[PATCH] Updated IA64 audit support

From: Peter Martuccelli
Date: Fri Jul 09 2004 - 09:05:30 EST



Hello David,

I updated the patch to use the IS_IA32_PROCESS() macro, and
removed trailing white-space as requested. Retested with the
changes, no issues to report. An updated patch follows. Let
me know if there are any other issues.

Please CC me directly with with any follow up posts.

Regards,

Peter

diffstat:
arch/ia64/ia32/ia32_entry.S | 8 ++++---
arch/ia64/kernel/entry.S | 10 +++++----
arch/ia64/kernel/ivt.S | 7 ++++--
arch/ia64/kernel/ptrace.c | 42 +++++++++++++++++++++++++++++++++++++++--
include/asm-ia64/thread_info.h | 5 +++-
init/Kconfig | 2 -
6 files changed, 61 insertions(+), 13 deletions(-)

diff -Naurp linux-2.6.7-pristine/arch/ia64/ia32/ia32_entry.S linux-2.6.7/arch/ia64/ia32/ia32_entry.S
--- linux-2.6.7-pristine/arch/ia64/ia32/ia32_entry.S 2004-06-16 16:32:05.000000000 -0400
+++ linux-2.6.7/arch/ia64/ia32/ia32_entry.S 2004-07-07 14:11:34.000000000 -0400
@@ -110,7 +110,9 @@ GLOBAL_ENTRY(ia32_ret_from_clone)
ld4 r2=[r2]
;;
mov r8=0
- tbit.nz p6,p0=r2,TIF_SYSCALL_TRACE
+ and r2=_TIF_SYSCALL_TRACEAUDIT,r2
+ ;;
+ cmp.ne p6,p0=r2,r0
(p6) br.cond.spnt .ia32_strace_check_retval
;; // prevent RAW on r8
END(ia32_ret_from_clone)
@@ -142,7 +144,7 @@ GLOBAL_ENTRY(ia32_trace_syscall)
adds r2=IA64_PT_REGS_R8_OFFSET+16,sp
;;
st8 [r2]=r3 // initialize return code to -ENOSYS
- br.call.sptk.few rp=syscall_trace // give parent a chance to catch syscall args
+ br.call.sptk.few rp=syscall_trace_enter // give parent a chance to catch syscall args
.ret2: // Need to reload arguments (they may be changed by the tracing process)
adds r2=IA64_PT_REGS_R1_OFFSET+16,sp // r2 = &pt_regs.r1
adds r3=IA64_PT_REGS_R13_OFFSET+16,sp // r3 = &pt_regs.r13
@@ -170,7 +172,7 @@ GLOBAL_ENTRY(ia32_trace_syscall)
adds r2=IA64_PT_REGS_R8_OFFSET+16,sp // r2 = &pt_regs.r8
;;
st8.spill [r2]=r8 // store return value in slot for r8
- br.call.sptk.few rp=syscall_trace // give parent a chance to catch return value
+ br.call.sptk.few rp=syscall_trace_leave // give parent a chance to catch return value
.ret4: alloc r2=ar.pfs,0,0,0,0 // drop the syscall argument frame
br.cond.sptk.many ia64_leave_kernel
END(ia32_trace_syscall)
diff -Naurp linux-2.6.7-pristine/arch/ia64/kernel/entry.S linux-2.6.7/arch/ia64/kernel/entry.S
--- linux-2.6.7-pristine/arch/ia64/kernel/entry.S 2004-06-16 16:32:05.000000000 -0400
+++ linux-2.6.7/arch/ia64/kernel/entry.S 2004-07-07 14:11:34.000000000 -0400
@@ -506,7 +506,7 @@ GLOBAL_ENTRY(ia64_trace_syscall)
;;
stf.spill [r16]=f10
stf.spill [r17]=f11
- br.call.sptk.many rp=syscall_trace // give parent a chance to catch syscall args
+ br.call.sptk.many rp=syscall_trace_enter // give parent a chance to catch syscall args
adds r16=PT(F6)+16,sp
adds r17=PT(F7)+16,sp
;;
@@ -546,7 +546,7 @@ GLOBAL_ENTRY(ia64_trace_syscall)
.strace_save_retval:
.mem.offset 0,0; st8.spill [r2]=r8 // store return value in slot for r8
.mem.offset 8,0; st8.spill [r3]=r10 // clear error indication in slot for r10
- br.call.sptk.many rp=syscall_trace // give parent a chance to catch return value
+ br.call.sptk.many rp=syscall_trace_leave // give parent a chance to catch return value
.ret3: br.cond.sptk ia64_leave_syscall

strace_error:
@@ -573,7 +573,7 @@ GLOBAL_ENTRY(ia64_strace_leave_kernel)
*/
nop.m 0
nop.i 0
- br.call.sptk.many rp=syscall_trace // give parent a chance to catch return value
+ br.call.sptk.many rp=syscall_trace_leave // give parent a chance to catch return value
}
.ret4: br.cond.sptk ia64_leave_kernel
END(ia64_strace_leave_kernel)
@@ -599,7 +599,9 @@ GLOBAL_ENTRY(ia64_ret_from_clone)
ld4 r2=[r2]
;;
mov r8=0
- tbit.nz p6,p0=r2,TIF_SYSCALL_TRACE
+ and r2=_TIF_SYSCALL_TRACEAUDIT,r2
+ ;;
+ cmp.ne p6,p0=r2,r0
(p6) br.cond.spnt .strace_check_retval
;; // added stop bits to prevent r8 dependency
END(ia64_ret_from_clone)
diff -Naurp linux-2.6.7-pristine/arch/ia64/kernel/ivt.S linux-2.6.7/arch/ia64/kernel/ivt.S
--- linux-2.6.7-pristine/arch/ia64/kernel/ivt.S 2004-06-16 16:32:05.000000000 -0400
+++ linux-2.6.7/arch/ia64/kernel/ivt.S 2004-07-07 14:11:34.000000000 -0400
@@ -752,7 +752,9 @@ ENTRY(break_fault)
;;
ld4 r2=[r2] // r2 = current_thread_info()->flags
;;
- tbit.z p8,p0=r2,TIF_SYSCALL_TRACE
+ and r2=_TIF_SYSCALL_TRACEAUDIT,r2 // mask trace or audit
+ ;;
+ cmp.eq p8,p0=r2,r0
mov b6=r20
;;
(p8) br.call.sptk.many b6=b6 // ignore this return addr
@@ -1573,10 +1575,11 @@ ENTRY(dispatch_to_ia32_handler)
ld4 r2=[r2] // r2 = current_thread_info()->flags
;;
ld8 r16=[r16]
- tbit.z p8,p0=r2,TIF_SYSCALL_TRACE
+ and r2=_TIF_SYSCALL_TRACEAUDIT,r2 // mask trace or audit
;;
mov b6=r16
movl r15=ia32_ret_from_syscall
+ cmp.eq p8,p0=r2,r0
;;
mov rp=r15
(p8) br.call.sptk.many b6=b6
diff -Naurp linux-2.6.7-pristine/arch/ia64/kernel/ptrace.c linux-2.6.7/arch/ia64/kernel/ptrace.c
--- linux-2.6.7-pristine/arch/ia64/kernel/ptrace.c 2004-06-16 16:32:05.000000000 -0400
+++ linux-2.6.7/arch/ia64/kernel/ptrace.c 2004-07-08 17:36:47.000000000 -0400
@@ -1447,9 +1447,8 @@ sys_ptrace (long request, pid_t pid, uns
return ret;
}

-/* "asmlinkage" so the input arguments are preserved... */

-asmlinkage void
+void
syscall_trace (void)
{
if (!test_thread_flag(TIF_SYSCALL_TRACE))
@@ -1472,3 +1471,42 @@ syscall_trace (void)
current->exit_code = 0;
}
}
+
+/* "asmlinkage" so the input arguments are preserved... */
+
+asmlinkage void
+syscall_trace_enter (long arg0, long arg1, long arg2, long arg3,
+ long arg4, long arg5, long arg6, long arg7, long stack)
+{
+ struct pt_regs *regs = (struct pt_regs *) &stack;
+ long syscall;
+
+ if (unlikely(current->audit_context)) {
+ if (IS_IA32_PROCESS(regs))
+ syscall = regs->r1;
+ else
+ syscall = regs->r15;
+
+ audit_syscall_entry(current, syscall, arg0, arg1, arg2, arg3);
+ }
+
+ if (test_thread_flag(TIF_SYSCALL_TRACE)
+ && (current->ptrace & PT_PTRACED))
+ syscall_trace();
+}
+
+/* "asmlinkage" so the input arguments are preserved... */
+
+asmlinkage void
+syscall_trace_leave (long arg0, long arg1, long arg2, long arg3,
+ long arg4, long arg5, long arg6, long arg7, long stack)
+{
+ struct pt_regs *regs = (struct pt_regs *) &stack;
+
+ if (unlikely(current->audit_context))
+ audit_syscall_exit(current, regs->r8);
+
+ if (test_thread_flag(TIF_SYSCALL_TRACE)
+ && (current->ptrace & PT_PTRACED))
+ syscall_trace();
+}
diff -Naurp linux-2.6.7-pristine/include/asm-ia64/thread_info.h linux-2.6.7/include/asm-ia64/thread_info.h
--- linux-2.6.7-pristine/include/asm-ia64/thread_info.h 2004-06-16 16:32:09.000000000 -0400
+++ linux-2.6.7/include/asm-ia64/thread_info.h 2004-07-07 14:11:34.000000000 -0400
@@ -73,12 +73,15 @@ struct thread_info {
#define TIF_SIGPENDING 1 /* signal pending */
#define TIF_NEED_RESCHED 2 /* rescheduling necessary */
#define TIF_SYSCALL_TRACE 3 /* syscall trace active */
+#define TIF_SYSCALL_AUDIT 4 /* syscall auditing active */
#define TIF_POLLING_NRFLAG 16 /* true if poll_idle() is polling TIF_NEED_RESCHED */

#define TIF_WORK_MASK 0x7 /* like TIF_ALLWORK_BITS but sans TIF_SYSCALL_TRACE */
-#define TIF_ALLWORK_MASK 0xf /* bits 0..3 are "work to do on user-return" bits */
+#define TIF_ALLWORK_MASK 0x1f /* bits 0..4 are "work to do on user-return" bits */

#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
+#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
+#define _TIF_SYSCALL_TRACEAUDIT (_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
#define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
diff -Naurp linux-2.6.7-pristine/init/Kconfig linux-2.6.7/init/Kconfig
--- linux-2.6.7-pristine/init/Kconfig 2004-06-16 16:33:52.000000000 -0400
+++ linux-2.6.7/init/Kconfig 2004-07-07 14:11:34.000000000 -0400
@@ -149,7 +149,7 @@ config AUDIT

config AUDITSYSCALL
bool "Enable system-call auditing support"
- depends on AUDIT && (X86 || PPC64 || ARCH_S390)
+ depends on AUDIT && (X86 || PPC64 || ARCH_S390 || IA64)
default y if SECURITY_SELINUX
default n
help
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/