audit: inline audit_syscall_entry to reduce burden on archs
Every arch calls: if (unlikely(current->audit_context)) audit_syscall_entry() which requires knowledge about audit (the existance of audit_context) in the arch code. Just do it all in static inline in audit.h so that arch's can remain blissfully ignorant. Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Eric Paris
Al Viro
parent
f031cd2556
commit
b05d8447e7
@ -1246,15 +1246,8 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3,
|
|||||||
if (test_thread_flag(TIF_RESTORE_RSE))
|
if (test_thread_flag(TIF_RESTORE_RSE))
|
||||||
ia64_sync_krbs();
|
ia64_sync_krbs();
|
||||||
|
|
||||||
if (unlikely(current->audit_context)) {
|
|
||||||
long syscall;
|
|
||||||
int arch;
|
|
||||||
|
|
||||||
syscall = regs.r15;
|
audit_syscall_entry(AUDIT_ARCH_IA64, regs.r15, arg0, arg1, arg2, arg3);
|
||||||
arch = AUDIT_ARCH_IA64;
|
|
||||||
|
|
||||||
audit_syscall_entry(arch, syscall, arg0, arg1, arg2, arg3);
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -147,10 +147,8 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
|
|||||||
*/
|
*/
|
||||||
ret = -1L;
|
ret = -1L;
|
||||||
|
|
||||||
if (unlikely(current->audit_context))
|
audit_syscall_entry(EM_MICROBLAZE, regs->r12, regs->r5, regs->r6,
|
||||||
audit_syscall_entry(EM_MICROBLAZE, regs->r12,
|
regs->r7, regs->r8);
|
||||||
regs->r5, regs->r6,
|
|
||||||
regs->r7, regs->r8);
|
|
||||||
|
|
||||||
return ret ?: regs->r12;
|
return ret ?: regs->r12;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -560,10 +560,9 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
|
|||||||
}
|
}
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (unlikely(current->audit_context))
|
audit_syscall_entry(audit_arch(), regs->regs[2],
|
||||||
audit_syscall_entry(audit_arch(), regs->regs[2],
|
regs->regs[4], regs->regs[5],
|
||||||
regs->regs[4], regs->regs[5],
|
regs->regs[6], regs->regs[7]);
|
||||||
regs->regs[6], regs->regs[7]);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -1724,22 +1724,20 @@ long do_syscall_trace_enter(struct pt_regs *regs)
|
|||||||
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
||||||
trace_sys_enter(regs, regs->gpr[0]);
|
trace_sys_enter(regs, regs->gpr[0]);
|
||||||
|
|
||||||
if (unlikely(current->audit_context)) {
|
|
||||||
#ifdef CONFIG_PPC64
|
#ifdef CONFIG_PPC64
|
||||||
if (!is_32bit_task())
|
if (!is_32bit_task())
|
||||||
audit_syscall_entry(AUDIT_ARCH_PPC64,
|
audit_syscall_entry(AUDIT_ARCH_PPC64,
|
||||||
regs->gpr[0],
|
regs->gpr[0],
|
||||||
regs->gpr[3], regs->gpr[4],
|
regs->gpr[3], regs->gpr[4],
|
||||||
regs->gpr[5], regs->gpr[6]);
|
regs->gpr[5], regs->gpr[6]);
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
audit_syscall_entry(AUDIT_ARCH_PPC,
|
audit_syscall_entry(AUDIT_ARCH_PPC,
|
||||||
regs->gpr[0],
|
regs->gpr[0],
|
||||||
regs->gpr[3] & 0xffffffff,
|
regs->gpr[3] & 0xffffffff,
|
||||||
regs->gpr[4] & 0xffffffff,
|
regs->gpr[4] & 0xffffffff,
|
||||||
regs->gpr[5] & 0xffffffff,
|
regs->gpr[5] & 0xffffffff,
|
||||||
regs->gpr[6] & 0xffffffff);
|
regs->gpr[6] & 0xffffffff);
|
||||||
}
|
|
||||||
|
|
||||||
return ret ?: regs->gpr[0];
|
return ret ?: regs->gpr[0];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -740,12 +740,11 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
|
|||||||
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
||||||
trace_sys_enter(regs, regs->gprs[2]);
|
trace_sys_enter(regs, regs->gprs[2]);
|
||||||
|
|
||||||
if (unlikely(current->audit_context))
|
audit_syscall_entry(is_compat_task() ?
|
||||||
audit_syscall_entry(is_compat_task() ?
|
AUDIT_ARCH_S390 : AUDIT_ARCH_S390X,
|
||||||
AUDIT_ARCH_S390 : AUDIT_ARCH_S390X,
|
regs->gprs[2], regs->orig_gpr2,
|
||||||
regs->gprs[2], regs->orig_gpr2,
|
regs->gprs[3], regs->gprs[4],
|
||||||
regs->gprs[3], regs->gprs[4],
|
regs->gprs[5]);
|
||||||
regs->gprs[5]);
|
|
||||||
return ret ?: regs->gprs[2];
|
return ret ?: regs->gprs[2];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -518,10 +518,9 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
|
|||||||
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
||||||
trace_sys_enter(regs, regs->regs[0]);
|
trace_sys_enter(regs, regs->regs[0]);
|
||||||
|
|
||||||
if (unlikely(current->audit_context))
|
audit_syscall_entry(audit_arch(), regs->regs[3],
|
||||||
audit_syscall_entry(audit_arch(), regs->regs[3],
|
regs->regs[4], regs->regs[5],
|
||||||
regs->regs[4], regs->regs[5],
|
regs->regs[6], regs->regs[7]);
|
||||||
regs->regs[6], regs->regs[7]);
|
|
||||||
|
|
||||||
return ret ?: regs->regs[0];
|
return ret ?: regs->regs[0];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -536,10 +536,9 @@ asmlinkage long long do_syscall_trace_enter(struct pt_regs *regs)
|
|||||||
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
||||||
trace_sys_enter(regs, regs->regs[9]);
|
trace_sys_enter(regs, regs->regs[9]);
|
||||||
|
|
||||||
if (unlikely(current->audit_context))
|
audit_syscall_entry(audit_arch(), regs->regs[1],
|
||||||
audit_syscall_entry(audit_arch(), regs->regs[1],
|
regs->regs[2], regs->regs[3],
|
||||||
regs->regs[2], regs->regs[3],
|
regs->regs[4], regs->regs[5]);
|
||||||
regs->regs[4], regs->regs[5]);
|
|
||||||
|
|
||||||
return ret ?: regs->regs[9];
|
return ret ?: regs->regs[9];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1071,15 +1071,14 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
|
|||||||
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
||||||
trace_sys_enter(regs, regs->u_regs[UREG_G1]);
|
trace_sys_enter(regs, regs->u_regs[UREG_G1]);
|
||||||
|
|
||||||
if (unlikely(current->audit_context) && !ret)
|
audit_syscall_entry((test_thread_flag(TIF_32BIT) ?
|
||||||
audit_syscall_entry((test_thread_flag(TIF_32BIT) ?
|
AUDIT_ARCH_SPARC :
|
||||||
AUDIT_ARCH_SPARC :
|
AUDIT_ARCH_SPARC64),
|
||||||
AUDIT_ARCH_SPARC64),
|
regs->u_regs[UREG_G1],
|
||||||
regs->u_regs[UREG_G1],
|
regs->u_regs[UREG_I0],
|
||||||
regs->u_regs[UREG_I0],
|
regs->u_regs[UREG_I1],
|
||||||
regs->u_regs[UREG_I1],
|
regs->u_regs[UREG_I2],
|
||||||
regs->u_regs[UREG_I2],
|
regs->u_regs[UREG_I3]);
|
||||||
regs->u_regs[UREG_I3]);
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -167,17 +167,15 @@ void syscall_trace(struct uml_pt_regs *regs, int entryexit)
|
|||||||
int is_singlestep = (current->ptrace & PT_DTRACE) && entryexit;
|
int is_singlestep = (current->ptrace & PT_DTRACE) && entryexit;
|
||||||
int tracesysgood;
|
int tracesysgood;
|
||||||
|
|
||||||
if (unlikely(current->audit_context)) {
|
if (!entryexit)
|
||||||
if (!entryexit)
|
audit_syscall_entry(HOST_AUDIT_ARCH,
|
||||||
audit_syscall_entry(HOST_AUDIT_ARCH,
|
UPT_SYSCALL_NR(regs),
|
||||||
UPT_SYSCALL_NR(regs),
|
UPT_SYSCALL_ARG1(regs),
|
||||||
UPT_SYSCALL_ARG1(regs),
|
UPT_SYSCALL_ARG2(regs),
|
||||||
UPT_SYSCALL_ARG2(regs),
|
UPT_SYSCALL_ARG3(regs),
|
||||||
UPT_SYSCALL_ARG3(regs),
|
UPT_SYSCALL_ARG4(regs));
|
||||||
UPT_SYSCALL_ARG4(regs));
|
else
|
||||||
else
|
audit_syscall_exit(regs);
|
||||||
audit_syscall_exit(regs);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Fake a debug trap */
|
/* Fake a debug trap */
|
||||||
if (is_singlestep)
|
if (is_singlestep)
|
||||||
|
|||||||
@ -192,7 +192,7 @@ sysexit_from_sys_call:
|
|||||||
movl %ebx,%edx /* 3rd arg: 1st syscall arg */
|
movl %ebx,%edx /* 3rd arg: 1st syscall arg */
|
||||||
movl %eax,%esi /* 2nd arg: syscall number */
|
movl %eax,%esi /* 2nd arg: syscall number */
|
||||||
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
|
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
|
||||||
call audit_syscall_entry
|
call __audit_syscall_entry
|
||||||
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
|
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
|
||||||
cmpq $(IA32_NR_syscalls-1),%rax
|
cmpq $(IA32_NR_syscalls-1),%rax
|
||||||
ja ia32_badsys
|
ja ia32_badsys
|
||||||
|
|||||||
@ -456,7 +456,7 @@ sysenter_audit:
|
|||||||
movl %ebx,%ecx /* 3rd arg: 1st syscall arg */
|
movl %ebx,%ecx /* 3rd arg: 1st syscall arg */
|
||||||
movl %eax,%edx /* 2nd arg: syscall number */
|
movl %eax,%edx /* 2nd arg: syscall number */
|
||||||
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
|
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
|
||||||
call audit_syscall_entry
|
call __audit_syscall_entry
|
||||||
pushl_cfi %ebx
|
pushl_cfi %ebx
|
||||||
movl PT_EAX(%esp),%eax /* reload syscall number */
|
movl PT_EAX(%esp),%eax /* reload syscall number */
|
||||||
jmp sysenter_do_call
|
jmp sysenter_do_call
|
||||||
|
|||||||
@ -549,7 +549,7 @@ badsys:
|
|||||||
#ifdef CONFIG_AUDITSYSCALL
|
#ifdef CONFIG_AUDITSYSCALL
|
||||||
/*
|
/*
|
||||||
* Fast path for syscall audit without full syscall trace.
|
* Fast path for syscall audit without full syscall trace.
|
||||||
* We just call audit_syscall_entry() directly, and then
|
* We just call __audit_syscall_entry() directly, and then
|
||||||
* jump back to the normal fast path.
|
* jump back to the normal fast path.
|
||||||
*/
|
*/
|
||||||
auditsys:
|
auditsys:
|
||||||
@ -559,7 +559,7 @@ auditsys:
|
|||||||
movq %rdi,%rdx /* 3rd arg: 1st syscall arg */
|
movq %rdi,%rdx /* 3rd arg: 1st syscall arg */
|
||||||
movq %rax,%rsi /* 2nd arg: syscall number */
|
movq %rax,%rsi /* 2nd arg: syscall number */
|
||||||
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
|
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
|
||||||
call audit_syscall_entry
|
call __audit_syscall_entry
|
||||||
LOAD_ARGS 0 /* reload call-clobbered registers */
|
LOAD_ARGS 0 /* reload call-clobbered registers */
|
||||||
jmp system_call_fastpath
|
jmp system_call_fastpath
|
||||||
|
|
||||||
|
|||||||
@ -1392,20 +1392,18 @@ long syscall_trace_enter(struct pt_regs *regs)
|
|||||||
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
|
||||||
trace_sys_enter(regs, regs->orig_ax);
|
trace_sys_enter(regs, regs->orig_ax);
|
||||||
|
|
||||||
if (unlikely(current->audit_context)) {
|
if (IS_IA32)
|
||||||
if (IS_IA32)
|
audit_syscall_entry(AUDIT_ARCH_I386,
|
||||||
audit_syscall_entry(AUDIT_ARCH_I386,
|
regs->orig_ax,
|
||||||
regs->orig_ax,
|
regs->bx, regs->cx,
|
||||||
regs->bx, regs->cx,
|
regs->dx, regs->si);
|
||||||
regs->dx, regs->si);
|
|
||||||
#ifdef CONFIG_X86_64
|
#ifdef CONFIG_X86_64
|
||||||
else
|
else
|
||||||
audit_syscall_entry(AUDIT_ARCH_X86_64,
|
audit_syscall_entry(AUDIT_ARCH_X86_64,
|
||||||
regs->orig_ax,
|
regs->orig_ax,
|
||||||
regs->di, regs->si,
|
regs->di, regs->si,
|
||||||
regs->dx, regs->r10);
|
regs->dx, regs->r10);
|
||||||
#endif
|
#endif
|
||||||
}
|
|
||||||
|
|
||||||
return ret ?: regs->orig_ax;
|
return ret ?: regs->orig_ax;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -334,8 +334,7 @@ void do_syscall_trace_enter(struct pt_regs *regs)
|
|||||||
do_syscall_trace();
|
do_syscall_trace();
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
if (unlikely(current->audit_context))
|
audit_syscall_entry(current, AUDIT_ARCH_XTENSA..);
|
||||||
audit_syscall_entry(current, AUDIT_ARCH_XTENSA..);
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -418,9 +418,9 @@ extern int audit_classify_arch(int arch);
|
|||||||
extern void audit_finish_fork(struct task_struct *child);
|
extern void audit_finish_fork(struct task_struct *child);
|
||||||
extern int audit_alloc(struct task_struct *task);
|
extern int audit_alloc(struct task_struct *task);
|
||||||
extern void audit_free(struct task_struct *task);
|
extern void audit_free(struct task_struct *task);
|
||||||
extern void audit_syscall_entry(int arch,
|
extern void __audit_syscall_entry(int arch,
|
||||||
int major, unsigned long a0, unsigned long a1,
|
int major, unsigned long a0, unsigned long a1,
|
||||||
unsigned long a2, unsigned long a3);
|
unsigned long a2, unsigned long a3);
|
||||||
extern void __audit_syscall_exit(int ret_success, long ret_value);
|
extern void __audit_syscall_exit(int ret_success, long ret_value);
|
||||||
extern void __audit_getname(const char *name);
|
extern void __audit_getname(const char *name);
|
||||||
extern void audit_putname(const char *name);
|
extern void audit_putname(const char *name);
|
||||||
@ -435,6 +435,13 @@ static inline int audit_dummy_context(void)
|
|||||||
void *p = current->audit_context;
|
void *p = current->audit_context;
|
||||||
return !p || *(int *)p;
|
return !p || *(int *)p;
|
||||||
}
|
}
|
||||||
|
static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
|
||||||
|
unsigned long a1, unsigned long a2,
|
||||||
|
unsigned long a3)
|
||||||
|
{
|
||||||
|
if (unlikely(!audit_dummy_context()))
|
||||||
|
__audit_syscall_entry(arch, major, a0, a1, a2, a3);
|
||||||
|
}
|
||||||
static inline void audit_syscall_exit(void *pt_regs)
|
static inline void audit_syscall_exit(void *pt_regs)
|
||||||
{
|
{
|
||||||
if (unlikely(current->audit_context)) {
|
if (unlikely(current->audit_context)) {
|
||||||
|
|||||||
@ -1632,7 +1632,7 @@ void audit_free(struct task_struct *tsk)
|
|||||||
* will only be written if another part of the kernel requests that it
|
* will only be written if another part of the kernel requests that it
|
||||||
* be written).
|
* be written).
|
||||||
*/
|
*/
|
||||||
void audit_syscall_entry(int arch, int major,
|
void __audit_syscall_entry(int arch, int major,
|
||||||
unsigned long a1, unsigned long a2,
|
unsigned long a1, unsigned long a2,
|
||||||
unsigned long a3, unsigned long a4)
|
unsigned long a3, unsigned long a4)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user