9 files changed, 88 insertions, 4 deletions
diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig
index 97a2d9a096b9..f6c6b345388c 100644
--- a/arch/alpha/Kconfig
+++ b/arch/alpha/Kconfig
@@ -17,6 +17,7 @@ config ALPHA
        select ARCH_WANT_IPC_PARSE_VERSION
        select ARCH_HAVE_NMI_SAFE_CMPXCHG
        select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
+        select AUDIT_ARCH
        select GENERIC_CLOCKEVENTS
        select GENERIC_SMP_IDLE_THREAD
        select GENERIC_STRNCPY_FROM_USER
@@ -77,6 +78,8 @@ config GENERIC_ISA_DMA
 source "init/Kconfig"
 source "kernel/Kconfig.freezer"
+config AUDIT_ARCH
+        bool
 menu "System setup"
diff --git a/arch/alpha/include/asm/ptrace.h b/arch/alpha/include/asm/ptrace.h
index 21128505ddbe..9047c2fe8f23 100644
--- a/arch/alpha/include/asm/ptrace.h
+++ b/arch/alpha/include/asm/ptrace.h
@@ -19,4 +19,9 @@
 #define force_successful_syscall_return() (current_pt_regs()->r0 = 0)
+static inline unsigned long regs_return_value(struct pt_regs *regs)
+{
+        return regs->r0;
+}
 #endif
diff --git a/arch/alpha/include/asm/thread_info.h b/arch/alpha/include/asm/thread_info.h
index 453597b91f3a..3d6ce6d56fc9 100644
--- a/arch/alpha/include/asm/thread_info.h
+++ b/arch/alpha/include/asm/thread_info.h
@@ -70,6 +70,7 @@ register struct thread_info *__current_thread_info __asm__("$8");
 #define TIF_NOTIFY_RESUME       1       /* callback before returning to user */
 #define TIF_SIGPENDING          2       /* signal pending */
 #define TIF_NEED_RESCHED        3       /* rescheduling necessary */
+#define TIF_SYSCALL_AUDIT       4       /* syscall audit active */
 #define TIF_DIE_IF_KERNEL       9       /* dik recursion lock */
 #define TIF_MEMDIE              13      /* is terminating due to OOM killer */
@@ -77,6 +78,7 @@ register struct thread_info *__current_thread_info __asm__("$8");
 #define _TIF_SIGPENDING         (1<<TIF_SIGPENDING)
 #define _TIF_NEED_RESCHED       (1<<TIF_NEED_RESCHED)
 #define _TIF_NOTIFY_RESUME      (1<<TIF_NOTIFY_RESUME)
+#define _TIF_SYSCALL_AUDIT      (1<<TIF_SYSCALL_AUDIT)
 /* Work to do on interrupt/exception return.  */
 #define _TIF_WORK_MASK          (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
diff --git a/arch/alpha/kernel/Makefile b/arch/alpha/kernel/Makefile
index 0d54650e78fc..3ecac0106c8a 100644
--- a/arch/alpha/kernel/Makefile
+++ b/arch/alpha/kernel/Makefile
@@ -17,6 +17,7 @@ obj-$(CONFIG_SRM_ENV)	+= srm_env.o
 obj-$(CONFIG_MODULES)   += module.o
 obj-$(CONFIG_PERF_EVENTS) += perf_event.o
 obj-$(CONFIG_RTC_DRV_ALPHA) += rtc.o
+obj-$(CONFIG_AUDIT)     += audit.o
 ifdef CONFIG_ALPHA_GENERIC
diff --git a/arch/alpha/kernel/audit.c b/arch/alpha/kernel/audit.c
new file mode 100644
index 000000000000..96a9d18ff4c4
--- /dev/null
+++ b/arch/alpha/kernel/audit.c
@@ -0,0 +1,60 @@
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/audit.h>
+#include <asm/unistd.h>
+static unsigned dir_class[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+static unsigned read_class[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+static unsigned write_class[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+static unsigned chattr_class[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+static unsigned signal_class[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+int audit_classify_arch(int arch)
+{
+        return 0;
+}
+int audit_classify_syscall(int abi, unsigned syscall)
+{
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_execve:
+                return 5;
+        default:
+                return 0;
+        }
+}
+static int __init audit_classes_init(void)
+{
+        audit_register_class(AUDIT_CLASS_WRITE, write_class);
+        audit_register_class(AUDIT_CLASS_READ, read_class);
+        audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
+        audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
+        audit_register_class(AUDIT_CLASS_SIGNAL, signal_class);
+        return 0;
+}
+__initcall(audit_classes_init);
diff --git a/arch/alpha/kernel/entry.S b/arch/alpha/kernel/entry.S
index a969b95ee5ac..98703d99b565 100644
--- a/arch/alpha/kernel/entry.S
+++ b/arch/alpha/kernel/entry.S
@@ -465,7 +465,11 @@ entSys:
        .cfi_rel_offset $16, SP_OFF+24
        .cfi_rel_offset $17, SP_OFF+32
        .cfi_rel_offset $18, SP_OFF+40
-        blbs    $3, strace
+#ifdef CONFIG_AUDITSYSCALL
+        lda     $6, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT
+        and     $3, $6, $3
+#endif
+        bne     $3, strace
        beq     $4, 1f
        ldq     $27, 0($5)
 1:      jsr     $26, ($27), alpha_ni_syscall
diff --git a/arch/alpha/kernel/ptrace.c b/arch/alpha/kernel/ptrace.c
index 2a4a80ff4a20..86d835157b54 100644
--- a/arch/alpha/kernel/ptrace.c
+++ b/arch/alpha/kernel/ptrace.c
@@ -14,6 +14,7 @@
 #include <linux/security.h>
 #include <linux/signal.h>
 #include <linux/tracehook.h>
+#include <linux/audit.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -316,15 +317,18 @@ long arch_ptrace(struct task_struct *child, long request,
 asmlinkage unsigned long syscall_trace_enter(void)
 {
        unsigned long ret = 0;
+        struct pt_regs *regs = current_pt_regs();
        if (test_thread_flag(TIF_SYSCALL_TRACE) &&
            tracehook_report_syscall_entry(current_pt_regs()))
                ret = -1UL;
+        audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19);
        return ret ?: current_pt_regs()->r0;
 }
 asmlinkage void
 syscall_trace_leave(void)
 {
+        audit_syscall_exit(current_pt_regs());
        if (test_thread_flag(TIF_SYSCALL_TRACE))
                tracehook_report_syscall_exit(current_pt_regs(), 0);
 }
diff --git a/arch/alpha/lib/csum_partial_copy.c b/arch/alpha/lib/csum_partial_copy.c
index ff3c10721caf..5675dca8dbb1 100644
--- a/arch/alpha/lib/csum_partial_copy.c
+++ b/arch/alpha/lib/csum_partial_copy.c
@@ -378,6 +378,11 @@ csum_partial_copy_from_user(const void __user *src, void *dst, int len,
 __wsum
 csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum)
 {
-        return csum_partial_copy_from_user((__force const void __user *)src,
+        __wsum checksum;
-                        dst, len, sum, NULL);
+        mm_segment_t oldfs = get_fs();
+        set_fs(KERNEL_DS);
+        checksum = csum_partial_copy_from_user((__force const void __user *)src,
+                                                dst, len, sum, NULL);
+        set_fs(oldfs);
+        return checksum;
 }
diff --git a/init/Kconfig b/init/Kconfig
index 34a0a3bf2390..009a797dd242 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -284,7 +284,7 @@ config AUDIT
 config AUDITSYSCALL
        bool "Enable system-call auditing support"
-        depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT))
+        depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT) || ALPHA)
        default y if SECURITY_SELINUX
        help
          Enable low-overhead system-call auditing infrastructure that

diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig index 97a2d9a096b9..f6c6b345388c 100644 --- a/arch/alpha/Kconfig +++ b/arch/alpha/Kconfig
@@ -17,6 +17,7 @@ config ALPHA
17	select ARCH_WANT_IPC_PARSE_VERSION	17	select ARCH_WANT_IPC_PARSE_VERSION
18	select ARCH_HAVE_NMI_SAFE_CMPXCHG	18	select ARCH_HAVE_NMI_SAFE_CMPXCHG
19	select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE	19	select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
		20	select AUDIT_ARCH
20	select GENERIC_CLOCKEVENTS	21	select GENERIC_CLOCKEVENTS
21	select GENERIC_SMP_IDLE_THREAD	22	select GENERIC_SMP_IDLE_THREAD
22	select GENERIC_STRNCPY_FROM_USER	23	select GENERIC_STRNCPY_FROM_USER
@@ -77,6 +78,8 @@ config GENERIC_ISA_DMA
77	source "init/Kconfig"	78	source "init/Kconfig"
78	source "kernel/Kconfig.freezer"	79	source "kernel/Kconfig.freezer"
79		80
		81	config AUDIT_ARCH
		82	bool
80		83
81	menu "System setup"	84	menu "System setup"
82		85


diff --git a/arch/alpha/include/asm/ptrace.h b/arch/alpha/include/asm/ptrace.h index 21128505ddbe..9047c2fe8f23 100644 --- a/arch/alpha/include/asm/ptrace.h +++ b/arch/alpha/include/asm/ptrace.h
@@ -19,4 +19,9 @@
19		19
20	#define force_successful_syscall_return() (current_pt_regs()->r0 = 0)	20	#define force_successful_syscall_return() (current_pt_regs()->r0 = 0)
21		21
		22	static inline unsigned long regs_return_value(struct pt_regs *regs)
		23	{
		24	return regs->r0;
		25	}
		26
22	#endif	27	#endif


diff --git a/arch/alpha/include/asm/thread_info.h b/arch/alpha/include/asm/thread_info.h index 453597b91f3a..3d6ce6d56fc9 100644 --- a/arch/alpha/include/asm/thread_info.h +++ b/arch/alpha/include/asm/thread_info.h
@@ -70,6 +70,7 @@ register struct thread_info *__current_thread_info __asm__("$8");
70	#define TIF_NOTIFY_RESUME 1 /* callback before returning to user */	70	#define TIF_NOTIFY_RESUME 1 /* callback before returning to user */
71	#define TIF_SIGPENDING 2 /* signal pending */	71	#define TIF_SIGPENDING 2 /* signal pending */
72	#define TIF_NEED_RESCHED 3 /* rescheduling necessary */	72	#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
		73	#define TIF_SYSCALL_AUDIT 4 /* syscall audit active */
73	#define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */	74	#define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */
74	#define TIF_MEMDIE 13 /* is terminating due to OOM killer */	75	#define TIF_MEMDIE 13 /* is terminating due to OOM killer */
75		76
@@ -77,6 +78,7 @@ register struct thread_info *__current_thread_info __asm__("$8");
77	#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)	78	#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
78	#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)	79	#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
79	#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)	80	#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
		81	#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
80		82
81	/* Work to do on interrupt/exception return. */	83	/* Work to do on interrupt/exception return. */
82	#define _TIF_WORK_MASK (_TIF_SIGPENDING \| _TIF_NEED_RESCHED \| \	84	#define _TIF_WORK_MASK (_TIF_SIGPENDING \| _TIF_NEED_RESCHED \| \


diff --git a/arch/alpha/kernel/Makefile b/arch/alpha/kernel/Makefile index 0d54650e78fc..3ecac0106c8a 100644 --- a/arch/alpha/kernel/Makefile +++ b/arch/alpha/kernel/Makefile
@@ -17,6 +17,7 @@ obj-$(CONFIG_SRM_ENV) += srm_env.o
17	obj-$(CONFIG_MODULES) += module.o	17	obj-$(CONFIG_MODULES) += module.o
18	obj-$(CONFIG_PERF_EVENTS) += perf_event.o	18	obj-$(CONFIG_PERF_EVENTS) += perf_event.o
19	obj-$(CONFIG_RTC_DRV_ALPHA) += rtc.o	19	obj-$(CONFIG_RTC_DRV_ALPHA) += rtc.o
		20	obj-$(CONFIG_AUDIT) += audit.o
20		21
21	ifdef CONFIG_ALPHA_GENERIC	22	ifdef CONFIG_ALPHA_GENERIC
22		23


diff --git a/arch/alpha/kernel/audit.c b/arch/alpha/kernel/audit.c new file mode 100644 index 000000000000..96a9d18ff4c4 --- /dev/null +++ b/arch/alpha/kernel/audit.c
@@ -0,0 +1,60 @@
		1	#include <linux/init.h>
		2	#include <linux/types.h>
		3	#include <linux/audit.h>
		4	#include <asm/unistd.h>
		5
		6	static unsigned dir_class[] = {
		7	#include <asm-generic/audit_dir_write.h>
		8	~0U
		9	};
		10
		11	static unsigned read_class[] = {
		12	#include <asm-generic/audit_read.h>
		13	~0U
		14	};
		15
		16	static unsigned write_class[] = {
		17	#include <asm-generic/audit_write.h>
		18	~0U
		19	};
		20
		21	static unsigned chattr_class[] = {
		22	#include <asm-generic/audit_change_attr.h>
		23	~0U
		24	};
		25
		26	static unsigned signal_class[] = {
		27	#include <asm-generic/audit_signal.h>
		28	~0U
		29	};
		30
		31	int audit_classify_arch(int arch)
		32	{
		33	return 0;
		34	}
		35
		36	int audit_classify_syscall(int abi, unsigned syscall)
		37	{
		38	switch(syscall) {
		39	case __NR_open:
		40	return 2;
		41	case __NR_openat:
		42	return 3;
		43	case __NR_execve:
		44	return 5;
		45	default:
		46	return 0;
		47	}
		48	}
		49
		50	static int __init audit_classes_init(void)
		51	{
		52	audit_register_class(AUDIT_CLASS_WRITE, write_class);
		53	audit_register_class(AUDIT_CLASS_READ, read_class);
		54	audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
		55	audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
		56	audit_register_class(AUDIT_CLASS_SIGNAL, signal_class);
		57	return 0;
		58	}
		59
		60	__initcall(audit_classes_init);


diff --git a/arch/alpha/kernel/entry.S b/arch/alpha/kernel/entry.S index a969b95ee5ac..98703d99b565 100644 --- a/arch/alpha/kernel/entry.S +++ b/arch/alpha/kernel/entry.S
@@ -465,7 +465,11 @@ entSys:
465	.cfi_rel_offset $16, SP_OFF+24	465	.cfi_rel_offset $16, SP_OFF+24
466	.cfi_rel_offset $17, SP_OFF+32	466	.cfi_rel_offset $17, SP_OFF+32
467	.cfi_rel_offset $18, SP_OFF+40	467	.cfi_rel_offset $18, SP_OFF+40
468	blbs $3, strace	468	#ifdef CONFIG_AUDITSYSCALL
		469	lda $6, _TIF_SYSCALL_TRACE \| _TIF_SYSCALL_AUDIT
		470	and $3, $6, $3
		471	#endif
		472	bne $3, strace
469	beq $4, 1f	473	beq $4, 1f
470	ldq $27, 0($5)	474	ldq $27, 0($5)
471	1: jsr $26, ($27), alpha_ni_syscall	475	1: jsr $26, ($27), alpha_ni_syscall


diff --git a/arch/alpha/kernel/ptrace.c b/arch/alpha/kernel/ptrace.c index 2a4a80ff4a20..86d835157b54 100644 --- a/arch/alpha/kernel/ptrace.c +++ b/arch/alpha/kernel/ptrace.c
@@ -14,6 +14,7 @@
14	#include <linux/security.h>	14	#include <linux/security.h>
15	#include <linux/signal.h>	15	#include <linux/signal.h>
16	#include <linux/tracehook.h>	16	#include <linux/tracehook.h>
		17	#include <linux/audit.h>
17		18
18	#include <asm/uaccess.h>	19	#include <asm/uaccess.h>
19	#include <asm/pgtable.h>	20	#include <asm/pgtable.h>
@@ -316,15 +317,18 @@ long arch_ptrace(struct task_struct *child, long request,
316	asmlinkage unsigned long syscall_trace_enter(void)	317	asmlinkage unsigned long syscall_trace_enter(void)
317	{	318	{
318	unsigned long ret = 0;	319	unsigned long ret = 0;
		320	struct pt_regs *regs = current_pt_regs();
319	if (test_thread_flag(TIF_SYSCALL_TRACE) &&	321	if (test_thread_flag(TIF_SYSCALL_TRACE) &&
320	tracehook_report_syscall_entry(current_pt_regs()))	322	tracehook_report_syscall_entry(current_pt_regs()))
321	ret = -1UL;	323	ret = -1UL;
		324	audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19);
322	return ret ?: current_pt_regs()->r0;	325	return ret ?: current_pt_regs()->r0;
323	}	326	}
324		327
325	asmlinkage void	328	asmlinkage void
326	syscall_trace_leave(void)	329	syscall_trace_leave(void)
327	{	330	{
		331	audit_syscall_exit(current_pt_regs());
328	if (test_thread_flag(TIF_SYSCALL_TRACE))	332	if (test_thread_flag(TIF_SYSCALL_TRACE))
329	tracehook_report_syscall_exit(current_pt_regs(), 0);	333	tracehook_report_syscall_exit(current_pt_regs(), 0);
330	}	334	}


diff --git a/arch/alpha/lib/csum_partial_copy.c b/arch/alpha/lib/csum_partial_copy.c index ff3c10721caf..5675dca8dbb1 100644 --- a/arch/alpha/lib/csum_partial_copy.c +++ b/arch/alpha/lib/csum_partial_copy.c
@@ -378,6 +378,11 @@ csum_partial_copy_from_user(const void __user src, void dst, int len,
378	__wsum	378	__wsum
379	csum_partial_copy_nocheck(const void src, void dst, int len, __wsum sum)	379	csum_partial_copy_nocheck(const void src, void dst, int len, __wsum sum)
380	{	380	{
381	return csum_partial_copy_from_user((__force const void __user *)src,	381	__wsum checksum;
382	dst, len, sum, NULL);	382	mm_segment_t oldfs = get_fs();
		383	set_fs(KERNEL_DS);
		384	checksum = csum_partial_copy_from_user((__force const void __user *)src,
		385	dst, len, sum, NULL);
		386	set_fs(oldfs);
		387	return checksum;
383	}	388	}


diff --git a/init/Kconfig b/init/Kconfig index 34a0a3bf2390..009a797dd242 100644 --- a/init/Kconfig +++ b/init/Kconfig
@@ -284,7 +284,7 @@ config AUDIT
284		284
285	config AUDITSYSCALL	285	config AUDITSYSCALL
286	bool "Enable system-call auditing support"	286	bool "Enable system-call auditing support"
287	depends on AUDIT && (X86 \|\| PARISC \|\| PPC \|\| S390 \|\| IA64 \|\| UML \|\| SPARC64 \|\| SUPERH \|\| (ARM && AEABI && !OABI_COMPAT))	287	depends on AUDIT && (X86 \|\| PARISC \|\| PPC \|\| S390 \|\| IA64 \|\| UML \|\| SPARC64 \|\| SUPERH \|\| (ARM && AEABI && !OABI_COMPAT) \|\| ALPHA)
288	default y if SECURITY_SELINUX	288	default y if SECURITY_SELINUX
289	help	289	help
290	Enable low-overhead system-call auditing infrastructure that	290	Enable low-overhead system-call auditing infrastructure that