* [PATCH 0/6][RFC] audit: standardize and simplify syscall_get_arch() [not found] <20140305212701.wvX3zNlLnjt4lSzaavvUNxwYQv0K6x23OFZZjG8JBO4@z> @ 2014-03-05 21:27 ` Richard Guy Briggs [not found] ` <20140305212702.pH_lOU-ALQUFizFOoJiWk4zo57OkjmENX0nQnTnZKLI@z> ` (5 more replies) 0 siblings, 6 replies; 7+ messages in thread From: Richard Guy Briggs @ 2014-03-05 21:27 UTC (permalink / raw) To: linux-audit, linux-kernel Cc: Richard Guy Briggs, eparis, sgrubb, oleg, linux-arm-kernel, x86, linux-ia64, microblaze-uclinux, linux-mips, linux, linux-parisc, linuxppc-dev, linux-s390, linux-sh, sparclinux, user-mode-linux-devel, linux-arch Each arch that supports audit requires syscall_get_arch() to able to log and identify architecture-dependent syscall numbers. The information is used in at least two different subsystems, so standardize it in the same call across all arches. Use the standardized syscall_get_arch() locally to add the arch to the AUDIT_SECCOMP record to identify which syscall was issued. Since all the callers of syscall_get_arch() presently pass "current" and none of the arch-specific syscall_get_arch() implementations use the regs parameter, call syscall_get_arch() locally where it is needed and drop passing around arch, current and regs in __audit_syscall_entry() and audit_syscall_entry(). Compiles and runs on i686, x86_64, ppc, ppc64, s390, s390x, manually tested in an x86_64 VM. aarch64 will be added soon. Richard Guy Briggs (6): syscall: define syscall_get_arch() for each audit-supported arch audit: add arch field to seccomp event log audit: __audit_syscall_entry: ignore arch arg and call syscall_get_arch() directly audit: drop arch from audit_syscall_entry() interface audit: drop args from syscall_get_arch() interface audit: drop arch from __audit_syscall_entry() interface arch/arm/include/asm/syscall.h | 5 ++--- arch/arm/kernel/ptrace.c | 2 +- arch/ia64/include/asm/syscall.h | 6 ++++++ arch/ia64/kernel/ptrace.c | 2 +- arch/microblaze/include/asm/syscall.h | 5 +++++ arch/microblaze/kernel/ptrace.c | 2 +- arch/mips/include/asm/syscall.h | 6 +++--- arch/mips/kernel/ptrace.c | 3 +-- arch/openrisc/include/asm/syscall.h | 5 +++++ arch/openrisc/kernel/ptrace.c | 2 +- arch/parisc/include/asm/syscall.h | 11 +++++++++++ arch/parisc/kernel/ptrace.c | 5 ++--- arch/powerpc/include/asm/syscall.h | 12 ++++++++++++ arch/powerpc/kernel/ptrace.c | 6 ++---- arch/s390/include/asm/syscall.h | 7 +++---- arch/s390/kernel/ptrace.c | 4 +--- arch/sh/include/asm/syscall.h | 16 ++++++++++++++++ arch/sh/kernel/ptrace_32.c | 13 +------------ arch/sh/kernel/ptrace_64.c | 16 +--------------- arch/sparc/include/asm/syscall.h | 7 +++++++ arch/sparc/kernel/ptrace_64.c | 5 +---- arch/um/kernel/ptrace.c | 3 +-- arch/x86/ia32/ia32entry.S | 12 ++++++------ arch/x86/include/asm/syscall.h | 10 ++++------ arch/x86/kernel/entry_32.S | 11 +++++------ arch/x86/kernel/entry_64.S | 11 +++++------ arch/x86/kernel/ptrace.c | 6 ++---- arch/xtensa/kernel/ptrace.c | 2 +- include/asm-generic/syscall.h | 6 ++---- include/linux/audit.h | 9 ++++----- include/uapi/linux/audit.h | 1 + kernel/auditsc.c | 6 ++++-- kernel/seccomp.c | 4 ++-- 33 files changed, 120 insertions(+), 101 deletions(-) ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <20140305212702.pH_lOU-ALQUFizFOoJiWk4zo57OkjmENX0nQnTnZKLI@z>]
* [PATCH 1/6][RFC] syscall: define syscall_get_arch() for each audit-supported arch [not found] ` <20140305212702.pH_lOU-ALQUFizFOoJiWk4zo57OkjmENX0nQnTnZKLI@z> @ 2014-03-05 21:27 ` Richard Guy Briggs 0 siblings, 0 replies; 7+ messages in thread From: Richard Guy Briggs @ 2014-03-05 21:27 UTC (permalink / raw) To: linux-audit, linux-kernel Cc: Richard Guy Briggs, eparis, sgrubb, oleg, linux-arm-kernel, x86, linux-ia64, microblaze-uclinux, linux-mips, linux, linux-parisc, linuxppc-dev, linux-s390, linux-sh, sparclinux, user-mode-linux-devel, linux-arch Each arch that supports audit requires syscall_get_arch() to able to log and identify architecture-dependent syscall numbers. The information is used in at least two different subsystems, so standardize it in the same call across all arches. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- arch/ia64/include/asm/syscall.h | 7 +++++++ arch/microblaze/include/asm/syscall.h | 6 ++++++ arch/mips/include/asm/syscall.h | 8 +++++++- arch/openrisc/include/asm/syscall.h | 6 ++++++ arch/parisc/include/asm/syscall.h | 12 ++++++++++++ arch/powerpc/include/asm/syscall.h | 13 +++++++++++++ arch/sh/include/asm/syscall.h | 17 +++++++++++++++++ arch/sparc/include/asm/syscall.h | 8 ++++++++ include/uapi/linux/audit.h | 1 + 9 files changed, 77 insertions(+), 1 deletions(-) diff --git a/arch/ia64/include/asm/syscall.h b/arch/ia64/include/asm/syscall.h index a7ff1c6..0fd2a7a 100644 --- a/arch/ia64/include/asm/syscall.h +++ b/arch/ia64/include/asm/syscall.h @@ -15,6 +15,7 @@ #include <linux/sched.h> #include <linux/err.h> +#include <linux/audit.h> static inline long syscall_get_nr(struct task_struct *task, struct pt_regs *regs) @@ -79,4 +80,10 @@ static inline void syscall_set_arguments(struct task_struct *task, ia64_syscall_get_set_arguments(task, regs, i, n, args, 1); } + +static inline int syscall_get_arch(struct task_struct *tsk, + struct pt_regs *regs) +{ + return AUDIT_ARCH_IA64; +} #endif /* _ASM_SYSCALL_H */ diff --git a/arch/microblaze/include/asm/syscall.h b/arch/microblaze/include/asm/syscall.h index 9bc4317..06854da 100644 --- a/arch/microblaze/include/asm/syscall.h +++ b/arch/microblaze/include/asm/syscall.h @@ -3,6 +3,7 @@ #include <linux/kernel.h> #include <linux/sched.h> +#include <linux/audit.h> #include <asm/ptrace.h> /* The system call number is given by the user in R12 */ @@ -99,4 +100,9 @@ static inline void syscall_set_arguments(struct task_struct *task, asmlinkage long do_syscall_trace_enter(struct pt_regs *regs); asmlinkage void do_syscall_trace_leave(struct pt_regs *regs); +static inline int syscall_get_arch(struct tast_struct *tsk, + struct pt_regs *regs) +{ + return AUDIT_ARCH_MICROBLAZE; +} #endif /* __ASM_MICROBLAZE_SYSCALL_H */ diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h index 81c8913..41ecde4 100644 --- a/arch/mips/include/asm/syscall.h +++ b/arch/mips/include/asm/syscall.h @@ -103,7 +103,7 @@ extern const unsigned long sysn32_call_table[]; static inline int __syscall_get_arch(void) { - int arch = EM_MIPS; + int arch = AUDIT_ARCH_MIPS; #ifdef CONFIG_64BIT arch |= __AUDIT_ARCH_64BIT; #endif @@ -113,4 +113,10 @@ static inline int __syscall_get_arch(void) return arch; } +static inline int syscall_get_arch(struct task_struct *task, + struct pt_regs *regs) +{ + return __syscall_get_arch(); +} + #endif /* __ASM_MIPS_SYSCALL_H */ diff --git a/arch/openrisc/include/asm/syscall.h b/arch/openrisc/include/asm/syscall.h index b752bb6..534b9c3 100644 --- a/arch/openrisc/include/asm/syscall.h +++ b/arch/openrisc/include/asm/syscall.h @@ -21,6 +21,7 @@ #include <linux/err.h> #include <linux/sched.h> +#include <linux/audit.h> static inline int syscall_get_nr(struct task_struct *task, struct pt_regs *regs) @@ -71,4 +72,9 @@ syscall_set_arguments(struct task_struct *task, struct pt_regs *regs, memcpy(®s->gpr[3 + i], args, n * sizeof(args[0])); } +static inline int syscall_get_arch(struct task_struct *tsk, + struct pt_regs *regs) +{ + return AUDIT_ARCH_OPENRISC; +} #endif diff --git a/arch/parisc/include/asm/syscall.h b/arch/parisc/include/asm/syscall.h index 8bdfd2c..b3b604f 100644 --- a/arch/parisc/include/asm/syscall.h +++ b/arch/parisc/include/asm/syscall.h @@ -4,6 +4,8 @@ #define _ASM_PARISC_SYSCALL_H_ #include <linux/err.h> +#include <linux/compat.h> +#include <linux/audit.h> #include <asm/ptrace.h> static inline long syscall_get_nr(struct task_struct *tsk, @@ -37,4 +39,14 @@ static inline void syscall_get_arguments(struct task_struct *tsk, } } +static inline int syscall_get_arch(struct task_struct *tsk, + struct pt_regs *regs) +{ + int arch = AUDIT_ARCH_PARISC; +#ifdef CONFIG_64BIT + if (!is_compat_task()) + arch = AUDIT_ARCH_PARISC64; +#endif + return arch; +} #endif /*_ASM_PARISC_SYSCALL_H_*/ diff --git a/arch/powerpc/include/asm/syscall.h b/arch/powerpc/include/asm/syscall.h index b54b2ad..b824eb2 100644 --- a/arch/powerpc/include/asm/syscall.h +++ b/arch/powerpc/include/asm/syscall.h @@ -14,6 +14,8 @@ #define _ASM_SYSCALL_H 1 #include <linux/sched.h> +#include <linux/compat.h> +#include <linux/audit.h> /* ftrace syscalls requires exporting the sys_call_table */ #ifdef CONFIG_FTRACE_SYSCALLS @@ -86,4 +88,15 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s->gpr[3 + i], args, n * sizeof(args[0])); } +static inline int syscall_get_arch(struct task_struct *tsk, + struct pt_regs *regs) +{ + int arch = AUDIT_ARCH_PPC; + +#ifdef CONFIG_PPC64 + if (!is_32bit_task()) + arch = AUDIT_ARCH_PPC64; +#endif + return arch; +} #endif /* _ASM_SYSCALL_H */ diff --git a/arch/sh/include/asm/syscall.h b/arch/sh/include/asm/syscall.h index 847128d..f1a79d4 100644 --- a/arch/sh/include/asm/syscall.h +++ b/arch/sh/include/asm/syscall.h @@ -9,4 +9,21 @@ extern const unsigned long sys_call_table[]; # include <asm/syscall_64.h> #endif +# include <linux/audit.h> + +static inline int syscall_get_arch(struct task_struct *tsk, + struct pt_regs *regs) +{ + int arch = AUDIT_ARCH_SH; + +#ifdef CONFIG_64BIT + arch |= __AUDIT_ARCH_64BIT; +#endif +#ifdef CONFIG_CPU_LITTLE_ENDIAN + arch |= __AUDIT_ARCH_LE; +#endif + + return arch; +} + #endif /* __ASM_SH_SYSCALL_H */ diff --git a/arch/sparc/include/asm/syscall.h b/arch/sparc/include/asm/syscall.h index 025a02a..c7a8f75 100644 --- a/arch/sparc/include/asm/syscall.h +++ b/arch/sparc/include/asm/syscall.h @@ -3,6 +3,7 @@ #include <linux/kernel.h> #include <linux/sched.h> +#include <linux/audit.h> #include <asm/ptrace.h> /* @@ -124,4 +125,11 @@ static inline void syscall_set_arguments(struct task_struct *task, regs->u_regs[UREG_I0 + i + j] = args[j]; } +static inline int syscall_get_arch(struct task_struct *tsk, + struct pt_regs *regs) +{ + return test_thread_flag(TIF_32BIT) ? AUDIT_ARCH_SPARC + : AUDIT_ARCH_SPARC64; +} + #endif /* __ASM_SPARC_SYSCALL_H */ diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 2d48fe1..b9c4826 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -342,6 +342,7 @@ enum { #define AUDIT_ARCH_IA64 (EM_IA_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define AUDIT_ARCH_M32R (EM_M32R) #define AUDIT_ARCH_M68K (EM_68K) +#define AUDIT_ARCH_MICROBLAZE (EM_MICROBLAZE) #define AUDIT_ARCH_MIPS (EM_MIPS) #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) #define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT) -- 1.7.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
[parent not found: <20140305212703.urJ3oKPuZNQQgaQvTSoO7o8_kBCgIS_S8LIZscCkwRE@z>]
* [PATCH 2/6][RFC] audit: add arch field to seccomp event log [not found] ` <20140305212703.urJ3oKPuZNQQgaQvTSoO7o8_kBCgIS_S8LIZscCkwRE@z> @ 2014-03-05 21:27 ` Richard Guy Briggs 0 siblings, 0 replies; 7+ messages in thread From: Richard Guy Briggs @ 2014-03-05 21:27 UTC (permalink / raw) To: linux-audit, linux-kernel Cc: Richard Guy Briggs, eparis, sgrubb, oleg, linux-arm-kernel, x86, linux-ia64, microblaze-uclinux, linux-mips, linux, linux-parisc, linuxppc-dev, linux-s390, linux-sh, sparclinux, user-mode-linux-devel, linux-arch The AUDIT_SECCOMP record looks something like this: type=SECCOMP msg=audit(1373478171.953:32775): auid=4325 uid=4325 gid=4325 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0 pid=12381 comm="test" sig=31 syscall=231 compat=0 ip=0x39ea8bca89 code=0x0 In order to determine what syscall 231 maps to, we need to have the arch= field right before it. To see the event, compile this test.c program: ===== int main(void) { return seccomp_load(seccomp_init(SCMP_ACT_KILL)); } ===== gcc -g test.c -o test -lseccomp After running the program, find the record by: ausearch --start recent -m SECCOMP -i Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- kernel/auditsc.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 3bc12d2..7317f46 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -67,6 +67,7 @@ #include <linux/binfmts.h> #include <linux/highmem.h> #include <linux/syscalls.h> +#include <asm/syscall.h> #include <linux/capability.h> #include <linux/fs_struct.h> #include <linux/compat.h> @@ -2415,6 +2416,8 @@ void __audit_seccomp(unsigned long syscall, long signr, int code) return; audit_log_task(ab); audit_log_format(ab, " sig=%ld", signr); + audit_log_format(ab, " arch=%x", + syscall_get_arch(current, task_pt_regs(current))); audit_log_format(ab, " syscall=%ld", syscall); audit_log_format(ab, " compat=%d", is_compat_task()); audit_log_format(ab, " ip=0x%lx", KSTK_EIP(current)); -- 1.7.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
[parent not found: <20140305212704.JxUVdPq3CHTVb2eIY1u466LhyHXmJ7TdTQHm8mZg2N8@z>]
* [PATCH 3/6][RFC] audit: __audit_syscall_entry: ignore arch arg and call syscall_get_arch() directly [not found] ` <20140305212704.JxUVdPq3CHTVb2eIY1u466LhyHXmJ7TdTQHm8mZg2N8@z> @ 2014-03-05 21:27 ` Richard Guy Briggs 0 siblings, 0 replies; 7+ messages in thread From: Richard Guy Briggs @ 2014-03-05 21:27 UTC (permalink / raw) To: linux-audit, linux-kernel Cc: Richard Guy Briggs, eparis, sgrubb, oleg, linux-arm-kernel, x86, linux-ia64, microblaze-uclinux, linux-mips, linux, linux-parisc, linuxppc-dev, linux-s390, linux-sh, sparclinux, user-mode-linux-devel, linux-arch Since all the callers of syscall_get_arch() presently pass "current" and none of the arch-specific syscall_get_arch() implementations use the regs parameter, ignore the passed in arch parameter to __audit_syscall_entry() and call syscall_get_arch() directly. Change the audit header file from the kernel internal to the user api version to get the architecture numbers, but to avoid a circular header reference between audit and syscall.h Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- arch/arm/include/asm/syscall.h | 2 +- arch/ia64/include/asm/syscall.h | 2 +- arch/microblaze/include/asm/syscall.h | 2 +- arch/mips/include/asm/syscall.h | 2 +- arch/openrisc/include/asm/syscall.h | 2 +- arch/parisc/include/asm/syscall.h | 2 +- arch/powerpc/include/asm/syscall.h | 2 +- arch/s390/include/asm/syscall.h | 2 +- arch/sh/include/asm/syscall.h | 2 +- arch/sparc/include/asm/syscall.h | 2 +- arch/x86/include/asm/syscall.h | 2 +- kernel/auditsc.c | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h index 73ddd72..a749123 100644 --- a/arch/arm/include/asm/syscall.h +++ b/arch/arm/include/asm/syscall.h @@ -7,7 +7,7 @@ #ifndef _ASM_ARM_SYSCALL_H #define _ASM_ARM_SYSCALL_H -#include <linux/audit.h> /* for AUDIT_ARCH_* */ +#include <uapi/linux/audit.h> /* for AUDIT_ARCH_* */ #include <linux/elf.h> /* for ELF_EM */ #include <linux/err.h> #include <linux/sched.h> diff --git a/arch/ia64/include/asm/syscall.h b/arch/ia64/include/asm/syscall.h index 0fd2a7a..9c82767 100644 --- a/arch/ia64/include/asm/syscall.h +++ b/arch/ia64/include/asm/syscall.h @@ -15,7 +15,7 @@ #include <linux/sched.h> #include <linux/err.h> -#include <linux/audit.h> +#include <uapi/linux/audit.h> static inline long syscall_get_nr(struct task_struct *task, struct pt_regs *regs) diff --git a/arch/microblaze/include/asm/syscall.h b/arch/microblaze/include/asm/syscall.h index 06854da..e1acf8a 100644 --- a/arch/microblaze/include/asm/syscall.h +++ b/arch/microblaze/include/asm/syscall.h @@ -3,7 +3,7 @@ #include <linux/kernel.h> #include <linux/sched.h> -#include <linux/audit.h> +#include <uapi/linux/audit.h> #include <asm/ptrace.h> /* The system call number is given by the user in R12 */ diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h index 41ecde4..a8234f2 100644 --- a/arch/mips/include/asm/syscall.h +++ b/arch/mips/include/asm/syscall.h @@ -13,7 +13,7 @@ #ifndef __ASM_MIPS_SYSCALL_H #define __ASM_MIPS_SYSCALL_H -#include <linux/audit.h> +#include <uapi/linux/audit.h> #include <linux/elf-em.h> #include <linux/kernel.h> #include <linux/sched.h> diff --git a/arch/openrisc/include/asm/syscall.h b/arch/openrisc/include/asm/syscall.h index 534b9c3..2bbe0e9 100644 --- a/arch/openrisc/include/asm/syscall.h +++ b/arch/openrisc/include/asm/syscall.h @@ -21,7 +21,7 @@ #include <linux/err.h> #include <linux/sched.h> -#include <linux/audit.h> +#include <uapi/linux/audit.h> static inline int syscall_get_nr(struct task_struct *task, struct pt_regs *regs) diff --git a/arch/parisc/include/asm/syscall.h b/arch/parisc/include/asm/syscall.h index b3b604f..2bf23b1 100644 --- a/arch/parisc/include/asm/syscall.h +++ b/arch/parisc/include/asm/syscall.h @@ -5,7 +5,7 @@ #include <linux/err.h> #include <linux/compat.h> -#include <linux/audit.h> +#include <uapi/linux/audit.h> #include <asm/ptrace.h> static inline long syscall_get_nr(struct task_struct *tsk, diff --git a/arch/powerpc/include/asm/syscall.h b/arch/powerpc/include/asm/syscall.h index b824eb2..36bd9ef 100644 --- a/arch/powerpc/include/asm/syscall.h +++ b/arch/powerpc/include/asm/syscall.h @@ -15,7 +15,7 @@ #include <linux/sched.h> #include <linux/compat.h> -#include <linux/audit.h> +#include <uapi/linux/audit.h> /* ftrace syscalls requires exporting the sys_call_table */ #ifdef CONFIG_FTRACE_SYSCALLS diff --git a/arch/s390/include/asm/syscall.h b/arch/s390/include/asm/syscall.h index cd29d2f..79d1805 100644 --- a/arch/s390/include/asm/syscall.h +++ b/arch/s390/include/asm/syscall.h @@ -12,7 +12,7 @@ #ifndef _ASM_SYSCALL_H #define _ASM_SYSCALL_H 1 -#include <linux/audit.h> +#include <uapi/linux/audit.h> #include <linux/sched.h> #include <linux/err.h> #include <asm/ptrace.h> diff --git a/arch/sh/include/asm/syscall.h b/arch/sh/include/asm/syscall.h index f1a79d4..33e60e0 100644 --- a/arch/sh/include/asm/syscall.h +++ b/arch/sh/include/asm/syscall.h @@ -9,7 +9,7 @@ extern const unsigned long sys_call_table[]; # include <asm/syscall_64.h> #endif -# include <linux/audit.h> +# include <uapi/linux/audit.h> static inline int syscall_get_arch(struct task_struct *tsk, struct pt_regs *regs) diff --git a/arch/sparc/include/asm/syscall.h b/arch/sparc/include/asm/syscall.h index c7a8f75..eddc60e 100644 --- a/arch/sparc/include/asm/syscall.h +++ b/arch/sparc/include/asm/syscall.h @@ -3,7 +3,7 @@ #include <linux/kernel.h> #include <linux/sched.h> -#include <linux/audit.h> +#include <uapi/linux/audit.h> #include <asm/ptrace.h> /* diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h index aea284b..c98e0ec 100644 --- a/arch/x86/include/asm/syscall.h +++ b/arch/x86/include/asm/syscall.h @@ -13,7 +13,7 @@ #ifndef _ASM_X86_SYSCALL_H #define _ASM_X86_SYSCALL_H -#include <linux/audit.h> +#include <uapi/linux/audit.h> #include <linux/sched.h> #include <linux/err.h> #include <asm/asm-offsets.h> /* For NR_syscalls */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7317f46..0c9fe06 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1461,7 +1461,7 @@ void __audit_syscall_entry(int arch, int major, if (!audit_enabled) return; - context->arch = arch; + context->arch = syscall_get_arch(current, NULL); context->major = major; context->argv[0] = a1; context->argv[1] = a2; -- 1.7.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
[parent not found: <20140305212705.dBcw1ETycHJ7ALmepDGFjztuT0RQ6bsG_nV9r2bbPhA@z>]
* [PATCH 4/6][RFC] audit: drop arch from audit_syscall_entry() interface [not found] ` <20140305212705.dBcw1ETycHJ7ALmepDGFjztuT0RQ6bsG_nV9r2bbPhA@z> @ 2014-03-05 21:27 ` Richard Guy Briggs 0 siblings, 0 replies; 7+ messages in thread From: Richard Guy Briggs @ 2014-03-05 21:27 UTC (permalink / raw) To: linux-audit, linux-kernel Cc: Richard Guy Briggs, eparis, sgrubb, oleg, linux-arm-kernel, x86, linux-ia64, microblaze-uclinux, linux-mips, linux, linux-parisc, linuxppc-dev, linux-s390, linux-sh, sparclinux, user-mode-linux-devel, linux-arch Make audit_syscall_entry() ignore the arch parameter passed to it and call syscall_get_arch() locally. Remove arch from the audit_syscall_entry() parameter list. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- arch/arm/kernel/ptrace.c | 2 +- arch/ia64/kernel/ptrace.c | 2 +- arch/microblaze/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace.c | 3 +-- arch/openrisc/kernel/ptrace.c | 2 +- arch/parisc/kernel/ptrace.c | 5 ++--- arch/powerpc/kernel/ptrace.c | 6 ++---- arch/s390/kernel/ptrace.c | 4 +--- arch/sh/kernel/ptrace_32.c | 13 +------------ arch/sh/kernel/ptrace_64.c | 16 +--------------- arch/sparc/kernel/ptrace_64.c | 5 +---- arch/um/kernel/ptrace.c | 3 +-- arch/x86/kernel/ptrace.c | 6 ++---- arch/xtensa/kernel/ptrace.c | 2 +- include/linux/audit.h | 8 +++++--- 15 files changed, 22 insertions(+), 57 deletions(-) diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 0dd3b79..24664f5 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -943,7 +943,7 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) trace_sys_enter(regs, scno); - audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0, regs->ARM_r1, + audit_syscall_entry(scno, regs->ARM_r0, regs->ARM_r1, regs->ARM_r2, regs->ARM_r3); return scno; diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c index b7a5fff..6f54d51 100644 --- a/arch/ia64/kernel/ptrace.c +++ b/arch/ia64/kernel/ptrace.c @@ -1219,7 +1219,7 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3, ia64_sync_krbs(); - audit_syscall_entry(AUDIT_ARCH_IA64, regs.r15, arg0, arg1, arg2, arg3); + audit_syscall_entry(regs.r15, arg0, arg1, arg2, arg3); return 0; } diff --git a/arch/microblaze/kernel/ptrace.c b/arch/microblaze/kernel/ptrace.c index 39cf508..0abbb2e 100644 --- a/arch/microblaze/kernel/ptrace.c +++ b/arch/microblaze/kernel/ptrace.c @@ -147,7 +147,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) */ ret = -1L; - audit_syscall_entry(EM_MICROBLAZE, regs->r12, regs->r5, regs->r6, + audit_syscall_entry(regs->r12, regs->r5, regs->r6, regs->r7, regs->r8); return ret ?: regs->r12; diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c index b52e1d2..f68d75f 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c @@ -671,8 +671,7 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->regs[2]); - audit_syscall_entry(__syscall_get_arch(), - regs->regs[2], + audit_syscall_entry(regs->regs[2], regs->regs[4], regs->regs[5], regs->regs[6], regs->regs[7]); } diff --git a/arch/openrisc/kernel/ptrace.c b/arch/openrisc/kernel/ptrace.c index 71a2a0c..c19cd19 100644 --- a/arch/openrisc/kernel/ptrace.c +++ b/arch/openrisc/kernel/ptrace.c @@ -187,7 +187,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) */ ret = -1L; - audit_syscall_entry(AUDIT_ARCH_OPENRISC, regs->gpr[11], + audit_syscall_entry(regs->gpr[11], regs->gpr[3], regs->gpr[4], regs->gpr[5], regs->gpr[6]); diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c index e842ee2..b2f84e2 100644 --- a/arch/parisc/kernel/ptrace.c +++ b/arch/parisc/kernel/ptrace.c @@ -276,13 +276,12 @@ long do_syscall_trace_enter(struct pt_regs *regs) #ifdef CONFIG_64BIT if (!is_compat_task()) - audit_syscall_entry(AUDIT_ARCH_PARISC64, - regs->gr[20], + audit_syscall_entry(regs->gr[20], regs->gr[26], regs->gr[25], regs->gr[24], regs->gr[23]); else #endif - audit_syscall_entry(AUDIT_ARCH_PARISC, + audit_syscall_entry( regs->gr[20] & 0xffffffff, regs->gr[26] & 0xffffffff, regs->gr[25] & 0xffffffff, diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c index 2e3d2bf..cabc1ca 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c @@ -1788,14 +1788,12 @@ long do_syscall_trace_enter(struct pt_regs *regs) #ifdef CONFIG_PPC64 if (!is_32bit_task()) - audit_syscall_entry(AUDIT_ARCH_PPC64, - regs->gpr[0], + audit_syscall_entry(regs->gpr[0], regs->gpr[3], regs->gpr[4], regs->gpr[5], regs->gpr[6]); else #endif - audit_syscall_entry(AUDIT_ARCH_PPC, - regs->gpr[0], + audit_syscall_entry(regs->gpr[0], regs->gpr[3] & 0xffffffff, regs->gpr[4] & 0xffffffff, regs->gpr[5] & 0xffffffff, diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index e65c91c..2e2e7bb 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c @@ -812,9 +812,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->gprs[2]); - audit_syscall_entry(is_compat_task() ? - AUDIT_ARCH_S390 : AUDIT_ARCH_S390X, - regs->gprs[2], regs->orig_gpr2, + audit_syscall_entry(regs->gprs[2], regs->orig_gpr2, regs->gprs[3], regs->gprs[4], regs->gprs[5]); out: diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c index 668c816..313fb5a 100644 --- a/arch/sh/kernel/ptrace_32.c +++ b/arch/sh/kernel/ptrace_32.c @@ -484,17 +484,6 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } -static inline int audit_arch(void) -{ - int arch = EM_SH; - -#ifdef CONFIG_CPU_LITTLE_ENDIAN - arch |= __AUDIT_ARCH_LE; -#endif - - return arch; -} - asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) { long ret = 0; @@ -513,7 +502,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->regs[0]); - audit_syscall_entry(audit_arch(), regs->regs[3], + audit_syscall_entry(regs->regs[3], regs->regs[4], regs->regs[5], regs->regs[6], regs->regs[7]); diff --git a/arch/sh/kernel/ptrace_64.c b/arch/sh/kernel/ptrace_64.c index af90339..0c58711 100644 --- a/arch/sh/kernel/ptrace_64.c +++ b/arch/sh/kernel/ptrace_64.c @@ -504,20 +504,6 @@ asmlinkage int sh64_ptrace(long request, long pid, return sys_ptrace(request, pid, addr, data); } -static inline int audit_arch(void) -{ - int arch = EM_SH; - -#ifdef CONFIG_64BIT - arch |= __AUDIT_ARCH_64BIT; -#endif -#ifdef CONFIG_CPU_LITTLE_ENDIAN - arch |= __AUDIT_ARCH_LE; -#endif - - return arch; -} - asmlinkage long long do_syscall_trace_enter(struct pt_regs *regs) { long long ret = 0; @@ -536,7 +522,7 @@ asmlinkage long long do_syscall_trace_enter(struct pt_regs *regs) if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->regs[9]); - audit_syscall_entry(audit_arch(), regs->regs[1], + audit_syscall_entry(regs->regs[1], regs->regs[2], regs->regs[3], regs->regs[4], regs->regs[5]); diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c index c13c9f2..915d35d 100644 --- a/arch/sparc/kernel/ptrace_64.c +++ b/arch/sparc/kernel/ptrace_64.c @@ -1076,10 +1076,7 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->u_regs[UREG_G1]); - audit_syscall_entry((test_thread_flag(TIF_32BIT) ? - AUDIT_ARCH_SPARC : - AUDIT_ARCH_SPARC64), - regs->u_regs[UREG_G1], + audit_syscall_entry(regs->u_regs[UREG_G1], regs->u_regs[UREG_I0], regs->u_regs[UREG_I1], regs->u_regs[UREG_I2], diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c index 694d551..62435ef 100644 --- a/arch/um/kernel/ptrace.c +++ b/arch/um/kernel/ptrace.c @@ -165,8 +165,7 @@ static void send_sigtrap(struct task_struct *tsk, struct uml_pt_regs *regs, */ void syscall_trace_enter(struct pt_regs *regs) { - audit_syscall_entry(HOST_AUDIT_ARCH, - UPT_SYSCALL_NR(®s->regs), + audit_syscall_entry(UPT_SYSCALL_NR(®s->regs), UPT_SYSCALL_ARG1(®s->regs), UPT_SYSCALL_ARG2(®s->regs), UPT_SYSCALL_ARG3(®s->regs), diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 7461f50..7499611 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -1488,14 +1488,12 @@ long syscall_trace_enter(struct pt_regs *regs) trace_sys_enter(regs, regs->orig_ax); if (IS_IA32) - audit_syscall_entry(AUDIT_ARCH_I386, - regs->orig_ax, + audit_syscall_entry(regs->orig_ax, regs->bx, regs->cx, regs->dx, regs->si); #ifdef CONFIG_X86_64 else - audit_syscall_entry(AUDIT_ARCH_X86_64, - regs->orig_ax, + audit_syscall_entry(regs->orig_ax, regs->di, regs->si, regs->dx, regs->r10); #endif diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c index 562fac6..4d54b48 100644 --- a/arch/xtensa/kernel/ptrace.c +++ b/arch/xtensa/kernel/ptrace.c @@ -342,7 +342,7 @@ void do_syscall_trace_enter(struct pt_regs *regs) do_syscall_trace(); #if 0 - audit_syscall_entry(current, AUDIT_ARCH_XTENSA..); + audit_syscall_entry(...); #endif } diff --git a/include/linux/audit.h b/include/linux/audit.h index aa865a9..0e63eb1 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -27,6 +27,8 @@ #include <linux/ptrace.h> #include <uapi/linux/audit.h> +#include <asm/syscall.h> + struct audit_sig_info { uid_t uid; pid_t pid; @@ -126,12 +128,12 @@ static inline void audit_free(struct task_struct *task) if (unlikely(task->audit_context)) __audit_free(task); } -static inline void audit_syscall_entry(int arch, int major, unsigned long a0, +static inline void audit_syscall_entry(int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3) { if (unlikely(current->audit_context)) - __audit_syscall_entry(arch, major, a0, a1, a2, a3); + __audit_syscall_entry(syscall_get_arch(current, NULL), major, a0, a1, a2, a3); } static inline void audit_syscall_exit(void *pt_regs) { @@ -307,7 +309,7 @@ static inline int audit_alloc(struct task_struct *task) } static inline void audit_free(struct task_struct *task) { } -static inline void audit_syscall_entry(int arch, int major, unsigned long a0, +static inline void audit_syscall_entry(int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3) { } -- 1.7.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 5/6][RFC] audit: drop args from syscall_get_arch() interface 2014-03-05 21:27 ` [PATCH 0/6][RFC] audit: standardize and simplify syscall_get_arch() Richard Guy Briggs ` (3 preceding siblings ...) [not found] ` <20140305212705.dBcw1ETycHJ7ALmepDGFjztuT0RQ6bsG_nV9r2bbPhA@z> @ 2014-03-05 21:27 ` Richard Guy Briggs 2014-03-05 21:27 ` [PATCH 6/6][RFC] audit: drop arch from __audit_syscall_entry() interface Richard Guy Briggs 5 siblings, 0 replies; 7+ messages in thread From: Richard Guy Briggs @ 2014-03-05 21:27 UTC (permalink / raw) To: linux-audit, linux-kernel Cc: Richard Guy Briggs, eparis, sgrubb, oleg, linux-arm-kernel, x86, linux-ia64, microblaze-uclinux, linux-mips, linux, linux-parisc, linuxppc-dev, linux-s390, linux-sh, sparclinux, user-mode-linux-devel, linux-arch Since all callers of syscall_get_arch() call with task "current" and none of the arch-dependent functions use the "regs" parameter (which could just as easily be found with task_pt_regs()), delete both parameters. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- arch/arm/include/asm/syscall.h | 3 +-- arch/ia64/include/asm/syscall.h | 3 +-- arch/microblaze/include/asm/syscall.h | 3 +-- arch/mips/include/asm/syscall.h | 8 +------- arch/openrisc/include/asm/syscall.h | 3 +-- arch/parisc/include/asm/syscall.h | 3 +-- arch/powerpc/include/asm/syscall.h | 3 +-- arch/s390/include/asm/syscall.h | 5 ++--- arch/sh/include/asm/syscall.h | 3 +-- arch/sparc/include/asm/syscall.h | 3 +-- arch/x86/include/asm/syscall.h | 8 +++----- include/asm-generic/syscall.h | 6 ++---- include/linux/audit.h | 2 +- kernel/auditsc.c | 5 ++--- kernel/seccomp.c | 4 ++-- 15 files changed, 21 insertions(+), 41 deletions(-) diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h index a749123..4651f69 100644 --- a/arch/arm/include/asm/syscall.h +++ b/arch/arm/include/asm/syscall.h @@ -103,8 +103,7 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0])); } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { /* ARM tasks don't change audit architectures on the fly. */ return AUDIT_ARCH_ARM; diff --git a/arch/ia64/include/asm/syscall.h b/arch/ia64/include/asm/syscall.h index 9c82767..1ae443a 100644 --- a/arch/ia64/include/asm/syscall.h +++ b/arch/ia64/include/asm/syscall.h @@ -81,8 +81,7 @@ static inline void syscall_set_arguments(struct task_struct *task, ia64_syscall_get_set_arguments(task, regs, i, n, args, 1); } -static inline int syscall_get_arch(struct task_struct *tsk, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { return AUDIT_ARCH_IA64; } diff --git a/arch/microblaze/include/asm/syscall.h b/arch/microblaze/include/asm/syscall.h index e1acf8a..5292281 100644 --- a/arch/microblaze/include/asm/syscall.h +++ b/arch/microblaze/include/asm/syscall.h @@ -100,8 +100,7 @@ static inline void syscall_set_arguments(struct task_struct *task, asmlinkage long do_syscall_trace_enter(struct pt_regs *regs); asmlinkage void do_syscall_trace_leave(struct pt_regs *regs); -static inline int syscall_get_arch(struct tast_struct *tsk, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { return AUDIT_ARCH_MICROBLAZE; } diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h index a8234f2..992b6ab 100644 --- a/arch/mips/include/asm/syscall.h +++ b/arch/mips/include/asm/syscall.h @@ -101,7 +101,7 @@ extern const unsigned long sys_call_table[]; extern const unsigned long sys32_call_table[]; extern const unsigned long sysn32_call_table[]; -static inline int __syscall_get_arch(void) +static inline int syscall_get_arch(void) { int arch = AUDIT_ARCH_MIPS; #ifdef CONFIG_64BIT @@ -113,10 +113,4 @@ static inline int __syscall_get_arch(void) return arch; } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) -{ - return __syscall_get_arch(); -} - #endif /* __ASM_MIPS_SYSCALL_H */ diff --git a/arch/openrisc/include/asm/syscall.h b/arch/openrisc/include/asm/syscall.h index 2bbe0e9..e598095 100644 --- a/arch/openrisc/include/asm/syscall.h +++ b/arch/openrisc/include/asm/syscall.h @@ -72,8 +72,7 @@ syscall_set_arguments(struct task_struct *task, struct pt_regs *regs, memcpy(®s->gpr[3 + i], args, n * sizeof(args[0])); } -static inline int syscall_get_arch(struct task_struct *tsk, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { return AUDIT_ARCH_OPENRISC; } diff --git a/arch/parisc/include/asm/syscall.h b/arch/parisc/include/asm/syscall.h index 2bf23b1..87cc53d 100644 --- a/arch/parisc/include/asm/syscall.h +++ b/arch/parisc/include/asm/syscall.h @@ -39,8 +39,7 @@ static inline void syscall_get_arguments(struct task_struct *tsk, } } -static inline int syscall_get_arch(struct task_struct *tsk, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { int arch = AUDIT_ARCH_PARISC; #ifdef CONFIG_64BIT diff --git a/arch/powerpc/include/asm/syscall.h b/arch/powerpc/include/asm/syscall.h index 36bd9ef..616705b 100644 --- a/arch/powerpc/include/asm/syscall.h +++ b/arch/powerpc/include/asm/syscall.h @@ -88,8 +88,7 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s->gpr[3 + i], args, n * sizeof(args[0])); } -static inline int syscall_get_arch(struct task_struct *tsk, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { int arch = AUDIT_ARCH_PPC; diff --git a/arch/s390/include/asm/syscall.h b/arch/s390/include/asm/syscall.h index 79d1805..32cd7f7 100644 --- a/arch/s390/include/asm/syscall.h +++ b/arch/s390/include/asm/syscall.h @@ -89,11 +89,10 @@ static inline void syscall_set_arguments(struct task_struct *task, regs->orig_gpr2 = args[0]; } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { #ifdef CONFIG_COMPAT - if (test_tsk_thread_flag(task, TIF_31BIT)) + if (test_thread_flag(TIF_31BIT)) return AUDIT_ARCH_S390; #endif return sizeof(long) == 8 ? AUDIT_ARCH_S390X : AUDIT_ARCH_S390; diff --git a/arch/sh/include/asm/syscall.h b/arch/sh/include/asm/syscall.h index 33e60e0..aac9800 100644 --- a/arch/sh/include/asm/syscall.h +++ b/arch/sh/include/asm/syscall.h @@ -11,8 +11,7 @@ extern const unsigned long sys_call_table[]; # include <uapi/linux/audit.h> -static inline int syscall_get_arch(struct task_struct *tsk, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { int arch = AUDIT_ARCH_SH; diff --git a/arch/sparc/include/asm/syscall.h b/arch/sparc/include/asm/syscall.h index eddc60e..82b5b96 100644 --- a/arch/sparc/include/asm/syscall.h +++ b/arch/sparc/include/asm/syscall.h @@ -125,8 +125,7 @@ static inline void syscall_set_arguments(struct task_struct *task, regs->u_regs[UREG_I0 + i + j] = args[j]; } -static inline int syscall_get_arch(struct task_struct *tsk, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { return test_thread_flag(TIF_32BIT) ? AUDIT_ARCH_SPARC : AUDIT_ARCH_SPARC64; diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h index c98e0ec..d6a756a 100644 --- a/arch/x86/include/asm/syscall.h +++ b/arch/x86/include/asm/syscall.h @@ -91,8 +91,7 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s->bx + i, args, n * sizeof(args[0])); } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { return AUDIT_ARCH_I386; } @@ -221,8 +220,7 @@ static inline void syscall_set_arguments(struct task_struct *task, } } -static inline int syscall_get_arch(struct task_struct *task, - struct pt_regs *regs) +static inline int syscall_get_arch(void) { #ifdef CONFIG_IA32_EMULATION /* @@ -234,7 +232,7 @@ static inline int syscall_get_arch(struct task_struct *task, * * x32 tasks should be considered AUDIT_ARCH_X86_64. */ - if (task_thread_info(task)->status & TS_COMPAT) + if (task_thread_info(current)->status & TS_COMPAT) return AUDIT_ARCH_I386; #endif /* Both x32 and x86_64 are considered "64-bit". */ diff --git a/include/asm-generic/syscall.h b/include/asm-generic/syscall.h index 5b09392..0c938a4 100644 --- a/include/asm-generic/syscall.h +++ b/include/asm-generic/syscall.h @@ -144,16 +144,14 @@ void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs, /** * syscall_get_arch - return the AUDIT_ARCH for the current system call - * @task: task of interest, must be in system call entry tracing - * @regs: task_pt_regs() of @task * * Returns the AUDIT_ARCH_* based on the system call convention in use. * - * It's only valid to call this when @task is stopped on entry to a system + * It's only valid to call this when current is stopped on entry to a system * call, due to %TIF_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or %TIF_SECCOMP. * * Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must * provide an implementation of this. */ -int syscall_get_arch(struct task_struct *task, struct pt_regs *regs); +int syscall_get_arch(void); #endif /* _ASM_SYSCALL_H */ diff --git a/include/linux/audit.h b/include/linux/audit.h index 0e63eb1..ee452f1 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -133,7 +133,7 @@ static inline void audit_syscall_entry(int major, unsigned long a0, unsigned long a3) { if (unlikely(current->audit_context)) - __audit_syscall_entry(syscall_get_arch(current, NULL), major, a0, a1, a2, a3); + __audit_syscall_entry(syscall_get_arch(), major, a0, a1, a2, a3); } static inline void audit_syscall_exit(void *pt_regs) { diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 0c9fe06..565f7b7 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1461,7 +1461,7 @@ void __audit_syscall_entry(int arch, int major, if (!audit_enabled) return; - context->arch = syscall_get_arch(current, NULL); + context->arch = syscall_get_arch(); context->major = major; context->argv[0] = a1; context->argv[1] = a2; @@ -2416,8 +2416,7 @@ void __audit_seccomp(unsigned long syscall, long signr, int code) return; audit_log_task(ab); audit_log_format(ab, " sig=%ld", signr); - audit_log_format(ab, " arch=%x", - syscall_get_arch(current, task_pt_regs(current))); + audit_log_format(ab, " arch=%x", syscall_get_arch()); audit_log_format(ab, " syscall=%ld", syscall); audit_log_format(ab, " compat=%d", is_compat_task()); audit_log_format(ab, " ip=0x%lx", KSTK_EIP(current)); diff --git a/kernel/seccomp.c b/kernel/seccomp.c index b7a1004..eda2da3 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -95,7 +95,7 @@ u32 seccomp_bpf_load(int off) if (off == BPF_DATA(nr)) return syscall_get_nr(current, regs); if (off == BPF_DATA(arch)) - return syscall_get_arch(current, regs); + return syscall_get_arch(); if (off >= BPF_DATA(args[0]) && off < BPF_DATA(args[6])) { unsigned long value; int arg = (off - BPF_DATA(args[0])) / sizeof(u64); @@ -351,7 +351,7 @@ static void seccomp_send_sigsys(int syscall, int reason) info.si_code = SYS_SECCOMP; info.si_call_addr = (void __user *)KSTK_EIP(current); info.si_errno = reason; - info.si_arch = syscall_get_arch(current, task_pt_regs(current)); + info.si_arch = syscall_get_arch(); info.si_syscall = syscall; force_sig_info(SIGSYS, &info, current); } -- 1.7.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 6/6][RFC] audit: drop arch from __audit_syscall_entry() interface 2014-03-05 21:27 ` [PATCH 0/6][RFC] audit: standardize and simplify syscall_get_arch() Richard Guy Briggs ` (4 preceding siblings ...) 2014-03-05 21:27 ` [PATCH 5/6][RFC] audit: drop args from syscall_get_arch() interface Richard Guy Briggs @ 2014-03-05 21:27 ` Richard Guy Briggs 5 siblings, 0 replies; 7+ messages in thread From: Richard Guy Briggs @ 2014-03-05 21:27 UTC (permalink / raw) To: linux-audit, linux-kernel Cc: Richard Guy Briggs, eparis, sgrubb, oleg, linux-arm-kernel, x86, linux-ia64, microblaze-uclinux, linux-mips, linux, linux-parisc, linuxppc-dev, linux-s390, linux-sh, sparclinux, user-mode-linux-devel, linux-arch, tglx, mingo, hpa, rostedt, peterz Since arch is found locally in __audit_syscall_entry(), there is no need to pass it in as a parameter. Delete it from the parameter list. x86* was the only arch to call __audit_syscall_entry() directly and did so from assembly code. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- Can I get some constructive scrutiny from the x86 asm guys here? It has been a long time since I've played with x86 assembly code (and never x86_64). I've done automated build/regression tests on i686 and x86_64, and I've done manual tests on an x86_64 virtual machine and everything appears to work fine. Thanks! arch/x86/ia32/ia32entry.S | 12 ++++++------ arch/x86/kernel/entry_32.S | 11 +++++------ arch/x86/kernel/entry_64.S | 11 +++++------ include/linux/audit.h | 7 ++----- kernel/auditsc.c | 2 +- 5 files changed, 19 insertions(+), 24 deletions(-) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S index 4299eb0..f5bdd28 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -186,12 +186,12 @@ sysexit_from_sys_call: #ifdef CONFIG_AUDITSYSCALL .macro auditsys_entry_common - movl %esi,%r9d /* 6th arg: 4th syscall arg */ - movl %edx,%r8d /* 5th arg: 3rd syscall arg */ - /* (already in %ecx) 4th arg: 2nd syscall arg */ - movl %ebx,%edx /* 3rd arg: 1st syscall arg */ - movl %eax,%esi /* 2nd arg: syscall number */ - movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ + movl %esi,%r8d /* 5th arg: 4th syscall arg */ + movl %ecx,%r9d /*swap with edx*/ + movl %edx,%ecx /* 4th arg: 3rd syscall arg */ + movl %r9d,%edx /* 3rd arg: 2nd syscall arg */ + movl %ebx,%esi /* 2nd arg: 1st syscall arg */ + movl %eax,%edi /* 1st arg: syscall number */ call __audit_syscall_entry movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S index a2a4f46..078053e 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -456,12 +456,11 @@ sysenter_audit: jnz syscall_trace_entry addl $4,%esp CFI_ADJUST_CFA_OFFSET -4 - /* %esi already in 8(%esp) 6th arg: 4th syscall arg */ - /* %edx already in 4(%esp) 5th arg: 3rd syscall arg */ - /* %ecx already in 0(%esp) 4th arg: 2nd syscall arg */ - movl %ebx,%ecx /* 3rd arg: 1st syscall arg */ - movl %eax,%edx /* 2nd arg: syscall number */ - movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ + movl %esi,4(%esp) /* 5th arg: 4th syscall arg */ + movl %edx,(%esp) /* 4th arg: 3rd syscall arg */ + /* %ecx already in %ecx 3rd arg: 2nd syscall arg */ + movl %ebx,%edx /* 2nd arg: 1st syscall arg */ + /* %eax already in %eax 1st arg: syscall number */ call __audit_syscall_entry pushl_cfi %ebx movl PT_EAX(%esp),%eax /* reload syscall number */ diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S index 1e96c36..8292ff7 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -694,12 +694,11 @@ badsys: * jump back to the normal fast path. */ auditsys: - movq %r10,%r9 /* 6th arg: 4th syscall arg */ - movq %rdx,%r8 /* 5th arg: 3rd syscall arg */ - movq %rsi,%rcx /* 4th arg: 2nd syscall arg */ - movq %rdi,%rdx /* 3rd arg: 1st syscall arg */ - movq %rax,%rsi /* 2nd arg: syscall number */ - movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ + movq %r10,%r8 /* 5th arg: 4th syscall arg */ + movq %rdx,%rcx /* 4th arg: 3rd syscall arg */ + movq %rsi,%rdx /* 3rd arg: 2nd syscall arg */ + movq %rdi,%rsi /* 2nd arg: 1st syscall arg */ + movq %rax,%rdi /* 1st arg: syscall number */ call __audit_syscall_entry LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath diff --git a/include/linux/audit.h b/include/linux/audit.h index ee452f1..278bc9d 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -27,8 +27,6 @@ #include <linux/ptrace.h> #include <uapi/linux/audit.h> -#include <asm/syscall.h> - struct audit_sig_info { uid_t uid; pid_t pid; @@ -100,8 +98,7 @@ extern void audit_log_session_info(struct audit_buffer *ab); /* Public API */ extern int audit_alloc(struct task_struct *task); extern void __audit_free(struct task_struct *task); -extern void __audit_syscall_entry(int arch, - int major, unsigned long a0, unsigned long a1, +extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, unsigned long a2, unsigned long a3); extern void __audit_syscall_exit(int ret_success, long ret_value); extern struct filename *__audit_reusename(const __user char *uptr); @@ -133,7 +130,7 @@ static inline void audit_syscall_entry(int major, unsigned long a0, unsigned long a3) { if (unlikely(current->audit_context)) - __audit_syscall_entry(syscall_get_arch(), major, a0, a1, a2, a3); + __audit_syscall_entry(major, a0, a1, a2, a3); } static inline void audit_syscall_exit(void *pt_regs) { diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 565f7b7..a4e4447 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1445,7 +1445,7 @@ void __audit_free(struct task_struct *tsk) * will only be written if another part of the kernel requests that it * be written). */ -void __audit_syscall_entry(int arch, int major, +void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, unsigned long a3, unsigned long a4) { -- 1.7.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-03-05 21:27 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20140305212701.wvX3zNlLnjt4lSzaavvUNxwYQv0K6x23OFZZjG8JBO4@z>
2014-03-05 21:27 ` [PATCH 0/6][RFC] audit: standardize and simplify syscall_get_arch() Richard Guy Briggs
[not found] ` <20140305212702.pH_lOU-ALQUFizFOoJiWk4zo57OkjmENX0nQnTnZKLI@z>
2014-03-05 21:27 ` [PATCH 1/6][RFC] syscall: define syscall_get_arch() for each audit-supported arch Richard Guy Briggs
[not found] ` <20140305212703.urJ3oKPuZNQQgaQvTSoO7o8_kBCgIS_S8LIZscCkwRE@z>
2014-03-05 21:27 ` [PATCH 2/6][RFC] audit: add arch field to seccomp event log Richard Guy Briggs
[not found] ` <20140305212704.JxUVdPq3CHTVb2eIY1u466LhyHXmJ7TdTQHm8mZg2N8@z>
2014-03-05 21:27 ` [PATCH 3/6][RFC] audit: __audit_syscall_entry: ignore arch arg and call syscall_get_arch() directly Richard Guy Briggs
[not found] ` <20140305212705.dBcw1ETycHJ7ALmepDGFjztuT0RQ6bsG_nV9r2bbPhA@z>
2014-03-05 21:27 ` [PATCH 4/6][RFC] audit: drop arch from audit_syscall_entry() interface Richard Guy Briggs
2014-03-05 21:27 ` [PATCH 5/6][RFC] audit: drop args from syscall_get_arch() interface Richard Guy Briggs
2014-03-05 21:27 ` [PATCH 6/6][RFC] audit: drop arch from __audit_syscall_entry() interface Richard Guy Briggs
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox