diff options
author | Yuichi Nakamura <ynakam@hitachisoft.jp> | 2007-11-10 19:21:34 +0900 |
---|---|---|
committer | Paul Mundt <lethal@linux-sh.org> | 2008-01-28 13:18:57 +0900 |
commit | 1322b9def91ab8e9e673b58a64e13d6effaaa652 (patch) | |
tree | b52716f0d120f9d51b0cf32462c4f6f68d3c412b | |
parent | 12760cb4df2a244efbaa262b32590af295c0b8e1 (diff) | |
download | lwn-1322b9def91ab8e9e673b58a64e13d6effaaa652.tar.gz lwn-1322b9def91ab8e9e673b58a64e13d6effaaa652.zip |
sh: syscall audit support.
Support syscall auditing..
Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
-rw-r--r-- | arch/sh/kernel/entry-common.S | 8 | ||||
-rw-r--r-- | arch/sh/kernel/ptrace_32.c | 21 | ||||
-rw-r--r-- | include/asm-sh/thread_info.h | 2 | ||||
-rw-r--r-- | init/Kconfig | 2 |
4 files changed, 26 insertions, 7 deletions
diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S index e0317ed080c3..397ac71d97f1 100644 --- a/arch/sh/kernel/entry-common.S +++ b/arch/sh/kernel/entry-common.S @@ -224,7 +224,7 @@ work_resched: syscall_exit_work: ! r0: current_thread_info->flags ! r8: current_thread_info - tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP, r0 + tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | _TIF_SYSCALL_AUDIT, r0 bt/s work_pending tst #_TIF_NEED_RESCHED, r0 #ifdef CONFIG_TRACE_IRQFLAGS @@ -234,6 +234,8 @@ syscall_exit_work: #endif sti ! XXX setup arguments... + mov r15, r4 + mov #1, r5 mov.l 4f, r0 ! do_syscall_trace jsr @r0 nop @@ -244,6 +246,8 @@ syscall_exit_work: syscall_trace_entry: ! Yes it is traced. ! XXX setup arguments... + mov r15, r4 + mov #0, r5 mov.l 4f, r11 ! Call do_syscall_trace which notifies jsr @r11 ! superior (will chomp R[0-7]) nop @@ -366,7 +370,7 @@ ENTRY(system_call) ! get_current_thread_info r8, r10 mov.l @(TI_FLAGS,r8), r8 - mov #_TIF_SYSCALL_TRACE, r10 + mov #(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT), r10 tst r10, r8 bf syscall_trace_entry ! diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c index ac725f0aeb72..ce0664a58b49 100644 --- a/arch/sh/kernel/ptrace_32.c +++ b/arch/sh/kernel/ptrace_32.c @@ -6,7 +6,7 @@ * edited by Linus Torvalds * * SuperH version: Copyright (C) 1999, 2000 Kaz Kojima & Niibe Yutaka - * + * Audit support: Yuichi Nakamura <ynakam@hitachisoft.jp> */ #include <linux/kernel.h> #include <linux/sched.h> @@ -19,6 +19,7 @@ #include <linux/security.h> #include <linux/signal.h> #include <linux/io.h> +#include <linux/audit.h> #include <asm/uaccess.h> #include <asm/pgtable.h> #include <asm/system.h> @@ -248,15 +249,20 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data) return ret; } -asmlinkage void do_syscall_trace(void) +asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) { struct task_struct *tsk = current; + if (unlikely(current->audit_context) && entryexit) + audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]), + regs->regs[0]); + if (!test_thread_flag(TIF_SYSCALL_TRACE) && !test_thread_flag(TIF_SINGLESTEP)) - return; + goto out; if (!(tsk->ptrace & PT_PTRACED)) - return; + goto out; + /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) && @@ -271,4 +277,11 @@ asmlinkage void do_syscall_trace(void) send_sig(tsk->exit_code, tsk, 1); tsk->exit_code = 0; } + +out: + if (unlikely(current->audit_context) && !entryexit) + audit_syscall_entry(AUDIT_ARCH_SH, regs->regs[3], + regs->regs[4], regs->regs[5], + regs->regs[6], regs->regs[7]); + } diff --git a/include/asm-sh/thread_info.h b/include/asm-sh/thread_info.h index d49ee9d868e5..c6577d3dc46d 100644 --- a/include/asm-sh/thread_info.h +++ b/include/asm-sh/thread_info.h @@ -113,6 +113,7 @@ static inline struct thread_info *current_thread_info(void) #define TIF_NEED_RESCHED 2 /* rescheduling necessary */ #define TIF_RESTORE_SIGMASK 3 /* restore signal mask in do_signal() */ #define TIF_SINGLESTEP 4 /* singlestepping active */ +#define TIF_SYSCALL_AUDIT 5 #define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */ #define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */ #define TIF_MEMDIE 18 @@ -123,6 +124,7 @@ static inline struct thread_info *current_thread_info(void) #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) #define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK) #define _TIF_SINGLESTEP (1<<TIF_SINGLESTEP) +#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) #define _TIF_USEDFPU (1<<TIF_USEDFPU) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) #define _TIF_FREEZE (1<<TIF_FREEZE) diff --git a/init/Kconfig b/init/Kconfig index 0eda68f0ad54..288444b4cd8a 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -238,7 +238,7 @@ config AUDIT config AUDITSYSCALL bool "Enable system-call auditing support" - depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64) + depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64|| SUPERH) default y if SECURITY_SELINUX help Enable low-overhead system-call auditing infrastructure that |