Commit 1322b9de authored by Yuichi Nakamura's avatar Yuichi Nakamura Committed by Paul Mundt

sh: syscall audit support.

Support syscall auditing..
Signed-off-by: default avatarYuichi Nakamura <ynakam@hitachisoft.jp>
Signed-off-by: default avatarPaul Mundt <lethal@linux-sh.org>
parent 12760cb4
...@@ -224,7 +224,7 @@ work_resched: ...@@ -224,7 +224,7 @@ work_resched:
syscall_exit_work: syscall_exit_work:
! r0: current_thread_info->flags ! r0: current_thread_info->flags
! r8: current_thread_info ! r8: current_thread_info
tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP, r0 tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | _TIF_SYSCALL_AUDIT, r0
bt/s work_pending bt/s work_pending
tst #_TIF_NEED_RESCHED, r0 tst #_TIF_NEED_RESCHED, r0
#ifdef CONFIG_TRACE_IRQFLAGS #ifdef CONFIG_TRACE_IRQFLAGS
...@@ -234,6 +234,8 @@ syscall_exit_work: ...@@ -234,6 +234,8 @@ syscall_exit_work:
#endif #endif
sti sti
! XXX setup arguments... ! XXX setup arguments...
mov r15, r4
mov #1, r5
mov.l 4f, r0 ! do_syscall_trace mov.l 4f, r0 ! do_syscall_trace
jsr @r0 jsr @r0
nop nop
...@@ -244,6 +246,8 @@ syscall_exit_work: ...@@ -244,6 +246,8 @@ syscall_exit_work:
syscall_trace_entry: syscall_trace_entry:
! Yes it is traced. ! Yes it is traced.
! XXX setup arguments... ! XXX setup arguments...
mov r15, r4
mov #0, r5
mov.l 4f, r11 ! Call do_syscall_trace which notifies mov.l 4f, r11 ! Call do_syscall_trace which notifies
jsr @r11 ! superior (will chomp R[0-7]) jsr @r11 ! superior (will chomp R[0-7])
nop nop
...@@ -366,7 +370,7 @@ ENTRY(system_call) ...@@ -366,7 +370,7 @@ ENTRY(system_call)
! !
get_current_thread_info r8, r10 get_current_thread_info r8, r10
mov.l @(TI_FLAGS,r8), r8 mov.l @(TI_FLAGS,r8), r8
mov #_TIF_SYSCALL_TRACE, r10 mov #(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT), r10
tst r10, r8 tst r10, r8
bf syscall_trace_entry bf syscall_trace_entry
! !
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* edited by Linus Torvalds * edited by Linus Torvalds
* *
* SuperH version: Copyright (C) 1999, 2000 Kaz Kojima & Niibe Yutaka * SuperH version: Copyright (C) 1999, 2000 Kaz Kojima & Niibe Yutaka
* * Audit support: Yuichi Nakamura <ynakam@hitachisoft.jp>
*/ */
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/sched.h> #include <linux/sched.h>
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
#include <linux/security.h> #include <linux/security.h>
#include <linux/signal.h> #include <linux/signal.h>
#include <linux/io.h> #include <linux/io.h>
#include <linux/audit.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
#include <asm/pgtable.h> #include <asm/pgtable.h>
#include <asm/system.h> #include <asm/system.h>
...@@ -248,15 +249,20 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data) ...@@ -248,15 +249,20 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
return ret; return ret;
} }
asmlinkage void do_syscall_trace(void) asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
{ {
struct task_struct *tsk = current; struct task_struct *tsk = current;
if (unlikely(current->audit_context) && entryexit)
audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]),
regs->regs[0]);
if (!test_thread_flag(TIF_SYSCALL_TRACE) && if (!test_thread_flag(TIF_SYSCALL_TRACE) &&
!test_thread_flag(TIF_SINGLESTEP)) !test_thread_flag(TIF_SINGLESTEP))
return; goto out;
if (!(tsk->ptrace & PT_PTRACED)) if (!(tsk->ptrace & PT_PTRACED))
return; goto out;
/* the 0x80 provides a way for the tracing parent to distinguish /* the 0x80 provides a way for the tracing parent to distinguish
between a syscall stop and SIGTRAP delivery */ between a syscall stop and SIGTRAP delivery */
ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) && ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) &&
...@@ -271,4 +277,11 @@ asmlinkage void do_syscall_trace(void) ...@@ -271,4 +277,11 @@ asmlinkage void do_syscall_trace(void)
send_sig(tsk->exit_code, tsk, 1); send_sig(tsk->exit_code, tsk, 1);
tsk->exit_code = 0; tsk->exit_code = 0;
} }
out:
if (unlikely(current->audit_context) && !entryexit)
audit_syscall_entry(AUDIT_ARCH_SH, regs->regs[3],
regs->regs[4], regs->regs[5],
regs->regs[6], regs->regs[7]);
} }
...@@ -113,6 +113,7 @@ static inline struct thread_info *current_thread_info(void) ...@@ -113,6 +113,7 @@ static inline struct thread_info *current_thread_info(void)
#define TIF_NEED_RESCHED 2 /* rescheduling necessary */ #define TIF_NEED_RESCHED 2 /* rescheduling necessary */
#define TIF_RESTORE_SIGMASK 3 /* restore signal mask in do_signal() */ #define TIF_RESTORE_SIGMASK 3 /* restore signal mask in do_signal() */
#define TIF_SINGLESTEP 4 /* singlestepping active */ #define TIF_SINGLESTEP 4 /* singlestepping active */
#define TIF_SYSCALL_AUDIT 5
#define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */ #define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */
#define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */ #define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */
#define TIF_MEMDIE 18 #define TIF_MEMDIE 18
...@@ -123,6 +124,7 @@ static inline struct thread_info *current_thread_info(void) ...@@ -123,6 +124,7 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
#define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK) #define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK)
#define _TIF_SINGLESTEP (1<<TIF_SINGLESTEP) #define _TIF_SINGLESTEP (1<<TIF_SINGLESTEP)
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
#define _TIF_USEDFPU (1<<TIF_USEDFPU) #define _TIF_USEDFPU (1<<TIF_USEDFPU)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_FREEZE (1<<TIF_FREEZE) #define _TIF_FREEZE (1<<TIF_FREEZE)
......
...@@ -238,7 +238,7 @@ config AUDIT ...@@ -238,7 +238,7 @@ config AUDIT
config AUDITSYSCALL config AUDITSYSCALL
bool "Enable system-call auditing support" bool "Enable system-call auditing support"
depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64) depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64|| SUPERH)
default y if SECURITY_SELINUX default y if SECURITY_SELINUX
help help
Enable low-overhead system-call auditing infrastructure that Enable low-overhead system-call auditing infrastructure that
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment