Commit 76620e09 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] light-weight auditing framework for s390.

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

This patch adds the TIF_SYSCALL_AUDIT option to the s390 ptrace interface.
parent 302be020
...@@ -235,7 +235,7 @@ sysc_enter: ...@@ -235,7 +235,7 @@ sysc_enter:
lr %r7,%r1 # copy svc number to %r7 lr %r7,%r1 # copy svc number to %r7
sla %r7,2 # *4 sla %r7,2 # *4
sysc_do_restart: sysc_do_restart:
tm __TI_flags+3(%r9),_TIF_SYSCALL_TRACE tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
l %r8,sys_call_table-system_call(%r7,%r13) # get system call addr. l %r8,sys_call_table-system_call(%r7,%r13) # get system call addr.
bo BASED(sysc_tracesys) bo BASED(sysc_tracesys)
basr %r14,%r8 # call sys_xxxx basr %r14,%r8 # call sys_xxxx
...@@ -309,6 +309,8 @@ __critical_end: ...@@ -309,6 +309,8 @@ __critical_end:
# #
sysc_tracesys: sysc_tracesys:
l %r1,BASED(.Ltrace) l %r1,BASED(.Ltrace)
la %r2,SP_PTREGS(%r15) # load pt_regs
la %r3,0
srl %r7,2 srl %r7,2
st %r7,SP_R2(%r15) st %r7,SP_R2(%r15)
basr %r14,%r1 basr %r14,%r1
...@@ -323,9 +325,11 @@ sysc_tracego: ...@@ -323,9 +325,11 @@ sysc_tracego:
basr %r14,%r8 # call sys_xxx basr %r14,%r8 # call sys_xxx
st %r2,SP_R2(%r15) # store return value st %r2,SP_R2(%r15) # store return value
sysc_tracenogo: sysc_tracenogo:
tm __TI_flags+3(%r9),_TIF_SYSCALL_TRACE tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
bno BASED(sysc_return) bno BASED(sysc_return)
l %r1,BASED(.Ltrace) l %r1,BASED(.Ltrace)
la %r2,SP_PTREGS(%r15) # load pt_regs
la %r3,1
la %r14,BASED(sysc_return) la %r14,BASED(sysc_return)
br %r1 br %r1
...@@ -502,7 +506,7 @@ pgm_svcper: ...@@ -502,7 +506,7 @@ pgm_svcper:
lr %r7,%r1 # copy svc number to %r7 lr %r7,%r1 # copy svc number to %r7
sla %r7,2 # *4 sla %r7,2 # *4
pgm_svcstd: pgm_svcstd:
tm __TI_flags+3(%r9),_TIF_SYSCALL_TRACE tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
l %r8,sys_call_table-system_call(%r7,%r13) # get system call addr. l %r8,sys_call_table-system_call(%r7,%r13) # get system call addr.
bo BASED(pgm_tracesys) bo BASED(pgm_tracesys)
basr %r14,%r8 # call sys_xxxx basr %r14,%r8 # call sys_xxxx
...@@ -529,6 +533,8 @@ pgm_svcper_nosig: ...@@ -529,6 +533,8 @@ pgm_svcper_nosig:
# #
pgm_tracesys: pgm_tracesys:
l %r1,BASED(.Ltrace) l %r1,BASED(.Ltrace)
la %r2,SP_PTREGS(%r15) # load pt_regs
la %r3,0
srl %r7,2 srl %r7,2
st %r7,SP_R2(%r15) st %r7,SP_R2(%r15)
basr %r14,%r1 basr %r14,%r1
...@@ -543,9 +549,11 @@ pgm_svc_go: ...@@ -543,9 +549,11 @@ pgm_svc_go:
basr %r14,%r8 # call sys_xxx basr %r14,%r8 # call sys_xxx
st %r2,SP_R2(%r15) # store return value st %r2,SP_R2(%r15) # store return value
pgm_svc_nogo: pgm_svc_nogo:
tm __TI_flags+3(%r9),_TIF_SYSCALL_TRACE tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
bno BASED(pgm_svcret) bno BASED(pgm_svcret)
l %r1,BASED(.Ltrace) l %r1,BASED(.Ltrace)
la %r2,SP_PTREGS(%r15) # load pt_regs
la %r3,1
la %r14,BASED(pgm_svcret) la %r14,BASED(pgm_svcret)
br %r1 br %r1
......
...@@ -227,7 +227,7 @@ sysc_do_restart: ...@@ -227,7 +227,7 @@ sysc_do_restart:
larl %r10,sys_call_table_emu # use 31 bit emulation system calls larl %r10,sys_call_table_emu # use 31 bit emulation system calls
sysc_noemu: sysc_noemu:
#endif #endif
tm __TI_flags+7(%r9),_TIF_SYSCALL_TRACE tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
lgf %r8,0(%r7,%r10) # load address of system call routine lgf %r8,0(%r7,%r10) # load address of system call routine
jo sysc_tracesys jo sysc_tracesys
basr %r14,%r8 # call sys_xxxx basr %r14,%r8 # call sys_xxxx
...@@ -299,6 +299,8 @@ __critical_end: ...@@ -299,6 +299,8 @@ __critical_end:
# special linkage: %r12 contains the return address for trace_svc # special linkage: %r12 contains the return address for trace_svc
# #
sysc_tracesys: sysc_tracesys:
la %r2,SP_PTREGS(%r15) # load pt_regs
la %r3,0
srl %r7,2 srl %r7,2
stg %r7,SP_R2(%r15) stg %r7,SP_R2(%r15)
brasl %r14,syscall_trace brasl %r14,syscall_trace
...@@ -314,8 +316,10 @@ sysc_tracego: ...@@ -314,8 +316,10 @@ sysc_tracego:
basr %r14,%r8 # call sys_xxx basr %r14,%r8 # call sys_xxx
stg %r2,SP_R2(%r15) # store return value stg %r2,SP_R2(%r15) # store return value
sysc_tracenogo: sysc_tracenogo:
tm __TI_flags+7(%r9),_TIF_SYSCALL_TRACE tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
jno sysc_return jno sysc_return
la %r2,SP_PTREGS(%r15) # load pt_regs
la %r3,1
larl %r14,sysc_return # return point is sysc_return larl %r14,sysc_return # return point is sysc_return
jg syscall_trace jg syscall_trace
...@@ -541,7 +545,7 @@ pgm_svcstd: ...@@ -541,7 +545,7 @@ pgm_svcstd:
larl %r10,sys_call_table_emu # use 31 bit emulation system calls larl %r10,sys_call_table_emu # use 31 bit emulation system calls
pgm_svcper_noemu: pgm_svcper_noemu:
#endif #endif
tm __TI_flags+7(%r9),_TIF_SYSCALL_TRACE tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
lgf %r8,0(%r7,%r10) # load address of system call routine lgf %r8,0(%r7,%r10) # load address of system call routine
jo pgm_tracesys jo pgm_tracesys
basr %r14,%r8 # call sys_xxxx basr %r14,%r8 # call sys_xxxx
...@@ -566,6 +570,8 @@ pgm_svcper_nosig: ...@@ -566,6 +570,8 @@ pgm_svcper_nosig:
# call trace before and after sys_call # call trace before and after sys_call
# #
pgm_tracesys: pgm_tracesys:
la %r2,SP_PTREGS(%r15) # load pt_regs
la %r3,0
srlg %r7,%r7,2 srlg %r7,%r7,2
stg %r7,SP_R2(%r15) stg %r7,SP_R2(%r15)
brasl %r14,syscall_trace brasl %r14,syscall_trace
...@@ -581,8 +587,10 @@ pgm_svc_go: ...@@ -581,8 +587,10 @@ pgm_svc_go:
basr %r14,%r8 # call sys_xxx basr %r14,%r8 # call sys_xxx
stg %r2,SP_R2(%r15) # store return value stg %r2,SP_R2(%r15) # store return value
pgm_svc_nogo: pgm_svc_nogo:
tm __TI_flags+7(%r9),_TIF_SYSCALL_TRACE tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
jno pgm_svcret jno pgm_svcret
la %r2,SP_PTREGS(%r15) # load pt_regs
la %r3,1
larl %r14,pgm_svcret # return point is sysc_return larl %r14,pgm_svcret # return point is sysc_return
jg syscall_trace jg syscall_trace
......
...@@ -690,8 +690,16 @@ sys_ptrace(long request, long pid, long addr, long data) ...@@ -690,8 +690,16 @@ sys_ptrace(long request, long pid, long addr, long data)
} }
asmlinkage void asmlinkage void
syscall_trace(void) syscall_trace(struct pt_regs *regs, int entryexit)
{ {
if (unlikely(current->audit_context)) {
if (!entryexit)
audit_syscall_entry(current, regs->gprs[2],
regs->orig_gpr2, regs->gprs[3],
regs->gprs[4], regs->gprs[5]);
else
audit_syscall_exit(current, regs->gprs[2]);
}
if (!test_thread_flag(TIF_SYSCALL_TRACE)) if (!test_thread_flag(TIF_SYSCALL_TRACE))
return; return;
if (!(current->ptrace & PT_PTRACED)) if (!(current->ptrace & PT_PTRACED))
......
...@@ -84,6 +84,7 @@ static inline struct thread_info *current_thread_info(void) ...@@ -84,6 +84,7 @@ static inline struct thread_info *current_thread_info(void)
#define TIF_SIGPENDING 2 /* signal pending */ #define TIF_SIGPENDING 2 /* signal pending */
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */ #define TIF_NEED_RESCHED 3 /* rescheduling necessary */
#define TIF_RESTART_SVC 4 /* restart svc with new svc number */ #define TIF_RESTART_SVC 4 /* restart svc with new svc number */
#define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */
#define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */ #define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */
#define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling #define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling
TIF_NEED_RESCHED */ TIF_NEED_RESCHED */
...@@ -94,6 +95,7 @@ static inline struct thread_info *current_thread_info(void) ...@@ -94,6 +95,7 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_SIGPENDING (1<<TIF_SIGPENDING) #define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
#define _TIF_RESTART_SVC (1<<TIF_RESTART_SVC) #define _TIF_RESTART_SVC (1<<TIF_RESTART_SVC)
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
#define _TIF_USEDFPU (1<<TIF_USEDFPU) #define _TIF_USEDFPU (1<<TIF_USEDFPU)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_31BIT (1<<TIF_31BIT) #define _TIF_31BIT (1<<TIF_31BIT)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment