From: Richard Guy Briggs <rgb@redhat.com>
To: linux-audit@redhat.com, linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org, linux-mips@linux-mips.org,
linux-ia64@vger.kernel.org,
user-mode-linux-devel@lists.sourceforge.net,
linux-parisc@vger.kernel.org, linux-s390@vger.kernel.org,
Richard Guy Briggs <rgb@redhat.com>,
microblaze-uclinux@itee.uq.edu.au, linux@openrisc.net,
x86@kernel.org, oleg@redhat.com, eparis@redhat.com,
linux-sh@vger.kernel.org, sparclinux@vger.kernel.org,
sgrubb@redhat.com, linuxppc-dev@lists.ozlabs.org,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH 0/6][RFC] audit: standardize and simplify syscall_get_arch()
Date: Wed, 5 Mar 2014 16:27:01 -0500 [thread overview]
Message-ID: <cover.1393974970.git.rgb@redhat.com> (raw)
Each arch that supports audit requires syscall_get_arch() to able to log
and identify architecture-dependent syscall numbers. The information is used
in at least two different subsystems, so standardize it in the same call across
all arches.
Use the standardized syscall_get_arch() locally to add the arch to the
AUDIT_SECCOMP record to identify which syscall was issued.
Since all the callers of syscall_get_arch() presently pass "current" and none
of the arch-specific syscall_get_arch() implementations use the regs parameter,
call syscall_get_arch() locally where it is needed and drop passing around
arch, current and regs in __audit_syscall_entry() and audit_syscall_entry().
Compiles and runs on i686, x86_64, ppc, ppc64, s390, s390x, manually tested in
an x86_64 VM. aarch64 will be added soon.
Richard Guy Briggs (6):
syscall: define syscall_get_arch() for each audit-supported arch
audit: add arch field to seccomp event log
audit: __audit_syscall_entry: ignore arch arg and call
syscall_get_arch() directly
audit: drop arch from audit_syscall_entry() interface
audit: drop args from syscall_get_arch() interface
audit: drop arch from __audit_syscall_entry() interface
arch/arm/include/asm/syscall.h | 5 ++---
arch/arm/kernel/ptrace.c | 2 +-
arch/ia64/include/asm/syscall.h | 6 ++++++
arch/ia64/kernel/ptrace.c | 2 +-
arch/microblaze/include/asm/syscall.h | 5 +++++
arch/microblaze/kernel/ptrace.c | 2 +-
arch/mips/include/asm/syscall.h | 6 +++---
arch/mips/kernel/ptrace.c | 3 +--
arch/openrisc/include/asm/syscall.h | 5 +++++
arch/openrisc/kernel/ptrace.c | 2 +-
arch/parisc/include/asm/syscall.h | 11 +++++++++++
arch/parisc/kernel/ptrace.c | 5 ++---
arch/powerpc/include/asm/syscall.h | 12 ++++++++++++
arch/powerpc/kernel/ptrace.c | 6 ++----
arch/s390/include/asm/syscall.h | 7 +++----
arch/s390/kernel/ptrace.c | 4 +---
arch/sh/include/asm/syscall.h | 16 ++++++++++++++++
arch/sh/kernel/ptrace_32.c | 13 +------------
arch/sh/kernel/ptrace_64.c | 16 +---------------
arch/sparc/include/asm/syscall.h | 7 +++++++
arch/sparc/kernel/ptrace_64.c | 5 +----
arch/um/kernel/ptrace.c | 3 +--
arch/x86/ia32/ia32entry.S | 12 ++++++------
arch/x86/include/asm/syscall.h | 10 ++++------
arch/x86/kernel/entry_32.S | 11 +++++------
arch/x86/kernel/entry_64.S | 11 +++++------
arch/x86/kernel/ptrace.c | 6 ++----
arch/xtensa/kernel/ptrace.c | 2 +-
include/asm-generic/syscall.h | 6 ++----
include/linux/audit.h | 9 ++++-----
include/uapi/linux/audit.h | 1 +
kernel/auditsc.c | 6 ++++--
kernel/seccomp.c | 4 ++--
33 files changed, 120 insertions(+), 101 deletions(-)
next reply other threads:[~2014-03-05 21:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-05 21:27 Richard Guy Briggs [this message]
2014-03-05 21:27 ` [PATCH 1/6][RFC] syscall: define syscall_get_arch() for each audit-supported arch Richard Guy Briggs
2014-03-05 21:27 ` [PATCH 2/6][RFC] audit: add arch field to seccomp event log Richard Guy Briggs
2014-03-05 21:27 ` [PATCH 3/6][RFC] audit: __audit_syscall_entry: ignore arch arg and call syscall_get_arch() directly Richard Guy Briggs
2014-03-05 21:27 ` [PATCH 4/6][RFC] audit: drop arch from audit_syscall_entry() interface Richard Guy Briggs
2014-03-05 21:27 ` [PATCH 5/6][RFC] audit: drop args from syscall_get_arch() interface Richard Guy Briggs
2014-03-05 21:27 ` [PATCH 6/6][RFC] audit: drop arch from __audit_syscall_entry() interface Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1393974970.git.rgb@redhat.com \
--to=rgb@redhat.com \
--cc=eparis@redhat.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-audit@redhat.com \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux@openrisc.net \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=microblaze-uclinux@itee.uq.edu.au \
--cc=oleg@redhat.com \
--cc=sgrubb@redhat.com \
--cc=sparclinux@vger.kernel.org \
--cc=user-mode-linux-devel@lists.sourceforge.net \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).