From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: eparis@redhat.com, viro@zeniv.linux.org.uk
Cc: dsaxena@linaro.org, linux-audit@redhat.com, will.deacon@arm.com
Subject: Re: [RFC PATCH] audit: Add generic compat syscall support
Date: Fri, 13 Dec 2013 17:37:42 +0900 [thread overview]
Message-ID: <52AAC756.9060606@linaro.org> (raw)
In-Reply-To: <1384846431-5781-2-git-send-email-takahiro.akashi@linaro.org>
To: Eric, Al
Could you please give me your comments on my patch below?
I don't think this patch breaks anything on existing architectures
which support audit.
If you don't prefer the way, I'm going to keep the code
arm64-specific to support audit on AArch64(arm64) as in
my old patch series.:
https://www.redhat.com/archives/linux-audit/2013-November/msg00040.html
Thank you,
-Takahiro AKASHI
On 11/19/2013 04:33 PM, AKASHI Takahiro wrote:
> lib/audit.c provides a generic definition for auditing system calls.
> lib/compat_audit.c similarly adds compat syscall support for
> bi-architectures (32/64-bit).
>
> Each architecture must define audit_is_compat() in asm/audit.h.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
> include/linux/audit.h | 3 +++
> lib/Makefile | 3 +++
> lib/audit.c | 10 ++++++++
> lib/compat_audit.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 80 insertions(+)
> create mode 100644 lib/compat_audit.c
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 729a4d1..f6c8d18 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -75,6 +75,9 @@ struct audit_field {
>
> extern int __init audit_register_class(int class, unsigned *list);
> extern int audit_classify_syscall(int abi, unsigned syscall);
> +#ifdef CONFIG_COMPAT
> +extern int audit_classify_compat_syscall(int abi, unsigned syscall);
> +#endif
> extern int audit_classify_arch(int arch);
>
> /* audit_names->type values */
> diff --git a/lib/Makefile b/lib/Makefile
> index f3bb2cb..5bb185a 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -96,6 +96,9 @@ obj-$(CONFIG_TEXTSEARCH_BM) += ts_bm.o
> obj-$(CONFIG_TEXTSEARCH_FSM) += ts_fsm.o
> obj-$(CONFIG_SMP) += percpu_counter.o
> obj-$(CONFIG_AUDIT_GENERIC) += audit.o
> +ifeq ($(CONFIG_COMPAT),y)
> +obj-$(CONFIG_AUDIT_GENERIC) += compat_audit.o
> +endif
>
> obj-$(CONFIG_SWIOTLB) += swiotlb.o
> obj-$(CONFIG_IOMMU_HELPER) += iommu-helper.o
> diff --git a/lib/audit.c b/lib/audit.c
> index 76bbed4..fa373bd 100644
> --- a/lib/audit.c
> +++ b/lib/audit.c
> @@ -1,6 +1,7 @@
> #include <linux/init.h>
> #include <linux/types.h>
> #include <linux/audit.h>
> +#include <asm/audit.h>
> #include <asm/unistd.h>
>
> static unsigned dir_class[] = {
> @@ -30,11 +31,20 @@ static unsigned signal_class[] = {
>
> int audit_classify_arch(int arch)
> {
> +#ifdef CONFIG_COMPAT
> + if (audit_is_compat(arch))
> + return 1;
> +#endif
> return 0;
> }
>
> int audit_classify_syscall(int abi, unsigned syscall)
> {
> +#ifdef CONFIG_COMPAT
> + if (audit_is_compat(abi))
> + return audit_classify_compat_syscall(abi, syscall);
> +#endif
> +
> switch(syscall) {
> #ifdef __NR_open
> case __NR_open:
> diff --git a/lib/compat_audit.c b/lib/compat_audit.c
> new file mode 100644
> index 0000000..837a6e6
> --- /dev/null
> +++ b/lib/compat_audit.c
> @@ -0,0 +1,64 @@
> +#include <linux/init.h>
> +#include <linux/types.h>
> +#include <linux/audit.h>
> +/* FIXME: this might be architecture dependent */
> +#include <asm/unistd_32.h>
> +
> +static unsigned compat_dir_class[] = {
> +#include <asm-generic/audit_dir_write.h>
> +~0U
> +};
> +
> +static unsigned compat_read_class[] = {
> +#include <asm-generic/audit_read.h>
> +~0U
> +};
> +
> +static unsigned compat_write_class[] = {
> +#include <asm-generic/audit_write.h>
> +~0U
> +};
> +
> +static unsigned compat_chattr_class[] = {
> +#include <asm-generic/audit_change_attr.h>
> +~0U
> +};
> +
> +static unsigned compat_signal_class[] = {
> +#include <asm-generic/audit_signal.h>
> +~0U
> +};
> +
> +int audit_classify_compat_syscall(int abi, unsigned syscall)
> +{
> + switch(syscall) {
> +#ifdef __NR_open
> + case __NR_open:
> + return 2;
> +#endif
> +#ifdef __NR_openat
> + case __NR_openat:
> + return 3;
> +#endif
> +#ifdef __NR_socketcall
> + case __NR_socketcall:
> + return 4;
> +#endif
> + case __NR_execve:
> + return 5;
> + default:
> + return 1;
> + }
> +}
> +
> +static int __init audit_compat_classes_init(void)
> +{
> + audit_register_class(AUDIT_CLASS_WRITE, compat_write_class);
> + audit_register_class(AUDIT_CLASS_READ, compat_read_class);
> + audit_register_class(AUDIT_CLASS_DIR_WRITE, compat_dir_class);
> + audit_register_class(AUDIT_CLASS_CHATTR, compat_chattr_class);
> + audit_register_class(AUDIT_CLASS_SIGNAL, compat_signal_class);
> + return 0;
> +}
> +
> +__initcall(audit_compat_classes_init);
>
prev parent reply other threads:[~2013-12-13 8:37 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-19 7:33 [RFC PATCH] audit: generic compat system call support AKASHI Takahiro
2013-11-19 7:33 ` [RFC PATCH] audit: Add generic compat syscall support AKASHI Takahiro
2013-11-19 9:43 ` [RFC PATCH v2 1/1] " AKASHI Takahiro
2013-11-25 19:01 ` Will Deacon
2013-11-27 1:34 ` AKASHI Takahiro
2014-01-10 18:36 ` Richard Guy Briggs
2014-01-17 8:03 ` [PATCH v3] audit: generic compat system call support AKASHI Takahiro
2014-01-17 8:03 ` AKASHI Takahiro
2014-01-17 8:03 ` [PATCH v3] audit: Add generic compat syscall support AKASHI Takahiro
2014-01-17 8:03 ` AKASHI Takahiro
2014-01-23 14:51 ` Catalin Marinas
2014-01-23 14:51 ` Catalin Marinas
2014-01-27 5:58 ` AKASHI Takahiro
2014-01-27 5:58 ` AKASHI Takahiro
2014-01-27 12:15 ` Catalin Marinas
2014-01-27 12:15 ` Catalin Marinas
2014-01-29 5:58 ` AKASHI Takahiro
2014-01-29 5:58 ` AKASHI Takahiro
2014-01-30 18:07 ` Catalin Marinas
2014-01-30 18:07 ` Catalin Marinas
2014-02-03 6:55 ` [PATCH v4 0/1] audit: generic compat system call support AKASHI Takahiro
2014-02-03 6:55 ` AKASHI Takahiro
2014-02-03 6:55 ` [PATCH v4 1/1] audit: Add generic compat syscall support AKASHI Takahiro
2014-02-03 6:55 ` AKASHI Takahiro
2014-03-15 5:47 ` [PATCH_v5] audit: generic compat system call support AKASHI Takahiro
2014-03-15 5:47 ` AKASHI Takahiro
2014-03-15 5:48 ` [PATCH_v5] audit: Add generic compat syscall support AKASHI Takahiro
2014-03-15 5:48 ` AKASHI Takahiro
2014-03-16 19:13 ` Richard Guy Briggs
2014-03-16 19:13 ` Richard Guy Briggs
2013-12-13 8:37 ` AKASHI Takahiro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52AAC756.9060606@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=dsaxena@linaro.org \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.