Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
linux-davinci
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
linux
linux-davinci
Commits
f7ceba36
Commit
f7ceba36
authored
Jul 10, 2005
by
David S. Miller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[SPARC64]: Add syscall auditing support.
Signed-off-by:
David S. Miller
<
davem@davemloft.net
>
parent
8d8a6479
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
41 additions
and
13 deletions
+41
-13
arch/sparc64/kernel/entry.S
arch/sparc64/kernel/entry.S
+5
-5
arch/sparc64/kernel/ptrace.c
arch/sparc64/kernel/ptrace.c
+29
-3
include/asm-sparc64/thread_info.h
include/asm-sparc64/thread_info.h
+5
-3
include/linux/audit.h
include/linux/audit.h
+1
-1
init/Kconfig
init/Kconfig
+1
-1
No files found.
arch/sparc64/kernel/entry.S
View file @
f7ceba36
...
...
@@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0
nop
.
align
32
1
:
ldx
[%
curptr
+
TI_FLAGS
],
%
l5
andcc
%
l5
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
),
%
g0
andcc
%
l5
,
(
_TIF_SYSCALL_TRACE|_TIF_SECCOMP
|_TIF_SYSCALL_AUDIT
),
%
g0
be
,
pt
%
icc
,
rtrap
clr
%
l6
add
%
sp
,
PTREGS_OFF
,
%
o0
...
...
@@ -1679,7 +1679,7 @@ linux_sparc_syscall32:
srl
%
i5
,
0
,
%
o5
!
IEU1
srl
%
i2
,
0
,
%
o2
!
IEU0
Group
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
),
%
g0
!
IEU0
Group
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE|_TIF_SECCOMP
|_TIF_SYSCALL_AUDIT
),
%
g0
bne
,
pn
%
icc
,
linux_syscall_trace32
!
CTI
mov
%
i0
,
%
l5
!
IEU1
call
%
l7
!
CTI
Group
brk
forced
...
...
@@ -1702,7 +1702,7 @@ linux_sparc_syscall:
mov
%
i3
,
%
o3
!
IEU1
mov
%
i4
,
%
o4
!
IEU0
Group
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
),
%
g0
!
IEU1
Group
+
1
bubble
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE|_TIF_SECCOMP
|_TIF_SYSCALL_AUDIT
),
%
g0
bne
,
pn
%
icc
,
linux_syscall_trace
!
CTI
Group
mov
%
i0
,
%
l5
!
IEU0
2
:
call
%
l7
!
CTI
Group
brk
forced
...
...
@@ -1730,7 +1730,7 @@ ret_sys_call:
1
:
cmp
%
o0
,
-
ERESTART_RESTARTBLOCK
bgeu
,
pn
%
xcc
,
1
f
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
),
%
l6
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE|_TIF_SECCOMP
|_TIF_SYSCALL_AUDIT
),
%
l6
80
:
/
*
System
call
success
,
clear
Carry
condition
code
.
*/
andn
%
g3
,
%
g2
,
%
g3
...
...
@@ -1745,7 +1745,7 @@ ret_sys_call:
/
*
System
call
failure
,
set
Carry
condition
code
.
*
Also
,
get
abs
(
errno
)
to
return
to
the
process
.
*/
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
),
%
l6
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE|_TIF_SECCOMP
|_TIF_SYSCALL_AUDIT
),
%
l6
sub
%
g0
,
%
o0
,
%
o0
or
%
g3
,
%
g2
,
%
g3
stx
%
o0
,
[%
sp
+
PTREGS_OFF
+
PT_V9_I0
]
...
...
arch/sparc64/kernel/ptrace.c
View file @
f7ceba36
...
...
@@ -19,6 +19,8 @@
#include <linux/smp.h>
#include <linux/smp_lock.h>
#include <linux/security.h>
#include <linux/seccomp.h>
#include <linux/audit.h>
#include <linux/signal.h>
#include <asm/asi.h>
...
...
@@ -633,10 +635,22 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
/* do the secure computing check first */
secure_computing
(
regs
->
u_regs
[
UREG_G1
]);
if
(
!
test_thread_flag
(
TIF_SYSCALL_TRACE
))
return
;
if
(
unlikely
(
current
->
audit_context
)
&&
syscall_exit_p
)
{
unsigned
long
tstate
=
regs
->
tstate
;
int
result
=
AUDITSC_SUCCESS
;
if
(
unlikely
(
tstate
&
(
TSTATE_XCARRY
|
TSTATE_ICARRY
)))
result
=
AUDITSC_FAILURE
;
audit_syscall_exit
(
current
,
result
,
regs
->
u_regs
[
UREG_I0
]);
}
if
(
!
(
current
->
ptrace
&
PT_PTRACED
))
return
;
goto
out
;
if
(
!
test_thread_flag
(
TIF_SYSCALL_TRACE
))
goto
out
;
ptrace_notify
(
SIGTRAP
|
((
current
->
ptrace
&
PT_TRACESYSGOOD
)
?
0x80
:
0
));
...
...
@@ -649,4 +663,16 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
send_sig
(
current
->
exit_code
,
current
,
1
);
current
->
exit_code
=
0
;
}
out:
if
(
unlikely
(
current
->
audit_context
)
&&
!
syscall_exit_p
)
audit_syscall_entry
(
current
,
(
test_thread_flag
(
TIF_32BIT
)
?
AUDIT_ARCH_SPARC
:
AUDIT_ARCH_SPARC64
),
regs
->
u_regs
[
UREG_G1
],
regs
->
u_regs
[
UREG_I0
],
regs
->
u_regs
[
UREG_I1
],
regs
->
u_regs
[
UREG_I2
],
regs
->
u_regs
[
UREG_I3
]);
}
include/asm-sparc64/thread_info.h
View file @
f7ceba36
...
...
@@ -221,7 +221,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define TIF_32BIT 7
/* 32-bit binary */
#define TIF_NEWCHILD 8
/* just-spawned child process */
#define TIF_SECCOMP 9
/* secure computing */
#define TIF_
POLLING_NRFLAG 10
#define TIF_
SYSCALL_AUDIT 10
/* syscall auditing active */
#define TIF_SYSCALL_SUCCESS 11
/* NOTE: Thread flags >= 12 should be ones we have no interest
* in using in assembly, else we can't use the mask as
...
...
@@ -229,6 +229,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
*/
#define TIF_ABI_PENDING 12
#define TIF_MEMDIE 13
#define TIF_POLLING_NRFLAG 14
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
...
...
@@ -240,9 +241,10 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define _TIF_32BIT (1<<TIF_32BIT)
#define _TIF_NEWCHILD (1<<TIF_NEWCHILD)
#define _TIF_SECCOMP (1<<TIF_SECCOMP)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
#define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS)
#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \
(_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | \
...
...
include/linux/audit.h
View file @
f7ceba36
...
...
@@ -165,7 +165,7 @@
#define AUDIT_ARCH_SH64 (EM_SH|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_SHEL64 (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_SPARC (EM_SPARC)
#define AUDIT_ARCH_SPARC64 (EM_SPARC
64
|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_SPARC64 (EM_SPARC
V9
|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
...
...
init/Kconfig
View file @
f7ceba36
...
...
@@ -174,7 +174,7 @@ config AUDIT
config AUDITSYSCALL
bool "Enable system-call auditing support"
depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML)
depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML
|| SPARC64
)
default y if SECURITY_SELINUX
help
Enable low-overhead system-call auditing infrastructure that
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment