tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
audit: Migrate to use SYSCALL_WORK flag
On architectures using the generic syscall entry code the architecture
independent syscall work is moved to flags in thread_info::syscall_work.
This removes architecture dependencies and frees up TIF bits.
Define SYSCALL_WORK_SYSCALL_AUDIT, use it in the generic entry code and
convert the code which uses the TIF specific helper functions to use the
new *_syscall_work() helpers which either resolve to the new mode for users
of the generic entry code or to the TIF based functions for the other
architectures.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Link: https://lore.kernel.org/r/20201116174206.2639648-9-krisman@collabora.com
authored by
Gabriel Krisman Bertazi
and committed by
Thomas Gleixner
785dc4eb
64eb35f7
+24
-23
+14
-9
include/asm-generic/syscall.h
+14
-9
include/asm-generic/syscall.h
···
43
43
* @regs: task_pt_regs() of @task
44
44
*
45
45
* It's only valid to call this when @task is stopped for system
46
-
* call exit tracing (due to %SYSCALL_WORK_SYSCALL_TRACE or TIF_SYSCALL_AUDIT),
47
-
* after tracehook_report_syscall_entry() returned nonzero to prevent
48
-
* the system call from taking place.
46
+
* call exit tracing (due to %SYSCALL_WORK_SYSCALL_TRACE or
47
+
* %SYSCALL_WORK_SYSCALL_AUDIT), after tracehook_report_syscall_entry()
48
+
* returned nonzero to prevent the system call from taking place.
49
49
*
50
50
* This rolls back the register state in @regs so it's as if the
51
51
* system call instruction was a no-op. The registers containing
···
63
63
* Returns 0 if the system call succeeded, or -ERRORCODE if it failed.
64
64
*
65
65
* It's only valid to call this when @task is stopped for tracing on exit
66
-
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
66
+
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
67
+
* %SYSCALL_WORK_SYSCALL_AUDIT.
67
68
*/
68
69
long syscall_get_error(struct task_struct *task, struct pt_regs *regs);
69
70
···
77
76
* This value is meaningless if syscall_get_error() returned nonzero.
78
77
*
79
78
* It's only valid to call this when @task is stopped for tracing on exit
80
-
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
79
+
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
80
+
* %SYSCALL_WORK_SYSCALL_AUDIT.
81
81
*/
82
82
long syscall_get_return_value(struct task_struct *task, struct pt_regs *regs);
83
83
···
95
93
* code; the user sees a failed system call with this errno code.
96
94
*
97
95
* It's only valid to call this when @task is stopped for tracing on exit
98
-
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
96
+
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
97
+
* %SYSCALL_WORK_SYSCALL_AUDIT.
99
98
*/
100
99
void syscall_set_return_value(struct task_struct *task, struct pt_regs *regs,
101
100
int error, long val);
···
111
108
* @args[0], and so on.
112
109
*
113
110
* It's only valid to call this when @task is stopped for tracing on
114
-
* entry to a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
111
+
* entry to a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
112
+
* %SYSCALL_WORK_SYSCALL_AUDIT.
115
113
*/
116
114
void syscall_get_arguments(struct task_struct *task, struct pt_regs *regs,
117
115
unsigned long *args);
···
127
123
* The first argument gets value @args[0], and so on.
128
124
*
129
125
* It's only valid to call this when @task is stopped for tracing on
130
-
* entry to a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
126
+
* entry to a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
127
+
* %SYSCALL_WORK_SYSCALL_AUDIT.
131
128
*/
132
129
void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
133
130
const unsigned long *args);
···
140
135
* Returns the AUDIT_ARCH_* based on the system call convention in use.
141
136
*
142
137
* It's only valid to call this when @task is stopped on entry to a system
143
-
* call, due to %SYSCALL_WORK_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or
138
+
* call, due to %SYSCALL_WORK_SYSCALL_TRACE, %SYSCALL_WORK_SYSCALL_AUDIT, or
144
139
* %SYSCALL_WORK_SECCOMP.
145
140
*
146
141
* Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must
+6
-12
include/linux/entry-common.h
+6
-12
include/linux/entry-common.h
···
13
13
* Define dummy _TIF work flags if not defined by the architecture or for
14
14
* disabled functionality.
15
15
*/
16
-
#ifndef _TIF_SYSCALL_AUDIT
17
-
# define _TIF_SYSCALL_AUDIT (0)
18
-
#endif
19
-
20
16
#ifndef _TIF_PATCH_PENDING
21
17
# define _TIF_PATCH_PENDING (0)
22
18
#endif
···
32
36
# define ARCH_SYSCALL_ENTER_WORK (0)
33
37
#endif
34
38
35
-
#define SYSCALL_ENTER_WORK \
36
-
(_TIF_SYSCALL_AUDIT | \
37
-
ARCH_SYSCALL_ENTER_WORK)
39
+
#define SYSCALL_ENTER_WORK ARCH_SYSCALL_ENTER_WORK
38
40
39
41
/*
40
42
* TIF flags handled in syscall_exit_to_user_mode()
···
41
47
# define ARCH_SYSCALL_EXIT_WORK (0)
42
48
#endif
43
49
44
-
#define SYSCALL_EXIT_WORK \
45
-
(_TIF_SYSCALL_AUDIT | \
46
-
ARCH_SYSCALL_EXIT_WORK)
50
+
#define SYSCALL_EXIT_WORK ARCH_SYSCALL_EXIT_WORK
47
51
48
52
#define SYSCALL_WORK_ENTER (SYSCALL_WORK_SECCOMP | \
49
53
SYSCALL_WORK_SYSCALL_TRACEPOINT | \
50
54
SYSCALL_WORK_SYSCALL_TRACE | \
51
-
SYSCALL_WORK_SYSCALL_EMU)
55
+
SYSCALL_WORK_SYSCALL_EMU | \
56
+
SYSCALL_WORK_SYSCALL_AUDIT)
52
57
#define SYSCALL_WORK_EXIT (SYSCALL_WORK_SYSCALL_TRACEPOINT | \
53
-
SYSCALL_WORK_SYSCALL_TRACE)
58
+
SYSCALL_WORK_SYSCALL_TRACE | \
59
+
SYSCALL_WORK_SYSCALL_AUDIT)
54
60
55
61
/*
56
62
* TIF flags handled in exit_to_user_mode_loop()
+2
include/linux/thread_info.h
+2
include/linux/thread_info.h
···
40
40
SYSCALL_WORK_BIT_SYSCALL_TRACEPOINT,
41
41
SYSCALL_WORK_BIT_SYSCALL_TRACE,
42
42
SYSCALL_WORK_BIT_SYSCALL_EMU,
43
+
SYSCALL_WORK_BIT_SYSCALL_AUDIT,
43
44
};
44
45
45
46
#define SYSCALL_WORK_SECCOMP BIT(SYSCALL_WORK_BIT_SECCOMP)
46
47
#define SYSCALL_WORK_SYSCALL_TRACEPOINT BIT(SYSCALL_WORK_BIT_SYSCALL_TRACEPOINT)
47
48
#define SYSCALL_WORK_SYSCALL_TRACE BIT(SYSCALL_WORK_BIT_SYSCALL_TRACE)
48
49
#define SYSCALL_WORK_SYSCALL_EMU BIT(SYSCALL_WORK_BIT_SYSCALL_EMU)
50
+
#define SYSCALL_WORK_SYSCALL_AUDIT BIT(SYSCALL_WORK_BIT_SYSCALL_AUDIT)
49
51
50
52
#include <asm/thread_info.h>
51
53
+2
-2
kernel/auditsc.c
+2
-2
kernel/auditsc.c
···
952
952
953
953
state = audit_filter_task(tsk, &key);
954
954
if (state == AUDIT_DISABLED) {
955
-
clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
955
+
clear_task_syscall_work(tsk, SYSCALL_AUDIT);
956
956
return 0;
957
957
}
958
958
···
964
964
context->filterkey = key;
965
965
966
966
audit_set_context(tsk, context);
967
-
set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
967
+
set_task_syscall_work(tsk, SYSCALL_AUDIT);
968
968
return 0;
969
969
}
970
970