Message ID | 1391767651-5296-1-git-send-email-takahiro.akashi@linaro.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On 14/02/07, AKASHI Takahiro wrote: > Currently syscall_trace() is called only for ptrace. > With additional TIF_xx flags introduced, it is now called in all the cases > of audit, ftrace and seccomp in addition to ptrace. > Those features will be implemented later, but it's safe to include them > now because they can not be turned on anyway. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Acked-by: Richard Guy Briggs <rgb@redhat.com> > --- > arch/arm64/include/asm/thread_info.h | 13 +++++++++++++ > arch/arm64/kernel/entry.S | 5 +++-- > arch/arm64/kernel/ptrace.c | 11 +++++------ > 3 files changed, 21 insertions(+), 8 deletions(-) > > diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h > index 720e70b..c3df797 100644 > --- a/arch/arm64/include/asm/thread_info.h > +++ b/arch/arm64/include/asm/thread_info.h > @@ -91,6 +91,9 @@ static inline struct thread_info *current_thread_info(void) > /* > * thread information flags: > * TIF_SYSCALL_TRACE - syscall trace active > + * TIF_SYSCALL_TRACEPOINT - syscall tracepoint for ftrace > + * TIF_SYSCALL_AUDIT - syscall auditing > + * TIF_SECOMP - syscall secure computing > * TIF_SIGPENDING - signal pending > * TIF_NEED_RESCHED - rescheduling necessary > * TIF_NOTIFY_RESUME - callback before returning to user > @@ -101,6 +104,9 @@ static inline struct thread_info *current_thread_info(void) > #define TIF_NEED_RESCHED 1 > #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ > #define TIF_SYSCALL_TRACE 8 > +#define TIF_SYSCALL_AUDIT 9 > +#define TIF_SYSCALL_TRACEPOINT 10 > +#define TIF_SECCOMP 11 > #define TIF_POLLING_NRFLAG 16 > #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ > #define TIF_FREEZE 19 > @@ -112,10 +118,17 @@ static inline struct thread_info *current_thread_info(void) > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) > #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) > +#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) > +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) > +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) > +#define _TIF_SECCOMP (1 << TIF_SECCOMP) > #define _TIF_32BIT (1 << TIF_32BIT) > > #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ > _TIF_NOTIFY_RESUME) > > +#define _TIF_WORK_SYSCALL (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ > + _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) > + > #endif /* __KERNEL__ */ > #endif /* __ASM_THREAD_INFO_H */ > diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S > index 39ac630..c94b2ab 100644 > --- a/arch/arm64/kernel/entry.S > +++ b/arch/arm64/kernel/entry.S > @@ -631,8 +631,9 @@ el0_svc_naked: // compat entry point > enable_irq > > get_thread_info tsk > - ldr x16, [tsk, #TI_FLAGS] // check for syscall tracing > - tbnz x16, #TIF_SYSCALL_TRACE, __sys_trace // are we tracing syscalls? > + ldr x16, [tsk, #TI_FLAGS] // check for syscall hooks > + tst x16, #_TIF_WORK_SYSCALL > + b.ne __sys_trace > adr lr, ret_fast_syscall // return address > cmp scno, sc_nr // check upper syscall limit > b.hs ni_sys > diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c > index 6a8928b..64ce39f 100644 > --- a/arch/arm64/kernel/ptrace.c > +++ b/arch/arm64/kernel/ptrace.c > @@ -1062,9 +1062,6 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) > { > unsigned long saved_reg; > > - if (!test_thread_flag(TIF_SYSCALL_TRACE)) > - return regs->syscallno; > - > if (is_compat_task()) { > /* AArch32 uses ip (r12) for scratch */ > saved_reg = regs->regs[12]; > @@ -1078,10 +1075,12 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) > regs->regs[7] = dir; > } > > - if (dir) > + if (dir) { > tracehook_report_syscall_exit(regs, 0); > - else if (tracehook_report_syscall_entry(regs)) > - regs->syscallno = ~0UL; > + } else { > + if (tracehook_report_syscall_entry(regs)) > + regs->syscallno = ~0UL; > + } > > if (is_compat_task()) > regs->regs[12] = saved_reg; > -- > 1.7.9.5 > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs <rbriggs@redhat.com> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
On Fri, Feb 07, 2014 at 10:07:31AM +0000, AKASHI Takahiro wrote: > Currently syscall_trace() is called only for ptrace. > With additional TIF_xx flags introduced, it is now called in all the cases > of audit, ftrace and seccomp in addition to ptrace. > Those features will be implemented later, but it's safe to include them > now because they can not be turned on anyway. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > --- > arch/arm64/include/asm/thread_info.h | 13 +++++++++++++ > arch/arm64/kernel/entry.S | 5 +++-- > arch/arm64/kernel/ptrace.c | 11 +++++------ > 3 files changed, 21 insertions(+), 8 deletions(-) > > diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h > index 720e70b..c3df797 100644 > --- a/arch/arm64/include/asm/thread_info.h > +++ b/arch/arm64/include/asm/thread_info.h [...] > +#define _TIF_WORK_SYSCALL (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ > + _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) This is called _TIF_SYSCALL_WORK on arch/arm/, any reason not to follow the naming convention here? > #endif /* __KERNEL__ */ > #endif /* __ASM_THREAD_INFO_H */ > diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S > index 39ac630..c94b2ab 100644 > --- a/arch/arm64/kernel/entry.S > +++ b/arch/arm64/kernel/entry.S > @@ -631,8 +631,9 @@ el0_svc_naked: // compat entry point > enable_irq > > get_thread_info tsk > - ldr x16, [tsk, #TI_FLAGS] // check for syscall tracing > - tbnz x16, #TIF_SYSCALL_TRACE, __sys_trace // are we tracing syscalls? > + ldr x16, [tsk, #TI_FLAGS] // check for syscall hooks > + tst x16, #_TIF_WORK_SYSCALL > + b.ne __sys_trace > adr lr, ret_fast_syscall // return address > cmp scno, sc_nr // check upper syscall limit > b.hs ni_sys > diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c > index 6a8928b..64ce39f 100644 > --- a/arch/arm64/kernel/ptrace.c > +++ b/arch/arm64/kernel/ptrace.c > @@ -1062,9 +1062,6 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) > { > unsigned long saved_reg; > > - if (!test_thread_flag(TIF_SYSCALL_TRACE)) > - return regs->syscallno; This doesn't look right for things like audit (where we don't want to report the syscall if only _TIF_SYSCALL_AUDIT is set, for example). > if (is_compat_task()) { > /* AArch32 uses ip (r12) for scratch */ > saved_reg = regs->regs[12]; > @@ -1078,10 +1075,12 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) > regs->regs[7] = dir; > } > > - if (dir) > + if (dir) { > tracehook_report_syscall_exit(regs, 0); > - else if (tracehook_report_syscall_entry(regs)) > - regs->syscallno = ~0UL; > + } else { > + if (tracehook_report_syscall_entry(regs)) > + regs->syscallno = ~0UL; > + } This hunk doesn't do anything. Will
Hi, On 02/18/2014 02:35 AM, Will Deacon wrote: > On Fri, Feb 07, 2014 at 10:07:31AM +0000, AKASHI Takahiro wrote: >> Currently syscall_trace() is called only for ptrace. >> With additional TIF_xx flags introduced, it is now called in all the cases >> of audit, ftrace and seccomp in addition to ptrace. >> Those features will be implemented later, but it's safe to include them >> now because they can not be turned on anyway. >> >> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> >> --- >> arch/arm64/include/asm/thread_info.h | 13 +++++++++++++ >> arch/arm64/kernel/entry.S | 5 +++-- >> arch/arm64/kernel/ptrace.c | 11 +++++------ >> 3 files changed, 21 insertions(+), 8 deletions(-) >> >> diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h >> index 720e70b..c3df797 100644 >> --- a/arch/arm64/include/asm/thread_info.h >> +++ b/arch/arm64/include/asm/thread_info.h > > [...] > >> +#define _TIF_WORK_SYSCALL (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ >> + _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) > > This is called _TIF_SYSCALL_WORK on arch/arm/, any reason not to follow the > naming convention here? This is called _TIF_WORK_SYSCALL on arch/x86 :-) That is the only reason, and so I don't have any objection to following arm if you prefer it. >> #endif /* __KERNEL__ */ >> #endif /* __ASM_THREAD_INFO_H */ >> diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S >> index 39ac630..c94b2ab 100644 >> --- a/arch/arm64/kernel/entry.S >> +++ b/arch/arm64/kernel/entry.S >> @@ -631,8 +631,9 @@ el0_svc_naked: // compat entry point >> enable_irq >> >> get_thread_info tsk >> - ldr x16, [tsk, #TI_FLAGS] // check for syscall tracing >> - tbnz x16, #TIF_SYSCALL_TRACE, __sys_trace // are we tracing syscalls? >> + ldr x16, [tsk, #TI_FLAGS] // check for syscall hooks >> + tst x16, #_TIF_WORK_SYSCALL >> + b.ne __sys_trace >> adr lr, ret_fast_syscall // return address >> cmp scno, sc_nr // check upper syscall limit >> b.hs ni_sys >> diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c >> index 6a8928b..64ce39f 100644 >> --- a/arch/arm64/kernel/ptrace.c >> +++ b/arch/arm64/kernel/ptrace.c >> @@ -1062,9 +1062,6 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) >> { >> unsigned long saved_reg; >> >> - if (!test_thread_flag(TIF_SYSCALL_TRACE)) >> - return regs->syscallno; > > This doesn't look right for things like audit (where we don't want to report > the syscall if only _TIF_SYSCALL_AUDIT is set, for example). Yeah, it is my screwup. I will add the guards against TIF_SYSCALL_TRACE (for ptrace), TIF_SYSCALL_TRACEPOINT (for ftrace) and TIF_SYSCALL_AUDIT (for audit). secure_computing() is protected in itself. >> if (is_compat_task()) { >> /* AArch32 uses ip (r12) for scratch */ >> saved_reg = regs->regs[12]; >> @@ -1078,10 +1075,12 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) >> regs->regs[7] = dir; >> } >> >> - if (dir) >> + if (dir) { >> tracehook_report_syscall_exit(regs, 0); >> - else if (tracehook_report_syscall_entry(regs)) >> - regs->syscallno = ~0UL; >> + } else { >> + if (tracehook_report_syscall_entry(regs)) >> + regs->syscallno = ~0UL; >> + } > > This hunk doesn't do anything. Well, this is just a change for future patches, but I will remove it anyway due to the guards mentioned above. -Takahiro AKASHI > Will >
This patch makes it easy to add syscall related hooks, including ftrace, audit and seccomp, in syscall_trace() later. Those features will be implemented in separate patchsets, but it's safe to check for all TIF_* now because they can not be turned on anyway. Changes v1 -> v2: * added a guard against TIF_SYSCALL_TRACE at tracehook_report_syscall_*() * renamed _TIF_WORK_SYSCALL to _TIF_SYSCALL_WORK AKASHI Takahiro (1): arm64: make a single hook to syscall_trace() for all syscall features arch/arm64/include/asm/thread_info.h | 13 ++++++++++ arch/arm64/kernel/entry.S | 5 ++-- arch/arm64/kernel/ptrace.c | 45 +++++++++++++++++----------------- 3 files changed, 38 insertions(+), 25 deletions(-)
This patchset contains some patches commonly used by audit and ftrace. Patch [1/2] defines system call related TIF_* flags to add syscall_trace() hooks, including ftrace, audit and seccomp, later. Those features will be implemented in separate patchsets, but it's safe to check for all TIF_* now because they can not be turned on anyway. Patch [2/2] adds a function which returns a return value of system call. Changes v1 -> v2: * added a guard against TIF_SYSCALL_TRACE at tracehook_report_syscall_*() * renamed _TIF_WORK_SYSCALL to _TIF_SYSCALL_WORK Changes v2 -> v3: * reverted a change in syscall_trace() in v1 [1/2] * added "arm64: Add regs_return_value() in syscall.h" patch which was previously included in audit patch [2/2] AKASHI Takahiro (2): arm64: make a single hook to syscall_trace() for all syscall features arm64: Add regs_return_value() in syscall.h arch/arm64/include/asm/ptrace.h | 5 +++++ arch/arm64/include/asm/thread_info.h | 13 +++++++++++++ arch/arm64/kernel/entry.S | 5 +++-- 3 files changed, 21 insertions(+), 2 deletions(-)
This patchset contains some patches commonly applied for audit and ftrace. Patch [1/3] defines syscall trace related TIF_* flags in order to add hooks, including ftrace, audit and seccomp, later on. Those features will be implemented in separate patchsets, but it's safe to check for all TIF_* now because they can not be turned on anyway. Patch [2/3] doesn't change a behavior but make it easy and manageable to confirm we invoke those hooks in correct order by splitting syscall_trace(). Patch [3/3] adds a commonly used function, which returns a return value of system call. Changes v3 -> v4: * added "arm64: split syscall_trace() into separate functions for enter/ exit", which is just a preparation for adding syscall trace hooks later. Changes v2 -> v3: * reverted a change in syscall_trace() in v1 [1/2] * added "arm64: Add regs_return_value() in syscall.h" patch which was previously included in audit patch [2/2] Changes v1 -> v2: * added a guard against TIF_SYSCALL_TRACE at tracehook_report_syscall_*() * renamed _TIF_WORK_SYSCALL to _TIF_SYSCALL_WORK AKASHI Takahiro (3): arm64: make a single hook to syscall_trace() for all syscall features arm64: split syscall_trace() into separate functions for enter/exit arm64: Add regs_return_value() in syscall.h arch/arm64/include/asm/ptrace.h | 5 ++++ arch/arm64/include/asm/thread_info.h | 13 +++++++++ arch/arm64/kernel/entry.S | 15 +++++------ arch/arm64/kernel/ptrace.c | 48 ++++++++++++++++++++++++++-------- 4 files changed, 62 insertions(+), 19 deletions(-)
This patchset contains some patches commonly applied for audit and ftrace. Patch [1/4] defines syscall trace related TIF_* flags in order to add hooks, including ftrace, audit and seccomp, later on. Those features will be implemented in separate patchsets, but it's safe to check for all TIF_* now because they can not be turned on anyway. Patch [2/4] doesn't change a behavior but make it easy and manageable to confirm we invoke those hooks in correct order by splitting syscall_trace(). Patch [3/4] adds a commonly used function, which returns a return value of system call. Patch [4/4] removes is_compat_task from asm/compat.h to avoid conflicted definitions. Changes v4 -> v5: * added the following patch from my seccomp patch since it is required for audit and ftrace in case of !COMPAT, too. [4/4] "arm64: is_compat_task is defined both in asm/compat.h and linux/compat.h" Changes v3 -> v4: * added "arm64: split syscall_trace() into separate functions for enter/ exit", which is just a preparation for adding syscall trace hooks later. Changes v2 -> v3: * reverted a change in syscall_trace() in v1 [1/2] * added "arm64: Add regs_return_value() in syscall.h" patch which was previously included in audit patch [2/2] Changes v1 -> v2: * added a guard against TIF_SYSCALL_TRACE at tracehook_report_syscall_*() * renamed _TIF_WORK_SYSCALL to _TIF_SYSCALL_WORK AKASHI Takahiro (4): arm64: make a single hook to syscall_trace() for all syscall features arm64: split syscall_trace() into separate functions for enter/exit arm64: Add regs_return_value() in syscall.h arm64: is_compat_task is defined both in asm/compat.h and linux/compat.h arch/arm64/include/asm/compat.h | 5 ---- arch/arm64/include/asm/ptrace.h | 5 ++++ arch/arm64/include/asm/thread_info.h | 13 +++++++++ arch/arm64/kernel/entry.S | 15 +++++------ arch/arm64/kernel/hw_breakpoint.c | 2 +- arch/arm64/kernel/process.c | 1 + arch/arm64/kernel/ptrace.c | 51 +++++++++++++++++++++--------------- arch/arm64/kernel/signal.c | 2 +- 8 files changed, 58 insertions(+), 36 deletions(-)
(This patchset was already acked by the maintainer along with a minor typo fix. See below.) This patchset contains some patches commonly applied for audit and ftrace. Patch [1/4] defines syscall trace related TIF_* flags in order to add hooks, including ftrace, audit and seccomp, later on. Those features will be implemented in separate patchsets, but it's safe to check for all TIF_* now because they can not be turned on anyway. Patch [2/4] doesn't change a behavior but make it easy and manageable to confirm we invoke those hooks in correct order by splitting syscall_trace(). Patch [3/4] adds a commonly used function, which returns a return value of system call. Patch [4/4] removes is_compat_task from asm/compat.h to avoid conflicted definitions. Changes v5 -> v6: * renamed a temporary variable's name to more meaningful one [2/4] Changes v4 -> v5: * added the following patch from my seccomp patch since it is required for audit and ftrace in case of !COMPAT, too. [4/4] "arm64: is_compat_task is defined both in asm/compat.h and linux/compat.h" Changes v3 -> v4: * added "arm64: split syscall_trace() into separate functions for enter/ exit", which is just a preparation for adding syscall trace hooks later. Changes v2 -> v3: * reverted a change in syscall_trace() in v1 [1/2] * added "arm64: Add regs_return_value() in syscall.h" patch which was previously included in audit patch [2/2] Changes v1 -> v2: * added a guard against TIF_SYSCALL_TRACE at tracehook_report_syscall_*() * renamed _TIF_WORK_SYSCALL to _TIF_SYSCALL_WORK AKASHI Takahiro (4): arm64: make a single hook to syscall_trace() for all syscall features arm64: split syscall_trace() into separate functions for enter/exit arm64: Add regs_return_value() in syscall.h arm64: is_compat_task is defined both in asm/compat.h and linux/compat.h arch/arm64/include/asm/compat.h | 5 ---- arch/arm64/include/asm/ptrace.h | 5 ++++ arch/arm64/include/asm/thread_info.h | 13 +++++++++ arch/arm64/kernel/entry.S | 15 +++++----- arch/arm64/kernel/hw_breakpoint.c | 2 +- arch/arm64/kernel/process.c | 1 + arch/arm64/kernel/ptrace.c | 51 ++++++++++++++++++++-------------- arch/arm64/kernel/signal.c | 2 +- 8 files changed, 58 insertions(+), 36 deletions(-)
On Wed, Apr 30, 2014 at 10:51:28AM +0100, AKASHI Takahiro wrote: > AKASHI Takahiro (4): > arm64: make a single hook to syscall_trace() for all syscall features > arm64: split syscall_trace() into separate functions for enter/exit > arm64: Add regs_return_value() in syscall.h > arm64: is_compat_task is defined both in asm/compat.h and > linux/compat.h Patches picked by Will and applied to the arm64 for-next/core branch (should appear in -next at some point). Thanks.
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h index 720e70b..c3df797 100644 --- a/arch/arm64/include/asm/thread_info.h +++ b/arch/arm64/include/asm/thread_info.h @@ -91,6 +91,9 @@ static inline struct thread_info *current_thread_info(void) /* * thread information flags: * TIF_SYSCALL_TRACE - syscall trace active + * TIF_SYSCALL_TRACEPOINT - syscall tracepoint for ftrace + * TIF_SYSCALL_AUDIT - syscall auditing + * TIF_SECOMP - syscall secure computing * TIF_SIGPENDING - signal pending * TIF_NEED_RESCHED - rescheduling necessary * TIF_NOTIFY_RESUME - callback before returning to user @@ -101,6 +104,9 @@ static inline struct thread_info *current_thread_info(void) #define TIF_NEED_RESCHED 1 #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ #define TIF_SYSCALL_TRACE 8 +#define TIF_SYSCALL_AUDIT 9 +#define TIF_SYSCALL_TRACEPOINT 10 +#define TIF_SECCOMP 11 #define TIF_POLLING_NRFLAG 16 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_FREEZE 19 @@ -112,10 +118,17 @@ static inline struct thread_info *current_thread_info(void) #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) +#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) +#define _TIF_SECCOMP (1 << TIF_SECCOMP) #define _TIF_32BIT (1 << TIF_32BIT) #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ _TIF_NOTIFY_RESUME) +#define _TIF_WORK_SYSCALL (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ + _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) + #endif /* __KERNEL__ */ #endif /* __ASM_THREAD_INFO_H */ diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 39ac630..c94b2ab 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -631,8 +631,9 @@ el0_svc_naked: // compat entry point enable_irq get_thread_info tsk - ldr x16, [tsk, #TI_FLAGS] // check for syscall tracing - tbnz x16, #TIF_SYSCALL_TRACE, __sys_trace // are we tracing syscalls? + ldr x16, [tsk, #TI_FLAGS] // check for syscall hooks + tst x16, #_TIF_WORK_SYSCALL + b.ne __sys_trace adr lr, ret_fast_syscall // return address cmp scno, sc_nr // check upper syscall limit b.hs ni_sys diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 6a8928b..64ce39f 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -1062,9 +1062,6 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) { unsigned long saved_reg; - if (!test_thread_flag(TIF_SYSCALL_TRACE)) - return regs->syscallno; - if (is_compat_task()) { /* AArch32 uses ip (r12) for scratch */ saved_reg = regs->regs[12]; @@ -1078,10 +1075,12 @@ asmlinkage int syscall_trace(int dir, struct pt_regs *regs) regs->regs[7] = dir; } - if (dir) + if (dir) { tracehook_report_syscall_exit(regs, 0); - else if (tracehook_report_syscall_entry(regs)) - regs->syscallno = ~0UL; + } else { + if (tracehook_report_syscall_entry(regs)) + regs->syscallno = ~0UL; + } if (is_compat_task()) regs->regs[12] = saved_reg;
Currently syscall_trace() is called only for ptrace. With additional TIF_xx flags introduced, it is now called in all the cases of audit, ftrace and seccomp in addition to ptrace. Those features will be implemented later, but it's safe to include them now because they can not be turned on anyway. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- arch/arm64/include/asm/thread_info.h | 13 +++++++++++++ arch/arm64/kernel/entry.S | 5 +++-- arch/arm64/kernel/ptrace.c | 11 +++++------ 3 files changed, 21 insertions(+), 8 deletions(-)