From patchwork Fri Jan 17 08:13:19 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 23294 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-oa0-f72.google.com (mail-oa0-f72.google.com [209.85.219.72]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 20BA0202FA for ; Fri, 17 Jan 2014 08:14:37 +0000 (UTC) Received: by mail-oa0-f72.google.com with SMTP id o6sf13769266oag.7 for ; Fri, 17 Jan 2014 00:14:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=8iZunccV94o9JLhaaV+DGEtFYhDLmfJZbP8R+oCvLw4=; b=knFJcApCVzYYUTdsqXV9EteJ8uQFZ9qmK0fWc1nYb7sr+K/QSpE/E8s9ZHv3q1q+aa zLormL8tLD7Yg6Z0TDl6Mx93WI8/YJsrcD7uB6f/hWuo/ZVrTtl2iq7wolVCbIcTljas fdpWCBOzlna0kfdplt3PFpR5glA1EWgahhc0nQ6s4aIZX9nekLIYTP2tyOcDBUiRaom/ 0DMbQLMTV+Q606BbGKv3K2Dvd1CCzqOvqPfGVn9A6AmyhARGIAUgKu4Hocgna51FdJOC ylj5uS9rqEY4QTakcM7b7VtBGJjbr/U+3pNOL6cqA1YdKz7vJIGCDyrZSLZxkvnNH5mu /XCA== X-Gm-Message-State: ALoCoQkrDVXcHd8vdf00XV3W3E2ltR6jUdnCEt5rGsFQIERaSVjUeLPMwqfKLO7WVbphJE0rJw1U X-Received: by 10.42.46.3 with SMTP id i3mr157482icf.31.1389946476312; Fri, 17 Jan 2014 00:14:36 -0800 (PST) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.88.227 with SMTP id t90ls456788qgd.52.gmail; Fri, 17 Jan 2014 00:14:36 -0800 (PST) X-Received: by 10.58.180.227 with SMTP id dr3mr247078vec.36.1389946476218; Fri, 17 Jan 2014 00:14:36 -0800 (PST) Received: from mail-ve0-f180.google.com (mail-ve0-f180.google.com [209.85.128.180]) by mx.google.com with ESMTPS id sp7si4544036vdc.47.2014.01.17.00.14.36 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 17 Jan 2014 00:14:36 -0800 (PST) Received-SPF: neutral (google.com: 209.85.128.180 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.180; Received: by mail-ve0-f180.google.com with SMTP id jz11so1428394veb.39 for ; Fri, 17 Jan 2014 00:14:36 -0800 (PST) X-Received: by 10.58.119.161 with SMTP id kv1mr213890veb.21.1389946476153; Fri, 17 Jan 2014 00:14:36 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.59.13.131 with SMTP id ey3csp2368ved; Fri, 17 Jan 2014 00:14:35 -0800 (PST) X-Received: by 10.68.12.138 with SMTP id y10mr535440pbb.101.1389946475271; Fri, 17 Jan 2014 00:14:35 -0800 (PST) Received: from mail-pd0-f172.google.com (mail-pd0-f172.google.com [209.85.192.172]) by mx.google.com with ESMTPS id wm3si9447635pab.223.2014.01.17.00.14.34 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 17 Jan 2014 00:14:35 -0800 (PST) Received-SPF: neutral (google.com: 209.85.192.172 is neither permitted nor denied by best guess record for domain of takahiro.akashi@linaro.org) client-ip=209.85.192.172; Received: by mail-pd0-f172.google.com with SMTP id z10so3700627pdj.17 for ; Fri, 17 Jan 2014 00:14:34 -0800 (PST) X-Received: by 10.68.98.3 with SMTP id ee3mr608660pbb.31.1389946474877; Fri, 17 Jan 2014 00:14:34 -0800 (PST) Received: from localhost.localdomain (KD182250177246.au-net.ne.jp. [182.250.177.246]) by mx.google.com with ESMTPSA id jn12sm20572056pbd.37.2014.01.17.00.14.30 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 17 Jan 2014 00:14:33 -0800 (PST) From: AKASHI Takahiro To: viro@zeniv.linux.org.uk, eparis@redhat.com, rgb@redhat.com, catalin.marinas@arm.com, will.deacon@arm.com Cc: arndb@arndb.de, linux-arm-kernel@lists.infradead.org, linaro-kernel@lists.linaro.org, linux-kernel@vger.kernel.org, linux-audit@redhat.com, patches@linaro.org, AKASHI Takahiro Subject: [PATCH v2 6/6] arm64: audit: Add audit hook in ptrace/syscall_trace Date: Fri, 17 Jan 2014 17:13:19 +0900 Message-Id: <1389946399-4525-7-git-send-email-takahiro.akashi@linaro.org> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1389946399-4525-1-git-send-email-takahiro.akashi@linaro.org> References: <1383733546-2846-1-git-send-email-takahiro.akashi@linaro.org> <1389946399-4525-1-git-send-email-takahiro.akashi@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: takahiro.akashi@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.180 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , This patch adds auditing functions on entry to or exit from every system call invocation. Signed-off-by: AKASHI Takahiro --- arch/arm64/include/asm/thread_info.h | 1 + arch/arm64/kernel/entry.S | 3 +++ arch/arm64/kernel/ptrace.c | 12 ++++++++++++ 3 files changed, 16 insertions(+) diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h index 720e70b..7468388 100644 --- a/arch/arm64/include/asm/thread_info.h +++ b/arch/arm64/include/asm/thread_info.h @@ -101,6 +101,7 @@ static inline struct thread_info *current_thread_info(void) #define TIF_NEED_RESCHED 1 #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ #define TIF_SYSCALL_TRACE 8 +#define TIF_SYSCALL_AUDIT 9 #define TIF_POLLING_NRFLAG 16 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_FREEZE 19 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 4d2c6f3..5bb2c26 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -631,6 +631,9 @@ el0_svc_naked: // compat entry point get_thread_info tsk ldr x16, [tsk, #TI_FLAGS] // check for syscall tracing tbnz x16, #TIF_SYSCALL_TRACE, __sys_trace // are we tracing syscalls? +#ifdef CONFIG_AUDITSYSCALL + tbnz x16, #TIF_SYSCALL_AUDIT, __sys_trace // auditing syscalls? +#endif adr lr, ret_fast_syscall // return address cmp scno, sc_nr // check upper syscall limit b.hs ni_sys diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 6777a21..2ca169b 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -19,6 +19,7 @@ * along with this program. If not, see . */ +#include #include #include #include @@ -38,6 +39,7 @@ #include #include #include +#include #include #include @@ -1064,6 +1066,16 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) { unsigned long saved_reg; +#ifdef CONFIG_AUDITSYSCALL + if (dir) + audit_syscall_exit(regs); + else + audit_syscall_entry(syscall_get_arch(current, regs), + (int)regs->syscallno, + regs->orig_x0, regs->regs[1], + regs->regs[2], regs->regs[3]); +#endif /* CONFIG_AUDITSYSCALL */ + if (!test_thread_flag(TIF_SYSCALL_TRACE)) return regs->syscallno;