diff options
author | 蔡正龙 <zhenglong.cai@cs2c.com.cn> | 2013-12-19 21:04:10 -0500 |
---|---|---|
committer | Matt Turner <mattst88@gmail.com> | 2014-01-31 12:21:55 -0500 |
commit | a9302e8439445710552886e7b623dbcfa943a1f2 (patch) | |
tree | f81ad376d8143a745d6f3c1d775ab28f353e75ae | |
parent | e7651b819e90da924991d727d3c007200a18670d (diff) |
alpha: Enable system-call auditing support.
Signed-off-by: Zhenglong.cai <zhenglong.cai@cs2c.com.cn>
Signed-off-by: Matt Turner <mattst88@gmail.com>
-rw-r--r-- | arch/alpha/Kconfig | 3 | ||||
-rw-r--r-- | arch/alpha/include/asm/ptrace.h | 5 | ||||
-rw-r--r-- | arch/alpha/include/asm/thread_info.h | 2 | ||||
-rw-r--r-- | arch/alpha/kernel/Makefile | 1 | ||||
-rw-r--r-- | arch/alpha/kernel/audit.c | 60 | ||||
-rw-r--r-- | arch/alpha/kernel/entry.S | 6 | ||||
-rw-r--r-- | arch/alpha/kernel/ptrace.c | 4 | ||||
-rw-r--r-- | init/Kconfig | 2 |
8 files changed, 81 insertions, 2 deletions
diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig index 97a2d9a096b9..f6c6b345388c 100644 --- a/arch/alpha/Kconfig +++ b/arch/alpha/Kconfig | |||
@@ -17,6 +17,7 @@ config ALPHA | |||
17 | select ARCH_WANT_IPC_PARSE_VERSION | 17 | select ARCH_WANT_IPC_PARSE_VERSION |
18 | select ARCH_HAVE_NMI_SAFE_CMPXCHG | 18 | select ARCH_HAVE_NMI_SAFE_CMPXCHG |
19 | select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE | 19 | select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE |
20 | select AUDIT_ARCH | ||
20 | select GENERIC_CLOCKEVENTS | 21 | select GENERIC_CLOCKEVENTS |
21 | select GENERIC_SMP_IDLE_THREAD | 22 | select GENERIC_SMP_IDLE_THREAD |
22 | select GENERIC_STRNCPY_FROM_USER | 23 | select GENERIC_STRNCPY_FROM_USER |
@@ -77,6 +78,8 @@ config GENERIC_ISA_DMA | |||
77 | source "init/Kconfig" | 78 | source "init/Kconfig" |
78 | source "kernel/Kconfig.freezer" | 79 | source "kernel/Kconfig.freezer" |
79 | 80 | ||
81 | config AUDIT_ARCH | ||
82 | bool | ||
80 | 83 | ||
81 | menu "System setup" | 84 | menu "System setup" |
82 | 85 | ||
diff --git a/arch/alpha/include/asm/ptrace.h b/arch/alpha/include/asm/ptrace.h index 21128505ddbe..9047c2fe8f23 100644 --- a/arch/alpha/include/asm/ptrace.h +++ b/arch/alpha/include/asm/ptrace.h | |||
@@ -19,4 +19,9 @@ | |||
19 | 19 | ||
20 | #define force_successful_syscall_return() (current_pt_regs()->r0 = 0) | 20 | #define force_successful_syscall_return() (current_pt_regs()->r0 = 0) |
21 | 21 | ||
22 | static inline unsigned long regs_return_value(struct pt_regs *regs) | ||
23 | { | ||
24 | return regs->r0; | ||
25 | } | ||
26 | |||
22 | #endif | 27 | #endif |
diff --git a/arch/alpha/include/asm/thread_info.h b/arch/alpha/include/asm/thread_info.h index 453597b91f3a..3d6ce6d56fc9 100644 --- a/arch/alpha/include/asm/thread_info.h +++ b/arch/alpha/include/asm/thread_info.h | |||
@@ -70,6 +70,7 @@ register struct thread_info *__current_thread_info __asm__("$8"); | |||
70 | #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ | 70 | #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ |
71 | #define TIF_SIGPENDING 2 /* signal pending */ | 71 | #define TIF_SIGPENDING 2 /* signal pending */ |
72 | #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ | 72 | #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ |
73 | #define TIF_SYSCALL_AUDIT 4 /* syscall audit active */ | ||
73 | #define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */ | 74 | #define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */ |
74 | #define TIF_MEMDIE 13 /* is terminating due to OOM killer */ | 75 | #define TIF_MEMDIE 13 /* is terminating due to OOM killer */ |
75 | 76 | ||
@@ -77,6 +78,7 @@ register struct thread_info *__current_thread_info __asm__("$8"); | |||
77 | #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) | 78 | #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) |
78 | #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) | 79 | #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) |
79 | #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) | 80 | #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) |
81 | #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) | ||
80 | 82 | ||
81 | /* Work to do on interrupt/exception return. */ | 83 | /* Work to do on interrupt/exception return. */ |
82 | #define _TIF_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \ | 84 | #define _TIF_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \ |
diff --git a/arch/alpha/kernel/Makefile b/arch/alpha/kernel/Makefile index 0d54650e78fc..3ecac0106c8a 100644 --- a/arch/alpha/kernel/Makefile +++ b/arch/alpha/kernel/Makefile | |||
@@ -17,6 +17,7 @@ obj-$(CONFIG_SRM_ENV) += srm_env.o | |||
17 | obj-$(CONFIG_MODULES) += module.o | 17 | obj-$(CONFIG_MODULES) += module.o |
18 | obj-$(CONFIG_PERF_EVENTS) += perf_event.o | 18 | obj-$(CONFIG_PERF_EVENTS) += perf_event.o |
19 | obj-$(CONFIG_RTC_DRV_ALPHA) += rtc.o | 19 | obj-$(CONFIG_RTC_DRV_ALPHA) += rtc.o |
20 | obj-$(CONFIG_AUDIT) += audit.o | ||
20 | 21 | ||
21 | ifdef CONFIG_ALPHA_GENERIC | 22 | ifdef CONFIG_ALPHA_GENERIC |
22 | 23 | ||
diff --git a/arch/alpha/kernel/audit.c b/arch/alpha/kernel/audit.c new file mode 100644 index 000000000000..96a9d18ff4c4 --- /dev/null +++ b/arch/alpha/kernel/audit.c | |||
@@ -0,0 +1,60 @@ | |||
1 | #include <linux/init.h> | ||
2 | #include <linux/types.h> | ||
3 | #include <linux/audit.h> | ||
4 | #include <asm/unistd.h> | ||
5 | |||
6 | static unsigned dir_class[] = { | ||
7 | #include <asm-generic/audit_dir_write.h> | ||
8 | ~0U | ||
9 | }; | ||
10 | |||
11 | static unsigned read_class[] = { | ||
12 | #include <asm-generic/audit_read.h> | ||
13 | ~0U | ||
14 | }; | ||
15 | |||
16 | static unsigned write_class[] = { | ||
17 | #include <asm-generic/audit_write.h> | ||
18 | ~0U | ||
19 | }; | ||
20 | |||
21 | static unsigned chattr_class[] = { | ||
22 | #include <asm-generic/audit_change_attr.h> | ||
23 | ~0U | ||
24 | }; | ||
25 | |||
26 | static unsigned signal_class[] = { | ||
27 | #include <asm-generic/audit_signal.h> | ||
28 | ~0U | ||
29 | }; | ||
30 | |||
31 | int audit_classify_arch(int arch) | ||
32 | { | ||
33 | return 0; | ||
34 | } | ||
35 | |||
36 | int audit_classify_syscall(int abi, unsigned syscall) | ||
37 | { | ||
38 | switch(syscall) { | ||
39 | case __NR_open: | ||
40 | return 2; | ||
41 | case __NR_openat: | ||
42 | return 3; | ||
43 | case __NR_execve: | ||
44 | return 5; | ||
45 | default: | ||
46 | return 0; | ||
47 | } | ||
48 | } | ||
49 | |||
50 | static int __init audit_classes_init(void) | ||
51 | { | ||
52 | audit_register_class(AUDIT_CLASS_WRITE, write_class); | ||
53 | audit_register_class(AUDIT_CLASS_READ, read_class); | ||
54 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); | ||
55 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); | ||
56 | audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); | ||
57 | return 0; | ||
58 | } | ||
59 | |||
60 | __initcall(audit_classes_init); | ||
diff --git a/arch/alpha/kernel/entry.S b/arch/alpha/kernel/entry.S index a969b95ee5ac..98703d99b565 100644 --- a/arch/alpha/kernel/entry.S +++ b/arch/alpha/kernel/entry.S | |||
@@ -465,7 +465,11 @@ entSys: | |||
465 | .cfi_rel_offset $16, SP_OFF+24 | 465 | .cfi_rel_offset $16, SP_OFF+24 |
466 | .cfi_rel_offset $17, SP_OFF+32 | 466 | .cfi_rel_offset $17, SP_OFF+32 |
467 | .cfi_rel_offset $18, SP_OFF+40 | 467 | .cfi_rel_offset $18, SP_OFF+40 |
468 | blbs $3, strace | 468 | #ifdef CONFIG_AUDITSYSCALL |
469 | lda $6, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | ||
470 | and $3, $6, $3 | ||
471 | #endif | ||
472 | bne $3, strace | ||
469 | beq $4, 1f | 473 | beq $4, 1f |
470 | ldq $27, 0($5) | 474 | ldq $27, 0($5) |
471 | 1: jsr $26, ($27), alpha_ni_syscall | 475 | 1: jsr $26, ($27), alpha_ni_syscall |
diff --git a/arch/alpha/kernel/ptrace.c b/arch/alpha/kernel/ptrace.c index 2a4a80ff4a20..86d835157b54 100644 --- a/arch/alpha/kernel/ptrace.c +++ b/arch/alpha/kernel/ptrace.c | |||
@@ -14,6 +14,7 @@ | |||
14 | #include <linux/security.h> | 14 | #include <linux/security.h> |
15 | #include <linux/signal.h> | 15 | #include <linux/signal.h> |
16 | #include <linux/tracehook.h> | 16 | #include <linux/tracehook.h> |
17 | #include <linux/audit.h> | ||
17 | 18 | ||
18 | #include <asm/uaccess.h> | 19 | #include <asm/uaccess.h> |
19 | #include <asm/pgtable.h> | 20 | #include <asm/pgtable.h> |
@@ -316,15 +317,18 @@ long arch_ptrace(struct task_struct *child, long request, | |||
316 | asmlinkage unsigned long syscall_trace_enter(void) | 317 | asmlinkage unsigned long syscall_trace_enter(void) |
317 | { | 318 | { |
318 | unsigned long ret = 0; | 319 | unsigned long ret = 0; |
320 | struct pt_regs *regs = current_pt_regs(); | ||
319 | if (test_thread_flag(TIF_SYSCALL_TRACE) && | 321 | if (test_thread_flag(TIF_SYSCALL_TRACE) && |
320 | tracehook_report_syscall_entry(current_pt_regs())) | 322 | tracehook_report_syscall_entry(current_pt_regs())) |
321 | ret = -1UL; | 323 | ret = -1UL; |
324 | audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19); | ||
322 | return ret ?: current_pt_regs()->r0; | 325 | return ret ?: current_pt_regs()->r0; |
323 | } | 326 | } |
324 | 327 | ||
325 | asmlinkage void | 328 | asmlinkage void |
326 | syscall_trace_leave(void) | 329 | syscall_trace_leave(void) |
327 | { | 330 | { |
331 | audit_syscall_exit(current_pt_regs()); | ||
328 | if (test_thread_flag(TIF_SYSCALL_TRACE)) | 332 | if (test_thread_flag(TIF_SYSCALL_TRACE)) |
329 | tracehook_report_syscall_exit(current_pt_regs(), 0); | 333 | tracehook_report_syscall_exit(current_pt_regs(), 0); |
330 | } | 334 | } |
diff --git a/init/Kconfig b/init/Kconfig index 34a0a3bf2390..009a797dd242 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
@@ -284,7 +284,7 @@ config AUDIT | |||
284 | 284 | ||
285 | config AUDITSYSCALL | 285 | config AUDITSYSCALL |
286 | bool "Enable system-call auditing support" | 286 | bool "Enable system-call auditing support" |
287 | depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) | 287 | depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT) || ALPHA) |
288 | default y if SECURITY_SELINUX | 288 | default y if SECURITY_SELINUX |
289 | help | 289 | help |
290 | Enable low-overhead system-call auditing infrastructure that | 290 | Enable low-overhead system-call auditing infrastructure that |