[SPARC64]: Add syscall auditing support.
David S. Miller [Mon, 11 Jul 2005 02:29:45 +0000 (19:29 -0700)]
Signed-off-by: David S. Miller <davem@davemloft.net>

arch/sparc64/kernel/entry.S
arch/sparc64/kernel/ptrace.c
include/asm-sparc64/thread_info.h
include/linux/audit.h
init/Kconfig

index 8b7ed76..d781f10 100644 (file)
@@ -1552,7 +1552,7 @@ sys_ptrace:       add             %sp, PTREGS_OFF, %o0
                nop
                .align          32
 1:             ldx             [%curptr + TI_FLAGS], %l5
-               andcc           %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0
+               andcc           %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
                be,pt           %icc, rtrap
                 clr            %l6
                add             %sp, PTREGS_OFF, %o0
@@ -1679,7 +1679,7 @@ linux_sparc_syscall32:
 
        srl             %i5, 0, %o5                             ! IEU1
        srl             %i2, 0, %o2                             ! IEU0  Group
-       andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU0      Group
+       andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
        bne,pn          %icc, linux_syscall_trace32             ! CTI
         mov            %i0, %l5                                ! IEU1
        call            %l7                                     ! CTI   Group brk forced
@@ -1702,7 +1702,7 @@ linux_sparc_syscall:
 
        mov             %i3, %o3                                ! IEU1
        mov             %i4, %o4                                ! IEU0  Group
-       andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU1      Group+1 bubble
+       andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
        bne,pn          %icc, linux_syscall_trace               ! CTI   Group
         mov            %i0, %l5                                ! IEU0
 2:     call            %l7                                     ! CTI   Group brk forced
@@ -1730,7 +1730,7 @@ ret_sys_call:
 1:
        cmp             %o0, -ERESTART_RESTARTBLOCK
        bgeu,pn         %xcc, 1f
-        andcc          %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6
+        andcc          %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6
 80:
        /* System call success, clear Carry condition code. */
        andn            %g3, %g2, %g3
@@ -1745,7 +1745,7 @@ ret_sys_call:
        /* System call failure, set Carry condition code.
         * Also, get abs(errno) to return to the process.
         */
-       andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6     
+       andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6  
        sub             %g0, %o0, %o0
        or              %g3, %g2, %g3
        stx             %o0, [%sp + PTREGS_OFF + PT_V9_I0]
index c57dc9e..23ad839 100644 (file)
@@ -19,6 +19,8 @@
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
 #include <linux/security.h>
+#include <linux/seccomp.h>
+#include <linux/audit.h>
 #include <linux/signal.h>
 
 #include <asm/asi.h>
@@ -633,10 +635,22 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
        /* do the secure computing check first */
        secure_computing(regs->u_regs[UREG_G1]);
 
-       if (!test_thread_flag(TIF_SYSCALL_TRACE))
-               return;
+       if (unlikely(current->audit_context) && syscall_exit_p) {
+               unsigned long tstate = regs->tstate;
+               int result = AUDITSC_SUCCESS;
+
+               if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY)))
+                       result = AUDITSC_FAILURE;
+
+               audit_syscall_exit(current, result, regs->u_regs[UREG_I0]);
+       }
+
        if (!(current->ptrace & PT_PTRACED))
-               return;
+               goto out;
+
+       if (!test_thread_flag(TIF_SYSCALL_TRACE))
+               goto out;
+
        ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
                                 ? 0x80 : 0));
 
@@ -649,4 +663,16 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
                send_sig(current->exit_code, current, 1);
                current->exit_code = 0;
        }
+
+out:
+       if (unlikely(current->audit_context) && !syscall_exit_p)
+               audit_syscall_entry(current,
+                                   (test_thread_flag(TIF_32BIT) ?
+                                    AUDIT_ARCH_SPARC :
+                                    AUDIT_ARCH_SPARC64),
+                                   regs->u_regs[UREG_G1],
+                                   regs->u_regs[UREG_I0],
+                                   regs->u_regs[UREG_I1],
+                                   regs->u_regs[UREG_I2],
+                                   regs->u_regs[UREG_I3]);
 }
index 6b2fbb8..a1d25c0 100644 (file)
@@ -221,7 +221,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
 #define TIF_32BIT              7       /* 32-bit binary */
 #define TIF_NEWCHILD           8       /* just-spawned child process */
 #define TIF_SECCOMP            9       /* secure computing */
-#define TIF_POLLING_NRFLAG     10
+#define TIF_SYSCALL_AUDIT      10      /* syscall auditing active */
 #define TIF_SYSCALL_SUCCESS    11
 /* NOTE: Thread flags >= 12 should be ones we have no interest
  *       in using in assembly, else we can't use the mask as
@@ -229,6 +229,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
  */
 #define TIF_ABI_PENDING                12
 #define TIF_MEMDIE             13
+#define TIF_POLLING_NRFLAG     14
 
 #define _TIF_SYSCALL_TRACE     (1<<TIF_SYSCALL_TRACE)
 #define _TIF_NOTIFY_RESUME     (1<<TIF_NOTIFY_RESUME)
@@ -240,9 +241,10 @@ register struct thread_info *current_thread_info_reg asm("g6");
 #define _TIF_32BIT             (1<<TIF_32BIT)
 #define _TIF_NEWCHILD          (1<<TIF_NEWCHILD)
 #define _TIF_SECCOMP           (1<<TIF_SECCOMP)
-#define _TIF_POLLING_NRFLAG    (1<<TIF_POLLING_NRFLAG)
-#define _TIF_ABI_PENDING       (1<<TIF_ABI_PENDING)
+#define _TIF_SYSCALL_AUDIT     (1<<TIF_SYSCALL_AUDIT)
 #define _TIF_SYSCALL_SUCCESS   (1<<TIF_SYSCALL_SUCCESS)
+#define _TIF_ABI_PENDING       (1<<TIF_ABI_PENDING)
+#define _TIF_POLLING_NRFLAG    (1<<TIF_POLLING_NRFLAG)
 
 #define _TIF_USER_WORK_MASK    ((0xff << TI_FLAG_WSAVED_SHIFT) | \
                                 (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | \
index bf2ad3b..68aba0c 100644 (file)
 #define AUDIT_ARCH_SH64                (EM_SH|__AUDIT_ARCH_64BIT)
 #define AUDIT_ARCH_SHEL64      (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_SPARC       (EM_SPARC)
-#define AUDIT_ARCH_SPARC64     (EM_SPARC64|__AUDIT_ARCH_64BIT)
+#define AUDIT_ARCH_SPARC64     (EM_SPARCV9|__AUDIT_ARCH_64BIT)
 #define AUDIT_ARCH_V850                (EM_V850|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_X86_64      (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 
index b1091d7..75755ef 100644 (file)
@@ -174,7 +174,7 @@ config AUDIT
 
 config AUDITSYSCALL
        bool "Enable system-call auditing support"
-       depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML)
+       depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML || SPARC64)
        default y if SECURITY_SELINUX
        help
          Enable low-overhead system-call auditing infrastructure that