diff options
| author | Eric Paris <eparis@redhat.com> | 2012-01-03 14:23:06 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-01-17 16:16:56 -0500 |
| commit | d7e7528bcd456f5c36ad4a202ccfb43c5aa98bc4 (patch) | |
| tree | ef49503b1dc52c52102e728dbd979c9309d5756b /kernel/auditsc.c | |
| parent | 85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31 (diff) | |
Audit: push audit success and retcode into arch ptrace.h
The audit system previously expected arches calling to audit_syscall_exit to
supply as arguments if the syscall was a success and what the return code was.
Audit also provides a helper AUDITSC_RESULT which was supposed to simplify things
by converting from negative retcodes to an audit internal magic value stating
success or failure. This helper was wrong and could indicate that a valid
pointer returned to userspace was a failed syscall. The fix is to fix the
layering foolishness. We now pass audit_syscall_exit a struct pt_reg and it
in turns calls back into arch code to collect the return value and to
determine if the syscall was a success or failure. We also define a generic
is_syscall_success() macro which determines success/failure based on if the
value is < -MAX_ERRNO. This works for arches like x86 which do not use a
separate mechanism to indicate syscall failure.
We make both the is_syscall_success() and regs_return_value() static inlines
instead of macros. The reason is because the audit function must take a void*
for the regs. (uml calls theirs struct uml_pt_regs instead of just struct
pt_regs so audit_syscall_exit can't take a struct pt_regs). Since the audit
function takes a void* we need to use static inlines to cast it back to the
arch correct structure to dereference it.
The other major change is that on some arches, like ia64, MIPS and ppc, we
change regs_return_value() to give us the negative value on syscall failure.
THE only other user of this macro, kretprobe_example.c, won't notice and it
makes the value signed consistently for the audit functions across all archs.
In arch/sh/kernel/ptrace_64.c I see that we were using regs[9] in the old
audit code as the return value. But the ptrace_64.h code defined the macro
regs_return_value() as regs[3]. I have no idea which one is correct, but this
patch now uses the regs_return_value() function, so it now uses regs[3].
For powerpc we previously used regs->result but now use the
regs_return_value() function which uses regs->gprs[3]. regs->gprs[3] is
always positive so the regs_return_value(), much like ia64 makes it negative
before calling the audit code when appropriate.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: H. Peter Anvin <hpa@zytor.com> [for x86 portion]
Acked-by: Tony Luck <tony.luck@intel.com> [for ia64]
Acked-by: Richard Weinberger <richard@nod.at> [for uml]
Acked-by: David S. Miller <davem@davemloft.net> [for sparc]
Acked-by: Ralf Baechle <ralf@linux-mips.org> [for mips]
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [for ppc]
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e9bcb93800d8..3d2853808185 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -70,6 +70,11 @@ | |||
| 70 | 70 | ||
| 71 | #include "audit.h" | 71 | #include "audit.h" |
| 72 | 72 | ||
| 73 | /* flags stating the success for a syscall */ | ||
| 74 | #define AUDITSC_INVALID 0 | ||
| 75 | #define AUDITSC_SUCCESS 1 | ||
| 76 | #define AUDITSC_FAILURE 2 | ||
| 77 | |||
| 73 | /* AUDIT_NAMES is the number of slots we reserve in the audit_context | 78 | /* AUDIT_NAMES is the number of slots we reserve in the audit_context |
| 74 | * for saving names from getname(). If we get more names we will allocate | 79 | * for saving names from getname(). If we get more names we will allocate |
| 75 | * a name dynamically and also add those to the list anchored by names_list. */ | 80 | * a name dynamically and also add those to the list anchored by names_list. */ |
| @@ -1724,8 +1729,7 @@ void audit_finish_fork(struct task_struct *child) | |||
| 1724 | 1729 | ||
| 1725 | /** | 1730 | /** |
| 1726 | * audit_syscall_exit - deallocate audit context after a system call | 1731 | * audit_syscall_exit - deallocate audit context after a system call |
| 1727 | * @valid: success/failure flag | 1732 | * @pt_regs: syscall registers |
| 1728 | * @return_code: syscall return value | ||
| 1729 | * | 1733 | * |
| 1730 | * Tear down after system call. If the audit context has been marked as | 1734 | * Tear down after system call. If the audit context has been marked as |
| 1731 | * auditable (either because of the AUDIT_RECORD_CONTEXT state from | 1735 | * auditable (either because of the AUDIT_RECORD_CONTEXT state from |
| @@ -1733,13 +1737,17 @@ void audit_finish_fork(struct task_struct *child) | |||
| 1733 | * message), then write out the syscall information. In call cases, | 1737 | * message), then write out the syscall information. In call cases, |
| 1734 | * free the names stored from getname(). | 1738 | * free the names stored from getname(). |
| 1735 | */ | 1739 | */ |
| 1736 | void audit_syscall_exit(int valid, long return_code) | 1740 | void __audit_syscall_exit(int success, long return_code) |
| 1737 | { | 1741 | { |
| 1738 | struct task_struct *tsk = current; | 1742 | struct task_struct *tsk = current; |
| 1739 | struct audit_context *context; | 1743 | struct audit_context *context; |
| 1740 | 1744 | ||
| 1741 | context = audit_get_context(tsk, valid, return_code); | 1745 | if (success) |
| 1746 | success = AUDITSC_SUCCESS; | ||
| 1747 | else | ||
| 1748 | success = AUDITSC_FAILURE; | ||
| 1742 | 1749 | ||
| 1750 | context = audit_get_context(tsk, success, return_code); | ||
| 1743 | if (likely(!context)) | 1751 | if (likely(!context)) |
| 1744 | return; | 1752 | return; |
| 1745 | 1753 | ||