(ab, " pid=%d comm=", current->pid);
		2546	audit_log_untrustedstring(ab, current->comm);
		2547	audit_log_format(ab, " reason=");
		2548	audit_log_string(ab, reason);
		2549	audit_log_format(ab, " sig=%ld", signr);
		2550	}
2532	/**	2551	/**
2533	* audit_core_dumps - record information about processes that end abnormally	2552	* audit_core_dumps - record information about processes that end abnormally
2534	* @signr: signal value	2553	* @signr: signal value
@@ -2539,10 +2558,6 @@ void __audit_mmap_fd(int fd, int flags)
2539	void audit_core_dumps(long signr)	2558	void audit_core_dumps(long signr)
2540	{	2559	{
2541	struct audit_buffer *ab;	2560	struct audit_buffer *ab;
2542	u32 sid;
2543	uid_t auid = audit_get_loginuid(current), uid;
2544	gid_t gid;
2545	unsigned int sessionid = audit_get_sessionid(current);
2546		2561
2547	if (!audit_enabled)	2562	if (!audit_enabled)
2548	return;	2563	return;
@@ -2551,24 +2566,17 @@ void audit_core_dumps(long signr)
2551	return;	2566	return;
2552		2567
2553	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);	2568	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
2554	current_uid_gid(&uid, &gid);	2569	audit_log_abend(ab, "memory violation", signr);
2555	audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",	2570	audit_log_end(ab);
2556	auid, uid, gid, sessionid);	2571	}
2557	security_task_getsecid(current, &sid);
2558	if (sid) {
2559	char *ctx = NULL;
2560	u32 len;
2561		2572
2562	if (security_secid_to_secctx(sid, &ctx, &len))	2573	void __audit_seccomp(unsigned long syscall)
2563	audit_log_format(ab, " ssid=%u", sid);	2574	{
2564	else {	2575	struct audit_buffer *ab;
2565	audit_log_format(ab, " subj=%s", ctx);	2576
2566	security_release_secctx(ctx, len);	2577	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
2567	}	2578	audit_log_abend(ab, "seccomp", SIGKILL);
2568	}	2579	audit_log_format(ab, " syscall=%ld", syscall);
2569	audit_log_format(ab, " pid=%d comm=", current->pid);
2570	audit_log_untrustedstring(ab, current->comm);
2571	audit_log_format(ab, " sig=%ld", signr);
2572	audit_log_end(ab);	2580	audit_log_end(ab);
2573	}	2581	}
2574		2582


diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 57d4b13b631d..e8d76c5895ea 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c
@@ -6,6 +6,7 @@
6	* This defines a simple but solid secure-computing mode.	6	* This defines a simple but solid secure-computing mode.
7	*/	7	*/
8		8
		9	#include <linux/audit.h>
9	#include <linux/seccomp.h>	10	#include <linux/seccomp.h>
10	#include <linux/sched.h>	11	#include <linux/sched.h>
11	#include <linux/compat.h>	12	#include <linux/compat.h>
@@ -54,6 +55,7 @@ void __secure_computing(int this_syscall)
54	#ifdef SECCOMP_DEBUG	55	#ifdef SECCOMP_DEBUG
55	dump_stack();	56	dump_stack();
56	#endif	57	#endif
		58	audit_seccomp(this_syscall);
57	do_exit(SIGKILL);	59	do_exit(SIGKILL);
58	}	60	}
59		61