tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

parisc: add kernel audit feature

Implement missing functions for parisc to provide kernel audit feature.

Signed-off-by: Helge Deller <deller@gmx.de>

Helge Deller 527973c8 61dbbaeb

+157 -5
+3
arch/parisc/Kconfig
··· 287 287 def_bool y 288 288 depends on COMPAT && SYSVIPC 289 289 290 + config AUDIT_ARCH 291 + def_bool y 292 + 290 293 config HPUX 291 294 bool "Support for HP-UX binaries" 292 295 depends on !64BIT
+4
arch/parisc/include/asm/ptrace.h
··· 19 19 #define user_stack_pointer(regs) ((regs)->gr[30]) 20 20 unsigned long profile_pc(struct pt_regs *); 21 21 22 + static inline unsigned long regs_return_value(struct pt_regs *regs) 23 + { 24 + return regs->gr[20]; 25 + } 22 26 23 27 #endif
+3 -1
arch/parisc/include/asm/thread_info.h
··· 59 59 #define TIF_32BIT 4 /* 32 bit binary */ 60 60 #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ 61 61 #define TIF_RESTORE_SIGMASK 6 /* restore saved signal mask */ 62 + #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ 62 63 #define TIF_NOTIFY_RESUME 8 /* callback before returning to user */ 63 64 #define TIF_SINGLESTEP 9 /* single stepping? */ 64 65 #define TIF_BLOCKSTEP 10 /* branch stepping? */ ··· 69 68 #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) 70 69 #define _TIF_POLLING_NRFLAG (1 << TIF_POLLING_NRFLAG) 71 70 #define _TIF_32BIT (1 << TIF_32BIT) 71 + #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) 72 72 #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) 73 73 #define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP) 74 74 #define _TIF_BLOCKSTEP (1 << TIF_BLOCKSTEP) ··· 77 75 #define _TIF_USER_WORK_MASK (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | \ 78 76 _TIF_NEED_RESCHED) 79 77 #define _TIF_SYSCALL_TRACE_MASK (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | \ 80 - _TIF_BLOCKSTEP) 78 + _TIF_BLOCKSTEP | _TIF_SYSCALL_AUDIT) 81 79 82 80 #endif /* __KERNEL__ */ 83 81
+3 -1
arch/parisc/kernel/Makefile
··· 29 29 obj-$(CONFIG_MODULES) += module.o 30 30 obj-$(CONFIG_64BIT) += binfmt_elf32.o sys_parisc32.o signal32.o 31 31 obj-$(CONFIG_STACKTRACE)+= stacktrace.o 32 + obj-$(CONFIG_AUDIT) += audit.o 33 + obj64-$(CONFIG_AUDIT) += compat_audit.o 32 34 # only supported for PCX-W/U in 64-bit mode at the moment 33 - obj-$(CONFIG_64BIT) += perf.o perf_asm.o 35 + obj-$(CONFIG_64BIT) += perf.o perf_asm.o $(obj64-y) 34 36 obj-$(CONFIG_FUNCTION_TRACER) += ftrace.o 35 37 obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o
+81
arch/parisc/kernel/audit.c
··· 1 + #include <linux/init.h> 2 + #include <linux/types.h> 3 + #include <linux/audit.h> 4 + #include <asm/unistd.h> 5 + 6 + static unsigned dir_class[] = { 7 + #include <asm-generic/audit_dir_write.h> 8 + ~0U 9 + }; 10 + 11 + static unsigned read_class[] = { 12 + #include <asm-generic/audit_read.h> 13 + ~0U 14 + }; 15 + 16 + static unsigned write_class[] = { 17 + #include <asm-generic/audit_write.h> 18 + ~0U 19 + }; 20 + 21 + static unsigned chattr_class[] = { 22 + #include <asm-generic/audit_change_attr.h> 23 + ~0U 24 + }; 25 + 26 + static unsigned signal_class[] = { 27 + #include <asm-generic/audit_signal.h> 28 + ~0U 29 + }; 30 + 31 + int audit_classify_arch(int arch) 32 + { 33 + #ifdef CONFIG_COMPAT 34 + if (arch == AUDIT_ARCH_PARISC) 35 + return 1; 36 + #endif 37 + return 0; 38 + } 39 + 40 + int audit_classify_syscall(int abi, unsigned syscall) 41 + { 42 + #ifdef CONFIG_COMPAT 43 + extern int parisc32_classify_syscall(unsigned); 44 + if (abi == AUDIT_ARCH_PARISC) 45 + return parisc32_classify_syscall(syscall); 46 + #endif 47 + switch (syscall) { 48 + case __NR_open: 49 + return 2; 50 + case __NR_openat: 51 + return 3; 52 + case __NR_execve: 53 + return 5; 54 + default: 55 + return 0; 56 + } 57 + } 58 + 59 + static int __init audit_classes_init(void) 60 + { 61 + #ifdef CONFIG_COMPAT 62 + extern __u32 parisc32_dir_class[]; 63 + extern __u32 parisc32_write_class[]; 64 + extern __u32 parisc32_read_class[]; 65 + extern __u32 parisc32_chattr_class[]; 66 + extern __u32 parisc32_signal_class[]; 67 + audit_register_class(AUDIT_CLASS_WRITE_32, parisc32_write_class); 68 + audit_register_class(AUDIT_CLASS_READ_32, parisc32_read_class); 69 + audit_register_class(AUDIT_CLASS_DIR_WRITE_32, parisc32_dir_class); 70 + audit_register_class(AUDIT_CLASS_CHATTR_32, parisc32_chattr_class); 71 + audit_register_class(AUDIT_CLASS_SIGNAL_32, parisc32_signal_class); 72 + #endif 73 + audit_register_class(AUDIT_CLASS_WRITE, write_class); 74 + audit_register_class(AUDIT_CLASS_READ, read_class); 75 + audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); 76 + audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); 77 + audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); 78 + return 0; 79 + } 80 + 81 + __initcall(audit_classes_init);
+40
arch/parisc/kernel/compat_audit.c
··· 1 + #include <asm/unistd.h> 2 + 3 + unsigned int parisc32_dir_class[] = { 4 + #include <asm-generic/audit_dir_write.h> 5 + ~0U 6 + }; 7 + 8 + unsigned int parisc32_chattr_class[] = { 9 + #include <asm-generic/audit_change_attr.h> 10 + ~0U 11 + }; 12 + 13 + unsigned int parisc32_write_class[] = { 14 + #include <asm-generic/audit_write.h> 15 + ~0U 16 + }; 17 + 18 + unsigned int parisc32_read_class[] = { 19 + #include <asm-generic/audit_read.h> 20 + ~0U 21 + }; 22 + 23 + unsigned int parisc32_signal_class[] = { 24 + #include <asm-generic/audit_signal.h> 25 + ~0U 26 + }; 27 + 28 + int parisc32_classify_syscall(unsigned syscall) 29 + { 30 + switch (syscall) { 31 + case __NR_open: 32 + return 2; 33 + case __NR_openat: 34 + return 3; 35 + case __NR_execve: 36 + return 5; 37 + default: 38 + return 1; 39 + } 40 + }
+22 -2
arch/parisc/kernel/ptrace.c
··· 19 19 #include <linux/security.h> 20 20 #include <linux/compat.h> 21 21 #include <linux/signal.h> 22 + #include <linux/audit.h> 22 23 23 24 #include <asm/uaccess.h> 24 25 #include <asm/pgtable.h> ··· 268 267 269 268 long do_syscall_trace_enter(struct pt_regs *regs) 270 269 { 270 + long ret = 0; 271 + 271 272 if (test_thread_flag(TIF_SYSCALL_TRACE) && 272 273 tracehook_report_syscall_entry(regs)) 273 - return -1L; 274 + ret = -1L; 274 275 275 - return regs->gr[20]; 276 + #ifdef CONFIG_64BIT 277 + if (!is_compat_task()) 278 + audit_syscall_entry(AUDIT_ARCH_PARISC64, 279 + regs->gr[20], 280 + regs->gr[26], regs->gr[25], 281 + regs->gr[24], regs->gr[23]); 282 + else 283 + #endif 284 + audit_syscall_entry(AUDIT_ARCH_PARISC, 285 + regs->gr[20] & 0xffffffff, 286 + regs->gr[26] & 0xffffffff, 287 + regs->gr[25] & 0xffffffff, 288 + regs->gr[24] & 0xffffffff, 289 + regs->gr[23] & 0xffffffff); 290 + 291 + return ret ? : regs->gr[20]; 276 292 } 277 293 278 294 void do_syscall_trace_exit(struct pt_regs *regs) 279 295 { 280 296 int stepping = test_thread_flag(TIF_SINGLESTEP) || 281 297 test_thread_flag(TIF_BLOCKSTEP); 298 + 299 + audit_syscall_exit(regs); 282 300 283 301 if (stepping || test_thread_flag(TIF_SYSCALL_TRACE)) 284 302 tracehook_report_syscall_exit(regs, stepping);
+1 -1
init/Kconfig
··· 284 284 285 285 config AUDITSYSCALL 286 286 bool "Enable system-call auditing support" 287 - depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) 287 + depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) 288 288 default y if SECURITY_SELINUX 289 289 help 290 290 Enable low-overhead system-call auditing infrastructure that