[PATCH] powerpc: add little endian flag to syscall_get_arch()

AUDIT_ARCH_PPC64LE. See: https://www.redhat.com/archives/linux-audit/2014-August/msg00082.html https://www.redhat.com/archives/linux-audit/2014-December/msg4.html Signed-off-by: Richard Guy Briggs --- arch/powerpc/include/asm/syscall.h |6 +- include/uapi/linux/audit.h

[PATCH V2] powerpc: add little endian flag to syscall_get_arch()

AUDIT_ARCH_PPC64LE. See: https://www.redhat.com/archives/linux-audit/2014-August/msg00082.html https://www.redhat.com/archives/linux-audit/2014-December/msg4.html v1 -> v2: Added ";" at the end of the #ifdef-protected line so it actually compiles Signed-off-by: Richa

[PATCH V3] powerpc: add little endian flag to syscall_get_arch()

v3: Throw a compiler error on 32-bit LE. v1 -> v2: Added ";" at the end of the #ifdef-protected line so it actually compiles Signed-off-by: Richard Guy Briggs --- arch/powerpc/include/asm/syscall.h |7 +++ include/uapi/linux/audit.h |1 + 2 files chang

[PATCH V4] powerpc: add little endian flag to syscall_get_arch()

AUDIT_ARCH_PPC64LE. Since 32-bit PPC LE is not supported by audit, don't advertise it in AUDIT_ARCH_PPC* variants. See: https://www.redhat.com/archives/linux-audit/2014-August/msg00082.html https://www.redhat.com/archives/linux-audit/2014-December/msg4.html Signed-off-by: Richard Guy B

Re: [PATCH V4] powerpc: add little endian flag to syscall_get_arch()

On 14/12/10, Michael Ellerman wrote: > On Tue, 2014-12-09 at 21:11 -0500, Paul Moore wrote: > > On Tuesday, December 09, 2014 03:37:07 PM Richard Guy Briggs wrote: > > > Since both ppc and ppc64 have LE variants which are now reported by uname, > > > add tha

Re: [PATCH v2 1/1] audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL

> The purpose of this patch is to replace it with HAVE_ARCH_AUDITSYSCALL > for simplicity. > > Signed-off-by: AKASHI Takahiro Acked-by: Richard Guy Briggs > --- > arch/alpha/Kconfig |1 + > arch/arm/Kconfig |1 + > arch/ia64/Kconfig |1 + > arch

[PATCH 0/6][RFC] audit: standardize and simplify syscall_get_arch()

d and drop passing around arch, current and regs in __audit_syscall_entry() and audit_syscall_entry(). Compiles and runs on i686, x86_64, ppc, ppc64, s390, s390x, manually tested in an x86_64 VM. aarch64 will be added soon. Richard Guy Briggs (6): syscall: define syscall_get_arch() for each audit

[PATCH 2/6][RFC] audit: add arch field to seccomp event log

ch --start recent -m SECCOMP -i Signed-off-by: Richard Guy Briggs --- kernel/auditsc.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 3bc12d2..7317f46 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -67,6 +67,7 @@

[PATCH 1/6][RFC] syscall: define syscall_get_arch() for each audit-supported arch

Each arch that supports audit requires syscall_get_arch() to able to log and identify architecture-dependent syscall numbers. The information is used in at least two different subsystems, so standardize it in the same call across all arches. Signed-off-by: Richard Guy Briggs --- arch/ia64

[PATCH 3/6][RFC] audit: __audit_syscall_entry: ignore arch arg and call syscall_get_arch() directly

e from the kernel internal to the user api version to get the architecture numbers, but to avoid a circular header reference between audit and syscall.h Signed-off-by: Richard Guy Briggs --- arch/arm/include/asm/syscall.h|2 +- arch/ia64/include/asm/syscall.h |2 +- arch/

[PATCH 4/6][RFC] audit: drop arch from audit_syscall_entry() interface

Make audit_syscall_entry() ignore the arch parameter passed to it and call syscall_get_arch() locally. Remove arch from the audit_syscall_entry() parameter list. Signed-off-by: Richard Guy Briggs --- arch/arm/kernel/ptrace.c|2 +- arch/ia64/kernel/ptrace.c |2 +- arch

[PATCH 6/6][RFC] audit: drop arch from __audit_syscall_entry() interface

Since arch is found locally in __audit_syscall_entry(), there is no need to pass it in as a parameter. Delete it from the parameter list. x86* was the only arch to call __audit_syscall_entry() directly and did so from assembly code. Signed-off-by: Richard Guy Briggs --- Can I get some

[PATCH 5/6][RFC] audit: drop args from syscall_get_arch() interface

Since all callers of syscall_get_arch() call with task "current" and none of the arch-dependent functions use the "regs" parameter (which could just as easily be found with task_pt_regs()), delete both parameters. Signed-off-by: Richard Guy Briggs --- arch/arm/i

Re: [PATCH 3/4] ARCH: AUDIT: implement syscall_get_arch for all arches

er.kernel.org > Cc: microblaze-ucli...@itee.uq.edu.au > Cc: linux-m...@linux-mips.org > Cc: li...@lists.openrisc.net > Cc: linux-par...@vger.kernel.org > Cc: linuxppc-dev@lists.ozlabs.org > Cc: sparcli...@vger.kernel.org Acked-by: Richard Guy Briggs > --- > arch/ia64/inclu

Re: [PATCH 4/4] ARCH: AUDIT: audit_syscall_entry() should not require the arch

inuxppc-dev@lists.ozlabs.org > Cc: linux-s...@vger.kernel.org > Cc: linux...@vger.kernel.org > Cc: sparcli...@vger.kernel.org > Cc: user-mode-linux-de...@lists.sourceforge.net > Cc: linux-xte...@linux-xtensa.org > Cc: x...@kernel.org Acked-by: Richard Guy Briggs > --- > a

Re: [RFC PATCH 2/2] fs/xattr: wire up syscalls

gt; asmlinkage long sys_lremovexattr(const char __user *path, > const char __user *name); > asmlinkage long sys_fremovexattr(int fd, const char __user *name); > diff --git a/include/uapi/asm-generic/unistd.h > b/include/uapi/asm-generic/unistd.h > index 45fa180cc56a..4fcc71612b7a 100644 > --- a/include/uapi/asm-generic/unistd.h > +++ b/include/uapi/asm-generic/unistd.h > @@ -886,8 +886,18 @@ __SYSCALL(__NR_futex_waitv, sys_futex_waitv) > #define __NR_set_mempolicy_home_node 450 > __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) > > +/* fs/xattr.c */ > +#define __NR_setxattrat 451 > +__SYSCALL(__NR_setxattrat, sys_setxattrat) > +#define __NR_getxattrat 452 > +__SYSCALL(__NR_getxattrat, sys_getxattrat) > +#define __NR_listxattrat 453 > +__SYSCALL(__NR_listxattrat, sys_listxattrat) > +#define __NR_removexattrat 454 > +__SYSCALL(__NR_removexattrat, sys_removexattrat) > + > #undef __NR_syscalls > -#define __NR_syscalls 451 > +#define __NR_syscalls 455 > > /* > * 32 bit systems traditionally used different > -- > 2.37.2 > - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635

[PATCH 1/2] audit: add support for the openat2 syscall

The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9 ("open: introduce openat2(2) syscall") Add the openat2(2) syscall to the audit syscall classifier. See the github issue https://github.com/linux-audit/audit-kernel/issues/67 Signed-off-by: Richard Guy Briggs

Re: [PATCH 1/2] audit: add support for the openat2 syscall

On 2021-03-18 11:52, Christian Brauner wrote: > On Thu, Mar 18, 2021 at 11:48:45AM +0100, Christian Brauner wrote: > > On Wed, Mar 17, 2021 at 09:47:17PM -0400, Richard Guy Briggs wrote: > > > The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9 > > >

Re: [PATCH 1/2] audit: add support for the openat2 syscall

On 2021-03-18 11:48, Christian Brauner wrote: > [+Cc Aleksa, the author of openat2()] Ah! Thanks for pulling in Aleksa. I thought I caught everyone... > and a comment below. :) Same... > On Wed, Mar 17, 2021 at 09:47:17PM -0400, Richard Guy Briggs wrote: > > The openat2(2) sy

Re: [PATCH 1/2] audit: add support for the openat2 syscall

On 2021-03-18 08:08, Richard Guy Briggs wrote: > On 2021-03-18 11:48, Christian Brauner wrote: > > [+Cc Aleksa, the author of openat2()] > > Ah! Thanks for pulling in Aleksa. I thought I caught everyone... > > > and a comment below. :) > > Same... > >

[PATCH v2 0/3] audit: add support for openat2

/tree/ghau-openat2 Supporting test case can be found in https://github.com/linux-audit/audit-testsuite/pull/103 Richard Guy Briggs (3): audit: replace magic audit syscall class numbers with macros audit: add support for the openat2 syscall audit: add OPENAT2 record to list how arch/alpha

[PATCH v2 1/3] audit: replace magic audit syscall class numbers with macros

Replace the magic numbers used to indicate audit syscall classes with macros. Signed-off-by: Richard Guy Briggs --- arch/alpha/kernel/audit.c | 8 arch/ia64/kernel/audit.c | 8 arch/parisc/kernel/audit.c | 8 arch/parisc/kernel

[PATCH v2 2/3] audit: add support for the openat2 syscall

Signed-off-by: Richard Guy Briggs --- arch/alpha/kernel/audit.c | 2 ++ arch/ia64/kernel/audit.c | 2 ++ arch/parisc/kernel/audit.c | 2 ++ arch/parisc/kernel/compat_audit.c | 2 ++ arch/powerpc/kernel/audit.c| 2 ++ arch/powerpc/kernel/compat_audit.c | 2

Re: [PATCH v2 0/3] audit: add support for openat2

On 2021-04-30 13:29, Richard Guy Briggs wrote: > The openat2(2) syscall was added in v5.6. Add support for openat2 to the > audit syscall classifier and for recording openat2 parameters that cannot > be captured in the syscall parameters of the SYSCALL record. Well, that was a bit

[PATCH v3 0/3] audit: add support for openat2

tion of the previous definition #define __NR_rseq 386 Richard Guy Briggs (3): audit: replace magic audit syscall class numbers with macros audit: add support for the openat2 syscall audit: add OPENAT2 record to list how MAINTAINERS| 1 + arch/alpha/kernel/a

[PATCH v3 1/3] audit: replace magic audit syscall class numbers with macros

Replace audit syscall class magic numbers with macros. This required putting the macros into new header file include/linux/auditscm.h since the syscall macros were included for both 64 bit and 32 bit in any compat code, causing redefinition warnings. Signed-off-by: Richard Guy Briggs

[PATCH v3 2/3] audit: add support for the openat2 syscall

The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9 ("open: introduce openat2(2) syscall") Add the openat2(2) syscall to the audit syscall classifier. See the github issue https://github.com/linux-audit/audit-kernel/issues/67 Signed-off-by: Richard Guy Briggs

Re: [PATCH v3 1/3] audit: replace magic audit syscall class numbers with macros

On 2021-05-10 21:23, Paul Moore wrote: > On Fri, Apr 30, 2021 at 4:36 PM Richard Guy Briggs wrote: > > > > Replace audit syscall class magic numbers with macros. > > > > This required putting the macros into new header file > > include/linux/auditscm.h since the

Re: [PATCH v3 1/3] audit: replace magic audit syscall class numbers with macros

On 2021-05-10 21:23, Paul Moore wrote: > On Fri, Apr 30, 2021 at 4:36 PM Richard Guy Briggs wrote: > > > > Replace audit syscall class magic numbers with macros. > > > > This required putting the macros into new header file > > include/linux/auditscm.h since the

[PATCH v4 1/3] audit: replace magic audit syscall class numbers with macros

Replace audit syscall class magic numbers with macros. This required putting the macros into new header file include/linux/auditsc_classmacros.h since the syscall macros were included for both 64 bit and 32 bit in any compat code, causing redefinition warnings. Signed-off-by: Richard Guy Briggs

[PATCH v4 0/3] audit: add support for openat2

#define __NR_read 3 ... ./arch/x86/include/generated/uapi/asm/unistd_32.h:386: note: this is the location of the previous definition #define __NR_rseq 386 Richard Guy Briggs (3): audit: replace magic audit syscall class numbers with macros audit: add support for the openat2 syscall audit: add OP

[PATCH v4 2/3] audit: add support for the openat2 syscall

The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9 ("open: introduce openat2(2) syscall") Add the openat2(2) syscall to the audit syscall classifier. Link: https://github.com/linux-audit/audit-kernel/issues/67 Signed-off-by: Richard Guy Briggs Li