Re: [PATCH] arm64: make a single hook to syscall_trace() for all syscall features

From: Richard Guy Briggs
Date: Tue Feb 11 2014 - 08:50:34 EST

Next message: Roger Quadros: "Re: [PATCH] ARM: dts: OMAP2+: Fix boot with multi_v7_defconfig"
Previous message: Madper Xie: "Re: [BUG] can't boot up: unable to handle kernel paging request at ffffffffff340003"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14/02/07, AKASHI Takahiro wrote:
> Currently syscall_trace() is called only for ptrace.
> With additional TIF_xx flags introduced, it is now called in all the cases
> of audit, ftrace and seccomp in addition to ptrace.
> Those features will be implemented later, but it's safe to include them
> now because they can not be turned on anyway.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@xxxxxxxxxx>

Acked-by: Richard Guy Briggs <rgb@xxxxxxxxxx>

> ---
> arch/arm64/include/asm/thread_info.h | 13 +++++++++++++
> arch/arm64/kernel/entry.S | 5 +++--
> arch/arm64/kernel/ptrace.c | 11 +++++------
> 3 files changed, 21 insertions(+), 8 deletions(-)
>
> diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
> index 720e70b..c3df797 100644
> --- a/arch/arm64/include/asm/thread_info.h
> +++ b/arch/arm64/include/asm/thread_info.h
> @@ -91,6 +91,9 @@ static inline struct thread_info *current_thread_info(void)
> /*
> * thread information flags:
> * TIF_SYSCALL_TRACE - syscall trace active
> + * TIF_SYSCALL_TRACEPOINT - syscall tracepoint for ftrace
> + * TIF_SYSCALL_AUDIT - syscall auditing
> + * TIF_SECOMP - syscall secure computing
> * TIF_SIGPENDING - signal pending
> * TIF_NEED_RESCHED - rescheduling necessary
> * TIF_NOTIFY_RESUME - callback before returning to user
> @@ -101,6 +104,9 @@ static inline struct thread_info *current_thread_info(void)
> #define TIF_NEED_RESCHED 1
> #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
> #define TIF_SYSCALL_TRACE 8
> +#define TIF_SYSCALL_AUDIT 9
> +#define TIF_SYSCALL_TRACEPOINT 10
> +#define TIF_SECCOMP 11
> #define TIF_POLLING_NRFLAG 16
> #define TIF_MEMDIE 18 /* is terminating due to OOM killer */
> #define TIF_FREEZE 19
> @@ -112,10 +118,17 @@ static inline struct thread_info *current_thread_info(void)
> #define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
> #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
> #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
> +#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
> +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
> +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT)
> +#define _TIF_SECCOMP (1 << TIF_SECCOMP)
> #define _TIF_32BIT (1 << TIF_32BIT)
>
> #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \
> _TIF_NOTIFY_RESUME)
>
> +#define _TIF_WORK_SYSCALL (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
> + _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP)
> +
> #endif /* __KERNEL__ */
> #endif /* __ASM_THREAD_INFO_H */
> diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
> index 39ac630..c94b2ab 100644
> --- a/arch/arm64/kernel/entry.S
> +++ b/arch/arm64/kernel/entry.S
> @@ -631,8 +631,9 @@ el0_svc_naked: // compat entry point
> enable_irq
>
> get_thread_info tsk
> - ldr x16, [tsk, #TI_FLAGS] // check for syscall tracing
> - tbnz x16, #TIF_SYSCALL_TRACE, __sys_trace // are we tracing syscalls?
> + ldr x16, [tsk, #TI_FLAGS] // check for syscall hooks
> + tst x16, #_TIF_WORK_SYSCALL
> + b.ne __sys_trace
> adr lr, ret_fast_syscall // return address
> cmp scno, sc_nr // check upper syscall limit
> b.hs ni_sys
> diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
> index 6a8928b..64ce39f 100644
> --- a/arch/arm64/kernel/ptrace.c
> +++ b/arch/arm64/kernel/ptrace.c
> @@ -1062,9 +1062,6 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs)
> {
> unsigned long saved_reg;
>
> - if (!test_thread_flag(TIF_SYSCALL_TRACE))
> - return regs->syscallno;
> -
> if (is_compat_task()) {
> /* AArch32 uses ip (r12) for scratch */
> saved_reg = regs->regs[12];
> @@ -1078,10 +1075,12 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs)
> regs->regs[7] = dir;
> }
>
> - if (dir)
> + if (dir) {
> tracehook_report_syscall_exit(regs, 0);
> - else if (tracehook_report_syscall_entry(regs))
> - regs->syscallno = ~0UL;
> + } else {
> + if (tracehook_report_syscall_entry(regs))
> + regs->syscallno = ~0UL;
> + }
>
> if (is_compat_task())
> regs->regs[12] = saved_reg;
> --
> 1.7.9.5
>
> --
> Linux-audit mailing list
> Linux-audit@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/linux-audit

- RGB

--
Richard Guy Briggs <rbriggs@xxxxxxxxxx>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roger Quadros: "Re: [PATCH] ARM: dts: OMAP2+: Fix boot with multi_v7_defconfig"
Previous message: Madper Xie: "Re: [BUG] can't boot up: unable to handle kernel paging request at ffffffffff340003"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]