diff options
author | David S. Miller <davem@davemloft.net> | 2005-07-10 22:29:45 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-07-10 22:29:45 -0400 |
commit | f7ceba360cce9af3fbc4e5a5b1bd40b570b7021c (patch) | |
tree | 1d138496048bbf5851cd60dee7acb912cffc6971 /arch/sparc64/kernel | |
parent | 8d8a64796fdee4e20355c6c12c9cc630a2e7494d (diff) |
[SPARC64]: Add syscall auditing support.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'arch/sparc64/kernel')
-rw-r--r-- | arch/sparc64/kernel/entry.S | 10 | ||||
-rw-r--r-- | arch/sparc64/kernel/ptrace.c | 32 |
2 files changed, 34 insertions, 8 deletions
diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S index 8b7ed760c50e..d781f10adc52 100644 --- a/arch/sparc64/kernel/entry.S +++ b/arch/sparc64/kernel/entry.S | |||
@@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0 | |||
1552 | nop | 1552 | nop |
1553 | .align 32 | 1553 | .align 32 |
1554 | 1: ldx [%curptr + TI_FLAGS], %l5 | 1554 | 1: ldx [%curptr + TI_FLAGS], %l5 |
1555 | andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 | 1555 | andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0 |
1556 | be,pt %icc, rtrap | 1556 | be,pt %icc, rtrap |
1557 | clr %l6 | 1557 | clr %l6 |
1558 | add %sp, PTREGS_OFF, %o0 | 1558 | add %sp, PTREGS_OFF, %o0 |
@@ -1679,7 +1679,7 @@ linux_sparc_syscall32: | |||
1679 | 1679 | ||
1680 | srl %i5, 0, %o5 ! IEU1 | 1680 | srl %i5, 0, %o5 ! IEU1 |
1681 | srl %i2, 0, %o2 ! IEU0 Group | 1681 | srl %i2, 0, %o2 ! IEU0 Group |
1682 | andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU0 Group | 1682 | andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0 |
1683 | bne,pn %icc, linux_syscall_trace32 ! CTI | 1683 | bne,pn %icc, linux_syscall_trace32 ! CTI |
1684 | mov %i0, %l5 ! IEU1 | 1684 | mov %i0, %l5 ! IEU1 |
1685 | call %l7 ! CTI Group brk forced | 1685 | call %l7 ! CTI Group brk forced |
@@ -1702,7 +1702,7 @@ linux_sparc_syscall: | |||
1702 | 1702 | ||
1703 | mov %i3, %o3 ! IEU1 | 1703 | mov %i3, %o3 ! IEU1 |
1704 | mov %i4, %o4 ! IEU0 Group | 1704 | mov %i4, %o4 ! IEU0 Group |
1705 | andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU1 Group+1 bubble | 1705 | andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0 |
1706 | bne,pn %icc, linux_syscall_trace ! CTI Group | 1706 | bne,pn %icc, linux_syscall_trace ! CTI Group |
1707 | mov %i0, %l5 ! IEU0 | 1707 | mov %i0, %l5 ! IEU0 |
1708 | 2: call %l7 ! CTI Group brk forced | 1708 | 2: call %l7 ! CTI Group brk forced |
@@ -1730,7 +1730,7 @@ ret_sys_call: | |||
1730 | 1: | 1730 | 1: |
1731 | cmp %o0, -ERESTART_RESTARTBLOCK | 1731 | cmp %o0, -ERESTART_RESTARTBLOCK |
1732 | bgeu,pn %xcc, 1f | 1732 | bgeu,pn %xcc, 1f |
1733 | andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6 | 1733 | andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6 |
1734 | 80: | 1734 | 80: |
1735 | /* System call success, clear Carry condition code. */ | 1735 | /* System call success, clear Carry condition code. */ |
1736 | andn %g3, %g2, %g3 | 1736 | andn %g3, %g2, %g3 |
@@ -1745,7 +1745,7 @@ ret_sys_call: | |||
1745 | /* System call failure, set Carry condition code. | 1745 | /* System call failure, set Carry condition code. |
1746 | * Also, get abs(errno) to return to the process. | 1746 | * Also, get abs(errno) to return to the process. |
1747 | */ | 1747 | */ |
1748 | andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6 | 1748 | andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6 |
1749 | sub %g0, %o0, %o0 | 1749 | sub %g0, %o0, %o0 |
1750 | or %g3, %g2, %g3 | 1750 | or %g3, %g2, %g3 |
1751 | stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] | 1751 | stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] |
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c index c57dc9ea731b..23ad839d113f 100644 --- a/arch/sparc64/kernel/ptrace.c +++ b/arch/sparc64/kernel/ptrace.c | |||
@@ -19,6 +19,8 @@ | |||
19 | #include <linux/smp.h> | 19 | #include <linux/smp.h> |
20 | #include <linux/smp_lock.h> | 20 | #include <linux/smp_lock.h> |
21 | #include <linux/security.h> | 21 | #include <linux/security.h> |
22 | #include <linux/seccomp.h> | ||
23 | #include <linux/audit.h> | ||
22 | #include <linux/signal.h> | 24 | #include <linux/signal.h> |
23 | 25 | ||
24 | #include <asm/asi.h> | 26 | #include <asm/asi.h> |
@@ -633,10 +635,22 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p) | |||
633 | /* do the secure computing check first */ | 635 | /* do the secure computing check first */ |
634 | secure_computing(regs->u_regs[UREG_G1]); | 636 | secure_computing(regs->u_regs[UREG_G1]); |
635 | 637 | ||
636 | if (!test_thread_flag(TIF_SYSCALL_TRACE)) | 638 | if (unlikely(current->audit_context) && syscall_exit_p) { |
637 | return; | 639 | unsigned long tstate = regs->tstate; |
640 | int result = AUDITSC_SUCCESS; | ||
641 | |||
642 | if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) | ||
643 | result = AUDITSC_FAILURE; | ||
644 | |||
645 | audit_syscall_exit(current, result, regs->u_regs[UREG_I0]); | ||
646 | } | ||
647 | |||
638 | if (!(current->ptrace & PT_PTRACED)) | 648 | if (!(current->ptrace & PT_PTRACED)) |
639 | return; | 649 | goto out; |
650 | |||
651 | if (!test_thread_flag(TIF_SYSCALL_TRACE)) | ||
652 | goto out; | ||
653 | |||
640 | ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) | 654 | ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) |
641 | ? 0x80 : 0)); | 655 | ? 0x80 : 0)); |
642 | 656 | ||
@@ -649,4 +663,16 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p) | |||
649 | send_sig(current->exit_code, current, 1); | 663 | send_sig(current->exit_code, current, 1); |
650 | current->exit_code = 0; | 664 | current->exit_code = 0; |
651 | } | 665 | } |
666 | |||
667 | out: | ||
668 | if (unlikely(current->audit_context) && !syscall_exit_p) | ||
669 | audit_syscall_entry(current, | ||
670 | (test_thread_flag(TIF_32BIT) ? | ||
671 | AUDIT_ARCH_SPARC : | ||
672 | AUDIT_ARCH_SPARC64), | ||
673 | regs->u_regs[UREG_G1], | ||
674 | regs->u_regs[UREG_I0], | ||
675 | regs->u_regs[UREG_I1], | ||
676 | regs->u_regs[UREG_I2], | ||
677 | regs->u_regs[UREG_I3]); | ||
652 | } | 678 | } |