commit a9302e8439445710552886e7b623dbcfa943a1f2 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

alpha: Enable system-call auditing support.

Signed-off-by: Zhenglong.cai <zhenglong.cai@cs2c.com.cn>
Signed-off-by: Matt Turner <mattst88@gmail.com>

authored by 蔡正龙 and committed by Matt Turner 12 years ago a9302e84 e7651b81

+81 -2

8 changed files

expand all

unified split

arch

alpha

Kconfig

include

asm

ptrace.h

thread_info.h

kernel

Makefile

audit.c

entry.S

ptrace.c

init

Kconfig

arch/alpha/Kconfig

··· 17 17 select ARCH_WANT_IPC_PARSE_VERSION 18 18 select ARCH_HAVE_NMI_SAFE_CMPXCHG 19 19 select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE 20 + select AUDIT_ARCH 20 21 select GENERIC_CLOCKEVENTS 21 22 select GENERIC_SMP_IDLE_THREAD 22 23 select GENERIC_STRNCPY_FROM_USER ··· 78 77 source "init/Kconfig" 79 78 source "kernel/Kconfig.freezer" 80 79 80 + config AUDIT_ARCH 81 + bool 81 82 82 83 menu "System setup" 83 84

arch/alpha/include/asm/ptrace.h

··· 19 19 20 20 #define force_successful_syscall_return() (current_pt_regs()->r0 = 0) 21 21 22 + static inline unsigned long regs_return_value(struct pt_regs *regs) 23 + { 24 + return regs->r0; 25 + } 26 + 22 27 #endif

arch/alpha/include/asm/thread_info.h

··· 70 70 #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ 71 71 #define TIF_SIGPENDING 2 /* signal pending */ 72 72 #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ 73 + #define TIF_SYSCALL_AUDIT 4 /* syscall audit active */ 73 74 #define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */ 74 75 #define TIF_MEMDIE 13 /* is terminating due to OOM killer */ 75 76 ··· 78 77 #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) 79 78 #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) 80 79 #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) 80 + #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) 81 81 82 82 /* Work to do on interrupt/exception return. */ 83 83 #define _TIF_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \

arch/alpha/kernel/Makefile

··· 17 17 obj-$(CONFIG_MODULES) += module.o 18 18 obj-$(CONFIG_PERF_EVENTS) += perf_event.o 19 19 obj-$(CONFIG_RTC_DRV_ALPHA) += rtc.o 20 + obj-$(CONFIG_AUDIT) += audit.o 20 21 21 22 ifdef CONFIG_ALPHA_GENERIC 22 23

+60

arch/alpha/kernel/audit.c

··· 1 + #include <linux/init.h> 2 + #include <linux/types.h> 3 + #include <linux/audit.h> 4 + #include <asm/unistd.h> 5 + 6 + static unsigned dir_class[] = { 7 + #include <asm-generic/audit_dir_write.h> 8 + ~0U 9 + }; 10 + 11 + static unsigned read_class[] = { 12 + #include <asm-generic/audit_read.h> 13 + ~0U 14 + }; 15 + 16 + static unsigned write_class[] = { 17 + #include <asm-generic/audit_write.h> 18 + ~0U 19 + }; 20 + 21 + static unsigned chattr_class[] = { 22 + #include <asm-generic/audit_change_attr.h> 23 + ~0U 24 + }; 25 + 26 + static unsigned signal_class[] = { 27 + #include <asm-generic/audit_signal.h> 28 + ~0U 29 + }; 30 + 31 + int audit_classify_arch(int arch) 32 + { 33 + return 0; 34 + } 35 + 36 + int audit_classify_syscall(int abi, unsigned syscall) 37 + { 38 + switch(syscall) { 39 + case __NR_open: 40 + return 2; 41 + case __NR_openat: 42 + return 3; 43 + case __NR_execve: 44 + return 5; 45 + default: 46 + return 0; 47 + } 48 + } 49 + 50 + static int __init audit_classes_init(void) 51 + { 52 + audit_register_class(AUDIT_CLASS_WRITE, write_class); 53 + audit_register_class(AUDIT_CLASS_READ, read_class); 54 + audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); 55 + audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); 56 + audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); 57 + return 0; 58 + } 59 + 60 + __initcall(audit_classes_init);

+5 -1

arch/alpha/kernel/entry.S

··· 465 465 .cfi_rel_offset $16, SP_OFF+24 466 466 .cfi_rel_offset $17, SP_OFF+32 467 467 .cfi_rel_offset $18, SP_OFF+40 468 - blbs $3, strace 468 + #ifdef CONFIG_AUDITSYSCALL 469 + lda $6, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT 470 + and $3, $6, $3 471 + #endif 472 + bne $3, strace 469 473 beq $4, 1f 470 474 ldq $27, 0($5) 471 475 1: jsr $26, ($27), alpha_ni_syscall

arch/alpha/kernel/ptrace.c

··· 14 14 #include <linux/security.h> 15 15 #include <linux/signal.h> 16 16 #include <linux/tracehook.h> 17 + #include <linux/audit.h> 17 18 18 19 #include <asm/uaccess.h> 19 20 #include <asm/pgtable.h> ··· 317 316 asmlinkage unsigned long syscall_trace_enter(void) 318 317 { 319 318 unsigned long ret = 0; 319 + struct pt_regs *regs = current_pt_regs(); 320 320 if (test_thread_flag(TIF_SYSCALL_TRACE) && 321 321 tracehook_report_syscall_entry(current_pt_regs())) 322 322 ret = -1UL; 323 + audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19); 323 324 return ret ?: current_pt_regs()->r0; 324 325 } 325 326 326 327 asmlinkage void 327 328 syscall_trace_leave(void) 328 329 { 330 + audit_syscall_exit(current_pt_regs()); 329 331 if (test_thread_flag(TIF_SYSCALL_TRACE)) 330 332 tracehook_report_syscall_exit(current_pt_regs(), 0); 331 333 }

+1 -1

init/Kconfig

··· 284 284 285 285 config AUDITSYSCALL 286 286 bool "Enable system-call auditing support" 287 - depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) 287 + depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT) || ALPHA) 288 288 default y if SECURITY_SELINUX 289 289 help 290 290 Enable low-overhead system-call auditing infrastructure that