29ef73b7a8
This patch provides functionality to audit system call events on the ARM platform. The implementation was based off the structure of the MIPS platform and information in this (http://lists.fedoraproject.org/pipermail/arm/2009-October/000382.html) mailing list thread. The required audit_syscall_exit and audit_syscall_entry checks were added to ptrace using the standard registers for system call values (r0 through r3). A thread information flag was added for auditing (TIF_SYSCALL_AUDIT) and a meta-flag was added (_TIF_SYSCALL_WORK) to simplify modifications to the syscall entry/exit. Now, if either the TRACE flag is set or the AUDIT flag is set, the syscall_trace function will be executed. The prober changes were made to Kconfig to allow CONFIG_AUDITSYSCALL to be enabled. Due to platform availability limitations, this patch was only tested on the Android platform running the modified "android-goldfish-2.6.29" kernel. A test compile was performed using Code Sourcery's cross-compilation toolset and the current linux-3.0 stable kernel. The changes compile without error. I'm hoping, due to the simple modifications, the patch is "obviously correct". Signed-off-by: Nathaniel Husted <nhusted@gmail.com> Signed-off-by: Eric Paris <eparis@redhat.com>
169 lines
5 KiB
C
169 lines
5 KiB
C
/*
|
|
* arch/arm/include/asm/thread_info.h
|
|
*
|
|
* Copyright (C) 2002 Russell King.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*/
|
|
#ifndef __ASM_ARM_THREAD_INFO_H
|
|
#define __ASM_ARM_THREAD_INFO_H
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
#include <linux/compiler.h>
|
|
#include <asm/fpstate.h>
|
|
|
|
#define THREAD_SIZE_ORDER 1
|
|
#define THREAD_SIZE 8192
|
|
#define THREAD_START_SP (THREAD_SIZE - 8)
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
struct task_struct;
|
|
struct exec_domain;
|
|
|
|
#include <asm/types.h>
|
|
#include <asm/domain.h>
|
|
|
|
typedef unsigned long mm_segment_t;
|
|
|
|
struct cpu_context_save {
|
|
__u32 r4;
|
|
__u32 r5;
|
|
__u32 r6;
|
|
__u32 r7;
|
|
__u32 r8;
|
|
__u32 r9;
|
|
__u32 sl;
|
|
__u32 fp;
|
|
__u32 sp;
|
|
__u32 pc;
|
|
__u32 extra[2]; /* Xscale 'acc' register, etc */
|
|
};
|
|
|
|
/*
|
|
* low level task data that entry.S needs immediate access to.
|
|
* __switch_to() assumes cpu_context follows immediately after cpu_domain.
|
|
*/
|
|
struct thread_info {
|
|
unsigned long flags; /* low level flags */
|
|
int preempt_count; /* 0 => preemptable, <0 => bug */
|
|
mm_segment_t addr_limit; /* address limit */
|
|
struct task_struct *task; /* main task structure */
|
|
struct exec_domain *exec_domain; /* execution domain */
|
|
__u32 cpu; /* cpu */
|
|
__u32 cpu_domain; /* cpu domain */
|
|
struct cpu_context_save cpu_context; /* cpu context */
|
|
__u32 syscall; /* syscall number */
|
|
__u8 used_cp[16]; /* thread used copro */
|
|
unsigned long tp_value;
|
|
struct crunch_state crunchstate;
|
|
union fp_state fpstate __attribute__((aligned(8)));
|
|
union vfp_state vfpstate;
|
|
#ifdef CONFIG_ARM_THUMBEE
|
|
unsigned long thumbee_state; /* ThumbEE Handler Base register */
|
|
#endif
|
|
struct restart_block restart_block;
|
|
};
|
|
|
|
#define INIT_THREAD_INFO(tsk) \
|
|
{ \
|
|
.task = &tsk, \
|
|
.exec_domain = &default_exec_domain, \
|
|
.flags = 0, \
|
|
.preempt_count = INIT_PREEMPT_COUNT, \
|
|
.addr_limit = KERNEL_DS, \
|
|
.cpu_domain = domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \
|
|
domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
|
|
domain_val(DOMAIN_IO, DOMAIN_CLIENT), \
|
|
.restart_block = { \
|
|
.fn = do_no_restart_syscall, \
|
|
}, \
|
|
}
|
|
|
|
#define init_thread_info (init_thread_union.thread_info)
|
|
#define init_stack (init_thread_union.stack)
|
|
|
|
/*
|
|
* how to get the thread information struct from C
|
|
*/
|
|
static inline struct thread_info *current_thread_info(void) __attribute_const__;
|
|
|
|
static inline struct thread_info *current_thread_info(void)
|
|
{
|
|
register unsigned long sp asm ("sp");
|
|
return (struct thread_info *)(sp & ~(THREAD_SIZE - 1));
|
|
}
|
|
|
|
#define thread_saved_pc(tsk) \
|
|
((unsigned long)(task_thread_info(tsk)->cpu_context.pc))
|
|
#define thread_saved_sp(tsk) \
|
|
((unsigned long)(task_thread_info(tsk)->cpu_context.sp))
|
|
#define thread_saved_fp(tsk) \
|
|
((unsigned long)(task_thread_info(tsk)->cpu_context.fp))
|
|
|
|
extern void crunch_task_disable(struct thread_info *);
|
|
extern void crunch_task_copy(struct thread_info *, void *);
|
|
extern void crunch_task_restore(struct thread_info *, void *);
|
|
extern void crunch_task_release(struct thread_info *);
|
|
|
|
extern void iwmmxt_task_disable(struct thread_info *);
|
|
extern void iwmmxt_task_copy(struct thread_info *, void *);
|
|
extern void iwmmxt_task_restore(struct thread_info *, void *);
|
|
extern void iwmmxt_task_release(struct thread_info *);
|
|
extern void iwmmxt_task_switch(struct thread_info *);
|
|
|
|
extern void vfp_sync_hwstate(struct thread_info *);
|
|
extern void vfp_flush_hwstate(struct thread_info *);
|
|
|
|
#endif
|
|
|
|
/*
|
|
* We use bit 30 of the preempt_count to indicate that kernel
|
|
* preemption is occurring. See <asm/hardirq.h>.
|
|
*/
|
|
#define PREEMPT_ACTIVE 0x40000000
|
|
|
|
/*
|
|
* thread information flags:
|
|
* TIF_SYSCALL_TRACE - syscall trace active
|
|
* TIF_SYSCAL_AUDIT - syscall auditing active
|
|
* TIF_SIGPENDING - signal pending
|
|
* TIF_NEED_RESCHED - rescheduling necessary
|
|
* TIF_NOTIFY_RESUME - callback before returning to user
|
|
* TIF_USEDFPU - FPU was used by this task this quantum (SMP)
|
|
* TIF_POLLING_NRFLAG - true if poll_idle() is polling TIF_NEED_RESCHED
|
|
*/
|
|
#define TIF_SIGPENDING 0
|
|
#define TIF_NEED_RESCHED 1
|
|
#define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
|
|
#define TIF_SYSCALL_TRACE 8
|
|
#define TIF_SYSCALL_AUDIT 9
|
|
#define TIF_POLLING_NRFLAG 16
|
|
#define TIF_USING_IWMMXT 17
|
|
#define TIF_MEMDIE 18 /* is terminating due to OOM killer */
|
|
#define TIF_RESTORE_SIGMASK 20
|
|
#define TIF_SECCOMP 21
|
|
|
|
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
|
|
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
|
|
#define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
|
|
#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
|
|
#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
|
|
#define _TIF_POLLING_NRFLAG (1 << TIF_POLLING_NRFLAG)
|
|
#define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
|
|
#define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK)
|
|
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
|
|
|
|
/* Checks for any syscall work in entry-common.S */
|
|
#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT)
|
|
|
|
/*
|
|
* Change these and you break ASM code in entry-common.S
|
|
*/
|
|
#define _TIF_WORK_MASK 0x000000ff
|
|
|
|
#endif /* __KERNEL__ */
|
|
#endif /* __ASM_ARM_THREAD_INFO_H */
|