From patchwork Thu Mar 13 10:16:07 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: AKASHI Takahiro <takahiro.akashi@linaro.org>
X-Patchwork-Id: 3825601
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
X-Original-To: patchwork-linux-arm@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 2474A9F369
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu, 13 Mar 2014 11:49:48 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 49F1E201F0
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu, 13 Mar 2014 11:49:47 +0000 (UTC)
Received: from casper.infradead.org (casper.infradead.org [85.118.1.10])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 2FE3F2017E
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu, 13 Mar 2014 11:49:46 +0000 (UTC)
Received: from merlin.infradead.org ([2001:4978:20e::2])
	by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux))
	id 1WO2hQ-0003cD-Fa; Thu, 13 Mar 2014 10:17:16 +0000
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1WO2hN-000322-OB; Thu, 13 Mar 2014 10:17:13 +0000
Received: from mail-pd0-f177.google.com ([209.85.192.177])
	by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux))
	id 1WO2h7-0002yC-6c for linux-arm-kernel@lists.infradead.org;
	Thu, 13 Mar 2014 10:16:58 +0000
Received: by mail-pd0-f177.google.com with SMTP id y10so872785pdj.36
	for <linux-arm-kernel@lists.infradead.org>;
	Thu, 13 Mar 2014 03:16:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=l4VTgkXj4kqNN2P7BjEzchk65jYcWUsaq2RSDwgXMQA=;
	b=cOMytcfjxaKUefeZzqQhhj+3zxztit5zWsr1Qs7q37ci+yugX7xK0HALc/46teWj2/
	l2GBWh6MZCo9YyNo2ENtsvSP80dBerCl5qNUGXdTy/CHXZqF+vkzJn2YnI17QqKebmN9
	w0P4XlDSUqRwIeJy+Q4lZGtVW+pUUad7nHhNQhgyTU135PAHqizVfZyylCWRsVnczNaB
	1RHn/lq+ZsT/xVA09JdwHnuzYvux131zwcz4yWnnZhFgclmdFdqlACA4lvyj5TW/ktWh
	HnHMd+iam65QgTXbVHjx2OnpIFr4WAAQr4PUu3j4FuLA9tNU5vegOS4LxjpDq72Pn8/z
	xESQ==
X-Gm-Message-State: 
 ALoCoQnoCo2XoJ5aZHKYZqB9hg+Num42sicOBdV2rk9jj1v8irAtgZKbUBlHh8XnW6sPizG7nP9x
X-Received: by 10.66.136.103 with SMTP id pz7mr1283567pab.140.1394705798274;
	Thu, 13 Mar 2014 03:16:38 -0700 (PDT)
Received: from localhost.localdomain (KD182249091179.au-net.ne.jp.
	[182.249.91.179]) by mx.google.com with ESMTPSA id
	pi1sm7591558pac.14.2014.03.13.03.16.33 for <multiple recipients>
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Thu, 13 Mar 2014 03:16:36 -0700 (PDT)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: viro@zeniv.linux.org.uk, eparis@redhat.com, rgb@redhat.com,
	catalin.marinas@arm.com, will.deacon@arm.com
Subject: [PATCH v7 2/2] arm64: audit: Add audit hook in
	syscall_trace_enter/exit()
Date: Thu, 13 Mar 2014 19:16:07 +0900
Message-Id: <1394705767-12423-3-git-send-email-takahiro.akashi@linaro.org>
X-Mailer: git-send-email 1.8.3.2
In-Reply-To: <1394705767-12423-1-git-send-email-takahiro.akashi@linaro.org>
References: <1393564635-3921-1-git-send-email-takahiro.akashi@linaro.org>
	<1394705767-12423-1-git-send-email-takahiro.akashi@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20140313_061657_343321_98786B9E 
X-CRM114-Status: UNSURE (   9.96  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -1.9 (-)
Cc: linaro-kernel@lists.linaro.org,
	AKASHI Takahiro <takahiro.akashi@linaro.org>, arndb@arndb.de,
	linux-kernel@vger.kernel.org, dsaxena@linaro.org,
	linux-audit@redhat.com, linux-arm-kernel@lists.infradead.org
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

This patch adds auditing functions on entry to or exit from
every system call invocation.

Acked-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Acked-by: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/kernel/ptrace.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 9c52b3e..d10c637 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -19,6 +19,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <linux/audit.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
 #include <linux/mm.h>
@@ -38,6 +39,7 @@
 #include <asm/compat.h>
 #include <asm/debug-monitors.h>
 #include <asm/pgtable.h>
+#include <asm/syscall.h>
 #include <asm/traps.h>
 #include <asm/system_misc.h>
 
@@ -1091,6 +1093,9 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
 	if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
 		trace_sys_enter(regs, regs->syscallno);
 
+	audit_syscall_entry(syscall_get_arch(current, regs), regs->syscallno,
+		regs->orig_x0, regs->regs[1], regs->regs[2], regs->regs[3]);
+
 	return regs->syscallno;
 }
 
@@ -1098,6 +1103,8 @@ asmlinkage void syscall_trace_exit(struct pt_regs *regs)
 {
 	unsigned long saved_reg;
 
+	audit_syscall_exit(regs);
+
 	if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
 		trace_sys_exit(regs, regs_return_value(regs));