* [PATCH 0/2] riscv: add audit support @ 2018-10-29 10:48 David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov ` (4 more replies) 0 siblings, 5 replies; 20+ messages in thread From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw) To: linux-riscv This patchset adds system call audit support on riscv (riscv32 & riscv64). The pachset was prepared on top of v4.19 tag. audit-userspace changes were submitted. See: https://github.com/linux-audit/audit-userspace/pull/73 Tested the following manually: - auditctl (checked several different example rules from internet) - aulast - aulastlog - ausearch - ausyscall - aureport - autrace (compared some syscalls to strace: order and return value/input arguments seem to be correct) - /proc/self/loginuid (required by DNF [package manager]) I looked into audit-testsuite and with some adjustments results are: Failed 4/14 test programs. 19/88 subtests failed. The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not printing categories (don't know why), not having loadable kernel module support enablled and syscall_socketcall not being relevant for new arches. audit-testsuite with adjustments: https://github.com/davidlt/audit-testsuite/tree/riscv64 Depends on: [PATCH 1/2] Move EM_RISCV into elf-em.h http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html This should solve DNF issues in Fedora 29/RISCV. David Abdurachmanov (2): riscv: add audit support riscv: audit: add audit hook in do_syscall_trace_enter/exit() arch/riscv/Kconfig | 1 + arch/riscv/include/asm/ptrace.h | 5 +++++ arch/riscv/include/asm/syscall.h | 10 ++++++++++ arch/riscv/include/asm/thread_info.h | 6 ++++++ arch/riscv/kernel/entry.S | 4 ++-- arch/riscv/kernel/ptrace.c | 5 +++++ include/uapi/linux/audit.h | 2 ++ 7 files changed, 31 insertions(+), 2 deletions(-) -- 2.17.2 ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 0/2] riscv: add audit support 2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov @ 2018-10-29 10:48 ` David Abdurachmanov 2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov ` (3 subsequent siblings) 4 siblings, 0 replies; 20+ messages in thread From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw) To: palmer, aou, linux-riscv, linux-kernel, linux-audit; +Cc: David Abdurachmanov This patchset adds system call audit support on riscv (riscv32 & riscv64). The pachset was prepared on top of v4.19 tag. audit-userspace changes were submitted. See: https://github.com/linux-audit/audit-userspace/pull/73 Tested the following manually: - auditctl (checked several different example rules from internet) - aulast - aulastlog - ausearch - ausyscall - aureport - autrace (compared some syscalls to strace: order and return value/input arguments seem to be correct) - /proc/self/loginuid (required by DNF [package manager]) I looked into audit-testsuite and with some adjustments results are: Failed 4/14 test programs. 19/88 subtests failed. The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not printing categories (don't know why), not having loadable kernel module support enablled and syscall_socketcall not being relevant for new arches. audit-testsuite with adjustments: https://github.com/davidlt/audit-testsuite/tree/riscv64 Depends on: [PATCH 1/2] Move EM_RISCV into elf-em.h http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html This should solve DNF issues in Fedora 29/RISCV. David Abdurachmanov (2): riscv: add audit support riscv: audit: add audit hook in do_syscall_trace_enter/exit() arch/riscv/Kconfig | 1 + arch/riscv/include/asm/ptrace.h | 5 +++++ arch/riscv/include/asm/syscall.h | 10 ++++++++++ arch/riscv/include/asm/thread_info.h | 6 ++++++ arch/riscv/kernel/entry.S | 4 ++-- arch/riscv/kernel/ptrace.c | 5 +++++ include/uapi/linux/audit.h | 2 ++ 7 files changed, 31 insertions(+), 2 deletions(-) -- 2.17.2 _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 1/2] riscv: add audit support 2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov @ 2018-10-29 10:48 ` David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov 2018-11-13 1:52 ` Palmer Dabbelt 2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov ` (2 subsequent siblings) 4 siblings, 2 replies; 20+ messages in thread From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw) To: linux-riscv On RISC-V (riscv) audit is supported through generic lib/audit.c. The patch adds required arch specific definitions. Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/ptrace.h | 5 +++++ arch/riscv/include/asm/syscall.h | 10 ++++++++++ arch/riscv/include/asm/thread_info.h | 6 ++++++ arch/riscv/kernel/entry.S | 4 ++-- include/uapi/linux/audit.h | 2 ++ 6 files changed, 26 insertions(+), 2 deletions(-) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index a344980287a5..8e6d404a4ed0 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -28,6 +28,7 @@ config RISCV select GENERIC_STRNLEN_USER select GENERIC_SMP_IDLE_THREAD select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A + select HAVE_ARCH_AUDITSYSCALL select HAVE_MEMBLOCK select HAVE_MEMBLOCK_NODE_MAP select HAVE_DMA_CONTIGUOUS diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h index 2c5df945d43c..62c5e9d35596 100644 --- a/arch/riscv/include/asm/ptrace.h +++ b/arch/riscv/include/asm/ptrace.h @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs, SET_FP(regs, val); } +static inline unsigned long regs_return_value(struct pt_regs *regs) +{ + return regs->a0; +} + #endif /* __ASSEMBLY__ */ #endif /* _ASM_RISCV_PTRACE_H */ diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h index 8d25f8904c00..bba3da6ef157 100644 --- a/arch/riscv/include/asm/syscall.h +++ b/arch/riscv/include/asm/syscall.h @@ -18,6 +18,7 @@ #ifndef _ASM_RISCV_SYSCALL_H #define _ASM_RISCV_SYSCALL_H +#include <uapi/linux/audit.h> #include <linux/sched.h> #include <linux/err.h> @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); } +static inline int syscall_get_arch(void) +{ +#ifdef CONFIG_64BIT + return AUDIT_ARCH_RISCV64; +#else + return AUDIT_ARCH_RISCV32; +#endif +} + #endif /* _ASM_RISCV_SYSCALL_H */ diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h index f8fa1cd2dad9..1c9cc8389928 100644 --- a/arch/riscv/include/asm/thread_info.h +++ b/arch/riscv/include/asm/thread_info.h @@ -80,13 +80,19 @@ struct thread_info { #define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */ #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ +#define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) #define _TIF_WORK_MASK \ (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED) +#define _TIF_SYSCALL_WORK \ + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT) + #endif /* _ASM_RISCV_THREAD_INFO_H */ diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S index fa2c08e3c05e..2a6c2e7aaff3 100644 --- a/arch/riscv/kernel/entry.S +++ b/arch/riscv/kernel/entry.S @@ -202,7 +202,7 @@ handle_syscall: REG_S s2, PT_SEPC(sp) /* Trace syscalls, but only if requested by the user. */ REG_L t0, TASK_TI_FLAGS(tp) - andi t0, t0, _TIF_SYSCALL_TRACE + andi t0, t0, _TIF_SYSCALL_WORK bnez t0, handle_syscall_trace_enter check_syscall_nr: /* Check to make sure we don't jump to a bogus syscall number. */ @@ -222,7 +222,7 @@ ret_from_syscall: REG_S a0, PT_A0(sp) /* Trace syscalls, but only if requested by the user. */ REG_L t0, TASK_TI_FLAGS(tp) - andi t0, t0, _TIF_SYSCALL_TRACE + andi t0, t0, _TIF_SYSCALL_WORK bnez t0, handle_syscall_trace_exit ret_from_exception: diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 818ae690ab79..d0e037a96a7b 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -399,6 +399,8 @@ enum { /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT) #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#define AUDIT_ARCH_RISCV32 (EM_RISCV|__AUDIT_ARCH_LE) +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define AUDIT_ARCH_S390 (EM_S390) #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT) #define AUDIT_ARCH_SH (EM_SH) -- 2.17.2 ^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 1/2] riscv: add audit support 2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov @ 2018-10-29 10:48 ` David Abdurachmanov 2018-11-13 1:52 ` Palmer Dabbelt 1 sibling, 0 replies; 20+ messages in thread From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw) To: palmer, aou, linux-riscv, linux-kernel, linux-audit; +Cc: David Abdurachmanov On RISC-V (riscv) audit is supported through generic lib/audit.c. The patch adds required arch specific definitions. Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/ptrace.h | 5 +++++ arch/riscv/include/asm/syscall.h | 10 ++++++++++ arch/riscv/include/asm/thread_info.h | 6 ++++++ arch/riscv/kernel/entry.S | 4 ++-- include/uapi/linux/audit.h | 2 ++ 6 files changed, 26 insertions(+), 2 deletions(-) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index a344980287a5..8e6d404a4ed0 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -28,6 +28,7 @@ config RISCV select GENERIC_STRNLEN_USER select GENERIC_SMP_IDLE_THREAD select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A + select HAVE_ARCH_AUDITSYSCALL select HAVE_MEMBLOCK select HAVE_MEMBLOCK_NODE_MAP select HAVE_DMA_CONTIGUOUS diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h index 2c5df945d43c..62c5e9d35596 100644 --- a/arch/riscv/include/asm/ptrace.h +++ b/arch/riscv/include/asm/ptrace.h @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs, SET_FP(regs, val); } +static inline unsigned long regs_return_value(struct pt_regs *regs) +{ + return regs->a0; +} + #endif /* __ASSEMBLY__ */ #endif /* _ASM_RISCV_PTRACE_H */ diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h index 8d25f8904c00..bba3da6ef157 100644 --- a/arch/riscv/include/asm/syscall.h +++ b/arch/riscv/include/asm/syscall.h @@ -18,6 +18,7 @@ #ifndef _ASM_RISCV_SYSCALL_H #define _ASM_RISCV_SYSCALL_H +#include <uapi/linux/audit.h> #include <linux/sched.h> #include <linux/err.h> @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); } +static inline int syscall_get_arch(void) +{ +#ifdef CONFIG_64BIT + return AUDIT_ARCH_RISCV64; +#else + return AUDIT_ARCH_RISCV32; +#endif +} + #endif /* _ASM_RISCV_SYSCALL_H */ diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h index f8fa1cd2dad9..1c9cc8389928 100644 --- a/arch/riscv/include/asm/thread_info.h +++ b/arch/riscv/include/asm/thread_info.h @@ -80,13 +80,19 @@ struct thread_info { #define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */ #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ +#define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) #define _TIF_WORK_MASK \ (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED) +#define _TIF_SYSCALL_WORK \ + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT) + #endif /* _ASM_RISCV_THREAD_INFO_H */ diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S index fa2c08e3c05e..2a6c2e7aaff3 100644 --- a/arch/riscv/kernel/entry.S +++ b/arch/riscv/kernel/entry.S @@ -202,7 +202,7 @@ handle_syscall: REG_S s2, PT_SEPC(sp) /* Trace syscalls, but only if requested by the user. */ REG_L t0, TASK_TI_FLAGS(tp) - andi t0, t0, _TIF_SYSCALL_TRACE + andi t0, t0, _TIF_SYSCALL_WORK bnez t0, handle_syscall_trace_enter check_syscall_nr: /* Check to make sure we don't jump to a bogus syscall number. */ @@ -222,7 +222,7 @@ ret_from_syscall: REG_S a0, PT_A0(sp) /* Trace syscalls, but only if requested by the user. */ REG_L t0, TASK_TI_FLAGS(tp) - andi t0, t0, _TIF_SYSCALL_TRACE + andi t0, t0, _TIF_SYSCALL_WORK bnez t0, handle_syscall_trace_exit ret_from_exception: diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 818ae690ab79..d0e037a96a7b 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -399,6 +399,8 @@ enum { /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT) #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#define AUDIT_ARCH_RISCV32 (EM_RISCV|__AUDIT_ARCH_LE) +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define AUDIT_ARCH_S390 (EM_S390) #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT) #define AUDIT_ARCH_SH (EM_SH) -- 2.17.2 _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 1/2] riscv: add audit support 2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov @ 2018-11-13 1:52 ` Palmer Dabbelt 2018-11-13 1:52 ` Palmer Dabbelt 2018-11-13 23:34 ` Paul Moore 1 sibling, 2 replies; 20+ messages in thread From: Palmer Dabbelt @ 2018-11-13 1:52 UTC (permalink / raw) To: linux-riscv On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov at gmail.com wrote: > On RISC-V (riscv) audit is supported through generic lib/audit.c. > The patch adds required arch specific definitions. > > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> > --- > arch/riscv/Kconfig | 1 + > arch/riscv/include/asm/ptrace.h | 5 +++++ > arch/riscv/include/asm/syscall.h | 10 ++++++++++ > arch/riscv/include/asm/thread_info.h | 6 ++++++ > arch/riscv/kernel/entry.S | 4 ++-- > include/uapi/linux/audit.h | 2 ++ > 6 files changed, 26 insertions(+), 2 deletions(-) > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index a344980287a5..8e6d404a4ed0 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -28,6 +28,7 @@ config RISCV > select GENERIC_STRNLEN_USER > select GENERIC_SMP_IDLE_THREAD > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A > + select HAVE_ARCH_AUDITSYSCALL > select HAVE_MEMBLOCK > select HAVE_MEMBLOCK_NODE_MAP > select HAVE_DMA_CONTIGUOUS > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h > index 2c5df945d43c..62c5e9d35596 100644 > --- a/arch/riscv/include/asm/ptrace.h > +++ b/arch/riscv/include/asm/ptrace.h > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs, > SET_FP(regs, val); > } > > +static inline unsigned long regs_return_value(struct pt_regs *regs) > +{ > + return regs->a0; > +} > + > #endif /* __ASSEMBLY__ */ > > #endif /* _ASM_RISCV_PTRACE_H */ > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h > index 8d25f8904c00..bba3da6ef157 100644 > --- a/arch/riscv/include/asm/syscall.h > +++ b/arch/riscv/include/asm/syscall.h > @@ -18,6 +18,7 @@ > #ifndef _ASM_RISCV_SYSCALL_H > #define _ASM_RISCV_SYSCALL_H > > +#include <uapi/linux/audit.h> > #include <linux/sched.h> > #include <linux/err.h> > > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task, > memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); > } > > +static inline int syscall_get_arch(void) > +{ > +#ifdef CONFIG_64BIT > + return AUDIT_ARCH_RISCV64; > +#else > + return AUDIT_ARCH_RISCV32; > +#endif > +} > + > #endif /* _ASM_RISCV_SYSCALL_H */ > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h > index f8fa1cd2dad9..1c9cc8389928 100644 > --- a/arch/riscv/include/asm/thread_info.h > +++ b/arch/riscv/include/asm/thread_info.h > @@ -80,13 +80,19 @@ struct thread_info { > #define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */ > #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ > #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ > +#define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ > > #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) > #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) > +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) > +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) > > #define _TIF_WORK_MASK \ > (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED) > > +#define _TIF_SYSCALL_WORK \ > + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT) > + > #endif /* _ASM_RISCV_THREAD_INFO_H */ > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S > index fa2c08e3c05e..2a6c2e7aaff3 100644 > --- a/arch/riscv/kernel/entry.S > +++ b/arch/riscv/kernel/entry.S > @@ -202,7 +202,7 @@ handle_syscall: > REG_S s2, PT_SEPC(sp) > /* Trace syscalls, but only if requested by the user. */ > REG_L t0, TASK_TI_FLAGS(tp) > - andi t0, t0, _TIF_SYSCALL_TRACE > + andi t0, t0, _TIF_SYSCALL_WORK > bnez t0, handle_syscall_trace_enter > check_syscall_nr: > /* Check to make sure we don't jump to a bogus syscall number. */ > @@ -222,7 +222,7 @@ ret_from_syscall: > REG_S a0, PT_A0(sp) > /* Trace syscalls, but only if requested by the user. */ > REG_L t0, TASK_TI_FLAGS(tp) > - andi t0, t0, _TIF_SYSCALL_TRACE > + andi t0, t0, _TIF_SYSCALL_WORK > bnez t0, handle_syscall_trace_exit > > ret_from_exception: > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 818ae690ab79..d0e037a96a7b 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -399,6 +399,8 @@ enum { > /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ > #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT) > #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > +#define AUDIT_ARCH_RISCV32 (EM_RISCV|__AUDIT_ARCH_LE) > +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > #define AUDIT_ARCH_S390 (EM_S390) > #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT) > #define AUDIT_ARCH_SH (EM_SH) I can't seem to figure out how to dig the rest of the thread out of my inbox (I'm in an airport), so I'm just replying here. I've added this to next-audit, which will soon filter into for-next. I'm not sure if this is 100% settled, but I can't find any issues with it so I think it's best to get this out for testing. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 1/2] riscv: add audit support 2018-11-13 1:52 ` Palmer Dabbelt @ 2018-11-13 1:52 ` Palmer Dabbelt 2018-11-13 23:34 ` Paul Moore 1 sibling, 0 replies; 20+ messages in thread From: Palmer Dabbelt @ 2018-11-13 1:52 UTC (permalink / raw) To: david.abdurachmanov Cc: david.abdurachmanov, linux-riscv, aou, linux-kernel, linux-audit On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov@gmail.com wrote: > On RISC-V (riscv) audit is supported through generic lib/audit.c. > The patch adds required arch specific definitions. > > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> > --- > arch/riscv/Kconfig | 1 + > arch/riscv/include/asm/ptrace.h | 5 +++++ > arch/riscv/include/asm/syscall.h | 10 ++++++++++ > arch/riscv/include/asm/thread_info.h | 6 ++++++ > arch/riscv/kernel/entry.S | 4 ++-- > include/uapi/linux/audit.h | 2 ++ > 6 files changed, 26 insertions(+), 2 deletions(-) > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index a344980287a5..8e6d404a4ed0 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -28,6 +28,7 @@ config RISCV > select GENERIC_STRNLEN_USER > select GENERIC_SMP_IDLE_THREAD > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A > + select HAVE_ARCH_AUDITSYSCALL > select HAVE_MEMBLOCK > select HAVE_MEMBLOCK_NODE_MAP > select HAVE_DMA_CONTIGUOUS > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h > index 2c5df945d43c..62c5e9d35596 100644 > --- a/arch/riscv/include/asm/ptrace.h > +++ b/arch/riscv/include/asm/ptrace.h > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs, > SET_FP(regs, val); > } > > +static inline unsigned long regs_return_value(struct pt_regs *regs) > +{ > + return regs->a0; > +} > + > #endif /* __ASSEMBLY__ */ > > #endif /* _ASM_RISCV_PTRACE_H */ > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h > index 8d25f8904c00..bba3da6ef157 100644 > --- a/arch/riscv/include/asm/syscall.h > +++ b/arch/riscv/include/asm/syscall.h > @@ -18,6 +18,7 @@ > #ifndef _ASM_RISCV_SYSCALL_H > #define _ASM_RISCV_SYSCALL_H > > +#include <uapi/linux/audit.h> > #include <linux/sched.h> > #include <linux/err.h> > > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task, > memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); > } > > +static inline int syscall_get_arch(void) > +{ > +#ifdef CONFIG_64BIT > + return AUDIT_ARCH_RISCV64; > +#else > + return AUDIT_ARCH_RISCV32; > +#endif > +} > + > #endif /* _ASM_RISCV_SYSCALL_H */ > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h > index f8fa1cd2dad9..1c9cc8389928 100644 > --- a/arch/riscv/include/asm/thread_info.h > +++ b/arch/riscv/include/asm/thread_info.h > @@ -80,13 +80,19 @@ struct thread_info { > #define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */ > #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ > #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ > +#define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ > > #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) > #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) > +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) > +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) > > #define _TIF_WORK_MASK \ > (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED) > > +#define _TIF_SYSCALL_WORK \ > + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT) > + > #endif /* _ASM_RISCV_THREAD_INFO_H */ > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S > index fa2c08e3c05e..2a6c2e7aaff3 100644 > --- a/arch/riscv/kernel/entry.S > +++ b/arch/riscv/kernel/entry.S > @@ -202,7 +202,7 @@ handle_syscall: > REG_S s2, PT_SEPC(sp) > /* Trace syscalls, but only if requested by the user. */ > REG_L t0, TASK_TI_FLAGS(tp) > - andi t0, t0, _TIF_SYSCALL_TRACE > + andi t0, t0, _TIF_SYSCALL_WORK > bnez t0, handle_syscall_trace_enter > check_syscall_nr: > /* Check to make sure we don't jump to a bogus syscall number. */ > @@ -222,7 +222,7 @@ ret_from_syscall: > REG_S a0, PT_A0(sp) > /* Trace syscalls, but only if requested by the user. */ > REG_L t0, TASK_TI_FLAGS(tp) > - andi t0, t0, _TIF_SYSCALL_TRACE > + andi t0, t0, _TIF_SYSCALL_WORK > bnez t0, handle_syscall_trace_exit > > ret_from_exception: > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 818ae690ab79..d0e037a96a7b 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -399,6 +399,8 @@ enum { > /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ > #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT) > #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > +#define AUDIT_ARCH_RISCV32 (EM_RISCV|__AUDIT_ARCH_LE) > +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > #define AUDIT_ARCH_S390 (EM_S390) > #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT) > #define AUDIT_ARCH_SH (EM_SH) I can't seem to figure out how to dig the rest of the thread out of my inbox (I'm in an airport), so I'm just replying here. I've added this to next-audit, which will soon filter into for-next. I'm not sure if this is 100% settled, but I can't find any issues with it so I think it's best to get this out for testing. _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 1/2] riscv: add audit support 2018-11-13 1:52 ` Palmer Dabbelt 2018-11-13 1:52 ` Palmer Dabbelt @ 2018-11-13 23:34 ` Paul Moore 2018-11-13 23:34 ` Paul Moore 2018-11-14 23:40 ` Palmer Dabbelt 1 sibling, 2 replies; 20+ messages in thread From: Paul Moore @ 2018-11-13 23:34 UTC (permalink / raw) To: linux-riscv On Tue, Nov 13, 2018 at 5:07 AM Palmer Dabbelt <palmer@sifive.com> wrote: > On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov at gmail.com wrote: > > On RISC-V (riscv) audit is supported through generic lib/audit.c. > > The patch adds required arch specific definitions. > > > > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> > > --- > > arch/riscv/Kconfig | 1 + > > arch/riscv/include/asm/ptrace.h | 5 +++++ > > arch/riscv/include/asm/syscall.h | 10 ++++++++++ > > arch/riscv/include/asm/thread_info.h | 6 ++++++ > > arch/riscv/kernel/entry.S | 4 ++-- > > include/uapi/linux/audit.h | 2 ++ > > 6 files changed, 26 insertions(+), 2 deletions(-) > > > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > > index a344980287a5..8e6d404a4ed0 100644 > > --- a/arch/riscv/Kconfig > > +++ b/arch/riscv/Kconfig > > @@ -28,6 +28,7 @@ config RISCV > > select GENERIC_STRNLEN_USER > > select GENERIC_SMP_IDLE_THREAD > > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A > > + select HAVE_ARCH_AUDITSYSCALL > > select HAVE_MEMBLOCK > > select HAVE_MEMBLOCK_NODE_MAP > > select HAVE_DMA_CONTIGUOUS > > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h > > index 2c5df945d43c..62c5e9d35596 100644 > > --- a/arch/riscv/include/asm/ptrace.h > > +++ b/arch/riscv/include/asm/ptrace.h > > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs, > > SET_FP(regs, val); > > } > > > > +static inline unsigned long regs_return_value(struct pt_regs *regs) > > +{ > > + return regs->a0; > > +} > > + > > #endif /* __ASSEMBLY__ */ > > > > #endif /* _ASM_RISCV_PTRACE_H */ > > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h > > index 8d25f8904c00..bba3da6ef157 100644 > > --- a/arch/riscv/include/asm/syscall.h > > +++ b/arch/riscv/include/asm/syscall.h > > @@ -18,6 +18,7 @@ > > #ifndef _ASM_RISCV_SYSCALL_H > > #define _ASM_RISCV_SYSCALL_H > > > > +#include <uapi/linux/audit.h> > > #include <linux/sched.h> > > #include <linux/err.h> > > > > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task, > > memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); > > } > > > > +static inline int syscall_get_arch(void) > > +{ > > +#ifdef CONFIG_64BIT > > + return AUDIT_ARCH_RISCV64; > > +#else > > + return AUDIT_ARCH_RISCV32; > > +#endif > > +} > > + > > #endif /* _ASM_RISCV_SYSCALL_H */ > > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h > > index f8fa1cd2dad9..1c9cc8389928 100644 > > --- a/arch/riscv/include/asm/thread_info.h > > +++ b/arch/riscv/include/asm/thread_info.h > > @@ -80,13 +80,19 @@ struct thread_info { > > #define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */ > > #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ > > #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ > > +#define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ > > > > #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) > > #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) > > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) > > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) > > +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) > > +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) > > > > #define _TIF_WORK_MASK \ > > (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED) > > > > +#define _TIF_SYSCALL_WORK \ > > + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT) > > + > > #endif /* _ASM_RISCV_THREAD_INFO_H */ > > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S > > index fa2c08e3c05e..2a6c2e7aaff3 100644 > > --- a/arch/riscv/kernel/entry.S > > +++ b/arch/riscv/kernel/entry.S > > @@ -202,7 +202,7 @@ handle_syscall: > > REG_S s2, PT_SEPC(sp) > > /* Trace syscalls, but only if requested by the user. */ > > REG_L t0, TASK_TI_FLAGS(tp) > > - andi t0, t0, _TIF_SYSCALL_TRACE > > + andi t0, t0, _TIF_SYSCALL_WORK > > bnez t0, handle_syscall_trace_enter > > check_syscall_nr: > > /* Check to make sure we don't jump to a bogus syscall number. */ > > @@ -222,7 +222,7 @@ ret_from_syscall: > > REG_S a0, PT_A0(sp) > > /* Trace syscalls, but only if requested by the user. */ > > REG_L t0, TASK_TI_FLAGS(tp) > > - andi t0, t0, _TIF_SYSCALL_TRACE > > + andi t0, t0, _TIF_SYSCALL_WORK > > bnez t0, handle_syscall_trace_exit > > > > ret_from_exception: > > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > > index 818ae690ab79..d0e037a96a7b 100644 > > --- a/include/uapi/linux/audit.h > > +++ b/include/uapi/linux/audit.h > > @@ -399,6 +399,8 @@ enum { > > /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ > > #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT) > > #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > > +#define AUDIT_ARCH_RISCV32 (EM_RISCV|__AUDIT_ARCH_LE) > > +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > > #define AUDIT_ARCH_S390 (EM_S390) > > #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT) > > #define AUDIT_ARCH_SH (EM_SH) > > I can't seem to figure out how to dig the rest of the thread out of my inbox > (I'm in an airport), so I'm just replying here. > > I've added this to next-audit, which will soon filter into for-next. I'm not > sure if this is 100% settled, but I can't find any issues with it so I think > it's best to get this out for testing. If you RISCV guys are happy, and it is passing the audit-testsuite (which I believe it is based on some brief discussions with David on Freenode), then I think it is okay from my point of view. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 1/2] riscv: add audit support 2018-11-13 23:34 ` Paul Moore @ 2018-11-13 23:34 ` Paul Moore 2018-11-14 23:40 ` Palmer Dabbelt 1 sibling, 0 replies; 20+ messages in thread From: Paul Moore @ 2018-11-13 23:34 UTC (permalink / raw) To: palmer; +Cc: linux-audit, linux-riscv, aou, linux-kernel, david.abdurachmanov On Tue, Nov 13, 2018 at 5:07 AM Palmer Dabbelt <palmer@sifive.com> wrote: > On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov@gmail.com wrote: > > On RISC-V (riscv) audit is supported through generic lib/audit.c. > > The patch adds required arch specific definitions. > > > > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> > > --- > > arch/riscv/Kconfig | 1 + > > arch/riscv/include/asm/ptrace.h | 5 +++++ > > arch/riscv/include/asm/syscall.h | 10 ++++++++++ > > arch/riscv/include/asm/thread_info.h | 6 ++++++ > > arch/riscv/kernel/entry.S | 4 ++-- > > include/uapi/linux/audit.h | 2 ++ > > 6 files changed, 26 insertions(+), 2 deletions(-) > > > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > > index a344980287a5..8e6d404a4ed0 100644 > > --- a/arch/riscv/Kconfig > > +++ b/arch/riscv/Kconfig > > @@ -28,6 +28,7 @@ config RISCV > > select GENERIC_STRNLEN_USER > > select GENERIC_SMP_IDLE_THREAD > > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A > > + select HAVE_ARCH_AUDITSYSCALL > > select HAVE_MEMBLOCK > > select HAVE_MEMBLOCK_NODE_MAP > > select HAVE_DMA_CONTIGUOUS > > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h > > index 2c5df945d43c..62c5e9d35596 100644 > > --- a/arch/riscv/include/asm/ptrace.h > > +++ b/arch/riscv/include/asm/ptrace.h > > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs, > > SET_FP(regs, val); > > } > > > > +static inline unsigned long regs_return_value(struct pt_regs *regs) > > +{ > > + return regs->a0; > > +} > > + > > #endif /* __ASSEMBLY__ */ > > > > #endif /* _ASM_RISCV_PTRACE_H */ > > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h > > index 8d25f8904c00..bba3da6ef157 100644 > > --- a/arch/riscv/include/asm/syscall.h > > +++ b/arch/riscv/include/asm/syscall.h > > @@ -18,6 +18,7 @@ > > #ifndef _ASM_RISCV_SYSCALL_H > > #define _ASM_RISCV_SYSCALL_H > > > > +#include <uapi/linux/audit.h> > > #include <linux/sched.h> > > #include <linux/err.h> > > > > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task, > > memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); > > } > > > > +static inline int syscall_get_arch(void) > > +{ > > +#ifdef CONFIG_64BIT > > + return AUDIT_ARCH_RISCV64; > > +#else > > + return AUDIT_ARCH_RISCV32; > > +#endif > > +} > > + > > #endif /* _ASM_RISCV_SYSCALL_H */ > > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h > > index f8fa1cd2dad9..1c9cc8389928 100644 > > --- a/arch/riscv/include/asm/thread_info.h > > +++ b/arch/riscv/include/asm/thread_info.h > > @@ -80,13 +80,19 @@ struct thread_info { > > #define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */ > > #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ > > #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ > > +#define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ > > > > #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) > > #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) > > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) > > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) > > +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) > > +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) > > > > #define _TIF_WORK_MASK \ > > (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED) > > > > +#define _TIF_SYSCALL_WORK \ > > + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT) > > + > > #endif /* _ASM_RISCV_THREAD_INFO_H */ > > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S > > index fa2c08e3c05e..2a6c2e7aaff3 100644 > > --- a/arch/riscv/kernel/entry.S > > +++ b/arch/riscv/kernel/entry.S > > @@ -202,7 +202,7 @@ handle_syscall: > > REG_S s2, PT_SEPC(sp) > > /* Trace syscalls, but only if requested by the user. */ > > REG_L t0, TASK_TI_FLAGS(tp) > > - andi t0, t0, _TIF_SYSCALL_TRACE > > + andi t0, t0, _TIF_SYSCALL_WORK > > bnez t0, handle_syscall_trace_enter > > check_syscall_nr: > > /* Check to make sure we don't jump to a bogus syscall number. */ > > @@ -222,7 +222,7 @@ ret_from_syscall: > > REG_S a0, PT_A0(sp) > > /* Trace syscalls, but only if requested by the user. */ > > REG_L t0, TASK_TI_FLAGS(tp) > > - andi t0, t0, _TIF_SYSCALL_TRACE > > + andi t0, t0, _TIF_SYSCALL_WORK > > bnez t0, handle_syscall_trace_exit > > > > ret_from_exception: > > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > > index 818ae690ab79..d0e037a96a7b 100644 > > --- a/include/uapi/linux/audit.h > > +++ b/include/uapi/linux/audit.h > > @@ -399,6 +399,8 @@ enum { > > /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ > > #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT) > > #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > > +#define AUDIT_ARCH_RISCV32 (EM_RISCV|__AUDIT_ARCH_LE) > > +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > > #define AUDIT_ARCH_S390 (EM_S390) > > #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT) > > #define AUDIT_ARCH_SH (EM_SH) > > I can't seem to figure out how to dig the rest of the thread out of my inbox > (I'm in an airport), so I'm just replying here. > > I've added this to next-audit, which will soon filter into for-next. I'm not > sure if this is 100% settled, but I can't find any issues with it so I think > it's best to get this out for testing. If you RISCV guys are happy, and it is passing the audit-testsuite (which I believe it is based on some brief discussions with David on Freenode), then I think it is okay from my point of view. -- paul moore www.paul-moore.com _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 1/2] riscv: add audit support 2018-11-13 23:34 ` Paul Moore 2018-11-13 23:34 ` Paul Moore @ 2018-11-14 23:40 ` Palmer Dabbelt 2018-11-14 23:40 ` Palmer Dabbelt 1 sibling, 1 reply; 20+ messages in thread From: Palmer Dabbelt @ 2018-11-14 23:40 UTC (permalink / raw) To: linux-riscv On Tue, 13 Nov 2018 15:34:18 PST (-0800), paul at paul-moore.com wrote: > On Tue, Nov 13, 2018 at 5:07 AM Palmer Dabbelt <palmer@sifive.com> wrote: >> On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov at gmail.com wrote: >> > On RISC-V (riscv) audit is supported through generic lib/audit.c. >> > The patch adds required arch specific definitions. >> > >> > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> >> > --- >> > arch/riscv/Kconfig | 1 + >> > arch/riscv/include/asm/ptrace.h | 5 +++++ >> > arch/riscv/include/asm/syscall.h | 10 ++++++++++ >> > arch/riscv/include/asm/thread_info.h | 6 ++++++ >> > arch/riscv/kernel/entry.S | 4 ++-- >> > include/uapi/linux/audit.h | 2 ++ >> > 6 files changed, 26 insertions(+), 2 deletions(-) >> > >> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig >> > index a344980287a5..8e6d404a4ed0 100644 >> > --- a/arch/riscv/Kconfig >> > +++ b/arch/riscv/Kconfig >> > @@ -28,6 +28,7 @@ config RISCV >> > select GENERIC_STRNLEN_USER >> > select GENERIC_SMP_IDLE_THREAD >> > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A >> > + select HAVE_ARCH_AUDITSYSCALL >> > select HAVE_MEMBLOCK >> > select HAVE_MEMBLOCK_NODE_MAP >> > select HAVE_DMA_CONTIGUOUS >> > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h >> > index 2c5df945d43c..62c5e9d35596 100644 >> > --- a/arch/riscv/include/asm/ptrace.h >> > +++ b/arch/riscv/include/asm/ptrace.h >> > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs, >> > SET_FP(regs, val); >> > } >> > >> > +static inline unsigned long regs_return_value(struct pt_regs *regs) >> > +{ >> > + return regs->a0; >> > +} >> > + >> > #endif /* __ASSEMBLY__ */ >> > >> > #endif /* _ASM_RISCV_PTRACE_H */ >> > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h >> > index 8d25f8904c00..bba3da6ef157 100644 >> > --- a/arch/riscv/include/asm/syscall.h >> > +++ b/arch/riscv/include/asm/syscall.h >> > @@ -18,6 +18,7 @@ >> > #ifndef _ASM_RISCV_SYSCALL_H >> > #define _ASM_RISCV_SYSCALL_H >> > >> > +#include <uapi/linux/audit.h> >> > #include <linux/sched.h> >> > #include <linux/err.h> >> > >> > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task, >> > memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); >> > } >> > >> > +static inline int syscall_get_arch(void) >> > +{ >> > +#ifdef CONFIG_64BIT >> > + return AUDIT_ARCH_RISCV64; >> > +#else >> > + return AUDIT_ARCH_RISCV32; >> > +#endif >> > +} >> > + >> > #endif /* _ASM_RISCV_SYSCALL_H */ >> > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h >> > index f8fa1cd2dad9..1c9cc8389928 100644 >> > --- a/arch/riscv/include/asm/thread_info.h >> > +++ b/arch/riscv/include/asm/thread_info.h >> > @@ -80,13 +80,19 @@ struct thread_info { >> > #define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */ >> > #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ >> > #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ >> > +#define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ >> > >> > #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) >> > #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) >> > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) >> > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) >> > +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) >> > +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) >> > >> > #define _TIF_WORK_MASK \ >> > (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED) >> > >> > +#define _TIF_SYSCALL_WORK \ >> > + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT) >> > + >> > #endif /* _ASM_RISCV_THREAD_INFO_H */ >> > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S >> > index fa2c08e3c05e..2a6c2e7aaff3 100644 >> > --- a/arch/riscv/kernel/entry.S >> > +++ b/arch/riscv/kernel/entry.S >> > @@ -202,7 +202,7 @@ handle_syscall: >> > REG_S s2, PT_SEPC(sp) >> > /* Trace syscalls, but only if requested by the user. */ >> > REG_L t0, TASK_TI_FLAGS(tp) >> > - andi t0, t0, _TIF_SYSCALL_TRACE >> > + andi t0, t0, _TIF_SYSCALL_WORK >> > bnez t0, handle_syscall_trace_enter >> > check_syscall_nr: >> > /* Check to make sure we don't jump to a bogus syscall number. */ >> > @@ -222,7 +222,7 @@ ret_from_syscall: >> > REG_S a0, PT_A0(sp) >> > /* Trace syscalls, but only if requested by the user. */ >> > REG_L t0, TASK_TI_FLAGS(tp) >> > - andi t0, t0, _TIF_SYSCALL_TRACE >> > + andi t0, t0, _TIF_SYSCALL_WORK >> > bnez t0, handle_syscall_trace_exit >> > >> > ret_from_exception: >> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h >> > index 818ae690ab79..d0e037a96a7b 100644 >> > --- a/include/uapi/linux/audit.h >> > +++ b/include/uapi/linux/audit.h >> > @@ -399,6 +399,8 @@ enum { >> > /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ >> > #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT) >> > #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) >> > +#define AUDIT_ARCH_RISCV32 (EM_RISCV|__AUDIT_ARCH_LE) >> > +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) >> > #define AUDIT_ARCH_S390 (EM_S390) >> > #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT) >> > #define AUDIT_ARCH_SH (EM_SH) >> >> I can't seem to figure out how to dig the rest of the thread out of my inbox >> (I'm in an airport), so I'm just replying here. >> >> I've added this to next-audit, which will soon filter into for-next. I'm not >> sure if this is 100% settled, but I can't find any issues with it so I think >> it's best to get this out for testing. > > If you RISCV guys are happy, and it is passing the audit-testsuite > (which I believe it is based on some brief discussions with David on > Freenode), then I think it is okay from my point of view. I haven't run the test suite personally, but I trust that David has done so if he said so (I remember having seen him say he did as well). Thanks! ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 1/2] riscv: add audit support 2018-11-14 23:40 ` Palmer Dabbelt @ 2018-11-14 23:40 ` Palmer Dabbelt 0 siblings, 0 replies; 20+ messages in thread From: Palmer Dabbelt @ 2018-11-14 23:40 UTC (permalink / raw) To: paul; +Cc: linux-audit, linux-riscv, aou, linux-kernel, david.abdurachmanov On Tue, 13 Nov 2018 15:34:18 PST (-0800), paul@paul-moore.com wrote: > On Tue, Nov 13, 2018 at 5:07 AM Palmer Dabbelt <palmer@sifive.com> wrote: >> On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov@gmail.com wrote: >> > On RISC-V (riscv) audit is supported through generic lib/audit.c. >> > The patch adds required arch specific definitions. >> > >> > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> >> > --- >> > arch/riscv/Kconfig | 1 + >> > arch/riscv/include/asm/ptrace.h | 5 +++++ >> > arch/riscv/include/asm/syscall.h | 10 ++++++++++ >> > arch/riscv/include/asm/thread_info.h | 6 ++++++ >> > arch/riscv/kernel/entry.S | 4 ++-- >> > include/uapi/linux/audit.h | 2 ++ >> > 6 files changed, 26 insertions(+), 2 deletions(-) >> > >> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig >> > index a344980287a5..8e6d404a4ed0 100644 >> > --- a/arch/riscv/Kconfig >> > +++ b/arch/riscv/Kconfig >> > @@ -28,6 +28,7 @@ config RISCV >> > select GENERIC_STRNLEN_USER >> > select GENERIC_SMP_IDLE_THREAD >> > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A >> > + select HAVE_ARCH_AUDITSYSCALL >> > select HAVE_MEMBLOCK >> > select HAVE_MEMBLOCK_NODE_MAP >> > select HAVE_DMA_CONTIGUOUS >> > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h >> > index 2c5df945d43c..62c5e9d35596 100644 >> > --- a/arch/riscv/include/asm/ptrace.h >> > +++ b/arch/riscv/include/asm/ptrace.h >> > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs, >> > SET_FP(regs, val); >> > } >> > >> > +static inline unsigned long regs_return_value(struct pt_regs *regs) >> > +{ >> > + return regs->a0; >> > +} >> > + >> > #endif /* __ASSEMBLY__ */ >> > >> > #endif /* _ASM_RISCV_PTRACE_H */ >> > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h >> > index 8d25f8904c00..bba3da6ef157 100644 >> > --- a/arch/riscv/include/asm/syscall.h >> > +++ b/arch/riscv/include/asm/syscall.h >> > @@ -18,6 +18,7 @@ >> > #ifndef _ASM_RISCV_SYSCALL_H >> > #define _ASM_RISCV_SYSCALL_H >> > >> > +#include <uapi/linux/audit.h> >> > #include <linux/sched.h> >> > #include <linux/err.h> >> > >> > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task, >> > memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); >> > } >> > >> > +static inline int syscall_get_arch(void) >> > +{ >> > +#ifdef CONFIG_64BIT >> > + return AUDIT_ARCH_RISCV64; >> > +#else >> > + return AUDIT_ARCH_RISCV32; >> > +#endif >> > +} >> > + >> > #endif /* _ASM_RISCV_SYSCALL_H */ >> > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h >> > index f8fa1cd2dad9..1c9cc8389928 100644 >> > --- a/arch/riscv/include/asm/thread_info.h >> > +++ b/arch/riscv/include/asm/thread_info.h >> > @@ -80,13 +80,19 @@ struct thread_info { >> > #define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */ >> > #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ >> > #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ >> > +#define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ >> > >> > #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) >> > #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) >> > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) >> > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) >> > +#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) >> > +#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) >> > >> > #define _TIF_WORK_MASK \ >> > (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED) >> > >> > +#define _TIF_SYSCALL_WORK \ >> > + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT) >> > + >> > #endif /* _ASM_RISCV_THREAD_INFO_H */ >> > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S >> > index fa2c08e3c05e..2a6c2e7aaff3 100644 >> > --- a/arch/riscv/kernel/entry.S >> > +++ b/arch/riscv/kernel/entry.S >> > @@ -202,7 +202,7 @@ handle_syscall: >> > REG_S s2, PT_SEPC(sp) >> > /* Trace syscalls, but only if requested by the user. */ >> > REG_L t0, TASK_TI_FLAGS(tp) >> > - andi t0, t0, _TIF_SYSCALL_TRACE >> > + andi t0, t0, _TIF_SYSCALL_WORK >> > bnez t0, handle_syscall_trace_enter >> > check_syscall_nr: >> > /* Check to make sure we don't jump to a bogus syscall number. */ >> > @@ -222,7 +222,7 @@ ret_from_syscall: >> > REG_S a0, PT_A0(sp) >> > /* Trace syscalls, but only if requested by the user. */ >> > REG_L t0, TASK_TI_FLAGS(tp) >> > - andi t0, t0, _TIF_SYSCALL_TRACE >> > + andi t0, t0, _TIF_SYSCALL_WORK >> > bnez t0, handle_syscall_trace_exit >> > >> > ret_from_exception: >> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h >> > index 818ae690ab79..d0e037a96a7b 100644 >> > --- a/include/uapi/linux/audit.h >> > +++ b/include/uapi/linux/audit.h >> > @@ -399,6 +399,8 @@ enum { >> > /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ >> > #define AUDIT_ARCH_PPC64 (EM_PPC64|__AUDIT_ARCH_64BIT) >> > #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) >> > +#define AUDIT_ARCH_RISCV32 (EM_RISCV|__AUDIT_ARCH_LE) >> > +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) >> > #define AUDIT_ARCH_S390 (EM_S390) >> > #define AUDIT_ARCH_S390X (EM_S390|__AUDIT_ARCH_64BIT) >> > #define AUDIT_ARCH_SH (EM_SH) >> >> I can't seem to figure out how to dig the rest of the thread out of my inbox >> (I'm in an airport), so I'm just replying here. >> >> I've added this to next-audit, which will soon filter into for-next. I'm not >> sure if this is 100% settled, but I can't find any issues with it so I think >> it's best to get this out for testing. > > If you RISCV guys are happy, and it is passing the audit-testsuite > (which I believe it is based on some brief discussions with David on > Freenode), then I think it is okay from my point of view. I haven't run the test suite personally, but I trust that David has done so if he said so (I remember having seen him say he did as well). Thanks! _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() 2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov 2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov @ 2018-10-29 10:48 ` David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov 2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore 2018-11-06 20:06 ` Paul Moore 4 siblings, 1 reply; 20+ messages in thread From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw) To: linux-riscv This patch adds auditing functions on entry to and exit from every system call invocation. Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> --- arch/riscv/kernel/ptrace.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c index 9f82a7e34c64..85b0c93f00c6 100644 --- a/arch/riscv/kernel/ptrace.c +++ b/arch/riscv/kernel/ptrace.c @@ -18,6 +18,7 @@ #include <asm/ptrace.h> #include <asm/syscall.h> #include <asm/thread_info.h> +#include <linux/audit.h> #include <linux/ptrace.h> #include <linux/elf.h> #include <linux/regset.h> @@ -111,10 +112,14 @@ void do_syscall_trace_enter(struct pt_regs *regs) if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) trace_sys_enter(regs, syscall_get_nr(current, regs)); #endif + + audit_syscall_entry(regs->a7, regs->a0, regs->a1, regs->a2, regs->a3); } void do_syscall_trace_exit(struct pt_regs *regs) { + audit_syscall_exit(regs); + if (test_thread_flag(TIF_SYSCALL_TRACE)) tracehook_report_syscall_exit(regs, 0); -- 2.17.2 ^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() 2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov @ 2018-10-29 10:48 ` David Abdurachmanov 0 siblings, 0 replies; 20+ messages in thread From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw) To: palmer, aou, linux-riscv, linux-kernel, linux-audit; +Cc: David Abdurachmanov This patch adds auditing functions on entry to and exit from every system call invocation. Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com> --- arch/riscv/kernel/ptrace.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c index 9f82a7e34c64..85b0c93f00c6 100644 --- a/arch/riscv/kernel/ptrace.c +++ b/arch/riscv/kernel/ptrace.c @@ -18,6 +18,7 @@ #include <asm/ptrace.h> #include <asm/syscall.h> #include <asm/thread_info.h> +#include <linux/audit.h> #include <linux/ptrace.h> #include <linux/elf.h> #include <linux/regset.h> @@ -111,10 +112,14 @@ void do_syscall_trace_enter(struct pt_regs *regs) if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) trace_sys_enter(regs, syscall_get_nr(current, regs)); #endif + + audit_syscall_entry(regs->a7, regs->a0, regs->a1, regs->a2, regs->a3); } void do_syscall_trace_exit(struct pt_regs *regs) { + audit_syscall_exit(regs); + if (test_thread_flag(TIF_SYSCALL_TRACE)) tracehook_report_syscall_exit(regs, 0); -- 2.17.2 _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 0/2] riscv: add audit support 2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov ` (2 preceding siblings ...) 2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov @ 2018-10-29 22:57 ` Paul Moore 2018-10-29 22:57 ` Paul Moore 2018-11-06 20:06 ` Paul Moore 4 siblings, 1 reply; 20+ messages in thread From: Paul Moore @ 2018-10-29 22:57 UTC (permalink / raw) To: linux-riscv On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov <david.abdurachmanov@gmail.com> wrote: > This patchset adds system call audit support on riscv (riscv32 & > riscv64). > > The pachset was prepared on top of v4.19 tag. > > audit-userspace changes were submitted. See: > https://github.com/linux-audit/audit-userspace/pull/73 > > Tested the following manually: > - auditctl (checked several different example rules from internet) > - aulast > - aulastlog > - ausearch > - ausyscall > - aureport > - autrace (compared some syscalls to strace: order and return > value/input arguments seem to be correct) > - /proc/self/loginuid (required by DNF [package manager]) > > I looked into audit-testsuite and with some adjustments results are: > > Failed 4/14 test programs. 19/88 subtests failed. > > The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not > printing categories (don't know why), not having loadable kernel module > support enablled and syscall_socketcall not being relevant for new arches. > > audit-testsuite with adjustments: > https://github.com/davidlt/audit-testsuite/tree/riscv64 > > Depends on: > [PATCH 1/2] Move EM_RISCV into elf-em.h > http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html > > This should solve DNF issues in Fedora 29/RISCV. > > David Abdurachmanov (2): > riscv: add audit support > riscv: audit: add audit hook in do_syscall_trace_enter/exit() > > arch/riscv/Kconfig | 1 + > arch/riscv/include/asm/ptrace.h | 5 +++++ > arch/riscv/include/asm/syscall.h | 10 ++++++++++ > arch/riscv/include/asm/thread_info.h | 6 ++++++ > arch/riscv/kernel/entry.S | 4 ++-- > arch/riscv/kernel/ptrace.c | 5 +++++ > include/uapi/linux/audit.h | 2 ++ > 7 files changed, 31 insertions(+), 2 deletions(-) Thanks for the patches David, I'll be able to take a closer look next week once the merge window is closed. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 0/2] riscv: add audit support 2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore @ 2018-10-29 22:57 ` Paul Moore 0 siblings, 0 replies; 20+ messages in thread From: Paul Moore @ 2018-10-29 22:57 UTC (permalink / raw) To: david.abdurachmanov; +Cc: linux-riscv, palmer, linux-kernel, aou, linux-audit On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov <david.abdurachmanov@gmail.com> wrote: > This patchset adds system call audit support on riscv (riscv32 & > riscv64). > > The pachset was prepared on top of v4.19 tag. > > audit-userspace changes were submitted. See: > https://github.com/linux-audit/audit-userspace/pull/73 > > Tested the following manually: > - auditctl (checked several different example rules from internet) > - aulast > - aulastlog > - ausearch > - ausyscall > - aureport > - autrace (compared some syscalls to strace: order and return > value/input arguments seem to be correct) > - /proc/self/loginuid (required by DNF [package manager]) > > I looked into audit-testsuite and with some adjustments results are: > > Failed 4/14 test programs. 19/88 subtests failed. > > The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not > printing categories (don't know why), not having loadable kernel module > support enablled and syscall_socketcall not being relevant for new arches. > > audit-testsuite with adjustments: > https://github.com/davidlt/audit-testsuite/tree/riscv64 > > Depends on: > [PATCH 1/2] Move EM_RISCV into elf-em.h > http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html > > This should solve DNF issues in Fedora 29/RISCV. > > David Abdurachmanov (2): > riscv: add audit support > riscv: audit: add audit hook in do_syscall_trace_enter/exit() > > arch/riscv/Kconfig | 1 + > arch/riscv/include/asm/ptrace.h | 5 +++++ > arch/riscv/include/asm/syscall.h | 10 ++++++++++ > arch/riscv/include/asm/thread_info.h | 6 ++++++ > arch/riscv/kernel/entry.S | 4 ++-- > arch/riscv/kernel/ptrace.c | 5 +++++ > include/uapi/linux/audit.h | 2 ++ > 7 files changed, 31 insertions(+), 2 deletions(-) Thanks for the patches David, I'll be able to take a closer look next week once the merge window is closed. -- paul moore www.paul-moore.com _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 0/2] riscv: add audit support 2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov ` (3 preceding siblings ...) 2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore @ 2018-11-06 20:06 ` Paul Moore 2018-11-06 20:06 ` Paul Moore 2018-11-06 21:25 ` David Abdurachmanov 4 siblings, 2 replies; 20+ messages in thread From: Paul Moore @ 2018-11-06 20:06 UTC (permalink / raw) To: linux-riscv On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov <david.abdurachmanov@gmail.com> wrote: > This patchset adds system call audit support on riscv (riscv32 & > riscv64). > > The pachset was prepared on top of v4.19 tag. > > audit-userspace changes were submitted. See: > https://github.com/linux-audit/audit-userspace/pull/73 > > Tested the following manually: > - auditctl (checked several different example rules from internet) > - aulast > - aulastlog > - ausearch > - ausyscall > - aureport > - autrace (compared some syscalls to strace: order and return > value/input arguments seem to be correct) > - /proc/self/loginuid (required by DNF [package manager]) > > I looked into audit-testsuite and with some adjustments results are: > > Failed 4/14 test programs. 19/88 subtests failed. I realize that the test suite failures are likely not due to your code, but rather shortcomings in the test suite itself, but I think it is important to resolve these problems before we commit the kernel changes. You mention Fedora 29/RISCV below, is that the distro you are using for testing? Also, are you using a stock kernel config from the distro or your own? > The failing tests were due to missing CONFIG_IP_NF_MANGLE ... Assuming a general purpose like Fedora, that seems like an odd omission. Any chance you can rebuild your kernel with the mangle table? > ... 'id -Z' not printing categories (don't know why) ... Are you seeing the MLS/MCS sensitivity level, s0, or are you not seeing any of the MLS/MCS fields? > ... not having loadable kernel module support enablled ... Much like the netfilter config, any chance you can enable this in your kernel? > ... and syscall_socketcall not being relevant for new arches. We will probably need to make that ABI dependent in the test suite. > audit-testsuite with adjustments: > https://github.com/davidlt/audit-testsuite/tree/riscv64 > > Depends on: > [PATCH 1/2] Move EM_RISCV into elf-em.h > http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html > > This should solve DNF issues in Fedora 29/RISCV. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 0/2] riscv: add audit support 2018-11-06 20:06 ` Paul Moore @ 2018-11-06 20:06 ` Paul Moore 2018-11-06 21:25 ` David Abdurachmanov 1 sibling, 0 replies; 20+ messages in thread From: Paul Moore @ 2018-11-06 20:06 UTC (permalink / raw) To: david.abdurachmanov; +Cc: linux-riscv, palmer, linux-kernel, aou, linux-audit On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov <david.abdurachmanov@gmail.com> wrote: > This patchset adds system call audit support on riscv (riscv32 & > riscv64). > > The pachset was prepared on top of v4.19 tag. > > audit-userspace changes were submitted. See: > https://github.com/linux-audit/audit-userspace/pull/73 > > Tested the following manually: > - auditctl (checked several different example rules from internet) > - aulast > - aulastlog > - ausearch > - ausyscall > - aureport > - autrace (compared some syscalls to strace: order and return > value/input arguments seem to be correct) > - /proc/self/loginuid (required by DNF [package manager]) > > I looked into audit-testsuite and with some adjustments results are: > > Failed 4/14 test programs. 19/88 subtests failed. I realize that the test suite failures are likely not due to your code, but rather shortcomings in the test suite itself, but I think it is important to resolve these problems before we commit the kernel changes. You mention Fedora 29/RISCV below, is that the distro you are using for testing? Also, are you using a stock kernel config from the distro or your own? > The failing tests were due to missing CONFIG_IP_NF_MANGLE ... Assuming a general purpose like Fedora, that seems like an odd omission. Any chance you can rebuild your kernel with the mangle table? > ... 'id -Z' not printing categories (don't know why) ... Are you seeing the MLS/MCS sensitivity level, s0, or are you not seeing any of the MLS/MCS fields? > ... not having loadable kernel module support enablled ... Much like the netfilter config, any chance you can enable this in your kernel? > ... and syscall_socketcall not being relevant for new arches. We will probably need to make that ABI dependent in the test suite. > audit-testsuite with adjustments: > https://github.com/davidlt/audit-testsuite/tree/riscv64 > > Depends on: > [PATCH 1/2] Move EM_RISCV into elf-em.h > http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html > > This should solve DNF issues in Fedora 29/RISCV. -- paul moore www.paul-moore.com _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 0/2] riscv: add audit support 2018-11-06 20:06 ` Paul Moore 2018-11-06 20:06 ` Paul Moore @ 2018-11-06 21:25 ` David Abdurachmanov 2018-11-06 21:25 ` David Abdurachmanov 2018-11-07 10:45 ` David Abdurachmanov 1 sibling, 2 replies; 20+ messages in thread From: David Abdurachmanov @ 2018-11-06 21:25 UTC (permalink / raw) To: linux-riscv On Tue, Nov 6, 2018 at 9:06 PM Paul Moore <paul@paul-moore.com> wrote: > > On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov > <david.abdurachmanov@gmail.com> wrote: > > This patchset adds system call audit support on riscv (riscv32 & > > riscv64). > > > > The pachset was prepared on top of v4.19 tag. > > > > audit-userspace changes were submitted. See: > > https://github.com/linux-audit/audit-userspace/pull/73 > > > > Tested the following manually: > > - auditctl (checked several different example rules from internet) > > - aulast > > - aulastlog > > - ausearch > > - ausyscall > > - aureport > > - autrace (compared some syscalls to strace: order and return > > value/input arguments seem to be correct) > > - /proc/self/loginuid (required by DNF [package manager]) > > > > I looked into audit-testsuite and with some adjustments results are: > > > > Failed 4/14 test programs. 19/88 subtests failed. > > I realize that the test suite failures are likely not due to your > code, but rather shortcomings in the test suite itself, but I think it > is important to resolve these problems before we commit the kernel > changes. > > You mention Fedora 29/RISCV below, is that the distro you are using > for testing? Also, are you using a stock kernel config from the > distro or your own? > > > The failing tests were due to missing CONFIG_IP_NF_MANGLE ... > > Assuming a general purpose like Fedora, that seems like an odd > omission. Any chance you can rebuild your kernel with the mangle > table? When we build Fedora, the kernel is not built in a standard way. It's only build statically and contains minimal setup. We also don't do loadable kernel modules, because there wasn't support for it months ago. It's not tested yet by us. I did rebuild with CONFIG_IP_NF_MANGLE, but I think, there was more stuff missing. Have to look again. I am experimenting on building kernel in normal Fedora way, but there are some issues right now. It also takes 12-24 hours for a single attempt. > > > ... 'id -Z' not printing categories (don't know why) ... > > Are you seeing the MLS/MCS sensitivity level, s0, or are you not > seeing any of the MLS/MCS fields? I boot my VM "selinux=1 enforcing=0". [root at fedora-riscv ~]# semanage login -l Login Name SELinux User MLS/MCS Range Service __default__ unconfined_u s0-s0:c0.c1023 * root unconfined_u s0-s0:c0.c1023 * [root at fedora-riscv ~]# id -Z unconfined_u:unconfined_r:unconfined_t:s0 > > > ... not having loadable kernel module support enablled ... > > Much like the netfilter config, any chance you can enable this in your kernel? Experimenting, not sure if it works yet. > > > ... and syscall_socketcall not being relevant for new arches. > > We will probably need to make that ABI dependent in the test suite. > > > audit-testsuite with adjustments: > > https://github.com/davidlt/audit-testsuite/tree/riscv64 > > > > Depends on: > > [PATCH 1/2] Move EM_RISCV into elf-em.h > > http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html > > > > This should solve DNF issues in Fedora 29/RISCV. > > -- > paul moore > www.paul-moore.com ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 0/2] riscv: add audit support 2018-11-06 21:25 ` David Abdurachmanov @ 2018-11-06 21:25 ` David Abdurachmanov 2018-11-07 10:45 ` David Abdurachmanov 1 sibling, 0 replies; 20+ messages in thread From: David Abdurachmanov @ 2018-11-06 21:25 UTC (permalink / raw) To: Paul Moore; +Cc: linux-riscv, Palmer Dabbelt, linux-kernel, aou, linux-audit On Tue, Nov 6, 2018 at 9:06 PM Paul Moore <paul@paul-moore.com> wrote: > > On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov > <david.abdurachmanov@gmail.com> wrote: > > This patchset adds system call audit support on riscv (riscv32 & > > riscv64). > > > > The pachset was prepared on top of v4.19 tag. > > > > audit-userspace changes were submitted. See: > > https://github.com/linux-audit/audit-userspace/pull/73 > > > > Tested the following manually: > > - auditctl (checked several different example rules from internet) > > - aulast > > - aulastlog > > - ausearch > > - ausyscall > > - aureport > > - autrace (compared some syscalls to strace: order and return > > value/input arguments seem to be correct) > > - /proc/self/loginuid (required by DNF [package manager]) > > > > I looked into audit-testsuite and with some adjustments results are: > > > > Failed 4/14 test programs. 19/88 subtests failed. > > I realize that the test suite failures are likely not due to your > code, but rather shortcomings in the test suite itself, but I think it > is important to resolve these problems before we commit the kernel > changes. > > You mention Fedora 29/RISCV below, is that the distro you are using > for testing? Also, are you using a stock kernel config from the > distro or your own? > > > The failing tests were due to missing CONFIG_IP_NF_MANGLE ... > > Assuming a general purpose like Fedora, that seems like an odd > omission. Any chance you can rebuild your kernel with the mangle > table? When we build Fedora, the kernel is not built in a standard way. It's only build statically and contains minimal setup. We also don't do loadable kernel modules, because there wasn't support for it months ago. It's not tested yet by us. I did rebuild with CONFIG_IP_NF_MANGLE, but I think, there was more stuff missing. Have to look again. I am experimenting on building kernel in normal Fedora way, but there are some issues right now. It also takes 12-24 hours for a single attempt. > > > ... 'id -Z' not printing categories (don't know why) ... > > Are you seeing the MLS/MCS sensitivity level, s0, or are you not > seeing any of the MLS/MCS fields? I boot my VM "selinux=1 enforcing=0". [root@fedora-riscv ~]# semanage login -l Login Name SELinux User MLS/MCS Range Service __default__ unconfined_u s0-s0:c0.c1023 * root unconfined_u s0-s0:c0.c1023 * [root@fedora-riscv ~]# id -Z unconfined_u:unconfined_r:unconfined_t:s0 > > > ... not having loadable kernel module support enablled ... > > Much like the netfilter config, any chance you can enable this in your kernel? Experimenting, not sure if it works yet. > > > ... and syscall_socketcall not being relevant for new arches. > > We will probably need to make that ABI dependent in the test suite. > > > audit-testsuite with adjustments: > > https://github.com/davidlt/audit-testsuite/tree/riscv64 > > > > Depends on: > > [PATCH 1/2] Move EM_RISCV into elf-em.h > > http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html > > > > This should solve DNF issues in Fedora 29/RISCV. > > -- > paul moore > www.paul-moore.com _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 0/2] riscv: add audit support 2018-11-06 21:25 ` David Abdurachmanov 2018-11-06 21:25 ` David Abdurachmanov @ 2018-11-07 10:45 ` David Abdurachmanov 2018-11-07 10:45 ` David Abdurachmanov 1 sibling, 1 reply; 20+ messages in thread From: David Abdurachmanov @ 2018-11-07 10:45 UTC (permalink / raw) To: linux-riscv On Tue, Nov 6, 2018 at 10:25 PM David Abdurachmanov <david.abdurachmanov@gmail.com> wrote: > > On Tue, Nov 6, 2018 at 9:06 PM Paul Moore <paul@paul-moore.com> wrote: > > > > On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov > > <david.abdurachmanov@gmail.com> wrote: > > > This patchset adds system call audit support on riscv (riscv32 & > > > riscv64). > > > > > > The pachset was prepared on top of v4.19 tag. > > > > > > audit-userspace changes were submitted. See: > > > https://github.com/linux-audit/audit-userspace/pull/73 > > > > > > Tested the following manually: > > > - auditctl (checked several different example rules from internet) > > > - aulast > > > - aulastlog > > > - ausearch > > > - ausyscall > > > - aureport > > > - autrace (compared some syscalls to strace: order and return > > > value/input arguments seem to be correct) > > > - /proc/self/loginuid (required by DNF [package manager]) > > > > > > I looked into audit-testsuite and with some adjustments results are: > > > > > > Failed 4/14 test programs. 19/88 subtests failed. > > > > I realize that the test suite failures are likely not due to your > > code, but rather shortcomings in the test suite itself, but I think it > > is important to resolve these problems before we commit the kernel > > changes. I did some extra work this evening (well, after midnight) and I am passing all bits I would expect to pass. Test Summary Report ------------------- syscall_socketcall/test (Wstat: 0 Tests: 3 Failed: 3) Failed tests: 1-3 Files=14, Tests=88, 107 wallclock secs ( 1.07 usr 0.38 sys + 58.77 cusr 19.32 csys = 79.54 CPU) Result: FAIL Failed 1/14 test programs. 3/88 subtests failed. The only failing test now is syscall_socketcall, which is not supported on riscv and others. >From man page: On a some architectures-for example, x86-64 and ARM?there is no socketcall() system call; instead socket(2), accept(2), bind(2), and so on really are implemented as separate system calls. Then I redone syscall_socketcall test to fit new 64-bit arches. It still mostly checks the same thing, but uses different syscall. Instead of socketcall(SYS_CONNECT, ..) we check for connect(..). This will not generate SOCKETCALL record, thus instead check for SYSCALL record where syscall=connect. All is here: https://github.com/davidlt/audit-testsuite/commits/riscv64 With that: Running as user root with context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 on system Fedora exec_execve/test ......... ok exec_name/test ........... ok file_create/test ......... ok file_delete/test ......... ok file_rename/test ......... ok filter_exclude/test ...... ok filter_sessionid/test .... ok login_tty/test ........... ok lost_reset/test .......... ok netfilter_pkt/test ....... ok syscalls_file/test ....... ok syscall_module/test ...... ok syscall_socketcall/test .. ok user_msg/test ............ ok All tests successful. Files=14, Tests=88, 123 wallclock secs ( 1.26 usr 0.59 sys + 70.85 cusr 22.60 csys = 95.30 CPU) Result: PASS Same audit kernel patch and libaudit, nothing changed here. Hopefully this allows to move forward as I would love to have audit & seccomp in the next kernel version (and thus Fedora). Thanks, david ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 0/2] riscv: add audit support 2018-11-07 10:45 ` David Abdurachmanov @ 2018-11-07 10:45 ` David Abdurachmanov 0 siblings, 0 replies; 20+ messages in thread From: David Abdurachmanov @ 2018-11-07 10:45 UTC (permalink / raw) To: Paul Moore; +Cc: linux-riscv, Palmer Dabbelt, linux-kernel, aou, linux-audit On Tue, Nov 6, 2018 at 10:25 PM David Abdurachmanov <david.abdurachmanov@gmail.com> wrote: > > On Tue, Nov 6, 2018 at 9:06 PM Paul Moore <paul@paul-moore.com> wrote: > > > > On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov > > <david.abdurachmanov@gmail.com> wrote: > > > This patchset adds system call audit support on riscv (riscv32 & > > > riscv64). > > > > > > The pachset was prepared on top of v4.19 tag. > > > > > > audit-userspace changes were submitted. See: > > > https://github.com/linux-audit/audit-userspace/pull/73 > > > > > > Tested the following manually: > > > - auditctl (checked several different example rules from internet) > > > - aulast > > > - aulastlog > > > - ausearch > > > - ausyscall > > > - aureport > > > - autrace (compared some syscalls to strace: order and return > > > value/input arguments seem to be correct) > > > - /proc/self/loginuid (required by DNF [package manager]) > > > > > > I looked into audit-testsuite and with some adjustments results are: > > > > > > Failed 4/14 test programs. 19/88 subtests failed. > > > > I realize that the test suite failures are likely not due to your > > code, but rather shortcomings in the test suite itself, but I think it > > is important to resolve these problems before we commit the kernel > > changes. I did some extra work this evening (well, after midnight) and I am passing all bits I would expect to pass. Test Summary Report ------------------- syscall_socketcall/test (Wstat: 0 Tests: 3 Failed: 3) Failed tests: 1-3 Files=14, Tests=88, 107 wallclock secs ( 1.07 usr 0.38 sys + 58.77 cusr 19.32 csys = 79.54 CPU) Result: FAIL Failed 1/14 test programs. 3/88 subtests failed. The only failing test now is syscall_socketcall, which is not supported on riscv and others. From man page: On a some architectures-for example, x86-64 and ARM—there is no socketcall() system call; instead socket(2), accept(2), bind(2), and so on really are implemented as separate system calls. Then I redone syscall_socketcall test to fit new 64-bit arches. It still mostly checks the same thing, but uses different syscall. Instead of socketcall(SYS_CONNECT, ..) we check for connect(..). This will not generate SOCKETCALL record, thus instead check for SYSCALL record where syscall=connect. All is here: https://github.com/davidlt/audit-testsuite/commits/riscv64 With that: Running as user root with context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 on system Fedora exec_execve/test ......... ok exec_name/test ........... ok file_create/test ......... ok file_delete/test ......... ok file_rename/test ......... ok filter_exclude/test ...... ok filter_sessionid/test .... ok login_tty/test ........... ok lost_reset/test .......... ok netfilter_pkt/test ....... ok syscalls_file/test ....... ok syscall_module/test ...... ok syscall_socketcall/test .. ok user_msg/test ............ ok All tests successful. Files=14, Tests=88, 123 wallclock secs ( 1.26 usr 0.59 sys + 70.85 cusr 22.60 csys = 95.30 CPU) Result: PASS Same audit kernel patch and libaudit, nothing changed here. Hopefully this allows to move forward as I would love to have audit & seccomp in the next kernel version (and thus Fedora). Thanks, david _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv ^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2018-11-14 23:41 UTC | newest] Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov 2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov 2018-11-13 1:52 ` Palmer Dabbelt 2018-11-13 1:52 ` Palmer Dabbelt 2018-11-13 23:34 ` Paul Moore 2018-11-13 23:34 ` Paul Moore 2018-11-14 23:40 ` Palmer Dabbelt 2018-11-14 23:40 ` Palmer Dabbelt 2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov 2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore 2018-10-29 22:57 ` Paul Moore 2018-11-06 20:06 ` Paul Moore 2018-11-06 20:06 ` Paul Moore 2018-11-06 21:25 ` David Abdurachmanov 2018-11-06 21:25 ` David Abdurachmanov 2018-11-07 10:45 ` David Abdurachmanov 2018-11-07 10:45 ` David Abdurachmanov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).