linux-riscv.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/2] riscv: add audit support
@ 2018-10-29 10:48 David Abdurachmanov
  2018-10-29 10:48 ` David Abdurachmanov
                   ` (4 more replies)
  0 siblings, 5 replies; 20+ messages in thread
From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw)
  To: linux-riscv

This patchset adds system call audit support on riscv (riscv32 &
riscv64).

The pachset was prepared on top of v4.19 tag.

audit-userspace changes were submitted. See:
https://github.com/linux-audit/audit-userspace/pull/73

Tested the following manually:
- auditctl (checked several different example rules from internet)
- aulast
- aulastlog
- ausearch
- ausyscall
- aureport
- autrace (compared some syscalls to strace: order and return 
  value/input arguments seem to be correct)
- /proc/self/loginuid (required by DNF [package manager])

I looked into audit-testsuite and with some adjustments results are:

Failed 4/14 test programs. 19/88 subtests failed.

The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not 
printing categories (don't know why), not having loadable kernel module
support enablled and syscall_socketcall not being relevant for new arches.

audit-testsuite with adjustments:
https://github.com/davidlt/audit-testsuite/tree/riscv64

Depends on:
[PATCH 1/2] Move EM_RISCV into elf-em.h
http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html

This should solve DNF issues in Fedora 29/RISCV.

David Abdurachmanov (2):
  riscv: add audit support
  riscv: audit: add audit hook in do_syscall_trace_enter/exit()

 arch/riscv/Kconfig                   |  1 +
 arch/riscv/include/asm/ptrace.h      |  5 +++++
 arch/riscv/include/asm/syscall.h     | 10 ++++++++++
 arch/riscv/include/asm/thread_info.h |  6 ++++++
 arch/riscv/kernel/entry.S            |  4 ++--
 arch/riscv/kernel/ptrace.c           |  5 +++++
 include/uapi/linux/audit.h           |  2 ++
 7 files changed, 31 insertions(+), 2 deletions(-)

-- 
2.17.2

^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH 0/2] riscv: add audit support
  2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov
@ 2018-10-29 10:48 ` David Abdurachmanov
  2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 20+ messages in thread
From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw)
  To: palmer, aou, linux-riscv, linux-kernel, linux-audit; +Cc: David Abdurachmanov

This patchset adds system call audit support on riscv (riscv32 &
riscv64).

The pachset was prepared on top of v4.19 tag.

audit-userspace changes were submitted. See:
https://github.com/linux-audit/audit-userspace/pull/73

Tested the following manually:
- auditctl (checked several different example rules from internet)
- aulast
- aulastlog
- ausearch
- ausyscall
- aureport
- autrace (compared some syscalls to strace: order and return 
  value/input arguments seem to be correct)
- /proc/self/loginuid (required by DNF [package manager])

I looked into audit-testsuite and with some adjustments results are:

Failed 4/14 test programs. 19/88 subtests failed.

The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not 
printing categories (don't know why), not having loadable kernel module
support enablled and syscall_socketcall not being relevant for new arches.

audit-testsuite with adjustments:
https://github.com/davidlt/audit-testsuite/tree/riscv64

Depends on:
[PATCH 1/2] Move EM_RISCV into elf-em.h
http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html

This should solve DNF issues in Fedora 29/RISCV.

David Abdurachmanov (2):
  riscv: add audit support
  riscv: audit: add audit hook in do_syscall_trace_enter/exit()

 arch/riscv/Kconfig                   |  1 +
 arch/riscv/include/asm/ptrace.h      |  5 +++++
 arch/riscv/include/asm/syscall.h     | 10 ++++++++++
 arch/riscv/include/asm/thread_info.h |  6 ++++++
 arch/riscv/kernel/entry.S            |  4 ++--
 arch/riscv/kernel/ptrace.c           |  5 +++++
 include/uapi/linux/audit.h           |  2 ++
 7 files changed, 31 insertions(+), 2 deletions(-)

-- 
2.17.2


_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH 1/2] riscv: add audit support
  2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov
  2018-10-29 10:48 ` David Abdurachmanov
@ 2018-10-29 10:48 ` David Abdurachmanov
  2018-10-29 10:48   ` David Abdurachmanov
  2018-11-13  1:52   ` Palmer Dabbelt
  2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov
                   ` (2 subsequent siblings)
  4 siblings, 2 replies; 20+ messages in thread
From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw)
  To: linux-riscv

On RISC-V (riscv) audit is supported through generic lib/audit.c.
The patch adds required arch specific definitions.

Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
---
 arch/riscv/Kconfig                   |  1 +
 arch/riscv/include/asm/ptrace.h      |  5 +++++
 arch/riscv/include/asm/syscall.h     | 10 ++++++++++
 arch/riscv/include/asm/thread_info.h |  6 ++++++
 arch/riscv/kernel/entry.S            |  4 ++--
 include/uapi/linux/audit.h           |  2 ++
 6 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index a344980287a5..8e6d404a4ed0 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -28,6 +28,7 @@ config RISCV
 	select GENERIC_STRNLEN_USER
 	select GENERIC_SMP_IDLE_THREAD
 	select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A
+	select HAVE_ARCH_AUDITSYSCALL
 	select HAVE_MEMBLOCK
 	select HAVE_MEMBLOCK_NODE_MAP
 	select HAVE_DMA_CONTIGUOUS
diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
index 2c5df945d43c..62c5e9d35596 100644
--- a/arch/riscv/include/asm/ptrace.h
+++ b/arch/riscv/include/asm/ptrace.h
@@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs,
 	SET_FP(regs, val);
 }
 
+static inline unsigned long regs_return_value(struct pt_regs *regs)
+{
+	return regs->a0;
+}
+
 #endif /* __ASSEMBLY__ */
 
 #endif /* _ASM_RISCV_PTRACE_H */
diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
index 8d25f8904c00..bba3da6ef157 100644
--- a/arch/riscv/include/asm/syscall.h
+++ b/arch/riscv/include/asm/syscall.h
@@ -18,6 +18,7 @@
 #ifndef _ASM_RISCV_SYSCALL_H
 #define _ASM_RISCV_SYSCALL_H
 
+#include <uapi/linux/audit.h>
 #include <linux/sched.h>
 #include <linux/err.h>
 
@@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
 	memcpy(&regs->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
 }
 
+static inline int syscall_get_arch(void)
+{
+#ifdef CONFIG_64BIT
+	return AUDIT_ARCH_RISCV64;
+#else
+	return AUDIT_ARCH_RISCV32;
+#endif
+}
+
 #endif	/* _ASM_RISCV_SYSCALL_H */
diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h
index f8fa1cd2dad9..1c9cc8389928 100644
--- a/arch/riscv/include/asm/thread_info.h
+++ b/arch/riscv/include/asm/thread_info.h
@@ -80,13 +80,19 @@ struct thread_info {
 #define TIF_RESTORE_SIGMASK	4	/* restore signal mask in do_signal() */
 #define TIF_MEMDIE		5	/* is terminating due to OOM killer */
 #define TIF_SYSCALL_TRACEPOINT  6       /* syscall tracepoint instrumentation */
+#define TIF_SYSCALL_AUDIT	7	/* syscall auditing */
 
 #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
 #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
 #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
 #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
+#define _TIF_SYSCALL_TRACEPOINT	(1 << TIF_SYSCALL_TRACEPOINT)
+#define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT)
 
 #define _TIF_WORK_MASK \
 	(_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED)
 
+#define _TIF_SYSCALL_WORK \
+	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
+
 #endif /* _ASM_RISCV_THREAD_INFO_H */
diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
index fa2c08e3c05e..2a6c2e7aaff3 100644
--- a/arch/riscv/kernel/entry.S
+++ b/arch/riscv/kernel/entry.S
@@ -202,7 +202,7 @@ handle_syscall:
 	REG_S s2, PT_SEPC(sp)
 	/* Trace syscalls, but only if requested by the user. */
 	REG_L t0, TASK_TI_FLAGS(tp)
-	andi t0, t0, _TIF_SYSCALL_TRACE
+	andi t0, t0, _TIF_SYSCALL_WORK
 	bnez t0, handle_syscall_trace_enter
 check_syscall_nr:
 	/* Check to make sure we don't jump to a bogus syscall number. */
@@ -222,7 +222,7 @@ ret_from_syscall:
 	REG_S a0, PT_A0(sp)
 	/* Trace syscalls, but only if requested by the user. */
 	REG_L t0, TASK_TI_FLAGS(tp)
-	andi t0, t0, _TIF_SYSCALL_TRACE
+	andi t0, t0, _TIF_SYSCALL_WORK
 	bnez t0, handle_syscall_trace_exit
 
 ret_from_exception:
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 818ae690ab79..d0e037a96a7b 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -399,6 +399,8 @@ enum {
 /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
 #define AUDIT_ARCH_PPC64	(EM_PPC64|__AUDIT_ARCH_64BIT)
 #define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_RISCV32	(EM_RISCV|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_RISCV64	(EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_S390		(EM_S390)
 #define AUDIT_ARCH_S390X	(EM_S390|__AUDIT_ARCH_64BIT)
 #define AUDIT_ARCH_SH		(EM_SH)
-- 
2.17.2

^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH 1/2] riscv: add audit support
  2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov
@ 2018-10-29 10:48   ` David Abdurachmanov
  2018-11-13  1:52   ` Palmer Dabbelt
  1 sibling, 0 replies; 20+ messages in thread
From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw)
  To: palmer, aou, linux-riscv, linux-kernel, linux-audit; +Cc: David Abdurachmanov

On RISC-V (riscv) audit is supported through generic lib/audit.c.
The patch adds required arch specific definitions.

Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
---
 arch/riscv/Kconfig                   |  1 +
 arch/riscv/include/asm/ptrace.h      |  5 +++++
 arch/riscv/include/asm/syscall.h     | 10 ++++++++++
 arch/riscv/include/asm/thread_info.h |  6 ++++++
 arch/riscv/kernel/entry.S            |  4 ++--
 include/uapi/linux/audit.h           |  2 ++
 6 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index a344980287a5..8e6d404a4ed0 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -28,6 +28,7 @@ config RISCV
 	select GENERIC_STRNLEN_USER
 	select GENERIC_SMP_IDLE_THREAD
 	select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A
+	select HAVE_ARCH_AUDITSYSCALL
 	select HAVE_MEMBLOCK
 	select HAVE_MEMBLOCK_NODE_MAP
 	select HAVE_DMA_CONTIGUOUS
diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
index 2c5df945d43c..62c5e9d35596 100644
--- a/arch/riscv/include/asm/ptrace.h
+++ b/arch/riscv/include/asm/ptrace.h
@@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs,
 	SET_FP(regs, val);
 }
 
+static inline unsigned long regs_return_value(struct pt_regs *regs)
+{
+	return regs->a0;
+}
+
 #endif /* __ASSEMBLY__ */
 
 #endif /* _ASM_RISCV_PTRACE_H */
diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
index 8d25f8904c00..bba3da6ef157 100644
--- a/arch/riscv/include/asm/syscall.h
+++ b/arch/riscv/include/asm/syscall.h
@@ -18,6 +18,7 @@
 #ifndef _ASM_RISCV_SYSCALL_H
 #define _ASM_RISCV_SYSCALL_H
 
+#include <uapi/linux/audit.h>
 #include <linux/sched.h>
 #include <linux/err.h>
 
@@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
 	memcpy(&regs->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
 }
 
+static inline int syscall_get_arch(void)
+{
+#ifdef CONFIG_64BIT
+	return AUDIT_ARCH_RISCV64;
+#else
+	return AUDIT_ARCH_RISCV32;
+#endif
+}
+
 #endif	/* _ASM_RISCV_SYSCALL_H */
diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h
index f8fa1cd2dad9..1c9cc8389928 100644
--- a/arch/riscv/include/asm/thread_info.h
+++ b/arch/riscv/include/asm/thread_info.h
@@ -80,13 +80,19 @@ struct thread_info {
 #define TIF_RESTORE_SIGMASK	4	/* restore signal mask in do_signal() */
 #define TIF_MEMDIE		5	/* is terminating due to OOM killer */
 #define TIF_SYSCALL_TRACEPOINT  6       /* syscall tracepoint instrumentation */
+#define TIF_SYSCALL_AUDIT	7	/* syscall auditing */
 
 #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
 #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
 #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
 #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
+#define _TIF_SYSCALL_TRACEPOINT	(1 << TIF_SYSCALL_TRACEPOINT)
+#define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT)
 
 #define _TIF_WORK_MASK \
 	(_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED)
 
+#define _TIF_SYSCALL_WORK \
+	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
+
 #endif /* _ASM_RISCV_THREAD_INFO_H */
diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
index fa2c08e3c05e..2a6c2e7aaff3 100644
--- a/arch/riscv/kernel/entry.S
+++ b/arch/riscv/kernel/entry.S
@@ -202,7 +202,7 @@ handle_syscall:
 	REG_S s2, PT_SEPC(sp)
 	/* Trace syscalls, but only if requested by the user. */
 	REG_L t0, TASK_TI_FLAGS(tp)
-	andi t0, t0, _TIF_SYSCALL_TRACE
+	andi t0, t0, _TIF_SYSCALL_WORK
 	bnez t0, handle_syscall_trace_enter
 check_syscall_nr:
 	/* Check to make sure we don't jump to a bogus syscall number. */
@@ -222,7 +222,7 @@ ret_from_syscall:
 	REG_S a0, PT_A0(sp)
 	/* Trace syscalls, but only if requested by the user. */
 	REG_L t0, TASK_TI_FLAGS(tp)
-	andi t0, t0, _TIF_SYSCALL_TRACE
+	andi t0, t0, _TIF_SYSCALL_WORK
 	bnez t0, handle_syscall_trace_exit
 
 ret_from_exception:
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 818ae690ab79..d0e037a96a7b 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -399,6 +399,8 @@ enum {
 /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
 #define AUDIT_ARCH_PPC64	(EM_PPC64|__AUDIT_ARCH_64BIT)
 #define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_RISCV32	(EM_RISCV|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_RISCV64	(EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_S390		(EM_S390)
 #define AUDIT_ARCH_S390X	(EM_S390|__AUDIT_ARCH_64BIT)
 #define AUDIT_ARCH_SH		(EM_SH)
-- 
2.17.2


_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit()
  2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov
  2018-10-29 10:48 ` David Abdurachmanov
  2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov
@ 2018-10-29 10:48 ` David Abdurachmanov
  2018-10-29 10:48   ` David Abdurachmanov
  2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore
  2018-11-06 20:06 ` Paul Moore
  4 siblings, 1 reply; 20+ messages in thread
From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw)
  To: linux-riscv

This patch adds auditing functions on entry to and exit from every system
call invocation.

Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
---
 arch/riscv/kernel/ptrace.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c
index 9f82a7e34c64..85b0c93f00c6 100644
--- a/arch/riscv/kernel/ptrace.c
+++ b/arch/riscv/kernel/ptrace.c
@@ -18,6 +18,7 @@
 #include <asm/ptrace.h>
 #include <asm/syscall.h>
 #include <asm/thread_info.h>
+#include <linux/audit.h>
 #include <linux/ptrace.h>
 #include <linux/elf.h>
 #include <linux/regset.h>
@@ -111,10 +112,14 @@ void do_syscall_trace_enter(struct pt_regs *regs)
 	if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
 		trace_sys_enter(regs, syscall_get_nr(current, regs));
 #endif
+
+	audit_syscall_entry(regs->a7, regs->a0, regs->a1, regs->a2, regs->a3);
 }
 
 void do_syscall_trace_exit(struct pt_regs *regs)
 {
+	audit_syscall_exit(regs);
+
 	if (test_thread_flag(TIF_SYSCALL_TRACE))
 		tracehook_report_syscall_exit(regs, 0);
 
-- 
2.17.2

^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit()
  2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov
@ 2018-10-29 10:48   ` David Abdurachmanov
  0 siblings, 0 replies; 20+ messages in thread
From: David Abdurachmanov @ 2018-10-29 10:48 UTC (permalink / raw)
  To: palmer, aou, linux-riscv, linux-kernel, linux-audit; +Cc: David Abdurachmanov

This patch adds auditing functions on entry to and exit from every system
call invocation.

Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
---
 arch/riscv/kernel/ptrace.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c
index 9f82a7e34c64..85b0c93f00c6 100644
--- a/arch/riscv/kernel/ptrace.c
+++ b/arch/riscv/kernel/ptrace.c
@@ -18,6 +18,7 @@
 #include <asm/ptrace.h>
 #include <asm/syscall.h>
 #include <asm/thread_info.h>
+#include <linux/audit.h>
 #include <linux/ptrace.h>
 #include <linux/elf.h>
 #include <linux/regset.h>
@@ -111,10 +112,14 @@ void do_syscall_trace_enter(struct pt_regs *regs)
 	if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
 		trace_sys_enter(regs, syscall_get_nr(current, regs));
 #endif
+
+	audit_syscall_entry(regs->a7, regs->a0, regs->a1, regs->a2, regs->a3);
 }
 
 void do_syscall_trace_exit(struct pt_regs *regs)
 {
+	audit_syscall_exit(regs);
+
 	if (test_thread_flag(TIF_SYSCALL_TRACE))
 		tracehook_report_syscall_exit(regs, 0);
 
-- 
2.17.2


_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [PATCH 0/2] riscv: add audit support
  2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov
                   ` (2 preceding siblings ...)
  2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov
@ 2018-10-29 22:57 ` Paul Moore
  2018-10-29 22:57   ` Paul Moore
  2018-11-06 20:06 ` Paul Moore
  4 siblings, 1 reply; 20+ messages in thread
From: Paul Moore @ 2018-10-29 22:57 UTC (permalink / raw)
  To: linux-riscv

On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov
<david.abdurachmanov@gmail.com> wrote:
> This patchset adds system call audit support on riscv (riscv32 &
> riscv64).
>
> The pachset was prepared on top of v4.19 tag.
>
> audit-userspace changes were submitted. See:
> https://github.com/linux-audit/audit-userspace/pull/73
>
> Tested the following manually:
> - auditctl (checked several different example rules from internet)
> - aulast
> - aulastlog
> - ausearch
> - ausyscall
> - aureport
> - autrace (compared some syscalls to strace: order and return
>   value/input arguments seem to be correct)
> - /proc/self/loginuid (required by DNF [package manager])
>
> I looked into audit-testsuite and with some adjustments results are:
>
> Failed 4/14 test programs. 19/88 subtests failed.
>
> The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not
> printing categories (don't know why), not having loadable kernel module
> support enablled and syscall_socketcall not being relevant for new arches.
>
> audit-testsuite with adjustments:
> https://github.com/davidlt/audit-testsuite/tree/riscv64
>
> Depends on:
> [PATCH 1/2] Move EM_RISCV into elf-em.h
> http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html
>
> This should solve DNF issues in Fedora 29/RISCV.
>
> David Abdurachmanov (2):
>   riscv: add audit support
>   riscv: audit: add audit hook in do_syscall_trace_enter/exit()
>
>  arch/riscv/Kconfig                   |  1 +
>  arch/riscv/include/asm/ptrace.h      |  5 +++++
>  arch/riscv/include/asm/syscall.h     | 10 ++++++++++
>  arch/riscv/include/asm/thread_info.h |  6 ++++++
>  arch/riscv/kernel/entry.S            |  4 ++--
>  arch/riscv/kernel/ptrace.c           |  5 +++++
>  include/uapi/linux/audit.h           |  2 ++
>  7 files changed, 31 insertions(+), 2 deletions(-)

Thanks for the patches David, I'll be able to take a closer look next
week once the merge window is closed.

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH 0/2] riscv: add audit support
  2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore
@ 2018-10-29 22:57   ` Paul Moore
  0 siblings, 0 replies; 20+ messages in thread
From: Paul Moore @ 2018-10-29 22:57 UTC (permalink / raw)
  To: david.abdurachmanov; +Cc: linux-riscv, palmer, linux-kernel, aou, linux-audit

On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov
<david.abdurachmanov@gmail.com> wrote:
> This patchset adds system call audit support on riscv (riscv32 &
> riscv64).
>
> The pachset was prepared on top of v4.19 tag.
>
> audit-userspace changes were submitted. See:
> https://github.com/linux-audit/audit-userspace/pull/73
>
> Tested the following manually:
> - auditctl (checked several different example rules from internet)
> - aulast
> - aulastlog
> - ausearch
> - ausyscall
> - aureport
> - autrace (compared some syscalls to strace: order and return
>   value/input arguments seem to be correct)
> - /proc/self/loginuid (required by DNF [package manager])
>
> I looked into audit-testsuite and with some adjustments results are:
>
> Failed 4/14 test programs. 19/88 subtests failed.
>
> The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not
> printing categories (don't know why), not having loadable kernel module
> support enablled and syscall_socketcall not being relevant for new arches.
>
> audit-testsuite with adjustments:
> https://github.com/davidlt/audit-testsuite/tree/riscv64
>
> Depends on:
> [PATCH 1/2] Move EM_RISCV into elf-em.h
> http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html
>
> This should solve DNF issues in Fedora 29/RISCV.
>
> David Abdurachmanov (2):
>   riscv: add audit support
>   riscv: audit: add audit hook in do_syscall_trace_enter/exit()
>
>  arch/riscv/Kconfig                   |  1 +
>  arch/riscv/include/asm/ptrace.h      |  5 +++++
>  arch/riscv/include/asm/syscall.h     | 10 ++++++++++
>  arch/riscv/include/asm/thread_info.h |  6 ++++++
>  arch/riscv/kernel/entry.S            |  4 ++--
>  arch/riscv/kernel/ptrace.c           |  5 +++++
>  include/uapi/linux/audit.h           |  2 ++
>  7 files changed, 31 insertions(+), 2 deletions(-)

Thanks for the patches David, I'll be able to take a closer look next
week once the merge window is closed.

-- 
paul moore
www.paul-moore.com

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH 0/2] riscv: add audit support
  2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov
                   ` (3 preceding siblings ...)
  2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore
@ 2018-11-06 20:06 ` Paul Moore
  2018-11-06 20:06   ` Paul Moore
  2018-11-06 21:25   ` David Abdurachmanov
  4 siblings, 2 replies; 20+ messages in thread
From: Paul Moore @ 2018-11-06 20:06 UTC (permalink / raw)
  To: linux-riscv

On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov
<david.abdurachmanov@gmail.com> wrote:
> This patchset adds system call audit support on riscv (riscv32 &
> riscv64).
>
> The pachset was prepared on top of v4.19 tag.
>
> audit-userspace changes were submitted. See:
> https://github.com/linux-audit/audit-userspace/pull/73
>
> Tested the following manually:
> - auditctl (checked several different example rules from internet)
> - aulast
> - aulastlog
> - ausearch
> - ausyscall
> - aureport
> - autrace (compared some syscalls to strace: order and return
>   value/input arguments seem to be correct)
> - /proc/self/loginuid (required by DNF [package manager])
>
> I looked into audit-testsuite and with some adjustments results are:
>
> Failed 4/14 test programs. 19/88 subtests failed.

I realize that the test suite failures are likely not due to your
code, but rather shortcomings in the test suite itself, but I think it
is important to resolve these problems before we commit the kernel
changes.

You mention Fedora 29/RISCV below, is that the distro you are using
for testing?  Also, are you using a stock kernel config from the
distro or your own?

> The failing tests were due to missing CONFIG_IP_NF_MANGLE ...

Assuming a general purpose like Fedora, that seems like an odd
omission.  Any chance you can rebuild your kernel with the mangle
table?

> ... 'id -Z' not printing categories (don't know why) ...

Are you seeing the MLS/MCS sensitivity level, s0, or are you not
seeing any of the MLS/MCS fields?

> ... not having loadable kernel module support enablled ...

Much like the netfilter config, any chance you can enable this in your kernel?

> ... and syscall_socketcall not being relevant for new arches.

We will probably need to make that ABI dependent in the test suite.

> audit-testsuite with adjustments:
> https://github.com/davidlt/audit-testsuite/tree/riscv64
>
> Depends on:
> [PATCH 1/2] Move EM_RISCV into elf-em.h
> http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html
>
> This should solve DNF issues in Fedora 29/RISCV.

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH 0/2] riscv: add audit support
  2018-11-06 20:06 ` Paul Moore
@ 2018-11-06 20:06   ` Paul Moore
  2018-11-06 21:25   ` David Abdurachmanov
  1 sibling, 0 replies; 20+ messages in thread
From: Paul Moore @ 2018-11-06 20:06 UTC (permalink / raw)
  To: david.abdurachmanov; +Cc: linux-riscv, palmer, linux-kernel, aou, linux-audit

On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov
<david.abdurachmanov@gmail.com> wrote:
> This patchset adds system call audit support on riscv (riscv32 &
> riscv64).
>
> The pachset was prepared on top of v4.19 tag.
>
> audit-userspace changes were submitted. See:
> https://github.com/linux-audit/audit-userspace/pull/73
>
> Tested the following manually:
> - auditctl (checked several different example rules from internet)
> - aulast
> - aulastlog
> - ausearch
> - ausyscall
> - aureport
> - autrace (compared some syscalls to strace: order and return
>   value/input arguments seem to be correct)
> - /proc/self/loginuid (required by DNF [package manager])
>
> I looked into audit-testsuite and with some adjustments results are:
>
> Failed 4/14 test programs. 19/88 subtests failed.

I realize that the test suite failures are likely not due to your
code, but rather shortcomings in the test suite itself, but I think it
is important to resolve these problems before we commit the kernel
changes.

You mention Fedora 29/RISCV below, is that the distro you are using
for testing?  Also, are you using a stock kernel config from the
distro or your own?

> The failing tests were due to missing CONFIG_IP_NF_MANGLE ...

Assuming a general purpose like Fedora, that seems like an odd
omission.  Any chance you can rebuild your kernel with the mangle
table?

> ... 'id -Z' not printing categories (don't know why) ...

Are you seeing the MLS/MCS sensitivity level, s0, or are you not
seeing any of the MLS/MCS fields?

> ... not having loadable kernel module support enablled ...

Much like the netfilter config, any chance you can enable this in your kernel?

> ... and syscall_socketcall not being relevant for new arches.

We will probably need to make that ABI dependent in the test suite.

> audit-testsuite with adjustments:
> https://github.com/davidlt/audit-testsuite/tree/riscv64
>
> Depends on:
> [PATCH 1/2] Move EM_RISCV into elf-em.h
> http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html
>
> This should solve DNF issues in Fedora 29/RISCV.

-- 
paul moore
www.paul-moore.com

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH 0/2] riscv: add audit support
  2018-11-06 20:06 ` Paul Moore
  2018-11-06 20:06   ` Paul Moore
@ 2018-11-06 21:25   ` David Abdurachmanov
  2018-11-06 21:25     ` David Abdurachmanov
  2018-11-07 10:45     ` David Abdurachmanov
  1 sibling, 2 replies; 20+ messages in thread
From: David Abdurachmanov @ 2018-11-06 21:25 UTC (permalink / raw)
  To: linux-riscv

On Tue, Nov 6, 2018 at 9:06 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov
> <david.abdurachmanov@gmail.com> wrote:
> > This patchset adds system call audit support on riscv (riscv32 &
> > riscv64).
> >
> > The pachset was prepared on top of v4.19 tag.
> >
> > audit-userspace changes were submitted. See:
> > https://github.com/linux-audit/audit-userspace/pull/73
> >
> > Tested the following manually:
> > - auditctl (checked several different example rules from internet)
> > - aulast
> > - aulastlog
> > - ausearch
> > - ausyscall
> > - aureport
> > - autrace (compared some syscalls to strace: order and return
> >   value/input arguments seem to be correct)
> > - /proc/self/loginuid (required by DNF [package manager])
> >
> > I looked into audit-testsuite and with some adjustments results are:
> >
> > Failed 4/14 test programs. 19/88 subtests failed.
>
> I realize that the test suite failures are likely not due to your
> code, but rather shortcomings in the test suite itself, but I think it
> is important to resolve these problems before we commit the kernel
> changes.
>
> You mention Fedora 29/RISCV below, is that the distro you are using
> for testing?  Also, are you using a stock kernel config from the
> distro or your own?
>
> > The failing tests were due to missing CONFIG_IP_NF_MANGLE ...
>
> Assuming a general purpose like Fedora, that seems like an odd
> omission.  Any chance you can rebuild your kernel with the mangle
> table?

When we build Fedora, the kernel is not built in a standard way. It's only
build statically and contains minimal setup. We also don't do loadable
kernel modules, because there wasn't support for it months ago. It's
not tested yet by us.

I did rebuild with CONFIG_IP_NF_MANGLE, but I think, there was more
stuff missing. Have to look again.

I am experimenting on building kernel in normal Fedora way, but there
are some issues right now. It also takes 12-24 hours for a single attempt.

>
> > ... 'id -Z' not printing categories (don't know why) ...
>
> Are you seeing the MLS/MCS sensitivity level, s0, or are you not
> seeing any of the MLS/MCS fields?

I boot my VM "selinux=1 enforcing=0".

[root at fedora-riscv ~]# semanage login -l

Login Name           SELinux User         MLS/MCS Range        Service

__default__          unconfined_u         s0-s0:c0.c1023       *
root                 unconfined_u         s0-s0:c0.c1023       *
[root at fedora-riscv ~]# id -Z
unconfined_u:unconfined_r:unconfined_t:s0

>
> > ... not having loadable kernel module support enablled ...
>
> Much like the netfilter config, any chance you can enable this in your kernel?

Experimenting, not sure if it works yet.

>
> > ... and syscall_socketcall not being relevant for new arches.
>
> We will probably need to make that ABI dependent in the test suite.
>
> > audit-testsuite with adjustments:
> > https://github.com/davidlt/audit-testsuite/tree/riscv64
> >
> > Depends on:
> > [PATCH 1/2] Move EM_RISCV into elf-em.h
> > http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html
> >
> > This should solve DNF issues in Fedora 29/RISCV.
>
> --
> paul moore
> www.paul-moore.com

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH 0/2] riscv: add audit support
  2018-11-06 21:25   ` David Abdurachmanov
@ 2018-11-06 21:25     ` David Abdurachmanov
  2018-11-07 10:45     ` David Abdurachmanov
  1 sibling, 0 replies; 20+ messages in thread
From: David Abdurachmanov @ 2018-11-06 21:25 UTC (permalink / raw)
  To: Paul Moore; +Cc: linux-riscv, Palmer Dabbelt, linux-kernel, aou, linux-audit

On Tue, Nov 6, 2018 at 9:06 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov
> <david.abdurachmanov@gmail.com> wrote:
> > This patchset adds system call audit support on riscv (riscv32 &
> > riscv64).
> >
> > The pachset was prepared on top of v4.19 tag.
> >
> > audit-userspace changes were submitted. See:
> > https://github.com/linux-audit/audit-userspace/pull/73
> >
> > Tested the following manually:
> > - auditctl (checked several different example rules from internet)
> > - aulast
> > - aulastlog
> > - ausearch
> > - ausyscall
> > - aureport
> > - autrace (compared some syscalls to strace: order and return
> >   value/input arguments seem to be correct)
> > - /proc/self/loginuid (required by DNF [package manager])
> >
> > I looked into audit-testsuite and with some adjustments results are:
> >
> > Failed 4/14 test programs. 19/88 subtests failed.
>
> I realize that the test suite failures are likely not due to your
> code, but rather shortcomings in the test suite itself, but I think it
> is important to resolve these problems before we commit the kernel
> changes.
>
> You mention Fedora 29/RISCV below, is that the distro you are using
> for testing?  Also, are you using a stock kernel config from the
> distro or your own?
>
> > The failing tests were due to missing CONFIG_IP_NF_MANGLE ...
>
> Assuming a general purpose like Fedora, that seems like an odd
> omission.  Any chance you can rebuild your kernel with the mangle
> table?

When we build Fedora, the kernel is not built in a standard way. It's only
build statically and contains minimal setup. We also don't do loadable
kernel modules, because there wasn't support for it months ago. It's
not tested yet by us.

I did rebuild with CONFIG_IP_NF_MANGLE, but I think, there was more
stuff missing. Have to look again.

I am experimenting on building kernel in normal Fedora way, but there
are some issues right now. It also takes 12-24 hours for a single attempt.

>
> > ... 'id -Z' not printing categories (don't know why) ...
>
> Are you seeing the MLS/MCS sensitivity level, s0, or are you not
> seeing any of the MLS/MCS fields?

I boot my VM "selinux=1 enforcing=0".

[root@fedora-riscv ~]# semanage login -l

Login Name           SELinux User         MLS/MCS Range        Service

__default__          unconfined_u         s0-s0:c0.c1023       *
root                 unconfined_u         s0-s0:c0.c1023       *
[root@fedora-riscv ~]# id -Z
unconfined_u:unconfined_r:unconfined_t:s0

>
> > ... not having loadable kernel module support enablled ...
>
> Much like the netfilter config, any chance you can enable this in your kernel?

Experimenting, not sure if it works yet.

>
> > ... and syscall_socketcall not being relevant for new arches.
>
> We will probably need to make that ABI dependent in the test suite.
>
> > audit-testsuite with adjustments:
> > https://github.com/davidlt/audit-testsuite/tree/riscv64
> >
> > Depends on:
> > [PATCH 1/2] Move EM_RISCV into elf-em.h
> > http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html
> >
> > This should solve DNF issues in Fedora 29/RISCV.
>
> --
> paul moore
> www.paul-moore.com

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH 0/2] riscv: add audit support
  2018-11-06 21:25   ` David Abdurachmanov
  2018-11-06 21:25     ` David Abdurachmanov
@ 2018-11-07 10:45     ` David Abdurachmanov
  2018-11-07 10:45       ` David Abdurachmanov
  1 sibling, 1 reply; 20+ messages in thread
From: David Abdurachmanov @ 2018-11-07 10:45 UTC (permalink / raw)
  To: linux-riscv

On Tue, Nov 6, 2018 at 10:25 PM David Abdurachmanov
<david.abdurachmanov@gmail.com> wrote:
>
> On Tue, Nov 6, 2018 at 9:06 PM Paul Moore <paul@paul-moore.com> wrote:
> >
> > On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov
> > <david.abdurachmanov@gmail.com> wrote:
> > > This patchset adds system call audit support on riscv (riscv32 &
> > > riscv64).
> > >
> > > The pachset was prepared on top of v4.19 tag.
> > >
> > > audit-userspace changes were submitted. See:
> > > https://github.com/linux-audit/audit-userspace/pull/73
> > >
> > > Tested the following manually:
> > > - auditctl (checked several different example rules from internet)
> > > - aulast
> > > - aulastlog
> > > - ausearch
> > > - ausyscall
> > > - aureport
> > > - autrace (compared some syscalls to strace: order and return
> > >   value/input arguments seem to be correct)
> > > - /proc/self/loginuid (required by DNF [package manager])
> > >
> > > I looked into audit-testsuite and with some adjustments results are:
> > >
> > > Failed 4/14 test programs. 19/88 subtests failed.
> >
> > I realize that the test suite failures are likely not due to your
> > code, but rather shortcomings in the test suite itself, but I think it
> > is important to resolve these problems before we commit the kernel
> > changes.

I did some extra work this evening (well, after midnight) and I am passing
all bits I would expect to pass.

Test Summary Report
-------------------
syscall_socketcall/test (Wstat: 0 Tests: 3 Failed: 3)
  Failed tests:  1-3
Files=14, Tests=88, 107 wallclock secs ( 1.07 usr  0.38 sys + 58.77
cusr 19.32 csys = 79.54 CPU)
Result: FAIL
Failed 1/14 test programs. 3/88 subtests failed.

The only failing test now is syscall_socketcall, which is not supported on
riscv and others.

>From man page:

On a some architectures-for example, x86-64 and ARM?there is no
       socketcall() system call; instead socket(2), accept(2), bind(2), and
       so on really are implemented as separate system calls.

Then I redone syscall_socketcall test to fit new 64-bit arches. It still
mostly checks the same thing, but uses different syscall. Instead of
socketcall(SYS_CONNECT, ..) we check for connect(..). This will not
generate SOCKETCALL record, thus instead check for SYSCALL
record where syscall=connect.

All is here: https://github.com/davidlt/audit-testsuite/commits/riscv64

With that:

Running as   user    root
        with context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
        on   system  Fedora

exec_execve/test ......... ok
exec_name/test ........... ok
file_create/test ......... ok
file_delete/test ......... ok
file_rename/test ......... ok
filter_exclude/test ...... ok
filter_sessionid/test .... ok
login_tty/test ........... ok
lost_reset/test .......... ok
netfilter_pkt/test ....... ok
syscalls_file/test ....... ok
syscall_module/test ...... ok
syscall_socketcall/test .. ok
user_msg/test ............ ok
All tests successful.
Files=14, Tests=88, 123 wallclock secs ( 1.26 usr  0.59 sys + 70.85
cusr 22.60 csys = 95.30 CPU)
Result: PASS

Same audit kernel patch and libaudit, nothing changed here.

Hopefully this allows to move forward as I would love to have
audit & seccomp in the next kernel version (and thus Fedora).

Thanks,
david

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH 0/2] riscv: add audit support
  2018-11-07 10:45     ` David Abdurachmanov
@ 2018-11-07 10:45       ` David Abdurachmanov
  0 siblings, 0 replies; 20+ messages in thread
From: David Abdurachmanov @ 2018-11-07 10:45 UTC (permalink / raw)
  To: Paul Moore; +Cc: linux-riscv, Palmer Dabbelt, linux-kernel, aou, linux-audit

On Tue, Nov 6, 2018 at 10:25 PM David Abdurachmanov
<david.abdurachmanov@gmail.com> wrote:
>
> On Tue, Nov 6, 2018 at 9:06 PM Paul Moore <paul@paul-moore.com> wrote:
> >
> > On Mon, Oct 29, 2018 at 6:49 AM David Abdurachmanov
> > <david.abdurachmanov@gmail.com> wrote:
> > > This patchset adds system call audit support on riscv (riscv32 &
> > > riscv64).
> > >
> > > The pachset was prepared on top of v4.19 tag.
> > >
> > > audit-userspace changes were submitted. See:
> > > https://github.com/linux-audit/audit-userspace/pull/73
> > >
> > > Tested the following manually:
> > > - auditctl (checked several different example rules from internet)
> > > - aulast
> > > - aulastlog
> > > - ausearch
> > > - ausyscall
> > > - aureport
> > > - autrace (compared some syscalls to strace: order and return
> > >   value/input arguments seem to be correct)
> > > - /proc/self/loginuid (required by DNF [package manager])
> > >
> > > I looked into audit-testsuite and with some adjustments results are:
> > >
> > > Failed 4/14 test programs. 19/88 subtests failed.
> >
> > I realize that the test suite failures are likely not due to your
> > code, but rather shortcomings in the test suite itself, but I think it
> > is important to resolve these problems before we commit the kernel
> > changes.

I did some extra work this evening (well, after midnight) and I am passing
all bits I would expect to pass.

Test Summary Report
-------------------
syscall_socketcall/test (Wstat: 0 Tests: 3 Failed: 3)
  Failed tests:  1-3
Files=14, Tests=88, 107 wallclock secs ( 1.07 usr  0.38 sys + 58.77
cusr 19.32 csys = 79.54 CPU)
Result: FAIL
Failed 1/14 test programs. 3/88 subtests failed.

The only failing test now is syscall_socketcall, which is not supported on
riscv and others.

From man page:

On a some architectures-for example, x86-64 and ARM—there is no
       socketcall() system call; instead socket(2), accept(2), bind(2), and
       so on really are implemented as separate system calls.

Then I redone syscall_socketcall test to fit new 64-bit arches. It still
mostly checks the same thing, but uses different syscall. Instead of
socketcall(SYS_CONNECT, ..) we check for connect(..). This will not
generate SOCKETCALL record, thus instead check for SYSCALL
record where syscall=connect.

All is here: https://github.com/davidlt/audit-testsuite/commits/riscv64

With that:

Running as   user    root
        with context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
        on   system  Fedora

exec_execve/test ......... ok
exec_name/test ........... ok
file_create/test ......... ok
file_delete/test ......... ok
file_rename/test ......... ok
filter_exclude/test ...... ok
filter_sessionid/test .... ok
login_tty/test ........... ok
lost_reset/test .......... ok
netfilter_pkt/test ....... ok
syscalls_file/test ....... ok
syscall_module/test ...... ok
syscall_socketcall/test .. ok
user_msg/test ............ ok
All tests successful.
Files=14, Tests=88, 123 wallclock secs ( 1.26 usr  0.59 sys + 70.85
cusr 22.60 csys = 95.30 CPU)
Result: PASS

Same audit kernel patch and libaudit, nothing changed here.

Hopefully this allows to move forward as I would love to have
audit & seccomp in the next kernel version (and thus Fedora).

Thanks,
david

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH 1/2] riscv: add audit support
  2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov
  2018-10-29 10:48   ` David Abdurachmanov
@ 2018-11-13  1:52   ` Palmer Dabbelt
  2018-11-13  1:52     ` Palmer Dabbelt
  2018-11-13 23:34     ` Paul Moore
  1 sibling, 2 replies; 20+ messages in thread
From: Palmer Dabbelt @ 2018-11-13  1:52 UTC (permalink / raw)
  To: linux-riscv

On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov at gmail.com wrote:
> On RISC-V (riscv) audit is supported through generic lib/audit.c.
> The patch adds required arch specific definitions.
>
> Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
> ---
>  arch/riscv/Kconfig                   |  1 +
>  arch/riscv/include/asm/ptrace.h      |  5 +++++
>  arch/riscv/include/asm/syscall.h     | 10 ++++++++++
>  arch/riscv/include/asm/thread_info.h |  6 ++++++
>  arch/riscv/kernel/entry.S            |  4 ++--
>  include/uapi/linux/audit.h           |  2 ++
>  6 files changed, 26 insertions(+), 2 deletions(-)
>
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index a344980287a5..8e6d404a4ed0 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -28,6 +28,7 @@ config RISCV
>  	select GENERIC_STRNLEN_USER
>  	select GENERIC_SMP_IDLE_THREAD
>  	select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A
> +	select HAVE_ARCH_AUDITSYSCALL
>  	select HAVE_MEMBLOCK
>  	select HAVE_MEMBLOCK_NODE_MAP
>  	select HAVE_DMA_CONTIGUOUS
> diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
> index 2c5df945d43c..62c5e9d35596 100644
> --- a/arch/riscv/include/asm/ptrace.h
> +++ b/arch/riscv/include/asm/ptrace.h
> @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs,
>  	SET_FP(regs, val);
>  }
>
> +static inline unsigned long regs_return_value(struct pt_regs *regs)
> +{
> +	return regs->a0;
> +}
> +
>  #endif /* __ASSEMBLY__ */
>
>  #endif /* _ASM_RISCV_PTRACE_H */
> diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
> index 8d25f8904c00..bba3da6ef157 100644
> --- a/arch/riscv/include/asm/syscall.h
> +++ b/arch/riscv/include/asm/syscall.h
> @@ -18,6 +18,7 @@
>  #ifndef _ASM_RISCV_SYSCALL_H
>  #define _ASM_RISCV_SYSCALL_H
>
> +#include <uapi/linux/audit.h>
>  #include <linux/sched.h>
>  #include <linux/err.h>
>
> @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
>  	memcpy(&regs->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
>  }
>
> +static inline int syscall_get_arch(void)
> +{
> +#ifdef CONFIG_64BIT
> +	return AUDIT_ARCH_RISCV64;
> +#else
> +	return AUDIT_ARCH_RISCV32;
> +#endif
> +}
> +
>  #endif	/* _ASM_RISCV_SYSCALL_H */
> diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h
> index f8fa1cd2dad9..1c9cc8389928 100644
> --- a/arch/riscv/include/asm/thread_info.h
> +++ b/arch/riscv/include/asm/thread_info.h
> @@ -80,13 +80,19 @@ struct thread_info {
>  #define TIF_RESTORE_SIGMASK	4	/* restore signal mask in do_signal() */
>  #define TIF_MEMDIE		5	/* is terminating due to OOM killer */
>  #define TIF_SYSCALL_TRACEPOINT  6       /* syscall tracepoint instrumentation */
> +#define TIF_SYSCALL_AUDIT	7	/* syscall auditing */
>
>  #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
>  #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
>  #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
>  #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
> +#define _TIF_SYSCALL_TRACEPOINT	(1 << TIF_SYSCALL_TRACEPOINT)
> +#define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT)
>
>  #define _TIF_WORK_MASK \
>  	(_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED)
>
> +#define _TIF_SYSCALL_WORK \
> +	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
> +
>  #endif /* _ASM_RISCV_THREAD_INFO_H */
> diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> index fa2c08e3c05e..2a6c2e7aaff3 100644
> --- a/arch/riscv/kernel/entry.S
> +++ b/arch/riscv/kernel/entry.S
> @@ -202,7 +202,7 @@ handle_syscall:
>  	REG_S s2, PT_SEPC(sp)
>  	/* Trace syscalls, but only if requested by the user. */
>  	REG_L t0, TASK_TI_FLAGS(tp)
> -	andi t0, t0, _TIF_SYSCALL_TRACE
> +	andi t0, t0, _TIF_SYSCALL_WORK
>  	bnez t0, handle_syscall_trace_enter
>  check_syscall_nr:
>  	/* Check to make sure we don't jump to a bogus syscall number. */
> @@ -222,7 +222,7 @@ ret_from_syscall:
>  	REG_S a0, PT_A0(sp)
>  	/* Trace syscalls, but only if requested by the user. */
>  	REG_L t0, TASK_TI_FLAGS(tp)
> -	andi t0, t0, _TIF_SYSCALL_TRACE
> +	andi t0, t0, _TIF_SYSCALL_WORK
>  	bnez t0, handle_syscall_trace_exit
>
>  ret_from_exception:
> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> index 818ae690ab79..d0e037a96a7b 100644
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@ -399,6 +399,8 @@ enum {
>  /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
>  #define AUDIT_ARCH_PPC64	(EM_PPC64|__AUDIT_ARCH_64BIT)
>  #define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
> +#define AUDIT_ARCH_RISCV32	(EM_RISCV|__AUDIT_ARCH_LE)
> +#define AUDIT_ARCH_RISCV64	(EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>  #define AUDIT_ARCH_S390		(EM_S390)
>  #define AUDIT_ARCH_S390X	(EM_S390|__AUDIT_ARCH_64BIT)
>  #define AUDIT_ARCH_SH		(EM_SH)

I can't seem to figure out how to dig the rest of the thread out of my inbox 
(I'm in an airport), so I'm just replying here.

I've added this to next-audit, which will soon filter into for-next.  I'm not 
sure if this is 100% settled, but I can't find any issues with it so I think 
it's best to get this out for testing.

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH 1/2] riscv: add audit support
  2018-11-13  1:52   ` Palmer Dabbelt
@ 2018-11-13  1:52     ` Palmer Dabbelt
  2018-11-13 23:34     ` Paul Moore
  1 sibling, 0 replies; 20+ messages in thread
From: Palmer Dabbelt @ 2018-11-13  1:52 UTC (permalink / raw)
  To: david.abdurachmanov
  Cc: david.abdurachmanov, linux-riscv, aou, linux-kernel, linux-audit

On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov@gmail.com wrote:
> On RISC-V (riscv) audit is supported through generic lib/audit.c.
> The patch adds required arch specific definitions.
>
> Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
> ---
>  arch/riscv/Kconfig                   |  1 +
>  arch/riscv/include/asm/ptrace.h      |  5 +++++
>  arch/riscv/include/asm/syscall.h     | 10 ++++++++++
>  arch/riscv/include/asm/thread_info.h |  6 ++++++
>  arch/riscv/kernel/entry.S            |  4 ++--
>  include/uapi/linux/audit.h           |  2 ++
>  6 files changed, 26 insertions(+), 2 deletions(-)
>
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index a344980287a5..8e6d404a4ed0 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -28,6 +28,7 @@ config RISCV
>  	select GENERIC_STRNLEN_USER
>  	select GENERIC_SMP_IDLE_THREAD
>  	select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A
> +	select HAVE_ARCH_AUDITSYSCALL
>  	select HAVE_MEMBLOCK
>  	select HAVE_MEMBLOCK_NODE_MAP
>  	select HAVE_DMA_CONTIGUOUS
> diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
> index 2c5df945d43c..62c5e9d35596 100644
> --- a/arch/riscv/include/asm/ptrace.h
> +++ b/arch/riscv/include/asm/ptrace.h
> @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs,
>  	SET_FP(regs, val);
>  }
>
> +static inline unsigned long regs_return_value(struct pt_regs *regs)
> +{
> +	return regs->a0;
> +}
> +
>  #endif /* __ASSEMBLY__ */
>
>  #endif /* _ASM_RISCV_PTRACE_H */
> diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
> index 8d25f8904c00..bba3da6ef157 100644
> --- a/arch/riscv/include/asm/syscall.h
> +++ b/arch/riscv/include/asm/syscall.h
> @@ -18,6 +18,7 @@
>  #ifndef _ASM_RISCV_SYSCALL_H
>  #define _ASM_RISCV_SYSCALL_H
>
> +#include <uapi/linux/audit.h>
>  #include <linux/sched.h>
>  #include <linux/err.h>
>
> @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
>  	memcpy(&regs->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
>  }
>
> +static inline int syscall_get_arch(void)
> +{
> +#ifdef CONFIG_64BIT
> +	return AUDIT_ARCH_RISCV64;
> +#else
> +	return AUDIT_ARCH_RISCV32;
> +#endif
> +}
> +
>  #endif	/* _ASM_RISCV_SYSCALL_H */
> diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h
> index f8fa1cd2dad9..1c9cc8389928 100644
> --- a/arch/riscv/include/asm/thread_info.h
> +++ b/arch/riscv/include/asm/thread_info.h
> @@ -80,13 +80,19 @@ struct thread_info {
>  #define TIF_RESTORE_SIGMASK	4	/* restore signal mask in do_signal() */
>  #define TIF_MEMDIE		5	/* is terminating due to OOM killer */
>  #define TIF_SYSCALL_TRACEPOINT  6       /* syscall tracepoint instrumentation */
> +#define TIF_SYSCALL_AUDIT	7	/* syscall auditing */
>
>  #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
>  #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
>  #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
>  #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
> +#define _TIF_SYSCALL_TRACEPOINT	(1 << TIF_SYSCALL_TRACEPOINT)
> +#define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT)
>
>  #define _TIF_WORK_MASK \
>  	(_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED)
>
> +#define _TIF_SYSCALL_WORK \
> +	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
> +
>  #endif /* _ASM_RISCV_THREAD_INFO_H */
> diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> index fa2c08e3c05e..2a6c2e7aaff3 100644
> --- a/arch/riscv/kernel/entry.S
> +++ b/arch/riscv/kernel/entry.S
> @@ -202,7 +202,7 @@ handle_syscall:
>  	REG_S s2, PT_SEPC(sp)
>  	/* Trace syscalls, but only if requested by the user. */
>  	REG_L t0, TASK_TI_FLAGS(tp)
> -	andi t0, t0, _TIF_SYSCALL_TRACE
> +	andi t0, t0, _TIF_SYSCALL_WORK
>  	bnez t0, handle_syscall_trace_enter
>  check_syscall_nr:
>  	/* Check to make sure we don't jump to a bogus syscall number. */
> @@ -222,7 +222,7 @@ ret_from_syscall:
>  	REG_S a0, PT_A0(sp)
>  	/* Trace syscalls, but only if requested by the user. */
>  	REG_L t0, TASK_TI_FLAGS(tp)
> -	andi t0, t0, _TIF_SYSCALL_TRACE
> +	andi t0, t0, _TIF_SYSCALL_WORK
>  	bnez t0, handle_syscall_trace_exit
>
>  ret_from_exception:
> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> index 818ae690ab79..d0e037a96a7b 100644
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@ -399,6 +399,8 @@ enum {
>  /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
>  #define AUDIT_ARCH_PPC64	(EM_PPC64|__AUDIT_ARCH_64BIT)
>  #define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
> +#define AUDIT_ARCH_RISCV32	(EM_RISCV|__AUDIT_ARCH_LE)
> +#define AUDIT_ARCH_RISCV64	(EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>  #define AUDIT_ARCH_S390		(EM_S390)
>  #define AUDIT_ARCH_S390X	(EM_S390|__AUDIT_ARCH_64BIT)
>  #define AUDIT_ARCH_SH		(EM_SH)

I can't seem to figure out how to dig the rest of the thread out of my inbox 
(I'm in an airport), so I'm just replying here.

I've added this to next-audit, which will soon filter into for-next.  I'm not 
sure if this is 100% settled, but I can't find any issues with it so I think 
it's best to get this out for testing.

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH 1/2] riscv: add audit support
  2018-11-13  1:52   ` Palmer Dabbelt
  2018-11-13  1:52     ` Palmer Dabbelt
@ 2018-11-13 23:34     ` Paul Moore
  2018-11-13 23:34       ` Paul Moore
  2018-11-14 23:40       ` Palmer Dabbelt
  1 sibling, 2 replies; 20+ messages in thread
From: Paul Moore @ 2018-11-13 23:34 UTC (permalink / raw)
  To: linux-riscv

On Tue, Nov 13, 2018 at 5:07 AM Palmer Dabbelt <palmer@sifive.com> wrote:
> On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov at gmail.com wrote:
> > On RISC-V (riscv) audit is supported through generic lib/audit.c.
> > The patch adds required arch specific definitions.
> >
> > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
> > ---
> >  arch/riscv/Kconfig                   |  1 +
> >  arch/riscv/include/asm/ptrace.h      |  5 +++++
> >  arch/riscv/include/asm/syscall.h     | 10 ++++++++++
> >  arch/riscv/include/asm/thread_info.h |  6 ++++++
> >  arch/riscv/kernel/entry.S            |  4 ++--
> >  include/uapi/linux/audit.h           |  2 ++
> >  6 files changed, 26 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> > index a344980287a5..8e6d404a4ed0 100644
> > --- a/arch/riscv/Kconfig
> > +++ b/arch/riscv/Kconfig
> > @@ -28,6 +28,7 @@ config RISCV
> >       select GENERIC_STRNLEN_USER
> >       select GENERIC_SMP_IDLE_THREAD
> >       select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A
> > +     select HAVE_ARCH_AUDITSYSCALL
> >       select HAVE_MEMBLOCK
> >       select HAVE_MEMBLOCK_NODE_MAP
> >       select HAVE_DMA_CONTIGUOUS
> > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
> > index 2c5df945d43c..62c5e9d35596 100644
> > --- a/arch/riscv/include/asm/ptrace.h
> > +++ b/arch/riscv/include/asm/ptrace.h
> > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs,
> >       SET_FP(regs, val);
> >  }
> >
> > +static inline unsigned long regs_return_value(struct pt_regs *regs)
> > +{
> > +     return regs->a0;
> > +}
> > +
> >  #endif /* __ASSEMBLY__ */
> >
> >  #endif /* _ASM_RISCV_PTRACE_H */
> > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
> > index 8d25f8904c00..bba3da6ef157 100644
> > --- a/arch/riscv/include/asm/syscall.h
> > +++ b/arch/riscv/include/asm/syscall.h
> > @@ -18,6 +18,7 @@
> >  #ifndef _ASM_RISCV_SYSCALL_H
> >  #define _ASM_RISCV_SYSCALL_H
> >
> > +#include <uapi/linux/audit.h>
> >  #include <linux/sched.h>
> >  #include <linux/err.h>
> >
> > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
> >       memcpy(&regs->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
> >  }
> >
> > +static inline int syscall_get_arch(void)
> > +{
> > +#ifdef CONFIG_64BIT
> > +     return AUDIT_ARCH_RISCV64;
> > +#else
> > +     return AUDIT_ARCH_RISCV32;
> > +#endif
> > +}
> > +
> >  #endif       /* _ASM_RISCV_SYSCALL_H */
> > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h
> > index f8fa1cd2dad9..1c9cc8389928 100644
> > --- a/arch/riscv/include/asm/thread_info.h
> > +++ b/arch/riscv/include/asm/thread_info.h
> > @@ -80,13 +80,19 @@ struct thread_info {
> >  #define TIF_RESTORE_SIGMASK  4       /* restore signal mask in do_signal() */
> >  #define TIF_MEMDIE           5       /* is terminating due to OOM killer */
> >  #define TIF_SYSCALL_TRACEPOINT  6       /* syscall tracepoint instrumentation */
> > +#define TIF_SYSCALL_AUDIT    7       /* syscall auditing */
> >
> >  #define _TIF_SYSCALL_TRACE   (1 << TIF_SYSCALL_TRACE)
> >  #define _TIF_NOTIFY_RESUME   (1 << TIF_NOTIFY_RESUME)
> >  #define _TIF_SIGPENDING              (1 << TIF_SIGPENDING)
> >  #define _TIF_NEED_RESCHED    (1 << TIF_NEED_RESCHED)
> > +#define _TIF_SYSCALL_TRACEPOINT      (1 << TIF_SYSCALL_TRACEPOINT)
> > +#define _TIF_SYSCALL_AUDIT   (1 << TIF_SYSCALL_AUDIT)
> >
> >  #define _TIF_WORK_MASK \
> >       (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED)
> >
> > +#define _TIF_SYSCALL_WORK \
> > +     (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
> > +
> >  #endif /* _ASM_RISCV_THREAD_INFO_H */
> > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> > index fa2c08e3c05e..2a6c2e7aaff3 100644
> > --- a/arch/riscv/kernel/entry.S
> > +++ b/arch/riscv/kernel/entry.S
> > @@ -202,7 +202,7 @@ handle_syscall:
> >       REG_S s2, PT_SEPC(sp)
> >       /* Trace syscalls, but only if requested by the user. */
> >       REG_L t0, TASK_TI_FLAGS(tp)
> > -     andi t0, t0, _TIF_SYSCALL_TRACE
> > +     andi t0, t0, _TIF_SYSCALL_WORK
> >       bnez t0, handle_syscall_trace_enter
> >  check_syscall_nr:
> >       /* Check to make sure we don't jump to a bogus syscall number. */
> > @@ -222,7 +222,7 @@ ret_from_syscall:
> >       REG_S a0, PT_A0(sp)
> >       /* Trace syscalls, but only if requested by the user. */
> >       REG_L t0, TASK_TI_FLAGS(tp)
> > -     andi t0, t0, _TIF_SYSCALL_TRACE
> > +     andi t0, t0, _TIF_SYSCALL_WORK
> >       bnez t0, handle_syscall_trace_exit
> >
> >  ret_from_exception:
> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > index 818ae690ab79..d0e037a96a7b 100644
> > --- a/include/uapi/linux/audit.h
> > +++ b/include/uapi/linux/audit.h
> > @@ -399,6 +399,8 @@ enum {
> >  /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
> >  #define AUDIT_ARCH_PPC64     (EM_PPC64|__AUDIT_ARCH_64BIT)
> >  #define AUDIT_ARCH_PPC64LE   (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
> > +#define AUDIT_ARCH_RISCV32   (EM_RISCV|__AUDIT_ARCH_LE)
> > +#define AUDIT_ARCH_RISCV64   (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
> >  #define AUDIT_ARCH_S390              (EM_S390)
> >  #define AUDIT_ARCH_S390X     (EM_S390|__AUDIT_ARCH_64BIT)
> >  #define AUDIT_ARCH_SH                (EM_SH)
>
> I can't seem to figure out how to dig the rest of the thread out of my inbox
> (I'm in an airport), so I'm just replying here.
>
> I've added this to next-audit, which will soon filter into for-next.  I'm not
> sure if this is 100% settled, but I can't find any issues with it so I think
> it's best to get this out for testing.

If you RISCV guys are happy, and it is passing the audit-testsuite
(which I believe it is based on some brief discussions with David on
Freenode), then I think it is okay from my point of view.

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH 1/2] riscv: add audit support
  2018-11-13 23:34     ` Paul Moore
@ 2018-11-13 23:34       ` Paul Moore
  2018-11-14 23:40       ` Palmer Dabbelt
  1 sibling, 0 replies; 20+ messages in thread
From: Paul Moore @ 2018-11-13 23:34 UTC (permalink / raw)
  To: palmer; +Cc: linux-audit, linux-riscv, aou, linux-kernel, david.abdurachmanov

On Tue, Nov 13, 2018 at 5:07 AM Palmer Dabbelt <palmer@sifive.com> wrote:
> On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov@gmail.com wrote:
> > On RISC-V (riscv) audit is supported through generic lib/audit.c.
> > The patch adds required arch specific definitions.
> >
> > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
> > ---
> >  arch/riscv/Kconfig                   |  1 +
> >  arch/riscv/include/asm/ptrace.h      |  5 +++++
> >  arch/riscv/include/asm/syscall.h     | 10 ++++++++++
> >  arch/riscv/include/asm/thread_info.h |  6 ++++++
> >  arch/riscv/kernel/entry.S            |  4 ++--
> >  include/uapi/linux/audit.h           |  2 ++
> >  6 files changed, 26 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> > index a344980287a5..8e6d404a4ed0 100644
> > --- a/arch/riscv/Kconfig
> > +++ b/arch/riscv/Kconfig
> > @@ -28,6 +28,7 @@ config RISCV
> >       select GENERIC_STRNLEN_USER
> >       select GENERIC_SMP_IDLE_THREAD
> >       select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A
> > +     select HAVE_ARCH_AUDITSYSCALL
> >       select HAVE_MEMBLOCK
> >       select HAVE_MEMBLOCK_NODE_MAP
> >       select HAVE_DMA_CONTIGUOUS
> > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
> > index 2c5df945d43c..62c5e9d35596 100644
> > --- a/arch/riscv/include/asm/ptrace.h
> > +++ b/arch/riscv/include/asm/ptrace.h
> > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs,
> >       SET_FP(regs, val);
> >  }
> >
> > +static inline unsigned long regs_return_value(struct pt_regs *regs)
> > +{
> > +     return regs->a0;
> > +}
> > +
> >  #endif /* __ASSEMBLY__ */
> >
> >  #endif /* _ASM_RISCV_PTRACE_H */
> > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
> > index 8d25f8904c00..bba3da6ef157 100644
> > --- a/arch/riscv/include/asm/syscall.h
> > +++ b/arch/riscv/include/asm/syscall.h
> > @@ -18,6 +18,7 @@
> >  #ifndef _ASM_RISCV_SYSCALL_H
> >  #define _ASM_RISCV_SYSCALL_H
> >
> > +#include <uapi/linux/audit.h>
> >  #include <linux/sched.h>
> >  #include <linux/err.h>
> >
> > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
> >       memcpy(&regs->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
> >  }
> >
> > +static inline int syscall_get_arch(void)
> > +{
> > +#ifdef CONFIG_64BIT
> > +     return AUDIT_ARCH_RISCV64;
> > +#else
> > +     return AUDIT_ARCH_RISCV32;
> > +#endif
> > +}
> > +
> >  #endif       /* _ASM_RISCV_SYSCALL_H */
> > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h
> > index f8fa1cd2dad9..1c9cc8389928 100644
> > --- a/arch/riscv/include/asm/thread_info.h
> > +++ b/arch/riscv/include/asm/thread_info.h
> > @@ -80,13 +80,19 @@ struct thread_info {
> >  #define TIF_RESTORE_SIGMASK  4       /* restore signal mask in do_signal() */
> >  #define TIF_MEMDIE           5       /* is terminating due to OOM killer */
> >  #define TIF_SYSCALL_TRACEPOINT  6       /* syscall tracepoint instrumentation */
> > +#define TIF_SYSCALL_AUDIT    7       /* syscall auditing */
> >
> >  #define _TIF_SYSCALL_TRACE   (1 << TIF_SYSCALL_TRACE)
> >  #define _TIF_NOTIFY_RESUME   (1 << TIF_NOTIFY_RESUME)
> >  #define _TIF_SIGPENDING              (1 << TIF_SIGPENDING)
> >  #define _TIF_NEED_RESCHED    (1 << TIF_NEED_RESCHED)
> > +#define _TIF_SYSCALL_TRACEPOINT      (1 << TIF_SYSCALL_TRACEPOINT)
> > +#define _TIF_SYSCALL_AUDIT   (1 << TIF_SYSCALL_AUDIT)
> >
> >  #define _TIF_WORK_MASK \
> >       (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED)
> >
> > +#define _TIF_SYSCALL_WORK \
> > +     (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
> > +
> >  #endif /* _ASM_RISCV_THREAD_INFO_H */
> > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> > index fa2c08e3c05e..2a6c2e7aaff3 100644
> > --- a/arch/riscv/kernel/entry.S
> > +++ b/arch/riscv/kernel/entry.S
> > @@ -202,7 +202,7 @@ handle_syscall:
> >       REG_S s2, PT_SEPC(sp)
> >       /* Trace syscalls, but only if requested by the user. */
> >       REG_L t0, TASK_TI_FLAGS(tp)
> > -     andi t0, t0, _TIF_SYSCALL_TRACE
> > +     andi t0, t0, _TIF_SYSCALL_WORK
> >       bnez t0, handle_syscall_trace_enter
> >  check_syscall_nr:
> >       /* Check to make sure we don't jump to a bogus syscall number. */
> > @@ -222,7 +222,7 @@ ret_from_syscall:
> >       REG_S a0, PT_A0(sp)
> >       /* Trace syscalls, but only if requested by the user. */
> >       REG_L t0, TASK_TI_FLAGS(tp)
> > -     andi t0, t0, _TIF_SYSCALL_TRACE
> > +     andi t0, t0, _TIF_SYSCALL_WORK
> >       bnez t0, handle_syscall_trace_exit
> >
> >  ret_from_exception:
> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > index 818ae690ab79..d0e037a96a7b 100644
> > --- a/include/uapi/linux/audit.h
> > +++ b/include/uapi/linux/audit.h
> > @@ -399,6 +399,8 @@ enum {
> >  /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
> >  #define AUDIT_ARCH_PPC64     (EM_PPC64|__AUDIT_ARCH_64BIT)
> >  #define AUDIT_ARCH_PPC64LE   (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
> > +#define AUDIT_ARCH_RISCV32   (EM_RISCV|__AUDIT_ARCH_LE)
> > +#define AUDIT_ARCH_RISCV64   (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
> >  #define AUDIT_ARCH_S390              (EM_S390)
> >  #define AUDIT_ARCH_S390X     (EM_S390|__AUDIT_ARCH_64BIT)
> >  #define AUDIT_ARCH_SH                (EM_SH)
>
> I can't seem to figure out how to dig the rest of the thread out of my inbox
> (I'm in an airport), so I'm just replying here.
>
> I've added this to next-audit, which will soon filter into for-next.  I'm not
> sure if this is 100% settled, but I can't find any issues with it so I think
> it's best to get this out for testing.

If you RISCV guys are happy, and it is passing the audit-testsuite
(which I believe it is based on some brief discussions with David on
Freenode), then I think it is okay from my point of view.

-- 
paul moore
www.paul-moore.com

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 20+ messages in thread

* [PATCH 1/2] riscv: add audit support
  2018-11-13 23:34     ` Paul Moore
  2018-11-13 23:34       ` Paul Moore
@ 2018-11-14 23:40       ` Palmer Dabbelt
  2018-11-14 23:40         ` Palmer Dabbelt
  1 sibling, 1 reply; 20+ messages in thread
From: Palmer Dabbelt @ 2018-11-14 23:40 UTC (permalink / raw)
  To: linux-riscv

On Tue, 13 Nov 2018 15:34:18 PST (-0800), paul at paul-moore.com wrote:
> On Tue, Nov 13, 2018 at 5:07 AM Palmer Dabbelt <palmer@sifive.com> wrote:
>> On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov at gmail.com wrote:
>> > On RISC-V (riscv) audit is supported through generic lib/audit.c.
>> > The patch adds required arch specific definitions.
>> >
>> > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
>> > ---
>> >  arch/riscv/Kconfig                   |  1 +
>> >  arch/riscv/include/asm/ptrace.h      |  5 +++++
>> >  arch/riscv/include/asm/syscall.h     | 10 ++++++++++
>> >  arch/riscv/include/asm/thread_info.h |  6 ++++++
>> >  arch/riscv/kernel/entry.S            |  4 ++--
>> >  include/uapi/linux/audit.h           |  2 ++
>> >  6 files changed, 26 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
>> > index a344980287a5..8e6d404a4ed0 100644
>> > --- a/arch/riscv/Kconfig
>> > +++ b/arch/riscv/Kconfig
>> > @@ -28,6 +28,7 @@ config RISCV
>> >       select GENERIC_STRNLEN_USER
>> >       select GENERIC_SMP_IDLE_THREAD
>> >       select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A
>> > +     select HAVE_ARCH_AUDITSYSCALL
>> >       select HAVE_MEMBLOCK
>> >       select HAVE_MEMBLOCK_NODE_MAP
>> >       select HAVE_DMA_CONTIGUOUS
>> > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
>> > index 2c5df945d43c..62c5e9d35596 100644
>> > --- a/arch/riscv/include/asm/ptrace.h
>> > +++ b/arch/riscv/include/asm/ptrace.h
>> > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs,
>> >       SET_FP(regs, val);
>> >  }
>> >
>> > +static inline unsigned long regs_return_value(struct pt_regs *regs)
>> > +{
>> > +     return regs->a0;
>> > +}
>> > +
>> >  #endif /* __ASSEMBLY__ */
>> >
>> >  #endif /* _ASM_RISCV_PTRACE_H */
>> > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
>> > index 8d25f8904c00..bba3da6ef157 100644
>> > --- a/arch/riscv/include/asm/syscall.h
>> > +++ b/arch/riscv/include/asm/syscall.h
>> > @@ -18,6 +18,7 @@
>> >  #ifndef _ASM_RISCV_SYSCALL_H
>> >  #define _ASM_RISCV_SYSCALL_H
>> >
>> > +#include <uapi/linux/audit.h>
>> >  #include <linux/sched.h>
>> >  #include <linux/err.h>
>> >
>> > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
>> >       memcpy(&regs->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
>> >  }
>> >
>> > +static inline int syscall_get_arch(void)
>> > +{
>> > +#ifdef CONFIG_64BIT
>> > +     return AUDIT_ARCH_RISCV64;
>> > +#else
>> > +     return AUDIT_ARCH_RISCV32;
>> > +#endif
>> > +}
>> > +
>> >  #endif       /* _ASM_RISCV_SYSCALL_H */
>> > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h
>> > index f8fa1cd2dad9..1c9cc8389928 100644
>> > --- a/arch/riscv/include/asm/thread_info.h
>> > +++ b/arch/riscv/include/asm/thread_info.h
>> > @@ -80,13 +80,19 @@ struct thread_info {
>> >  #define TIF_RESTORE_SIGMASK  4       /* restore signal mask in do_signal() */
>> >  #define TIF_MEMDIE           5       /* is terminating due to OOM killer */
>> >  #define TIF_SYSCALL_TRACEPOINT  6       /* syscall tracepoint instrumentation */
>> > +#define TIF_SYSCALL_AUDIT    7       /* syscall auditing */
>> >
>> >  #define _TIF_SYSCALL_TRACE   (1 << TIF_SYSCALL_TRACE)
>> >  #define _TIF_NOTIFY_RESUME   (1 << TIF_NOTIFY_RESUME)
>> >  #define _TIF_SIGPENDING              (1 << TIF_SIGPENDING)
>> >  #define _TIF_NEED_RESCHED    (1 << TIF_NEED_RESCHED)
>> > +#define _TIF_SYSCALL_TRACEPOINT      (1 << TIF_SYSCALL_TRACEPOINT)
>> > +#define _TIF_SYSCALL_AUDIT   (1 << TIF_SYSCALL_AUDIT)
>> >
>> >  #define _TIF_WORK_MASK \
>> >       (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED)
>> >
>> > +#define _TIF_SYSCALL_WORK \
>> > +     (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
>> > +
>> >  #endif /* _ASM_RISCV_THREAD_INFO_H */
>> > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
>> > index fa2c08e3c05e..2a6c2e7aaff3 100644
>> > --- a/arch/riscv/kernel/entry.S
>> > +++ b/arch/riscv/kernel/entry.S
>> > @@ -202,7 +202,7 @@ handle_syscall:
>> >       REG_S s2, PT_SEPC(sp)
>> >       /* Trace syscalls, but only if requested by the user. */
>> >       REG_L t0, TASK_TI_FLAGS(tp)
>> > -     andi t0, t0, _TIF_SYSCALL_TRACE
>> > +     andi t0, t0, _TIF_SYSCALL_WORK
>> >       bnez t0, handle_syscall_trace_enter
>> >  check_syscall_nr:
>> >       /* Check to make sure we don't jump to a bogus syscall number. */
>> > @@ -222,7 +222,7 @@ ret_from_syscall:
>> >       REG_S a0, PT_A0(sp)
>> >       /* Trace syscalls, but only if requested by the user. */
>> >       REG_L t0, TASK_TI_FLAGS(tp)
>> > -     andi t0, t0, _TIF_SYSCALL_TRACE
>> > +     andi t0, t0, _TIF_SYSCALL_WORK
>> >       bnez t0, handle_syscall_trace_exit
>> >
>> >  ret_from_exception:
>> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
>> > index 818ae690ab79..d0e037a96a7b 100644
>> > --- a/include/uapi/linux/audit.h
>> > +++ b/include/uapi/linux/audit.h
>> > @@ -399,6 +399,8 @@ enum {
>> >  /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
>> >  #define AUDIT_ARCH_PPC64     (EM_PPC64|__AUDIT_ARCH_64BIT)
>> >  #define AUDIT_ARCH_PPC64LE   (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>> > +#define AUDIT_ARCH_RISCV32   (EM_RISCV|__AUDIT_ARCH_LE)
>> > +#define AUDIT_ARCH_RISCV64   (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>> >  #define AUDIT_ARCH_S390              (EM_S390)
>> >  #define AUDIT_ARCH_S390X     (EM_S390|__AUDIT_ARCH_64BIT)
>> >  #define AUDIT_ARCH_SH                (EM_SH)
>>
>> I can't seem to figure out how to dig the rest of the thread out of my inbox
>> (I'm in an airport), so I'm just replying here.
>>
>> I've added this to next-audit, which will soon filter into for-next.  I'm not
>> sure if this is 100% settled, but I can't find any issues with it so I think
>> it's best to get this out for testing.
>
> If you RISCV guys are happy, and it is passing the audit-testsuite
> (which I believe it is based on some brief discussions with David on
> Freenode), then I think it is okay from my point of view.

I haven't run the test suite personally, but I trust that David has done so if 
he said so (I remember having seen him say he did as well).

Thanks!

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [PATCH 1/2] riscv: add audit support
  2018-11-14 23:40       ` Palmer Dabbelt
@ 2018-11-14 23:40         ` Palmer Dabbelt
  0 siblings, 0 replies; 20+ messages in thread
From: Palmer Dabbelt @ 2018-11-14 23:40 UTC (permalink / raw)
  To: paul; +Cc: linux-audit, linux-riscv, aou, linux-kernel, david.abdurachmanov

On Tue, 13 Nov 2018 15:34:18 PST (-0800), paul@paul-moore.com wrote:
> On Tue, Nov 13, 2018 at 5:07 AM Palmer Dabbelt <palmer@sifive.com> wrote:
>> On Mon, 29 Oct 2018 03:48:53 PDT (-0700), david.abdurachmanov@gmail.com wrote:
>> > On RISC-V (riscv) audit is supported through generic lib/audit.c.
>> > The patch adds required arch specific definitions.
>> >
>> > Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
>> > ---
>> >  arch/riscv/Kconfig                   |  1 +
>> >  arch/riscv/include/asm/ptrace.h      |  5 +++++
>> >  arch/riscv/include/asm/syscall.h     | 10 ++++++++++
>> >  arch/riscv/include/asm/thread_info.h |  6 ++++++
>> >  arch/riscv/kernel/entry.S            |  4 ++--
>> >  include/uapi/linux/audit.h           |  2 ++
>> >  6 files changed, 26 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
>> > index a344980287a5..8e6d404a4ed0 100644
>> > --- a/arch/riscv/Kconfig
>> > +++ b/arch/riscv/Kconfig
>> > @@ -28,6 +28,7 @@ config RISCV
>> >       select GENERIC_STRNLEN_USER
>> >       select GENERIC_SMP_IDLE_THREAD
>> >       select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A
>> > +     select HAVE_ARCH_AUDITSYSCALL
>> >       select HAVE_MEMBLOCK
>> >       select HAVE_MEMBLOCK_NODE_MAP
>> >       select HAVE_DMA_CONTIGUOUS
>> > diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
>> > index 2c5df945d43c..62c5e9d35596 100644
>> > --- a/arch/riscv/include/asm/ptrace.h
>> > +++ b/arch/riscv/include/asm/ptrace.h
>> > @@ -113,6 +113,11 @@ static inline void frame_pointer_set(struct pt_regs *regs,
>> >       SET_FP(regs, val);
>> >  }
>> >
>> > +static inline unsigned long regs_return_value(struct pt_regs *regs)
>> > +{
>> > +     return regs->a0;
>> > +}
>> > +
>> >  #endif /* __ASSEMBLY__ */
>> >
>> >  #endif /* _ASM_RISCV_PTRACE_H */
>> > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
>> > index 8d25f8904c00..bba3da6ef157 100644
>> > --- a/arch/riscv/include/asm/syscall.h
>> > +++ b/arch/riscv/include/asm/syscall.h
>> > @@ -18,6 +18,7 @@
>> >  #ifndef _ASM_RISCV_SYSCALL_H
>> >  #define _ASM_RISCV_SYSCALL_H
>> >
>> > +#include <uapi/linux/audit.h>
>> >  #include <linux/sched.h>
>> >  #include <linux/err.h>
>> >
>> > @@ -99,4 +100,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
>> >       memcpy(&regs->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
>> >  }
>> >
>> > +static inline int syscall_get_arch(void)
>> > +{
>> > +#ifdef CONFIG_64BIT
>> > +     return AUDIT_ARCH_RISCV64;
>> > +#else
>> > +     return AUDIT_ARCH_RISCV32;
>> > +#endif
>> > +}
>> > +
>> >  #endif       /* _ASM_RISCV_SYSCALL_H */
>> > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h
>> > index f8fa1cd2dad9..1c9cc8389928 100644
>> > --- a/arch/riscv/include/asm/thread_info.h
>> > +++ b/arch/riscv/include/asm/thread_info.h
>> > @@ -80,13 +80,19 @@ struct thread_info {
>> >  #define TIF_RESTORE_SIGMASK  4       /* restore signal mask in do_signal() */
>> >  #define TIF_MEMDIE           5       /* is terminating due to OOM killer */
>> >  #define TIF_SYSCALL_TRACEPOINT  6       /* syscall tracepoint instrumentation */
>> > +#define TIF_SYSCALL_AUDIT    7       /* syscall auditing */
>> >
>> >  #define _TIF_SYSCALL_TRACE   (1 << TIF_SYSCALL_TRACE)
>> >  #define _TIF_NOTIFY_RESUME   (1 << TIF_NOTIFY_RESUME)
>> >  #define _TIF_SIGPENDING              (1 << TIF_SIGPENDING)
>> >  #define _TIF_NEED_RESCHED    (1 << TIF_NEED_RESCHED)
>> > +#define _TIF_SYSCALL_TRACEPOINT      (1 << TIF_SYSCALL_TRACEPOINT)
>> > +#define _TIF_SYSCALL_AUDIT   (1 << TIF_SYSCALL_AUDIT)
>> >
>> >  #define _TIF_WORK_MASK \
>> >       (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED)
>> >
>> > +#define _TIF_SYSCALL_WORK \
>> > +     (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
>> > +
>> >  #endif /* _ASM_RISCV_THREAD_INFO_H */
>> > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
>> > index fa2c08e3c05e..2a6c2e7aaff3 100644
>> > --- a/arch/riscv/kernel/entry.S
>> > +++ b/arch/riscv/kernel/entry.S
>> > @@ -202,7 +202,7 @@ handle_syscall:
>> >       REG_S s2, PT_SEPC(sp)
>> >       /* Trace syscalls, but only if requested by the user. */
>> >       REG_L t0, TASK_TI_FLAGS(tp)
>> > -     andi t0, t0, _TIF_SYSCALL_TRACE
>> > +     andi t0, t0, _TIF_SYSCALL_WORK
>> >       bnez t0, handle_syscall_trace_enter
>> >  check_syscall_nr:
>> >       /* Check to make sure we don't jump to a bogus syscall number. */
>> > @@ -222,7 +222,7 @@ ret_from_syscall:
>> >       REG_S a0, PT_A0(sp)
>> >       /* Trace syscalls, but only if requested by the user. */
>> >       REG_L t0, TASK_TI_FLAGS(tp)
>> > -     andi t0, t0, _TIF_SYSCALL_TRACE
>> > +     andi t0, t0, _TIF_SYSCALL_WORK
>> >       bnez t0, handle_syscall_trace_exit
>> >
>> >  ret_from_exception:
>> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
>> > index 818ae690ab79..d0e037a96a7b 100644
>> > --- a/include/uapi/linux/audit.h
>> > +++ b/include/uapi/linux/audit.h
>> > @@ -399,6 +399,8 @@ enum {
>> >  /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
>> >  #define AUDIT_ARCH_PPC64     (EM_PPC64|__AUDIT_ARCH_64BIT)
>> >  #define AUDIT_ARCH_PPC64LE   (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>> > +#define AUDIT_ARCH_RISCV32   (EM_RISCV|__AUDIT_ARCH_LE)
>> > +#define AUDIT_ARCH_RISCV64   (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>> >  #define AUDIT_ARCH_S390              (EM_S390)
>> >  #define AUDIT_ARCH_S390X     (EM_S390|__AUDIT_ARCH_64BIT)
>> >  #define AUDIT_ARCH_SH                (EM_SH)
>>
>> I can't seem to figure out how to dig the rest of the thread out of my inbox
>> (I'm in an airport), so I'm just replying here.
>>
>> I've added this to next-audit, which will soon filter into for-next.  I'm not
>> sure if this is 100% settled, but I can't find any issues with it so I think
>> it's best to get this out for testing.
>
> If you RISCV guys are happy, and it is passing the audit-testsuite
> (which I believe it is based on some brief discussions with David on
> Freenode), then I think it is okay from my point of view.

I haven't run the test suite personally, but I trust that David has done so if 
he said so (I remember having seen him say he did as well).

Thanks!

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, other threads:[~2018-11-14 23:41 UTC | newest]

Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-29 10:48 [PATCH 0/2] riscv: add audit support David Abdurachmanov
2018-10-29 10:48 ` David Abdurachmanov
2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov
2018-10-29 10:48   ` David Abdurachmanov
2018-11-13  1:52   ` Palmer Dabbelt
2018-11-13  1:52     ` Palmer Dabbelt
2018-11-13 23:34     ` Paul Moore
2018-11-13 23:34       ` Paul Moore
2018-11-14 23:40       ` Palmer Dabbelt
2018-11-14 23:40         ` Palmer Dabbelt
2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov
2018-10-29 10:48   ` David Abdurachmanov
2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore
2018-10-29 22:57   ` Paul Moore
2018-11-06 20:06 ` Paul Moore
2018-11-06 20:06   ` Paul Moore
2018-11-06 21:25   ` David Abdurachmanov
2018-11-06 21:25     ` David Abdurachmanov
2018-11-07 10:45     ` David Abdurachmanov
2018-11-07 10:45       ` David Abdurachmanov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).