Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 10:45:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

audit: Migrate to use SYSCALL_WORK flag

Browse Source 
On architectures using the generic syscall entry code the architecture
independent syscall work is moved to flags in thread_info::syscall_work.
This removes architecture dependencies and frees up TIF bits.

Define SYSCALL_WORK_SYSCALL_AUDIT, use it in the generic entry code and
convert the code which uses the TIF specific helper functions to use the
new *_syscall_work() helpers which either resolve to the new mode for users
of the generic entry code or to the TIF based functions for the other
architectures.

Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Link: https://lore.kernel.org/r/20201116174206.2639648-9-krisman@collabora.com
This commit is contained in:
Gabriel Krisman Bertazi 2020-11-16 12:42:04 -05:00 committed by Thomas Gleixner
parent 64eb35f701
commit 785dc4eb7f
4 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
include/asm-generic/syscall.h
View File

@ -43,9 +43,9 @@ int syscall_get_nr(struct task_struct *task, struct pt_regs *regs);
* @regs: task_pt_regs() of @task * @regs: task_pt_regs() of @task
* *
* It's only valid to call this when @task is stopped for system * It's only valid to call this when @task is stopped for system
* call exit tracing (due to %SYSCALL_WORK_SYSCALL_TRACE or TIF_SYSCALL_AUDIT), * call exit tracing (due to %SYSCALL_WORK_SYSCALL_TRACE or
* after tracehook_report_syscall_entry() returned nonzero to prevent * %SYSCALL_WORK_SYSCALL_AUDIT), after tracehook_report_syscall_entry()
* the system call from taking place. * returned nonzero to prevent the system call from taking place.
* *
* This rolls back the register state in @regs so it's as if the * This rolls back the register state in @regs so it's as if the
* system call instruction was a no-op. The registers containing * system call instruction was a no-op. The registers containing
@ -63,7 +63,8 @@ void syscall_rollback(struct task_struct *task, struct pt_regs *regs);
* Returns 0 if the system call succeeded, or -ERRORCODE if it failed. * Returns 0 if the system call succeeded, or -ERRORCODE if it failed.
* *
* It's only valid to call this when @task is stopped for tracing on exit * It's only valid to call this when @task is stopped for tracing on exit
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT. * from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
* %SYSCALL_WORK_SYSCALL_AUDIT.
*/ */
long syscall_get_error(struct task_struct *task, struct pt_regs *regs); long syscall_get_error(struct task_struct *task, struct pt_regs *regs);
@ -76,7 +77,8 @@ long syscall_get_error(struct task_struct *task, struct pt_regs *regs);
* This value is meaningless if syscall_get_error() returned nonzero. * This value is meaningless if syscall_get_error() returned nonzero.
* *
* It's only valid to call this when @task is stopped for tracing on exit * It's only valid to call this when @task is stopped for tracing on exit
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT. * from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
* %SYSCALL_WORK_SYSCALL_AUDIT.
*/ */
long syscall_get_return_value(struct task_struct *task, struct pt_regs *regs); long syscall_get_return_value(struct task_struct *task, struct pt_regs *regs);
@ -93,7 +95,8 @@ long syscall_get_return_value(struct task_struct *task, struct pt_regs *regs);
* code; the user sees a failed system call with this errno code. * code; the user sees a failed system call with this errno code.
* *
* It's only valid to call this when @task is stopped for tracing on exit * It's only valid to call this when @task is stopped for tracing on exit
* from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT. * from a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
* %SYSCALL_WORK_SYSCALL_AUDIT.
*/ */
void syscall_set_return_value(struct task_struct *task, struct pt_regs *regs, void syscall_set_return_value(struct task_struct *task, struct pt_regs *regs,
int error, long val); int error, long val);
@ -108,7 +111,8 @@ void syscall_set_return_value(struct task_struct *task, struct pt_regs *regs,
* @args[0], and so on. * @args[0], and so on.
* *
* It's only valid to call this when @task is stopped for tracing on * It's only valid to call this when @task is stopped for tracing on
* entry to a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT. * entry to a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
* %SYSCALL_WORK_SYSCALL_AUDIT.
*/ */
void syscall_get_arguments(struct task_struct *task, struct pt_regs *regs, void syscall_get_arguments(struct task_struct *task, struct pt_regs *regs,
unsigned long *args); unsigned long *args);
@ -123,7 +127,8 @@ void syscall_get_arguments(struct task_struct *task, struct pt_regs *regs,
* The first argument gets value @args[0], and so on. * The first argument gets value @args[0], and so on.
* *
* It's only valid to call this when @task is stopped for tracing on * It's only valid to call this when @task is stopped for tracing on
* entry to a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT. * entry to a system call, due to %SYSCALL_WORK_SYSCALL_TRACE or
* %SYSCALL_WORK_SYSCALL_AUDIT.
*/ */
void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs, void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
const unsigned long *args); const unsigned long *args);
@ -135,7 +140,7 @@ void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
* Returns the AUDIT_ARCH_* based on the system call convention in use. * Returns the AUDIT_ARCH_* based on the system call convention in use.
* *
* It's only valid to call this when @task is stopped on entry to a system * It's only valid to call this when @task is stopped on entry to a system
* call, due to %SYSCALL_WORK_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or * call, due to %SYSCALL_WORK_SYSCALL_TRACE, %SYSCALL_WORK_SYSCALL_AUDIT, or
* %SYSCALL_WORK_SECCOMP. * %SYSCALL_WORK_SECCOMP.
* *
* Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must * Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must

18
include/linux/entry-common.h
View File

@ -13,10 +13,6 @@
* Define dummy _TIF work flags if not defined by the architecture or for * Define dummy _TIF work flags if not defined by the architecture or for
* disabled functionality. * disabled functionality.
*/ */
#ifndef _TIF_SYSCALL_AUDIT
# define _TIF_SYSCALL_AUDIT (0)
#endif
#ifndef _TIF_PATCH_PENDING #ifndef _TIF_PATCH_PENDING
# define _TIF_PATCH_PENDING (0) # define _TIF_PATCH_PENDING (0)
#endif #endif
@ -36,9 +32,7 @@
# define ARCH_SYSCALL_ENTER_WORK (0) # define ARCH_SYSCALL_ENTER_WORK (0)
#endif #endif
#define SYSCALL_ENTER_WORK \ #define SYSCALL_ENTER_WORK ARCH_SYSCALL_ENTER_WORK
(_TIF_SYSCALL_AUDIT | \
ARCH_SYSCALL_ENTER_WORK)
/* /*
* TIF flags handled in syscall_exit_to_user_mode() * TIF flags handled in syscall_exit_to_user_mode()
@ -47,16 +41,16 @@
# define ARCH_SYSCALL_EXIT_WORK (0) # define ARCH_SYSCALL_EXIT_WORK (0)
#endif #endif
#define SYSCALL_EXIT_WORK \ #define SYSCALL_EXIT_WORK ARCH_SYSCALL_EXIT_WORK
(_TIF_SYSCALL_AUDIT | \
ARCH_SYSCALL_EXIT_WORK)
#define SYSCALL_WORK_ENTER (SYSCALL_WORK_SECCOMP | \ #define SYSCALL_WORK_ENTER (SYSCALL_WORK_SECCOMP | \
SYSCALL_WORK_SYSCALL_TRACEPOINT | \ SYSCALL_WORK_SYSCALL_TRACEPOINT | \
SYSCALL_WORK_SYSCALL_TRACE | \ SYSCALL_WORK_SYSCALL_TRACE | \
SYSCALL_WORK_SYSCALL_EMU) SYSCALL_WORK_SYSCALL_EMU | \
SYSCALL_WORK_SYSCALL_AUDIT)
#define SYSCALL_WORK_EXIT (SYSCALL_WORK_SYSCALL_TRACEPOINT | \ #define SYSCALL_WORK_EXIT (SYSCALL_WORK_SYSCALL_TRACEPOINT | \
SYSCALL_WORK_SYSCALL_TRACE) SYSCALL_WORK_SYSCALL_TRACE | \
SYSCALL_WORK_SYSCALL_AUDIT)
/* /*
* TIF flags handled in exit_to_user_mode_loop() * TIF flags handled in exit_to_user_mode_loop()

2
include/linux/thread_info.h
View File

@ -40,12 +40,14 @@ enum syscall_work_bit {
SYSCALL_WORK_BIT_SYSCALL_TRACEPOINT, SYSCALL_WORK_BIT_SYSCALL_TRACEPOINT,
SYSCALL_WORK_BIT_SYSCALL_TRACE, SYSCALL_WORK_BIT_SYSCALL_TRACE,
SYSCALL_WORK_BIT_SYSCALL_EMU, SYSCALL_WORK_BIT_SYSCALL_EMU,
SYSCALL_WORK_BIT_SYSCALL_AUDIT,
}; };
#define SYSCALL_WORK_SECCOMP BIT(SYSCALL_WORK_BIT_SECCOMP) #define SYSCALL_WORK_SECCOMP BIT(SYSCALL_WORK_BIT_SECCOMP)
#define SYSCALL_WORK_SYSCALL_TRACEPOINT BIT(SYSCALL_WORK_BIT_SYSCALL_TRACEPOINT) #define SYSCALL_WORK_SYSCALL_TRACEPOINT BIT(SYSCALL_WORK_BIT_SYSCALL_TRACEPOINT)
#define SYSCALL_WORK_SYSCALL_TRACE BIT(SYSCALL_WORK_BIT_SYSCALL_TRACE) #define SYSCALL_WORK_SYSCALL_TRACE BIT(SYSCALL_WORK_BIT_SYSCALL_TRACE)
#define SYSCALL_WORK_SYSCALL_EMU BIT(SYSCALL_WORK_BIT_SYSCALL_EMU) #define SYSCALL_WORK_SYSCALL_EMU BIT(SYSCALL_WORK_BIT_SYSCALL_EMU)
#define SYSCALL_WORK_SYSCALL_AUDIT BIT(SYSCALL_WORK_BIT_SYSCALL_AUDIT)
#include <asm/thread_info.h> #include <asm/thread_info.h>

4
kernel/auditsc.c
View File

@ -952,7 +952,7 @@ int audit_alloc(struct task_struct *tsk)
state = audit_filter_task(tsk, &key); state = audit_filter_task(tsk, &key);
if (state == AUDIT_DISABLED) { if (state == AUDIT_DISABLED) {
clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); clear_task_syscall_work(tsk, SYSCALL_AUDIT);
return 0; return 0;
} }
@ -964,7 +964,7 @@ int audit_alloc(struct task_struct *tsk)
context->filterkey = key; context->filterkey = key;
audit_set_context(tsk, context); audit_set_context(tsk, context);
set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); set_task_syscall_work(tsk, SYSCALL_AUDIT);
return 0; return 0;
} }