From a9302e8439445710552886e7b623dbcfa943a1f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=94=A1=E6=AD=A3=E9=BE=99?= Date: Fri, 20 Dec 2013 10:04:10 +0800 Subject: [PATCH 1/2] alpha: Enable system-call auditing support. Signed-off-by: Zhenglong.cai Signed-off-by: Matt Turner --- arch/alpha/Kconfig | 3 ++ arch/alpha/include/asm/ptrace.h | 5 +++ arch/alpha/include/asm/thread_info.h | 2 + arch/alpha/kernel/Makefile | 1 + arch/alpha/kernel/audit.c | 60 ++++++++++++++++++++++++++++ arch/alpha/kernel/entry.S | 6 ++- arch/alpha/kernel/ptrace.c | 4 ++ init/Kconfig | 2 +- 8 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 arch/alpha/kernel/audit.c diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig index 97a2d9a096b9..f6c6b345388c 100644 --- a/arch/alpha/Kconfig +++ b/arch/alpha/Kconfig @@ -17,6 +17,7 @@ config ALPHA select ARCH_WANT_IPC_PARSE_VERSION select ARCH_HAVE_NMI_SAFE_CMPXCHG select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE + select AUDIT_ARCH select GENERIC_CLOCKEVENTS select GENERIC_SMP_IDLE_THREAD select GENERIC_STRNCPY_FROM_USER @@ -77,6 +78,8 @@ config GENERIC_ISA_DMA source "init/Kconfig" source "kernel/Kconfig.freezer" +config AUDIT_ARCH + bool menu "System setup" diff --git a/arch/alpha/include/asm/ptrace.h b/arch/alpha/include/asm/ptrace.h index 21128505ddbe..9047c2fe8f23 100644 --- a/arch/alpha/include/asm/ptrace.h +++ b/arch/alpha/include/asm/ptrace.h @@ -19,4 +19,9 @@ #define force_successful_syscall_return() (current_pt_regs()->r0 = 0) +static inline unsigned long regs_return_value(struct pt_regs *regs) +{ + return regs->r0; +} + #endif diff --git a/arch/alpha/include/asm/thread_info.h b/arch/alpha/include/asm/thread_info.h index 453597b91f3a..3d6ce6d56fc9 100644 --- a/arch/alpha/include/asm/thread_info.h +++ b/arch/alpha/include/asm/thread_info.h @@ -70,6 +70,7 @@ register struct thread_info *__current_thread_info __asm__("$8"); #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ #define TIF_SIGPENDING 2 /* signal pending */ #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ +#define TIF_SYSCALL_AUDIT 4 /* syscall audit active */ #define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */ #define TIF_MEMDIE 13 /* is terminating due to OOM killer */ @@ -77,6 +78,7 @@ register struct thread_info *__current_thread_info __asm__("$8"); #define _TIF_SIGPENDING (1< +#include +#include +#include + +static unsigned dir_class[] = { +#include +~0U +}; + +static unsigned read_class[] = { +#include +~0U +}; + +static unsigned write_class[] = { +#include +~0U +}; + +static unsigned chattr_class[] = { +#include +~0U +}; + +static unsigned signal_class[] = { +#include +~0U +}; + +int audit_classify_arch(int arch) +{ + return 0; +} + +int audit_classify_syscall(int abi, unsigned syscall) +{ + switch(syscall) { + case __NR_open: + return 2; + case __NR_openat: + return 3; + case __NR_execve: + return 5; + default: + return 0; + } +} + +static int __init audit_classes_init(void) +{ + audit_register_class(AUDIT_CLASS_WRITE, write_class); + audit_register_class(AUDIT_CLASS_READ, read_class); + audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); + audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); + audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); + return 0; +} + +__initcall(audit_classes_init); diff --git a/arch/alpha/kernel/entry.S b/arch/alpha/kernel/entry.S index a969b95ee5ac..98703d99b565 100644 --- a/arch/alpha/kernel/entry.S +++ b/arch/alpha/kernel/entry.S @@ -465,7 +465,11 @@ entSys: .cfi_rel_offset $16, SP_OFF+24 .cfi_rel_offset $17, SP_OFF+32 .cfi_rel_offset $18, SP_OFF+40 - blbs $3, strace +#ifdef CONFIG_AUDITSYSCALL + lda $6, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT + and $3, $6, $3 +#endif + bne $3, strace beq $4, 1f ldq $27, 0($5) 1: jsr $26, ($27), alpha_ni_syscall diff --git a/arch/alpha/kernel/ptrace.c b/arch/alpha/kernel/ptrace.c index 2a4a80ff4a20..86d835157b54 100644 --- a/arch/alpha/kernel/ptrace.c +++ b/arch/alpha/kernel/ptrace.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -316,15 +317,18 @@ long arch_ptrace(struct task_struct *child, long request, asmlinkage unsigned long syscall_trace_enter(void) { unsigned long ret = 0; + struct pt_regs *regs = current_pt_regs(); if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(current_pt_regs())) ret = -1UL; + audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19); return ret ?: current_pt_regs()->r0; } asmlinkage void syscall_trace_leave(void) { + audit_syscall_exit(current_pt_regs()); if (test_thread_flag(TIF_SYSCALL_TRACE)) tracehook_report_syscall_exit(current_pt_regs(), 0); } diff --git a/init/Kconfig b/init/Kconfig index 34a0a3bf2390..009a797dd242 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -284,7 +284,7 @@ config AUDIT config AUDITSYSCALL bool "Enable system-call auditing support" - depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) + depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT) || ALPHA) default y if SECURITY_SELINUX help Enable low-overhead system-call auditing infrastructure that From 0ef38d70d4118b2ce1a538d14357be5ff9dc2bbd Mon Sep 17 00:00:00 2001 From: Mikulas Patocka Date: Wed, 22 Jan 2014 23:04:33 -0500 Subject: [PATCH 2/2] alpha: fix broken network checksum The patch 3ddc5b46a8e90f3c9251338b60191d0a804b0d92 breaks networking on alpha (there is a follow-up fix 5cfe8f1ba5eebe6f4b6e5858cdb1a5be4f3272a6, but networking is still broken even with the second patch). The patch 3ddc5b46a8e90f3c9251338b60191d0a804b0d92 makes csum_partial_copy_from_user check the pointer with access_ok. However, csum_partial_copy_from_user is called also from csum_partial_copy_nocheck and csum_partial_copy_nocheck is called on kernel pointers and it is supposed not to check pointer validity. This bug results in ssh session hangs if the system is loaded and bulk data are printed to ssh terminal. This patch fixes csum_partial_copy_nocheck to call set_fs(KERNEL_DS), so that access_ok in csum_partial_copy_from_user accepts kernel-space addresses. Cc: stable@vger.kernel.org Signed-off-by: Mikulas Patocka Signed-off-by: Matt Turner --- arch/alpha/lib/csum_partial_copy.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/alpha/lib/csum_partial_copy.c b/arch/alpha/lib/csum_partial_copy.c index ff3c10721caf..5675dca8dbb1 100644 --- a/arch/alpha/lib/csum_partial_copy.c +++ b/arch/alpha/lib/csum_partial_copy.c @@ -378,6 +378,11 @@ csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum) { - return csum_partial_copy_from_user((__force const void __user *)src, - dst, len, sum, NULL); + __wsum checksum; + mm_segment_t oldfs = get_fs(); + set_fs(KERNEL_DS); + checksum = csum_partial_copy_from_user((__force const void __user *)src, + dst, len, sum, NULL); + set_fs(oldfs); + return checksum; }