diff options
author | Yuichi Nakamura <ynakam@hitachisoft.jp> | 2007-11-10 19:21:34 +0900 |
---|---|---|
committer | Paul Mundt <lethal@linux-sh.org> | 2008-01-28 13:18:57 +0900 |
commit | 1322b9def91ab8e9e673b58a64e13d6effaaa652 (patch) | |
tree | b52716f0d120f9d51b0cf32462c4f6f68d3c412b /arch/sh/kernel | |
parent | 12760cb4df2a244efbaa262b32590af295c0b8e1 (diff) | |
download | linux-1322b9def91ab8e9e673b58a64e13d6effaaa652.tar.gz linux-1322b9def91ab8e9e673b58a64e13d6effaaa652.tar.bz2 linux-1322b9def91ab8e9e673b58a64e13d6effaaa652.zip |
sh: syscall audit support.
Support syscall auditing..
Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Diffstat (limited to 'arch/sh/kernel')
-rw-r--r-- | arch/sh/kernel/entry-common.S | 8 | ||||
-rw-r--r-- | arch/sh/kernel/ptrace_32.c | 21 |
2 files changed, 23 insertions, 6 deletions
diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S index e0317ed080c3..397ac71d97f1 100644 --- a/arch/sh/kernel/entry-common.S +++ b/arch/sh/kernel/entry-common.S @@ -224,7 +224,7 @@ work_resched: syscall_exit_work: ! r0: current_thread_info->flags ! r8: current_thread_info - tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP, r0 + tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | _TIF_SYSCALL_AUDIT, r0 bt/s work_pending tst #_TIF_NEED_RESCHED, r0 #ifdef CONFIG_TRACE_IRQFLAGS @@ -234,6 +234,8 @@ syscall_exit_work: #endif sti ! XXX setup arguments... + mov r15, r4 + mov #1, r5 mov.l 4f, r0 ! do_syscall_trace jsr @r0 nop @@ -244,6 +246,8 @@ syscall_exit_work: syscall_trace_entry: ! Yes it is traced. ! XXX setup arguments... + mov r15, r4 + mov #0, r5 mov.l 4f, r11 ! Call do_syscall_trace which notifies jsr @r11 ! superior (will chomp R[0-7]) nop @@ -366,7 +370,7 @@ ENTRY(system_call) ! get_current_thread_info r8, r10 mov.l @(TI_FLAGS,r8), r8 - mov #_TIF_SYSCALL_TRACE, r10 + mov #(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT), r10 tst r10, r8 bf syscall_trace_entry ! diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c index ac725f0aeb72..ce0664a58b49 100644 --- a/arch/sh/kernel/ptrace_32.c +++ b/arch/sh/kernel/ptrace_32.c @@ -6,7 +6,7 @@ * edited by Linus Torvalds * * SuperH version: Copyright (C) 1999, 2000 Kaz Kojima & Niibe Yutaka - * + * Audit support: Yuichi Nakamura <ynakam@hitachisoft.jp> */ #include <linux/kernel.h> #include <linux/sched.h> @@ -19,6 +19,7 @@ #include <linux/security.h> #include <linux/signal.h> #include <linux/io.h> +#include <linux/audit.h> #include <asm/uaccess.h> #include <asm/pgtable.h> #include <asm/system.h> @@ -248,15 +249,20 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data) return ret; } -asmlinkage void do_syscall_trace(void) +asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) { struct task_struct *tsk = current; + if (unlikely(current->audit_context) && entryexit) + audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]), + regs->regs[0]); + if (!test_thread_flag(TIF_SYSCALL_TRACE) && !test_thread_flag(TIF_SINGLESTEP)) - return; + goto out; if (!(tsk->ptrace & PT_PTRACED)) - return; + goto out; + /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) && @@ -271,4 +277,11 @@ asmlinkage void do_syscall_trace(void) send_sig(tsk->exit_code, tsk, 1); tsk->exit_code = 0; } + +out: + if (unlikely(current->audit_context) && !entryexit) + audit_syscall_entry(AUDIT_ARCH_SH, regs->regs[3], + regs->regs[4], regs->regs[5], + regs->regs[6], regs->regs[7]); + } |