From: Martin Schwidefsky <schwidefsky@de.ibm.com>
This patch adds the TIF_SYSCALL_AUDIT option to the s390 ptrace interface.
---
25-akpm/arch/s390/kernel/entry.S | 16 ++++++++++++----
25-akpm/arch/s390/kernel/entry64.S | 16 ++++++++++++----
25-akpm/arch/s390/kernel/ptrace.c | 10 +++++++++-
25-akpm/include/asm-s390/thread_info.h | 2 ++
4 files changed, 35 insertions(+), 9 deletions(-)
diff -puN arch/s390/kernel/entry64.S~light-weight-auditing-framework-for-s390 arch/s390/kernel/entry64.S
--- 25/arch/s390/kernel/entry64.S~light-weight-auditing-framework-for-s390 2004-04-14 18:37:52.715000360 -0700
+++ 25-akpm/arch/s390/kernel/entry64.S 2004-04-14 18:37:52.722999144 -0700
@@ -227,7 +227,7 @@ sysc_do_restart:
larl %r10,sys_call_table_emu # use 31 bit emulation system calls
sysc_noemu:
#endif
- tm __TI_flags+7(%r9),_TIF_SYSCALL_TRACE
+ tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
lgf %r8,0(%r7,%r10) # load address of system call routine
jo sysc_tracesys
basr %r14,%r8 # call sys_xxxx
@@ -299,6 +299,8 @@ __critical_end:
# special linkage: %r12 contains the return address for trace_svc
#
sysc_tracesys:
+ la %r2,SP_PTREGS(%r15) # load pt_regs
+ la %r3,0
srl %r7,2
stg %r7,SP_R2(%r15)
brasl %r14,syscall_trace
@@ -314,8 +316,10 @@ sysc_tracego:
basr %r14,%r8 # call sys_xxx
stg %r2,SP_R2(%r15) # store return value
sysc_tracenogo:
- tm __TI_flags+7(%r9),_TIF_SYSCALL_TRACE
+ tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
jno sysc_return
+ la %r2,SP_PTREGS(%r15) # load pt_regs
+ la %r3,1
larl %r14,sysc_return # return point is sysc_return
jg syscall_trace
@@ -541,7 +545,7 @@ pgm_svcstd:
larl %r10,sys_call_table_emu # use 31 bit emulation system calls
pgm_svcper_noemu:
#endif
- tm __TI_flags+7(%r9),_TIF_SYSCALL_TRACE
+ tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
lgf %r8,0(%r7,%r10) # load address of system call routine
jo pgm_tracesys
basr %r14,%r8 # call sys_xxxx
@@ -566,6 +570,8 @@ pgm_svcper_nosig:
# call trace before and after sys_call
#
pgm_tracesys:
+ la %r2,SP_PTREGS(%r15) # load pt_regs
+ la %r3,0
srlg %r7,%r7,2
stg %r7,SP_R2(%r15)
brasl %r14,syscall_trace
@@ -581,8 +587,10 @@ pgm_svc_go:
basr %r14,%r8 # call sys_xxx
stg %r2,SP_R2(%r15) # store return value
pgm_svc_nogo:
- tm __TI_flags+7(%r9),_TIF_SYSCALL_TRACE
+ tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
jno pgm_svcret
+ la %r2,SP_PTREGS(%r15) # load pt_regs
+ la %r3,1
larl %r14,pgm_svcret # return point is sysc_return
jg syscall_trace
diff -puN arch/s390/kernel/entry.S~light-weight-auditing-framework-for-s390 arch/s390/kernel/entry.S
--- 25/arch/s390/kernel/entry.S~light-weight-auditing-framework-for-s390 2004-04-14 18:37:52.717000056 -0700
+++ 25-akpm/arch/s390/kernel/entry.S 2004-04-14 18:37:52.723998992 -0700
@@ -235,7 +235,7 @@ sysc_enter:
lr %r7,%r1 # copy svc number to %r7
sla %r7,2 # *4
sysc_do_restart:
- tm __TI_flags+3(%r9),_TIF_SYSCALL_TRACE
+ tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
l %r8,sys_call_table-system_call(%r7,%r13) # get system call addr.
bo BASED(sysc_tracesys)
basr %r14,%r8 # call sys_xxxx
@@ -309,6 +309,8 @@ __critical_end:
#
sysc_tracesys:
l %r1,BASED(.Ltrace)
+ la %r2,SP_PTREGS(%r15) # load pt_regs
+ la %r3,0
srl %r7,2
st %r7,SP_R2(%r15)
basr %r14,%r1
@@ -323,9 +325,11 @@ sysc_tracego:
basr %r14,%r8 # call sys_xxx
st %r2,SP_R2(%r15) # store return value
sysc_tracenogo:
- tm __TI_flags+3(%r9),_TIF_SYSCALL_TRACE
+ tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
bno BASED(sysc_return)
l %r1,BASED(.Ltrace)
+ la %r2,SP_PTREGS(%r15) # load pt_regs
+ la %r3,1
la %r14,BASED(sysc_return)
br %r1
@@ -502,7 +506,7 @@ pgm_svcper:
lr %r7,%r1 # copy svc number to %r7
sla %r7,2 # *4
pgm_svcstd:
- tm __TI_flags+3(%r9),_TIF_SYSCALL_TRACE
+ tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
l %r8,sys_call_table-system_call(%r7,%r13) # get system call addr.
bo BASED(pgm_tracesys)
basr %r14,%r8 # call sys_xxxx
@@ -529,6 +533,8 @@ pgm_svcper_nosig:
#
pgm_tracesys:
l %r1,BASED(.Ltrace)
+ la %r2,SP_PTREGS(%r15) # load pt_regs
+ la %r3,0
srl %r7,2
st %r7,SP_R2(%r15)
basr %r14,%r1
@@ -543,9 +549,11 @@ pgm_svc_go:
basr %r14,%r8 # call sys_xxx
st %r2,SP_R2(%r15) # store return value
pgm_svc_nogo:
- tm __TI_flags+3(%r9),_TIF_SYSCALL_TRACE
+ tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT)
bno BASED(pgm_svcret)
l %r1,BASED(.Ltrace)
+ la %r2,SP_PTREGS(%r15) # load pt_regs
+ la %r3,1
la %r14,BASED(pgm_svcret)
br %r1
diff -puN arch/s390/kernel/ptrace.c~light-weight-auditing-framework-for-s390 arch/s390/kernel/ptrace.c
--- 25/arch/s390/kernel/ptrace.c~light-weight-auditing-framework-for-s390 2004-04-14 18:37:52.717999904 -0700
+++ 25-akpm/arch/s390/kernel/ptrace.c 2004-04-14 18:37:52.724998840 -0700
@@ -690,8 +690,16 @@ out:
}
asmlinkage void
-syscall_trace(void)
+syscall_trace(struct pt_regs *regs, int entryexit)
{
+ if (unlikely(current->audit_context)) {
+ if (!entryexit)
+ audit_syscall_entry(current, regs->gprs[2],
+ regs->orig_gpr2, regs->gprs[3],
+ regs->gprs[4], regs->gprs[5]);
+ else
+ audit_syscall_exit(current, regs->gprs[2]);
+ }
if (!test_thread_flag(TIF_SYSCALL_TRACE))
return;
if (!(current->ptrace & PT_PTRACED))
diff -puN include/asm-s390/thread_info.h~light-weight-auditing-framework-for-s390 include/asm-s390/thread_info.h
--- 25/include/asm-s390/thread_info.h~light-weight-auditing-framework-for-s390 2004-04-14 18:37:52.719999600 -0700
+++ 25-akpm/include/asm-s390/thread_info.h 2004-04-14 18:37:52.725998688 -0700
@@ -84,6 +84,7 @@ static inline struct thread_info *curren
#define TIF_SIGPENDING 2 /* signal pending */
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
#define TIF_RESTART_SVC 4 /* restart svc with new svc number */
+#define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */
#define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */
#define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling
TIF_NEED_RESCHED */
@@ -94,6 +95,7 @@ static inline struct thread_info *curren
#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
#define _TIF_RESTART_SVC (1<<TIF_RESTART_SVC)
+#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
#define _TIF_USEDFPU (1<<TIF_USEDFPU)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_31BIT (1<<TIF_31BIT)
_