Commit f7ceba36 authored by David S. Miller's avatar David S. Miller

[SPARC64]: Add syscall auditing support.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8d8a6479
...@@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0 ...@@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0
nop nop
.align 32 .align 32
1: ldx [%curptr + TI_FLAGS], %l5 1: ldx [%curptr + TI_FLAGS], %l5
andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
be,pt %icc, rtrap be,pt %icc, rtrap
clr %l6 clr %l6
add %sp, PTREGS_OFF, %o0 add %sp, PTREGS_OFF, %o0
...@@ -1679,7 +1679,7 @@ linux_sparc_syscall32: ...@@ -1679,7 +1679,7 @@ linux_sparc_syscall32:
srl %i5, 0, %o5 ! IEU1 srl %i5, 0, %o5 ! IEU1
srl %i2, 0, %o2 ! IEU0 Group srl %i2, 0, %o2 ! IEU0 Group
andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU0 Group andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
bne,pn %icc, linux_syscall_trace32 ! CTI bne,pn %icc, linux_syscall_trace32 ! CTI
mov %i0, %l5 ! IEU1 mov %i0, %l5 ! IEU1
call %l7 ! CTI Group brk forced call %l7 ! CTI Group brk forced
...@@ -1702,7 +1702,7 @@ linux_sparc_syscall: ...@@ -1702,7 +1702,7 @@ linux_sparc_syscall:
mov %i3, %o3 ! IEU1 mov %i3, %o3 ! IEU1
mov %i4, %o4 ! IEU0 Group mov %i4, %o4 ! IEU0 Group
andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU1 Group+1 bubble andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %g0
bne,pn %icc, linux_syscall_trace ! CTI Group bne,pn %icc, linux_syscall_trace ! CTI Group
mov %i0, %l5 ! IEU0 mov %i0, %l5 ! IEU0
2: call %l7 ! CTI Group brk forced 2: call %l7 ! CTI Group brk forced
...@@ -1730,7 +1730,7 @@ ret_sys_call: ...@@ -1730,7 +1730,7 @@ ret_sys_call:
1: 1:
cmp %o0, -ERESTART_RESTARTBLOCK cmp %o0, -ERESTART_RESTARTBLOCK
bgeu,pn %xcc, 1f bgeu,pn %xcc, 1f
andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6
80: 80:
/* System call success, clear Carry condition code. */ /* System call success, clear Carry condition code. */
andn %g3, %g2, %g3 andn %g3, %g2, %g3
...@@ -1745,7 +1745,7 @@ ret_sys_call: ...@@ -1745,7 +1745,7 @@ ret_sys_call:
/* System call failure, set Carry condition code. /* System call failure, set Carry condition code.
* Also, get abs(errno) to return to the process. * Also, get abs(errno) to return to the process.
*/ */
andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6 andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6
sub %g0, %o0, %o0 sub %g0, %o0, %o0
or %g3, %g2, %g3 or %g3, %g2, %g3
stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]
......
...@@ -19,6 +19,8 @@ ...@@ -19,6 +19,8 @@
#include <linux/smp.h> #include <linux/smp.h>
#include <linux/smp_lock.h> #include <linux/smp_lock.h>
#include <linux/security.h> #include <linux/security.h>
#include <linux/seccomp.h>
#include <linux/audit.h>
#include <linux/signal.h> #include <linux/signal.h>
#include <asm/asi.h> #include <asm/asi.h>
...@@ -633,10 +635,22 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p) ...@@ -633,10 +635,22 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
/* do the secure computing check first */ /* do the secure computing check first */
secure_computing(regs->u_regs[UREG_G1]); secure_computing(regs->u_regs[UREG_G1]);
if (!test_thread_flag(TIF_SYSCALL_TRACE)) if (unlikely(current->audit_context) && syscall_exit_p) {
return; unsigned long tstate = regs->tstate;
int result = AUDITSC_SUCCESS;
if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY)))
result = AUDITSC_FAILURE;
audit_syscall_exit(current, result, regs->u_regs[UREG_I0]);
}
if (!(current->ptrace & PT_PTRACED)) if (!(current->ptrace & PT_PTRACED))
return; goto out;
if (!test_thread_flag(TIF_SYSCALL_TRACE))
goto out;
ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
? 0x80 : 0)); ? 0x80 : 0));
...@@ -649,4 +663,16 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p) ...@@ -649,4 +663,16 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
send_sig(current->exit_code, current, 1); send_sig(current->exit_code, current, 1);
current->exit_code = 0; current->exit_code = 0;
} }
out:
if (unlikely(current->audit_context) && !syscall_exit_p)
audit_syscall_entry(current,
(test_thread_flag(TIF_32BIT) ?
AUDIT_ARCH_SPARC :
AUDIT_ARCH_SPARC64),
regs->u_regs[UREG_G1],
regs->u_regs[UREG_I0],
regs->u_regs[UREG_I1],
regs->u_regs[UREG_I2],
regs->u_regs[UREG_I3]);
} }
...@@ -221,7 +221,7 @@ register struct thread_info *current_thread_info_reg asm("g6"); ...@@ -221,7 +221,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define TIF_32BIT 7 /* 32-bit binary */ #define TIF_32BIT 7 /* 32-bit binary */
#define TIF_NEWCHILD 8 /* just-spawned child process */ #define TIF_NEWCHILD 8 /* just-spawned child process */
#define TIF_SECCOMP 9 /* secure computing */ #define TIF_SECCOMP 9 /* secure computing */
#define TIF_POLLING_NRFLAG 10 #define TIF_SYSCALL_AUDIT 10 /* syscall auditing active */
#define TIF_SYSCALL_SUCCESS 11 #define TIF_SYSCALL_SUCCESS 11
/* NOTE: Thread flags >= 12 should be ones we have no interest /* NOTE: Thread flags >= 12 should be ones we have no interest
* in using in assembly, else we can't use the mask as * in using in assembly, else we can't use the mask as
...@@ -229,6 +229,7 @@ register struct thread_info *current_thread_info_reg asm("g6"); ...@@ -229,6 +229,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
*/ */
#define TIF_ABI_PENDING 12 #define TIF_ABI_PENDING 12
#define TIF_MEMDIE 13 #define TIF_MEMDIE 13
#define TIF_POLLING_NRFLAG 14
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
...@@ -240,9 +241,10 @@ register struct thread_info *current_thread_info_reg asm("g6"); ...@@ -240,9 +241,10 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define _TIF_32BIT (1<<TIF_32BIT) #define _TIF_32BIT (1<<TIF_32BIT)
#define _TIF_NEWCHILD (1<<TIF_NEWCHILD) #define _TIF_NEWCHILD (1<<TIF_NEWCHILD)
#define _TIF_SECCOMP (1<<TIF_SECCOMP) #define _TIF_SECCOMP (1<<TIF_SECCOMP)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
#define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS) #define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS)
#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \ #define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \
(_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | \ (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | \
......
...@@ -165,7 +165,7 @@ ...@@ -165,7 +165,7 @@
#define AUDIT_ARCH_SH64 (EM_SH|__AUDIT_ARCH_64BIT) #define AUDIT_ARCH_SH64 (EM_SH|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_SHEL64 (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define AUDIT_ARCH_SHEL64 (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_SPARC (EM_SPARC) #define AUDIT_ARCH_SPARC (EM_SPARC)
#define AUDIT_ARCH_SPARC64 (EM_SPARC64|__AUDIT_ARCH_64BIT) #define AUDIT_ARCH_SPARC64 (EM_SPARCV9|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) #define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
......
...@@ -174,7 +174,7 @@ config AUDIT ...@@ -174,7 +174,7 @@ config AUDIT
config AUDITSYSCALL config AUDITSYSCALL
bool "Enable system-call auditing support" bool "Enable system-call auditing support"
depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML) depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML || SPARC64)
default y if SECURITY_SELINUX default y if SECURITY_SELINUX
help help
Enable low-overhead system-call auditing infrastructure that Enable low-overhead system-call auditing infrastructure that
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment