From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: "linaro-kernel@lists.linaro.org" <linaro-kernel@lists.linaro.org>,
"patches@linaro.org" <patches@linaro.org>,
"rgb@redhat.com" <rgb@redhat.com>,
Will Deacon <Will.Deacon@arm.com>,
"arndb@arndb.de" <arndb@arndb.de>,
"eparis@redhat.com" <eparis@redhat.com>,
"linux-kernel@ver.kernel.org" <linux-kernel@ver.kernel.org>,
"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
"linux-audit@redhat.com" <linux-audit@redhat.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v3] audit: Add generic compat syscall support
Date: Mon, 27 Jan 2014 14:58:07 +0900 [thread overview]
Message-ID: <52E5F56F.2030502@linaro.org> (raw)
In-Reply-To: <20140123145119.GE27520@arm.com>
Catalin and audit maintainers,
On 01/23/2014 11:51 PM, Catalin Marinas wrote:
> On Fri, Jan 17, 2014 at 08:03:15AM +0000, AKASHI Takahiro wrote:
>> lib/audit.c provides a generic definition for auditing system calls.
>> This patch extends it for compat syscall support on bi-architectures
>> (32/64-bit) by adding lib/compat_audit.c when CONFIG_COMPAT enabled.
>>
>> Each architecture that wants to use this must define audit_is_compat()
>> in asm/audit.h.
>>
>> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
>
> I'm not familiar with the audit subsystem but I have some (cosmetic)
> comments below.
>
>> diff --git a/include/linux/audit.h b/include/linux/audit.h
>> index bf1ef22..3d71949 100644
>> --- a/include/linux/audit.h
>> +++ b/include/linux/audit.h
>> @@ -78,6 +78,15 @@ extern int is_audit_feature_set(int which);
>> extern int __init audit_register_class(int class, unsigned *list);
>> extern int audit_classify_syscall(int abi, unsigned syscall);
>> extern int audit_classify_arch(int arch);
>> +#if defined(CONFIG_AUDIT_GENERIC) && defined(CONFIG_COMPAT)
>> +extern unsigned compat_write_class[];
>> +extern unsigned compat_read_class[];
>> +extern unsigned compat_dir_class[];
>> +extern unsigned compat_chattr_class[];
>> +extern unsigned compat_signal_class[];
>> +
>> +extern int audit_classify_compat_syscall(int abi, unsigned syscall);
>> +#endif
>>
>> /* audit_names->type values */
>> #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */
>> diff --git a/lib/Makefile b/lib/Makefile
>> index a459c31..73ea908 100644
>> --- a/lib/Makefile
>> +++ b/lib/Makefile
>> @@ -93,6 +93,9 @@ obj-$(CONFIG_TEXTSEARCH_BM) += ts_bm.o
>> obj-$(CONFIG_TEXTSEARCH_FSM) += ts_fsm.o
>> obj-$(CONFIG_SMP) += percpu_counter.o
>> obj-$(CONFIG_AUDIT_GENERIC) += audit.o
>> +ifeq ($(CONFIG_COMPAT),y)
>> +obj-$(CONFIG_AUDIT_GENERIC) += compat_audit.o
>> +endif
>
> You could use a CONFIG_AUDIT_COMPAT_GENERIC and simplify other #ifdefs
> as well.
I will add the following in lib/Kconfig:
config AUDIT_COMPAT_GENERIC
depends on AUDIT_GENERIC & COMPAT
default y
>> --- a/lib/audit.c
>> +++ b/lib/audit.c
>> @@ -1,6 +1,7 @@
>> #include <linux/init.h>
>> #include <linux/types.h>
>> #include <linux/audit.h>
>> +#include <asm/audit.h>
>> #include <asm/unistd.h>
>>
>> static unsigned dir_class[] = {
>> @@ -30,11 +31,20 @@ static unsigned signal_class[] = {
>>
>> int audit_classify_arch(int arch)
>> {
>> +#ifdef CONFIG_COMPAT
>> + if (audit_is_compat(arch))
>> + return 1;
>> +#endif
>> return 0;
>> }
>
> Here and in other places, just define a default audit_is_compat()
> functions which returns false when !CONFIG_COMPAT to avoid the #ifdefs.
OK. With Richard's comment, the definition below will be added
to uapi/linux/audit.h:
#ifdef CONFIG_COMPAT
#define audit_is_compat(arch) (!!((arch) & __AUDIT_ARCH_64BIT))
#else
#define audit_is_compat(arch) false
#endif
>> diff --git a/lib/compat_audit.c b/lib/compat_audit.c
>> new file mode 100644
>> index 0000000..94f6480
>> --- /dev/null
>> +++ b/lib/compat_audit.c
>> @@ -0,0 +1,51 @@
>> +#include <linux/init.h>
>> +#include <linux/types.h>
>> +/* FIXME: this might be architecture dependent */
>> +#include <asm/unistd_32.h>
>
> It most likely is architecture dependent.
I'm wondering what name is the most appropriate in this case.
Most archictures have __NR_xyz definitions in "unistd_32.h",
but arm64 doesn't have it, instead "unistd32." which contains
only __SYSCALL(xyz, NO). Confusing?
>> +int audit_classify_compat_syscall(int abi, unsigned syscall)
>> +{
>> + switch (syscall) {
>> +#ifdef __NR_open
>> + case __NR_open:
>> + return 2;
>> +#endif
>> +#ifdef __NR_openat
>> + case __NR_openat:
>> + return 3;
>> +#endif
>> +#ifdef __NR_socketcall
>> + case __NR_socketcall:
>> + return 4;
>> +#endif
>> + case __NR_execve:
>> + return 5;
>> + default:
>> + return 1;
>> + }
>> +}
>
> BTW, since they aren't many, you could get the arch code to define
> __NR_compat_open etc. explicitly and use these. On arm64 we have a few
> of these defined to avoid name collision in signal handling code.
Again, most architecture have their own unistd32.h for compat system calls,
and use __NR_open-like naming.
It's unlikely for these archs to migrate to "generic compat" auditing,
but I believe that '__NR_open'-like naming is better because we may be able to avoid
arch-specific changes even for future(?) syscall-related enhancements in audit.
But, anyway, it's up to audit maintainer's preference.
Thanks,
-Takahiro AKASHI
WARNING: multiple messages have this Message-ID (diff)
From: takahiro.akashi@linaro.org (AKASHI Takahiro)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3] audit: Add generic compat syscall support
Date: Mon, 27 Jan 2014 14:58:07 +0900 [thread overview]
Message-ID: <52E5F56F.2030502@linaro.org> (raw)
In-Reply-To: <20140123145119.GE27520@arm.com>
Catalin and audit maintainers,
On 01/23/2014 11:51 PM, Catalin Marinas wrote:
> On Fri, Jan 17, 2014 at 08:03:15AM +0000, AKASHI Takahiro wrote:
>> lib/audit.c provides a generic definition for auditing system calls.
>> This patch extends it for compat syscall support on bi-architectures
>> (32/64-bit) by adding lib/compat_audit.c when CONFIG_COMPAT enabled.
>>
>> Each architecture that wants to use this must define audit_is_compat()
>> in asm/audit.h.
>>
>> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
>
> I'm not familiar with the audit subsystem but I have some (cosmetic)
> comments below.
>
>> diff --git a/include/linux/audit.h b/include/linux/audit.h
>> index bf1ef22..3d71949 100644
>> --- a/include/linux/audit.h
>> +++ b/include/linux/audit.h
>> @@ -78,6 +78,15 @@ extern int is_audit_feature_set(int which);
>> extern int __init audit_register_class(int class, unsigned *list);
>> extern int audit_classify_syscall(int abi, unsigned syscall);
>> extern int audit_classify_arch(int arch);
>> +#if defined(CONFIG_AUDIT_GENERIC) && defined(CONFIG_COMPAT)
>> +extern unsigned compat_write_class[];
>> +extern unsigned compat_read_class[];
>> +extern unsigned compat_dir_class[];
>> +extern unsigned compat_chattr_class[];
>> +extern unsigned compat_signal_class[];
>> +
>> +extern int audit_classify_compat_syscall(int abi, unsigned syscall);
>> +#endif
>>
>> /* audit_names->type values */
>> #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */
>> diff --git a/lib/Makefile b/lib/Makefile
>> index a459c31..73ea908 100644
>> --- a/lib/Makefile
>> +++ b/lib/Makefile
>> @@ -93,6 +93,9 @@ obj-$(CONFIG_TEXTSEARCH_BM) += ts_bm.o
>> obj-$(CONFIG_TEXTSEARCH_FSM) += ts_fsm.o
>> obj-$(CONFIG_SMP) += percpu_counter.o
>> obj-$(CONFIG_AUDIT_GENERIC) += audit.o
>> +ifeq ($(CONFIG_COMPAT),y)
>> +obj-$(CONFIG_AUDIT_GENERIC) += compat_audit.o
>> +endif
>
> You could use a CONFIG_AUDIT_COMPAT_GENERIC and simplify other #ifdefs
> as well.
I will add the following in lib/Kconfig:
config AUDIT_COMPAT_GENERIC
depends on AUDIT_GENERIC & COMPAT
default y
>> --- a/lib/audit.c
>> +++ b/lib/audit.c
>> @@ -1,6 +1,7 @@
>> #include <linux/init.h>
>> #include <linux/types.h>
>> #include <linux/audit.h>
>> +#include <asm/audit.h>
>> #include <asm/unistd.h>
>>
>> static unsigned dir_class[] = {
>> @@ -30,11 +31,20 @@ static unsigned signal_class[] = {
>>
>> int audit_classify_arch(int arch)
>> {
>> +#ifdef CONFIG_COMPAT
>> + if (audit_is_compat(arch))
>> + return 1;
>> +#endif
>> return 0;
>> }
>
> Here and in other places, just define a default audit_is_compat()
> functions which returns false when !CONFIG_COMPAT to avoid the #ifdefs.
OK. With Richard's comment, the definition below will be added
to uapi/linux/audit.h:
#ifdef CONFIG_COMPAT
#define audit_is_compat(arch) (!!((arch) & __AUDIT_ARCH_64BIT))
#else
#define audit_is_compat(arch) false
#endif
>> diff --git a/lib/compat_audit.c b/lib/compat_audit.c
>> new file mode 100644
>> index 0000000..94f6480
>> --- /dev/null
>> +++ b/lib/compat_audit.c
>> @@ -0,0 +1,51 @@
>> +#include <linux/init.h>
>> +#include <linux/types.h>
>> +/* FIXME: this might be architecture dependent */
>> +#include <asm/unistd_32.h>
>
> It most likely is architecture dependent.
I'm wondering what name is the most appropriate in this case.
Most archictures have __NR_xyz definitions in "unistd_32.h",
but arm64 doesn't have it, instead "unistd32." which contains
only __SYSCALL(xyz, NO). Confusing?
>> +int audit_classify_compat_syscall(int abi, unsigned syscall)
>> +{
>> + switch (syscall) {
>> +#ifdef __NR_open
>> + case __NR_open:
>> + return 2;
>> +#endif
>> +#ifdef __NR_openat
>> + case __NR_openat:
>> + return 3;
>> +#endif
>> +#ifdef __NR_socketcall
>> + case __NR_socketcall:
>> + return 4;
>> +#endif
>> + case __NR_execve:
>> + return 5;
>> + default:
>> + return 1;
>> + }
>> +}
>
> BTW, since they aren't many, you could get the arch code to define
> __NR_compat_open etc. explicitly and use these. On arm64 we have a few
> of these defined to avoid name collision in signal handling code.
Again, most architecture have their own unistd32.h for compat system calls,
and use __NR_open-like naming.
It's unlikely for these archs to migrate to "generic compat" auditing,
but I believe that '__NR_open'-like naming is better because we may be able to avoid
arch-specific changes even for future(?) syscall-related enhancements in audit.
But, anyway, it's up to audit maintainer's preference.
Thanks,
-Takahiro AKASHI
next prev parent reply other threads:[~2014-01-27 5:58 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-19 7:33 [RFC PATCH] audit: generic compat system call support AKASHI Takahiro
2013-11-19 7:33 ` [RFC PATCH] audit: Add generic compat syscall support AKASHI Takahiro
2013-11-19 9:43 ` [RFC PATCH v2 1/1] " AKASHI Takahiro
2013-11-25 19:01 ` Will Deacon
2013-11-27 1:34 ` AKASHI Takahiro
2014-01-10 18:36 ` Richard Guy Briggs
2014-01-17 8:03 ` [PATCH v3] audit: generic compat system call support AKASHI Takahiro
2014-01-17 8:03 ` AKASHI Takahiro
2014-01-17 8:03 ` [PATCH v3] audit: Add generic compat syscall support AKASHI Takahiro
2014-01-17 8:03 ` AKASHI Takahiro
2014-01-23 14:51 ` Catalin Marinas
2014-01-23 14:51 ` Catalin Marinas
2014-01-27 5:58 ` AKASHI Takahiro [this message]
2014-01-27 5:58 ` AKASHI Takahiro
2014-01-27 12:15 ` Catalin Marinas
2014-01-27 12:15 ` Catalin Marinas
2014-01-29 5:58 ` AKASHI Takahiro
2014-01-29 5:58 ` AKASHI Takahiro
2014-01-30 18:07 ` Catalin Marinas
2014-01-30 18:07 ` Catalin Marinas
2014-02-03 6:55 ` [PATCH v4 0/1] audit: generic compat system call support AKASHI Takahiro
2014-02-03 6:55 ` AKASHI Takahiro
2014-02-03 6:55 ` [PATCH v4 1/1] audit: Add generic compat syscall support AKASHI Takahiro
2014-02-03 6:55 ` AKASHI Takahiro
2014-03-15 5:47 ` [PATCH_v5] audit: generic compat system call support AKASHI Takahiro
2014-03-15 5:47 ` AKASHI Takahiro
2014-03-15 5:48 ` [PATCH_v5] audit: Add generic compat syscall support AKASHI Takahiro
2014-03-15 5:48 ` AKASHI Takahiro
2014-03-16 19:13 ` Richard Guy Briggs
2014-03-16 19:13 ` Richard Guy Briggs
2013-12-13 8:37 ` [RFC PATCH] " AKASHI Takahiro
-- strict thread matches above, loose matches on Subject: below --
2014-01-17 8:11 [PATCH v3] audit: generic compat system call support AKASHI Takahiro
2014-01-17 8:11 ` [PATCH v3] audit: Add generic compat syscall support AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52E5F56F.2030502@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=Will.Deacon@arm.com \
--cc=arndb@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=eparis@redhat.com \
--cc=linaro-kernel@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@ver.kernel.org \
--cc=patches@linaro.org \
--cc=rgb@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.