seccomp: remove duplicated failure logging

This consolidates the seccomp filter error logging path and adds more details to the audit log. Signed-off-by: Will Drewry <wad@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Eric Paris <eparis@redhat.com> v18: make compat= permanent in the record v15: added a return code to the audit_seccomp path by wad@chromium.org (suggested by eparis@redhat.com) v*: original by keescook@chromium.org Signed-off-by: James Morris <james.l.morris@oracle.com>
author: Kees Cook <keescook@chromium.org> 2012-04-12 17:47:58 -0400
committer: James Morris <james.l.morris@oracle.com> 2012-04-13 21:13:20 -0400
commit: 3dc1c1b2d2ed7507ce8a379814ad75745ff97ebe (patch)
tree: 68ca991b7a3d2fc7623f6d86ba5827d6638974fd /kernel
parent: e2cfabdfd075648216f99c2c03821cf3f47c1727 (diff)
2 files changed, 7 insertions, 16 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index af1de0f34eae..4b96415527b8 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -67,6 +67,7 @@
 #include <linux/syscalls.h>
 #include <linux/capability.h>
 #include <linux/fs_struct.h>
+#include <linux/compat.h>
 #include "audit.h"
@@ -2710,13 +2711,16 @@ void audit_core_dumps(long signr)
        audit_log_end(ab);
 }
-void __audit_seccomp(unsigned long syscall)
+void __audit_seccomp(unsigned long syscall, long signr, int code)
 {
        struct audit_buffer *ab;
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
-        audit_log_abend(ab, "seccomp", SIGKILL);
+        audit_log_abend(ab, "seccomp", signr);
        audit_log_format(ab, " syscall=%ld", syscall);
+        audit_log_format(ab, " compat=%d", is_compat_task());
+        audit_log_format(ab, " ip=0x%lx", KSTK_EIP(current));
+        audit_log_format(ab, " code=0x%x", code);
        audit_log_end(ab);
 }
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 0aeec1960f91..0f7c709a523e 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -60,18 +60,6 @@ struct seccomp_filter {
 /* Limit any path through the tree to 256KB worth of instructions. */
 #define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter))
-static void seccomp_filter_log_failure(int syscall)
-{
-        int compat = 0;
-#ifdef CONFIG_COMPAT
-        compat = is_compat_task();
-#endif
-        pr_info("%s[%d]: %ssystem call %d blocked at 0x%lx\n",
-                current->comm, task_pid_nr(current),
-                (compat ? "compat " : ""),
-                syscall, KSTK_EIP(current));
-}
 /**
 * get_u32 - returns a u32 offset into data
 * @data: a unsigned 64 bit value
@@ -381,7 +369,6 @@ void __secure_computing(int this_syscall)
        case SECCOMP_MODE_FILTER:
                if (seccomp_run_filters(this_syscall) == SECCOMP_RET_ALLOW)
                        return;
-                seccomp_filter_log_failure(this_syscall);
                exit_sig = SIGSYS;
                break;
 #endif
@@ -392,7 +379,7 @@ void __secure_computing(int this_syscall)
 #ifdef SECCOMP_DEBUG
        dump_stack();
 #endif
-        audit_seccomp(this_syscall);
+        audit_seccomp(this_syscall, exit_code, SECCOMP_RET_KILL);
        do_exit(exit_sig);
 }
author	Kees Cook <keescook@chromium.org>	2012-04-12 17:47:58 -0400
committer	James Morris <james.l.morris@oracle.com>	2012-04-13 21:13:20 -0400
commit	3dc1c1b2d2ed7507ce8a379814ad75745ff97ebe (patch)
tree	68ca991b7a3d2fc7623f6d86ba5827d6638974fd /kernel
parent	e2cfabdfd075648216f99c2c03821cf3f47c1727 (diff)