From 1322b9def91ab8e9e673b58a64e13d6effaaa652 Mon Sep 17 00:00:00 2001 From: Yuichi Nakamura Date: Sat, 10 Nov 2007 19:21:34 +0900 Subject: sh: syscall audit support. Support syscall auditing.. Signed-off-by: Yuichi Nakamura Signed-off-by: Paul Mundt --- arch/sh/kernel/entry-common.S | 8 ++++++-- arch/sh/kernel/ptrace_32.c | 21 +++++++++++++++++---- 2 files changed, 23 insertions(+), 6 deletions(-) (limited to 'arch') diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S index e0317ed080c..397ac71d97f 100644 --- a/arch/sh/kernel/entry-common.S +++ b/arch/sh/kernel/entry-common.S @@ -224,7 +224,7 @@ work_resched: syscall_exit_work: ! r0: current_thread_info->flags ! r8: current_thread_info - tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP, r0 + tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | _TIF_SYSCALL_AUDIT, r0 bt/s work_pending tst #_TIF_NEED_RESCHED, r0 #ifdef CONFIG_TRACE_IRQFLAGS @@ -234,6 +234,8 @@ syscall_exit_work: #endif sti ! XXX setup arguments... + mov r15, r4 + mov #1, r5 mov.l 4f, r0 ! do_syscall_trace jsr @r0 nop @@ -244,6 +246,8 @@ syscall_exit_work: syscall_trace_entry: ! Yes it is traced. ! XXX setup arguments... + mov r15, r4 + mov #0, r5 mov.l 4f, r11 ! Call do_syscall_trace which notifies jsr @r11 ! superior (will chomp R[0-7]) nop @@ -366,7 +370,7 @@ ENTRY(system_call) ! get_current_thread_info r8, r10 mov.l @(TI_FLAGS,r8), r8 - mov #_TIF_SYSCALL_TRACE, r10 + mov #(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT), r10 tst r10, r8 bf syscall_trace_entry ! diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c index ac725f0aeb7..ce0664a58b4 100644 --- a/arch/sh/kernel/ptrace_32.c +++ b/arch/sh/kernel/ptrace_32.c @@ -6,7 +6,7 @@ * edited by Linus Torvalds * * SuperH version: Copyright (C) 1999, 2000 Kaz Kojima & Niibe Yutaka - * + * Audit support: Yuichi Nakamura */ #include #include @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -248,15 +249,20 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data) return ret; } -asmlinkage void do_syscall_trace(void) +asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) { struct task_struct *tsk = current; + if (unlikely(current->audit_context) && entryexit) + audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]), + regs->regs[0]); + if (!test_thread_flag(TIF_SYSCALL_TRACE) && !test_thread_flag(TIF_SINGLESTEP)) - return; + goto out; if (!(tsk->ptrace & PT_PTRACED)) - return; + goto out; + /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) && @@ -271,4 +277,11 @@ asmlinkage void do_syscall_trace(void) send_sig(tsk->exit_code, tsk, 1); tsk->exit_code = 0; } + +out: + if (unlikely(current->audit_context) && !entryexit) + audit_syscall_entry(AUDIT_ARCH_SH, regs->regs[3], + regs->regs[4], regs->regs[5], + regs->regs[6], regs->regs[7]); + } -- cgit v1.2.3