diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-04-12 15:38:53 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-04-12 15:38:53 -0400 |
| commit | 0b747172dce6e0905ab173afbaffebb7a11d89bd (patch) | |
| tree | cef4092aa49bd44d4759b58762bfa221dac45f57 /arch | |
| parent | b7e70ca9c7d7f049bba8047d7ab49966fd5e9e9d (diff) | |
| parent | 312103d64d0fcadb332899a2c84b357ddb18f4e3 (diff) | |
Merge git://git.infradead.org/users/eparis/audit
Pull audit updates from Eric Paris.
* git://git.infradead.org/users/eparis/audit: (28 commits)
AUDIT: make audit_is_compat depend on CONFIG_AUDIT_COMPAT_GENERIC
audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range
audit: do not cast audit_rule_data pointers pointlesly
AUDIT: Allow login in non-init namespaces
audit: define audit_is_compat in kernel internal header
kernel: Use RCU_INIT_POINTER(x, NULL) in audit.c
sched: declare pid_alive as inline
audit: use uapi/linux/audit.h for AUDIT_ARCH declarations
syscall_get_arch: remove useless function arguments
audit: remove stray newline from audit_log_execve_info() audit_panic() call
audit: remove stray newlines from audit_log_lost messages
audit: include subject in login records
audit: remove superfluous new- prefix in AUDIT_LOGIN messages
audit: allow user processes to log from another PID namespace
audit: anchor all pid references in the initial pid namespace
audit: convert PPIDs to the inital PID namespace.
pid: get pid_t ppid of task in init_pid_ns
audit: rename the misleading audit_get_context() to audit_take_context()
audit: Add generic compat syscall support
audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL
...
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/alpha/Kconfig | 1 | ||||
| -rw-r--r-- | arch/arm/Kconfig | 1 | ||||
| -rw-r--r-- | arch/arm/include/asm/syscall.h | 5 | ||||
| -rw-r--r-- | arch/ia64/Kconfig | 1 | ||||
| -rw-r--r-- | arch/mips/include/asm/syscall.h | 7 | ||||
| -rw-r--r-- | arch/mips/kernel/ptrace.c | 2 | ||||
| -rw-r--r-- | arch/parisc/Kconfig | 1 | ||||
| -rw-r--r-- | arch/powerpc/Kconfig | 1 | ||||
| -rw-r--r-- | arch/s390/Kconfig | 1 | ||||
| -rw-r--r-- | arch/s390/include/asm/syscall.h | 7 | ||||
| -rw-r--r-- | arch/sh/Kconfig | 1 | ||||
| -rw-r--r-- | arch/sparc/Kconfig | 1 | ||||
| -rw-r--r-- | arch/um/Kconfig.common | 1 | ||||
| -rw-r--r-- | arch/x86/Kconfig | 1 | ||||
| -rw-r--r-- | arch/x86/include/asm/syscall.h | 10 |
15 files changed, 23 insertions, 18 deletions
diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig index f6c6b345388c..b7ff9a318c31 100644 --- a/arch/alpha/Kconfig +++ b/arch/alpha/Kconfig | |||
| @@ -22,6 +22,7 @@ config ALPHA | |||
| 22 | select GENERIC_SMP_IDLE_THREAD | 22 | select GENERIC_SMP_IDLE_THREAD |
| 23 | select GENERIC_STRNCPY_FROM_USER | 23 | select GENERIC_STRNCPY_FROM_USER |
| 24 | select GENERIC_STRNLEN_USER | 24 | select GENERIC_STRNLEN_USER |
| 25 | select HAVE_ARCH_AUDITSYSCALL | ||
| 25 | select HAVE_MOD_ARCH_SPECIFIC | 26 | select HAVE_MOD_ARCH_SPECIFIC |
| 26 | select MODULES_USE_ELF_RELA | 27 | select MODULES_USE_ELF_RELA |
| 27 | select ODD_RT_SIGACTION | 28 | select ODD_RT_SIGACTION |
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 5db05f6a0412..ab438cb5af55 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig | |||
| @@ -24,6 +24,7 @@ config ARM | |||
| 24 | select GENERIC_STRNCPY_FROM_USER | 24 | select GENERIC_STRNCPY_FROM_USER |
| 25 | select GENERIC_STRNLEN_USER | 25 | select GENERIC_STRNLEN_USER |
| 26 | select HARDIRQS_SW_RESEND | 26 | select HARDIRQS_SW_RESEND |
| 27 | select HAVE_ARCH_AUDITSYSCALL if (AEABI && !OABI_COMPAT) | ||
| 27 | select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL | 28 | select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL |
| 28 | select HAVE_ARCH_KGDB | 29 | select HAVE_ARCH_KGDB |
| 29 | select HAVE_ARCH_SECCOMP_FILTER if (AEABI && !OABI_COMPAT) | 30 | select HAVE_ARCH_SECCOMP_FILTER if (AEABI && !OABI_COMPAT) |
diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h index 73ddd7239b33..4651f6999b7d 100644 --- a/arch/arm/include/asm/syscall.h +++ b/arch/arm/include/asm/syscall.h | |||
| @@ -7,7 +7,7 @@ | |||
| 7 | #ifndef _ASM_ARM_SYSCALL_H | 7 | #ifndef _ASM_ARM_SYSCALL_H |
| 8 | #define _ASM_ARM_SYSCALL_H | 8 | #define _ASM_ARM_SYSCALL_H |
| 9 | 9 | ||
| 10 | #include <linux/audit.h> /* for AUDIT_ARCH_* */ | 10 | #include <uapi/linux/audit.h> /* for AUDIT_ARCH_* */ |
| 11 | #include <linux/elf.h> /* for ELF_EM */ | 11 | #include <linux/elf.h> /* for ELF_EM */ |
| 12 | #include <linux/err.h> | 12 | #include <linux/err.h> |
| 13 | #include <linux/sched.h> | 13 | #include <linux/sched.h> |
| @@ -103,8 +103,7 @@ static inline void syscall_set_arguments(struct task_struct *task, | |||
| 103 | memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0])); | 103 | memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0])); |
| 104 | } | 104 | } |
| 105 | 105 | ||
| 106 | static inline int syscall_get_arch(struct task_struct *task, | 106 | static inline int syscall_get_arch(void) |
| 107 | struct pt_regs *regs) | ||
| 108 | { | 107 | { |
| 109 | /* ARM tasks don't change audit architectures on the fly. */ | 108 | /* ARM tasks don't change audit architectures on the fly. */ |
| 110 | return AUDIT_ARCH_ARM; | 109 | return AUDIT_ARCH_ARM; |
diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig index 1325c3bc58e1..12c3afee0f6f 100644 --- a/arch/ia64/Kconfig +++ b/arch/ia64/Kconfig | |||
| @@ -45,6 +45,7 @@ config IA64 | |||
| 45 | select HAVE_MOD_ARCH_SPECIFIC | 45 | select HAVE_MOD_ARCH_SPECIFIC |
| 46 | select MODULES_USE_ELF_RELA | 46 | select MODULES_USE_ELF_RELA |
| 47 | select ARCH_USE_CMPXCHG_LOCKREF | 47 | select ARCH_USE_CMPXCHG_LOCKREF |
| 48 | select HAVE_ARCH_AUDITSYSCALL | ||
| 48 | default y | 49 | default y |
| 49 | help | 50 | help |
| 50 | The Itanium Processor Family is Intel's 64-bit successor to | 51 | The Itanium Processor Family is Intel's 64-bit successor to |
diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h index 6c488c85d791..c6e9cd2bca8d 100644 --- a/arch/mips/include/asm/syscall.h +++ b/arch/mips/include/asm/syscall.h | |||
| @@ -14,7 +14,7 @@ | |||
| 14 | #define __ASM_MIPS_SYSCALL_H | 14 | #define __ASM_MIPS_SYSCALL_H |
| 15 | 15 | ||
| 16 | #include <linux/compiler.h> | 16 | #include <linux/compiler.h> |
| 17 | #include <linux/audit.h> | 17 | #include <uapi/linux/audit.h> |
| 18 | #include <linux/elf-em.h> | 18 | #include <linux/elf-em.h> |
| 19 | #include <linux/kernel.h> | 19 | #include <linux/kernel.h> |
| 20 | #include <linux/sched.h> | 20 | #include <linux/sched.h> |
| @@ -127,12 +127,11 @@ extern const unsigned long sys_call_table[]; | |||
| 127 | extern const unsigned long sys32_call_table[]; | 127 | extern const unsigned long sys32_call_table[]; |
| 128 | extern const unsigned long sysn32_call_table[]; | 128 | extern const unsigned long sysn32_call_table[]; |
| 129 | 129 | ||
| 130 | static inline int syscall_get_arch(struct task_struct *task, | 130 | static inline int syscall_get_arch(void) |
| 131 | struct pt_regs *regs) | ||
| 132 | { | 131 | { |
| 133 | int arch = EM_MIPS; | 132 | int arch = EM_MIPS; |
| 134 | #ifdef CONFIG_64BIT | 133 | #ifdef CONFIG_64BIT |
| 135 | if (!test_tsk_thread_flag(task, TIF_32BIT_REGS)) | 134 | if (!test_thread_flag(TIF_32BIT_REGS)) |
| 136 | arch |= __AUDIT_ARCH_64BIT; | 135 | arch |= __AUDIT_ARCH_64BIT; |
| 137 | #endif | 136 | #endif |
| 138 | #if defined(__LITTLE_ENDIAN) | 137 | #if defined(__LITTLE_ENDIAN) |
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c index 7271e5a83081..71f85f427034 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c | |||
| @@ -649,7 +649,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) | |||
| 649 | if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) | 649 | if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) |
| 650 | trace_sys_enter(regs, regs->regs[2]); | 650 | trace_sys_enter(regs, regs->regs[2]); |
| 651 | 651 | ||
| 652 | audit_syscall_entry(syscall_get_arch(current, regs), | 652 | audit_syscall_entry(syscall_get_arch(), |
| 653 | syscall, | 653 | syscall, |
| 654 | regs->regs[4], regs->regs[5], | 654 | regs->regs[4], regs->regs[5], |
| 655 | regs->regs[6], regs->regs[7]); | 655 | regs->regs[6], regs->regs[7]); |
diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index bb2a8ec440e7..1faefed32749 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig | |||
| @@ -28,6 +28,7 @@ config PARISC | |||
| 28 | select CLONE_BACKWARDS | 28 | select CLONE_BACKWARDS |
| 29 | select TTY # Needed for pdc_cons.c | 29 | select TTY # Needed for pdc_cons.c |
| 30 | select HAVE_DEBUG_STACKOVERFLOW | 30 | select HAVE_DEBUG_STACKOVERFLOW |
| 31 | select HAVE_ARCH_AUDITSYSCALL | ||
| 31 | 32 | ||
| 32 | help | 33 | help |
| 33 | The PA-RISC microprocessor is designed by Hewlett-Packard and used | 34 | The PA-RISC microprocessor is designed by Hewlett-Packard and used |
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 6c03a94991ad..e0998997943b 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig | |||
| @@ -144,6 +144,7 @@ config PPC | |||
| 144 | select HAVE_DEBUG_STACKOVERFLOW | 144 | select HAVE_DEBUG_STACKOVERFLOW |
| 145 | select HAVE_IRQ_EXIT_ON_IRQ_STACK | 145 | select HAVE_IRQ_EXIT_ON_IRQ_STACK |
| 146 | select ARCH_USE_CMPXCHG_LOCKREF if PPC64 | 146 | select ARCH_USE_CMPXCHG_LOCKREF if PPC64 |
| 147 | select HAVE_ARCH_AUDITSYSCALL | ||
| 147 | 148 | ||
| 148 | config GENERIC_CSUM | 149 | config GENERIC_CSUM |
| 149 | def_bool CPU_LITTLE_ENDIAN | 150 | def_bool CPU_LITTLE_ENDIAN |
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 346d21678ffd..d68fe34799b0 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig | |||
| @@ -103,6 +103,7 @@ config S390 | |||
| 103 | select GENERIC_SMP_IDLE_THREAD | 103 | select GENERIC_SMP_IDLE_THREAD |
| 104 | select GENERIC_TIME_VSYSCALL | 104 | select GENERIC_TIME_VSYSCALL |
| 105 | select HAVE_ALIGNED_STRUCT_PAGE if SLUB | 105 | select HAVE_ALIGNED_STRUCT_PAGE if SLUB |
| 106 | select HAVE_ARCH_AUDITSYSCALL | ||
| 106 | select HAVE_ARCH_JUMP_LABEL if !MARCH_G5 | 107 | select HAVE_ARCH_JUMP_LABEL if !MARCH_G5 |
| 107 | select HAVE_ARCH_SECCOMP_FILTER | 108 | select HAVE_ARCH_SECCOMP_FILTER |
| 108 | select HAVE_ARCH_TRACEHOOK | 109 | select HAVE_ARCH_TRACEHOOK |
diff --git a/arch/s390/include/asm/syscall.h b/arch/s390/include/asm/syscall.h index cd29d2f4e4f3..777687055e7b 100644 --- a/arch/s390/include/asm/syscall.h +++ b/arch/s390/include/asm/syscall.h | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | #ifndef _ASM_SYSCALL_H | 12 | #ifndef _ASM_SYSCALL_H |
| 13 | #define _ASM_SYSCALL_H 1 | 13 | #define _ASM_SYSCALL_H 1 |
| 14 | 14 | ||
| 15 | #include <linux/audit.h> | 15 | #include <uapi/linux/audit.h> |
| 16 | #include <linux/sched.h> | 16 | #include <linux/sched.h> |
| 17 | #include <linux/err.h> | 17 | #include <linux/err.h> |
| 18 | #include <asm/ptrace.h> | 18 | #include <asm/ptrace.h> |
| @@ -89,11 +89,10 @@ static inline void syscall_set_arguments(struct task_struct *task, | |||
| 89 | regs->orig_gpr2 = args[0]; | 89 | regs->orig_gpr2 = args[0]; |
| 90 | } | 90 | } |
| 91 | 91 | ||
| 92 | static inline int syscall_get_arch(struct task_struct *task, | 92 | static inline int syscall_get_arch(void) |
| 93 | struct pt_regs *regs) | ||
| 94 | { | 93 | { |
| 95 | #ifdef CONFIG_COMPAT | 94 | #ifdef CONFIG_COMPAT |
| 96 | if (test_tsk_thread_flag(task, TIF_31BIT)) | 95 | if (test_tsk_thread_flag(current, TIF_31BIT)) |
| 97 | return AUDIT_ARCH_S390; | 96 | return AUDIT_ARCH_S390; |
| 98 | #endif | 97 | #endif |
| 99 | return sizeof(long) == 8 ? AUDIT_ARCH_S390X : AUDIT_ARCH_S390; | 98 | return sizeof(long) == 8 ? AUDIT_ARCH_S390X : AUDIT_ARCH_S390; |
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index ba55e939a820..834b67c4db5a 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig | |||
| @@ -42,6 +42,7 @@ config SUPERH | |||
| 42 | select MODULES_USE_ELF_RELA | 42 | select MODULES_USE_ELF_RELA |
| 43 | select OLD_SIGSUSPEND | 43 | select OLD_SIGSUSPEND |
| 44 | select OLD_SIGACTION | 44 | select OLD_SIGACTION |
| 45 | select HAVE_ARCH_AUDITSYSCALL | ||
| 45 | help | 46 | help |
| 46 | The SuperH is a RISC processor targeted for use in embedded systems | 47 | The SuperH is a RISC processor targeted for use in embedded systems |
| 47 | and consumer electronics; it was also used in the Sega Dreamcast | 48 | and consumer electronics; it was also used in the Sega Dreamcast |
diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig index 7d8b7e94b93b..29f2e988c56a 100644 --- a/arch/sparc/Kconfig +++ b/arch/sparc/Kconfig | |||
| @@ -77,6 +77,7 @@ config SPARC64 | |||
| 77 | select ARCH_HAVE_NMI_SAFE_CMPXCHG | 77 | select ARCH_HAVE_NMI_SAFE_CMPXCHG |
| 78 | select HAVE_C_RECORDMCOUNT | 78 | select HAVE_C_RECORDMCOUNT |
| 79 | select NO_BOOTMEM | 79 | select NO_BOOTMEM |
| 80 | select HAVE_ARCH_AUDITSYSCALL | ||
| 80 | 81 | ||
| 81 | config ARCH_DEFCONFIG | 82 | config ARCH_DEFCONFIG |
| 82 | string | 83 | string |
diff --git a/arch/um/Kconfig.common b/arch/um/Kconfig.common index 21ca44c4f6d5..6915d28cf118 100644 --- a/arch/um/Kconfig.common +++ b/arch/um/Kconfig.common | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | config UML | 1 | config UML |
| 2 | bool | 2 | bool |
| 3 | default y | 3 | default y |
| 4 | select HAVE_ARCH_AUDITSYSCALL | ||
| 4 | select HAVE_UID16 | 5 | select HAVE_UID16 |
| 5 | select GENERIC_IRQ_SHOW | 6 | select GENERIC_IRQ_SHOW |
| 6 | select GENERIC_CPU_DEVICES | 7 | select GENERIC_CPU_DEVICES |
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 5b8ec0f53b57..25d2c6f7325e 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig | |||
| @@ -129,6 +129,7 @@ config X86 | |||
| 129 | select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 | 129 | select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 |
| 130 | select HAVE_CC_STACKPROTECTOR | 130 | select HAVE_CC_STACKPROTECTOR |
| 131 | select GENERIC_CPU_AUTOPROBE | 131 | select GENERIC_CPU_AUTOPROBE |
| 132 | select HAVE_ARCH_AUDITSYSCALL | ||
| 132 | 133 | ||
| 133 | config INSTRUCTION_DECODER | 134 | config INSTRUCTION_DECODER |
| 134 | def_bool y | 135 | def_bool y |
diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h index aea284b41312..d6a756ae04c8 100644 --- a/arch/x86/include/asm/syscall.h +++ b/arch/x86/include/asm/syscall.h | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | #ifndef _ASM_X86_SYSCALL_H | 13 | #ifndef _ASM_X86_SYSCALL_H |
| 14 | #define _ASM_X86_SYSCALL_H | 14 | #define _ASM_X86_SYSCALL_H |
| 15 | 15 | ||
| 16 | #include <linux/audit.h> | 16 | #include <uapi/linux/audit.h> |
| 17 | #include <linux/sched.h> | 17 | #include <linux/sched.h> |
| 18 | #include <linux/err.h> | 18 | #include <linux/err.h> |
| 19 | #include <asm/asm-offsets.h> /* For NR_syscalls */ | 19 | #include <asm/asm-offsets.h> /* For NR_syscalls */ |
| @@ -91,8 +91,7 @@ static inline void syscall_set_arguments(struct task_struct *task, | |||
| 91 | memcpy(®s->bx + i, args, n * sizeof(args[0])); | 91 | memcpy(®s->bx + i, args, n * sizeof(args[0])); |
| 92 | } | 92 | } |
| 93 | 93 | ||
| 94 | static inline int syscall_get_arch(struct task_struct *task, | 94 | static inline int syscall_get_arch(void) |
| 95 | struct pt_regs *regs) | ||
| 96 | { | 95 | { |
| 97 | return AUDIT_ARCH_I386; | 96 | return AUDIT_ARCH_I386; |
| 98 | } | 97 | } |
| @@ -221,8 +220,7 @@ static inline void syscall_set_arguments(struct task_struct *task, | |||
| 221 | } | 220 | } |
| 222 | } | 221 | } |
| 223 | 222 | ||
| 224 | static inline int syscall_get_arch(struct task_struct *task, | 223 | static inline int syscall_get_arch(void) |
| 225 | struct pt_regs *regs) | ||
| 226 | { | 224 | { |
| 227 | #ifdef CONFIG_IA32_EMULATION | 225 | #ifdef CONFIG_IA32_EMULATION |
| 228 | /* | 226 | /* |
| @@ -234,7 +232,7 @@ static inline int syscall_get_arch(struct task_struct *task, | |||
| 234 | * | 232 | * |
| 235 | * x32 tasks should be considered AUDIT_ARCH_X86_64. | 233 | * x32 tasks should be considered AUDIT_ARCH_X86_64. |
| 236 | */ | 234 | */ |
| 237 | if (task_thread_info(task)->status & TS_COMPAT) | 235 | if (task_thread_info(current)->status & TS_COMPAT) |
| 238 | return AUDIT_ARCH_I386; | 236 | return AUDIT_ARCH_I386; |
| 239 | #endif | 237 | #endif |
| 240 | /* Both x32 and x86_64 are considered "64-bit". */ | 238 | /* Both x32 and x86_64 are considered "64-bit". */ |