1 files changed, 50 insertions, 5 deletions
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index 8410e26f4183..89434d439605 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -53,6 +53,12 @@
 #include <asm/paravirt.h>
 #include <asm/ftrace.h>
+/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this.  */
+#include <linux/elf-em.h>
+#define AUDIT_ARCH_X86_64       (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#define __AUDIT_ARCH_64BIT 0x80000000
+#define __AUDIT_ARCH_LE    0x40000000
        .code64
 #ifdef CONFIG_FTRACE
@@ -351,6 +357,7 @@ ENTRY(system_call_after_swapgs)
        GET_THREAD_INFO(%rcx)
        testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx)
        jnz tracesys
+system_call_fastpath:
        cmpq $__NR_syscall_max,%rax
        ja badsys
        movq %r10,%rcx
@@ -402,16 +409,16 @@ sysret_careful:
 sysret_signal:
        TRACE_IRQS_ON
        ENABLE_INTERRUPTS(CLBR_NONE)
-        testl $_TIF_DO_NOTIFY_MASK,%edx
+#ifdef CONFIG_AUDITSYSCALL
-        jz    1f
+        bt $TIF_SYSCALL_AUDIT,%edx
+        jc sysret_audit
-        /* Really a signal */
+#endif
        /* edx: work flags (arg3) */
        leaq do_notify_resume(%rip),%rax
        leaq -ARGOFFSET(%rsp),%rdi # &pt_regs -> arg1
        xorl %esi,%esi # oldset -> arg2
        call ptregscall_common
-1:      movl $_TIF_WORK_MASK,%edi
+        movl $_TIF_WORK_MASK,%edi
        /* Use IRET because user could have changed frame. This
           works because ptregscall_common has called FIXUP_TOP_OF_STACK. */
        DISABLE_INTERRUPTS(CLBR_NONE)
@@ -422,8 +429,45 @@ badsys:
        movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
        jmp ret_from_sys_call
+#ifdef CONFIG_AUDITSYSCALL
+        /*
+         * Fast path for syscall audit without full syscall trace.
+         * We just call audit_syscall_entry() directly, and then
+         * jump back to the normal fast path.
+         */
+auditsys:
+        movq %r10,%r9                   /* 6th arg: 4th syscall arg */
+        movq %rdx,%r8                   /* 5th arg: 3rd syscall arg */
+        movq %rsi,%rcx                  /* 4th arg: 2nd syscall arg */
+        movq %rdi,%rdx                  /* 3rd arg: 1st syscall arg */
+        movq %rax,%rsi                  /* 2nd arg: syscall number */
+        movl $AUDIT_ARCH_X86_64,%edi    /* 1st arg: audit arch */
+        call audit_syscall_entry
+        LOAD_ARGS 0             /* reload call-clobbered registers */
+        jmp system_call_fastpath
+        /*
+         * Return fast path for syscall audit.  Call audit_syscall_exit()
+         * directly and then jump back to the fast path with TIF_SYSCALL_AUDIT
+         * masked off.
+         */
+sysret_audit:
+        movq %rax,%rsi          /* second arg, syscall return value */
+        cmpq $0,%rax            /* is it < 0? */
+        setl %al                /* 1 if so, 0 if not */
+        movzbl %al,%edi         /* zero-extend that into %edi */
+        inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
+        call audit_syscall_exit
+        movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi
+        jmp sysret_check
+#endif  /* CONFIG_AUDITSYSCALL */
        /* Do syscall tracing */
 tracesys:                        
+#ifdef CONFIG_AUDITSYSCALL
+        testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%rcx)
+        jz auditsys
+#endif
        SAVE_REST
        movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
        FIXUP_TOP_OF_STACK %rdi
@@ -448,6 +492,7 @@ tracesys:
 * Has correct top of stack, but partial stack frame.
 */
        .globl int_ret_from_sys_call
+        .globl int_with_check
 int_ret_from_sys_call:
        DISABLE_INTERRUPTS(CLBR_NONE)
        TRACE_IRQS_OFF

diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S index 8410e26f4183..89434d439605 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S
@@ -53,6 +53,12 @@
53	#include <asm/paravirt.h>	53	#include <asm/paravirt.h>
54	#include <asm/ftrace.h>	54	#include <asm/ftrace.h>
55		55
		56	/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
		57	#include <linux/elf-em.h>
		58	#define AUDIT_ARCH_X86_64 (EM_X86_64\|__AUDIT_ARCH_64BIT\|__AUDIT_ARCH_LE)
		59	#define __AUDIT_ARCH_64BIT 0x80000000
		60	#define __AUDIT_ARCH_LE 0x40000000
		61
56	.code64	62	.code64
57		63
58	#ifdef CONFIG_FTRACE	64	#ifdef CONFIG_FTRACE
@@ -351,6 +357,7 @@ ENTRY(system_call_after_swapgs)
351	GET_THREAD_INFO(%rcx)	357	GET_THREAD_INFO(%rcx)
352	testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx)	358	testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx)
353	jnz tracesys	359	jnz tracesys
		360	system_call_fastpath:
354	cmpq $__NR_syscall_max,%rax	361	cmpq $__NR_syscall_max,%rax
355	ja badsys	362	ja badsys
356	movq %r10,%rcx	363	movq %r10,%rcx
@@ -402,16 +409,16 @@ sysret_careful:
402	sysret_signal:	409	sysret_signal:
403	TRACE_IRQS_ON	410	TRACE_IRQS_ON
404	ENABLE_INTERRUPTS(CLBR_NONE)	411	ENABLE_INTERRUPTS(CLBR_NONE)
405	testl $_TIF_DO_NOTIFY_MASK,%edx	412	#ifdef CONFIG_AUDITSYSCALL
406	jz 1f	413	bt $TIF_SYSCALL_AUDIT,%edx
407		414	jc sysret_audit
408	/* Really a signal */	415	#endif
409	/* edx: work flags (arg3) */	416	/* edx: work flags (arg3) */
410	leaq do_notify_resume(%rip),%rax	417	leaq do_notify_resume(%rip),%rax
411	leaq -ARGOFFSET(%rsp),%rdi # &pt_regs -> arg1	418	leaq -ARGOFFSET(%rsp),%rdi # &pt_regs -> arg1
412	xorl %esi,%esi # oldset -> arg2	419	xorl %esi,%esi # oldset -> arg2
413	call ptregscall_common	420	call ptregscall_common
414	1: movl $_TIF_WORK_MASK,%edi	421	movl $_TIF_WORK_MASK,%edi
415	/* Use IRET because user could have changed frame. This	422	/* Use IRET because user could have changed frame. This
416	works because ptregscall_common has called FIXUP_TOP_OF_STACK. */	423	works because ptregscall_common has called FIXUP_TOP_OF_STACK. */
417	DISABLE_INTERRUPTS(CLBR_NONE)	424	DISABLE_INTERRUPTS(CLBR_NONE)
@@ -422,8 +429,45 @@ badsys:
422	movq $-ENOSYS,RAX-ARGOFFSET(%rsp)	429	movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
423	jmp ret_from_sys_call	430	jmp ret_from_sys_call
424		431
		432	#ifdef CONFIG_AUDITSYSCALL
		433	/*
		434	* Fast path for syscall audit without full syscall trace.
		435	* We just call audit_syscall_entry() directly, and then
		436	* jump back to the normal fast path.
		437	*/
		438	auditsys:
		439	movq %r10,%r9 /* 6th arg: 4th syscall arg */
		440	movq %rdx,%r8 /* 5th arg: 3rd syscall arg */
		441	movq %rsi,%rcx /* 4th arg: 2nd syscall arg */
		442	movq %rdi,%rdx /* 3rd arg: 1st syscall arg */
		443	movq %rax,%rsi /* 2nd arg: syscall number */
		444	movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
		445	call audit_syscall_entry
		446	LOAD_ARGS 0 /* reload call-clobbered registers */
		447	jmp system_call_fastpath
		448
		449	/*
		450	* Return fast path for syscall audit. Call audit_syscall_exit()
		451	* directly and then jump back to the fast path with TIF_SYSCALL_AUDIT
		452	* masked off.
		453	*/
		454	sysret_audit:
		455	movq %rax,%rsi /* second arg, syscall return value */
		456	cmpq $0,%rax /* is it < 0? */
		457	setl %al /* 1 if so, 0 if not */
		458	movzbl %al,%edi /* zero-extend that into %edi */
		459	inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
		460	call audit_syscall_exit
		461	movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi
		462	jmp sysret_check
		463	#endif /* CONFIG_AUDITSYSCALL */
		464
425	/* Do syscall tracing */	465	/* Do syscall tracing */
426	tracesys:	466	tracesys:
		467	#ifdef CONFIG_AUDITSYSCALL
		468	testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%rcx)
		469	jz auditsys
		470	#endif
427	SAVE_REST	471	SAVE_REST
428	movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */	472	movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
429	FIXUP_TOP_OF_STACK %rdi	473	FIXUP_TOP_OF_STACK %rdi
@@ -448,6 +492,7 @@ tracesys:
448	* Has correct top of stack, but partial stack frame.	492	* Has correct top of stack, but partial stack frame.
449	*/	493	*/
450	.globl int_ret_from_sys_call	494	.globl int_ret_from_sys_call
		495	.globl int_with_check
451	int_ret_from_sys_call:	496	int_ret_from_sys_call:
452	DISABLE_INTERRUPTS(CLBR_NONE)	497	DISABLE_INTERRUPTS(CLBR_NONE)
453	TRACE_IRQS_OFF	498	TRACE_IRQS_OFF