aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2005-07-10 22:29:45 -0400
committerDavid S. Miller <davem@davemloft.net>2005-07-10 22:29:45 -0400
commitf7ceba360cce9af3fbc4e5a5b1bd40b570b7021c (patch)
tree1d138496048bbf5851cd60dee7acb912cffc6971
parent8d8a64796fdee4e20355c6c12c9cc630a2e7494d (diff)
[SPARC64]: Add syscall auditing support.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--arch/sparc64/kernel/entry.S10
-rw-r--r--arch/sparc64/kernel/ptrace.c32
-rw-r--r--include/asm-sparc64/thread_info.h8
-rw-r--r--include/linux/audit.h2
-rw-r--r--init/Kconfig2
5 files changed, 41 insertions, 13 deletions
diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S
index 8b7ed760c50e..d781f10adc52 100644
--- a/arch/sparc64/kernel/entry.S
+++ b/arch/sparc64/kernel/entry.S
@@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0
1552 nop 1552 nop
1553 .align 32 1553 .align 32
15541: ldx [%curptr + TI_FLAGS], %l5 15541: ldx [%curptr + TI_FLAGS], %l5
1555 andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 1555 andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
1556 be,pt %icc, rtrap 1556 be,pt %icc, rtrap
1557 clr %l6 1557 clr %l6
1558 add %sp, PTREGS_OFF, %o0 1558 add %sp, PTREGS_OFF, %o0
@@ -1679,7 +1679,7 @@ linux_sparc_syscall32:
1679 1679
1680 srl %i5, 0, %o5 ! IEU1 1680 srl %i5, 0, %o5 ! IEU1
1681 srl %i2, 0, %o2 ! IEU0 Group 1681 srl %i2, 0, %o2 ! IEU0 Group
1682 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU0 Group 1682 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
1683 bne,pn %icc, linux_syscall_trace32 ! CTI 1683 bne,pn %icc, linux_syscall_trace32 ! CTI
1684 mov %i0, %l5 ! IEU1 1684 mov %i0, %l5 ! IEU1
1685 call %l7 ! CTI Group brk forced 1685 call %l7 ! CTI Group brk forced
@@ -1702,7 +1702,7 @@ linux_sparc_syscall:
1702 1702
1703 mov %i3, %o3 ! IEU1 1703 mov %i3, %o3 ! IEU1
1704 mov %i4, %o4 ! IEU0 Group 1704 mov %i4, %o4 ! IEU0 Group
1705 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU1 Group+1 bubble 1705 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
1706 bne,pn %icc, linux_syscall_trace ! CTI Group 1706 bne,pn %icc, linux_syscall_trace ! CTI Group
1707 mov %i0, %l5 ! IEU0 1707 mov %i0, %l5 ! IEU0
17082: call %l7 ! CTI Group brk forced 17082: call %l7 ! CTI Group brk forced
@@ -1730,7 +1730,7 @@ ret_sys_call:
17301: 17301:
1731 cmp %o0, -ERESTART_RESTARTBLOCK 1731 cmp %o0, -ERESTART_RESTARTBLOCK
1732 bgeu,pn %xcc, 1f 1732 bgeu,pn %xcc, 1f
1733 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6 1733 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6
173480: 173480:
1735 /* System call success, clear Carry condition code. */ 1735 /* System call success, clear Carry condition code. */
1736 andn %g3, %g2, %g3 1736 andn %g3, %g2, %g3
@@ -1745,7 +1745,7 @@ ret_sys_call:
1745 /* System call failure, set Carry condition code. 1745 /* System call failure, set Carry condition code.
1746 * Also, get abs(errno) to return to the process. 1746 * Also, get abs(errno) to return to the process.
1747 */ 1747 */
1748 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6 1748 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6
1749 sub %g0, %o0, %o0 1749 sub %g0, %o0, %o0
1750 or %g3, %g2, %g3 1750 or %g3, %g2, %g3
1751 stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] 1751 stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
index c57dc9ea731b..23ad839d113f 100644
--- a/arch/sparc64/kernel/ptrace.c
+++ b/arch/sparc64/kernel/ptrace.c
@@ -19,6 +19,8 @@
19#include <linux/smp.h> 19#include <linux/smp.h>
20#include <linux/smp_lock.h> 20#include <linux/smp_lock.h>
21#include <linux/security.h> 21#include <linux/security.h>
22#include <linux/seccomp.h>
23#include <linux/audit.h>
22#include <linux/signal.h> 24#include <linux/signal.h>
23 25
24#include <asm/asi.h> 26#include <asm/asi.h>
@@ -633,10 +635,22 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
633 /* do the secure computing check first */ 635 /* do the secure computing check first */
634 secure_computing(regs->u_regs[UREG_G1]); 636 secure_computing(regs->u_regs[UREG_G1]);
635 637
636 if (!test_thread_flag(TIF_SYSCALL_TRACE)) 638 if (unlikely(current->audit_context) && syscall_exit_p) {
637 return; 639 unsigned long tstate = regs->tstate;
640 int result = AUDITSC_SUCCESS;
641
642 if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY)))
643 result = AUDITSC_FAILURE;
644
645 audit_syscall_exit(current, result, regs->u_regs[UREG_I0]);
646 }
647
638 if (!(current->ptrace & PT_PTRACED)) 648 if (!(current->ptrace & PT_PTRACED))
639 return; 649 goto out;
650
651 if (!test_thread_flag(TIF_SYSCALL_TRACE))
652 goto out;
653
640 ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) 654 ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
641 ? 0x80 : 0)); 655 ? 0x80 : 0));
642 656
@@ -649,4 +663,16 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
649 send_sig(current->exit_code, current, 1); 663 send_sig(current->exit_code, current, 1);
650 current->exit_code = 0; 664 current->exit_code = 0;
651 } 665 }
666
667out:
668 if (unlikely(current->audit_context) && !syscall_exit_p)
669 audit_syscall_entry(current,
670 (test_thread_flag(TIF_32BIT) ?
671 AUDIT_ARCH_SPARC :
672 AUDIT_ARCH_SPARC64),
673 regs->u_regs[UREG_G1],
674 regs->u_regs[UREG_I0],
675 regs->u_regs[UREG_I1],
676 regs->u_regs[UREG_I2],
677 regs->u_regs[UREG_I3]);
652} 678}
diff --git a/include/asm-sparc64/thread_info.h b/include/asm-sparc64/thread_info.h
index 6b2fbb89bb63..a1d25c06f92a 100644
--- a/include/asm-sparc64/thread_info.h
+++ b/include/asm-sparc64/thread_info.h
@@ -221,7 +221,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
221#define TIF_32BIT 7 /* 32-bit binary */ 221#define TIF_32BIT 7 /* 32-bit binary */
222#define TIF_NEWCHILD 8 /* just-spawned child process */ 222#define TIF_NEWCHILD 8 /* just-spawned child process */
223#define TIF_SECCOMP 9 /* secure computing */ 223#define TIF_SECCOMP 9 /* secure computing */
224#define TIF_POLLING_NRFLAG 10 224#define TIF_SYSCALL_AUDIT 10 /* syscall auditing active */
225#define TIF_SYSCALL_SUCCESS 11 225#define TIF_SYSCALL_SUCCESS 11
226/* NOTE: Thread flags >= 12 should be ones we have no interest 226/* NOTE: Thread flags >= 12 should be ones we have no interest
227 * in using in assembly, else we can't use the mask as 227 * in using in assembly, else we can't use the mask as
@@ -229,6 +229,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
229 */ 229 */
230#define TIF_ABI_PENDING 12 230#define TIF_ABI_PENDING 12
231#define TIF_MEMDIE 13 231#define TIF_MEMDIE 13
232#define TIF_POLLING_NRFLAG 14
232 233
233#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) 234#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
234#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) 235#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
@@ -240,9 +241,10 @@ register struct thread_info *current_thread_info_reg asm("g6");
240#define _TIF_32BIT (1<<TIF_32BIT) 241#define _TIF_32BIT (1<<TIF_32BIT)
241#define _TIF_NEWCHILD (1<<TIF_NEWCHILD) 242#define _TIF_NEWCHILD (1<<TIF_NEWCHILD)
242#define _TIF_SECCOMP (1<<TIF_SECCOMP) 243#define _TIF_SECCOMP (1<<TIF_SECCOMP)
243#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) 244#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
244#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
245#define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS) 245#define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS)
246#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
247#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
246 248
247#define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \ 249#define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \
248 (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | \ 250 (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | \
diff --git a/include/linux/audit.h b/include/linux/audit.h
index bf2ad3ba72eb..68aba0c02e49 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -165,7 +165,7 @@
165#define AUDIT_ARCH_SH64 (EM_SH|__AUDIT_ARCH_64BIT) 165#define AUDIT_ARCH_SH64 (EM_SH|__AUDIT_ARCH_64BIT)
166#define AUDIT_ARCH_SHEL64 (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) 166#define AUDIT_ARCH_SHEL64 (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
167#define AUDIT_ARCH_SPARC (EM_SPARC) 167#define AUDIT_ARCH_SPARC (EM_SPARC)
168#define AUDIT_ARCH_SPARC64 (EM_SPARC64|__AUDIT_ARCH_64BIT) 168#define AUDIT_ARCH_SPARC64 (EM_SPARCV9|__AUDIT_ARCH_64BIT)
169#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) 169#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
170#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) 170#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
171 171
diff --git a/init/Kconfig b/init/Kconfig
index b1091d7542ce..75755ef50c89 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -174,7 +174,7 @@ config AUDIT
174 174
175config AUDITSYSCALL 175config AUDITSYSCALL
176 bool "Enable system-call auditing support" 176 bool "Enable system-call auditing support"
177 depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML) 177 depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML || SPARC64)
178 default y if SECURITY_SELINUX 178 default y if SECURITY_SELINUX
179 help 179 help
180 Enable low-overhead system-call auditing infrastructure that 180 Enable low-overhead system-call auditing infrastructure that