Re: [PATCH] audit: add ppc64 mach support
On 14/12/02, Paul Moore wrote:
On Monday, December 01, 2014 03:58:09 PM Tony Jones wrote:
> Mainline kernel reports ppc64le (per
> a0588015deab1844261b27a67ae6f5b910fe2830) but there is no matching
> AUDIT_ARCH_PPC64LE. Eric just pinged me on irc about it. Fix to add it
> to include/uapi/linux/audit.h shoudld probably go upstream.
Untested, uncompiled too, but beyond the patch below, is there anything else
we would need in the kernel to enable proper ppc64le support?
Which kernel are you using? syscall_get_arch() already exists on
powerpc. audit_syscall_entry() lost its first argument recently...
What if it is in compatibility mode?
commit 853ff573b5e5d9d09d1dff579a4a8d6fe8ca698c
Author: Paul Moore <pmoore(a)redhat.com>
Date: Tue Dec 2 14:50:28 2014 -0500
audit: add basic support for PPC64LE
Signed-off-by: Paul Moore <pmoore(a)redhat.com>
diff --git a/arch/powerpc/include/asm/syscall.h
b/arch/powerpc/include/asm/syscall.h
index b54b2ad..b9d65c3 100644
--- a/arch/powerpc/include/asm/syscall.h
+++ b/arch/powerpc/include/asm/syscall.h
@@ -86,4 +86,16 @@ static inline void syscall_set_arguments(struct task_struct
*task,
memcpy(®s->gpr[3 + i], args, n * sizeof(args[0]));
}
+static inline int syscall_get_arch(void)
+{
+#ifdef CONFIG_PPC64
+#ifdef __LITTLE_ENDIAN__
+ return AUDIT_ARCH_PPC64LE;
+#else
+ return AUDIT_ARCH_PPC64;
+#endif /* __LITTLE_ENDIAN__ */
+#endif /* CONFIG_PPC64 */
+ return AUDIT_ARCH_PPC;
+}
+
#endif /* _ASM_SYSCALL_H */
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index 2e3d2bf..6797a83 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1788,13 +1788,13 @@ long do_syscall_trace_enter(struct pt_regs *regs)
#ifdef CONFIG_PPC64
if (!is_32bit_task())
- audit_syscall_entry(AUDIT_ARCH_PPC64,
+ audit_syscall_entry(syscall_get_arch(),
regs->gpr[0],
regs->gpr[3], regs->gpr[4],
regs->gpr[5], regs->gpr[6]);
else
#endif
- audit_syscall_entry(AUDIT_ARCH_PPC,
+ audit_syscall_entry(syscall_get_arch(),
regs->gpr[0],
regs->gpr[3] & 0xffffffff,
regs->gpr[4] & 0xffffffff,
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index cf67147..c3997f4 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -364,6 +364,7 @@ enum {
#define AUDIT_ARCH_PARISC64 (EM_PARISC|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_PPC (EM_PPC)
#define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT)
+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_S390 (EM_S390)
#define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_SH (EM_SH)
--
paul moore
www.paul-moore.com
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545