svn commit: r367080 - in stable/12/sys: amd64/linux amd64/linux32 arm64/linux compat/freebsd32 i386/linux kern

Tue, 27 Oct 2020 06:14:02 -0700 

Author: kevans
Date: Tue Oct 27 13:13:04 2020
New Revision: 367080
URL: https://svnweb.freebsd.org/changeset/base/367080

Log:
  MFC r367002, r367060
  
  r367002:
  audit: correct reporting of *execve(2) success
  
  r326145 corrected do_execve() to return EJUSTRETURN upon success so that
  important registers are not clobbered. This had the side effect of tapping
  out 'failures' for all *execve(2) audit records, which is less than useful
  for auditing purposes.
  
  Audit exec returns earlier, where we can know for sure that EJUSTRETURN
  translates to success. Note that this unsets TDP_AUDITREC as we commit the
  audit record, so the usual audit in the syscall return path will do nothing.
  
  r367060:
  audit: also correctly audit linux_execve()
  
  Linux execve() gets audited as AUE_EXECVE as well, we should also interpret
  the return from this correctly for the same reasoning as in r367002.
  
  PR:           249179, 242938

Modified:
  stable/12/sys/amd64/linux/linux_machdep.c
  stable/12/sys/amd64/linux32/linux32_machdep.c
  stable/12/sys/arm64/linux/linux_machdep.c
  stable/12/sys/compat/freebsd32/freebsd32_misc.c
  stable/12/sys/i386/linux/linux_machdep.c
  stable/12/sys/kern/kern_exec.c
  stable/12/sys/kern/subr_syscall.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/amd64/linux/linux_machdep.c
==============================================================================
--- stable/12/sys/amd64/linux/linux_machdep.c   Tue Oct 27 12:49:40 2020        
(r367079)
+++ stable/12/sys/amd64/linux/linux_machdep.c   Tue Oct 27 13:13:04 2020        
(r367080)
@@ -81,6 +81,8 @@ __FBSDID("$FreeBSD$");
 #include <x86/ifunc.h>
 #include <x86/sysarch.h>
 
+#include <security/audit/audit.h>
+
 #include <amd64/linux/linux.h>
 #include <amd64/linux/linux_proto.h>
 #include <compat/linux/linux_emul.h>
@@ -107,6 +109,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
        free(path, M_TEMP);
        if (error == 0)
                error = linux_common_execve(td, &eargs);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 }
 

Modified: stable/12/sys/amd64/linux32/linux32_machdep.c
==============================================================================
--- stable/12/sys/amd64/linux32/linux32_machdep.c       Tue Oct 27 12:49:40 
2020        (r367079)
+++ stable/12/sys/amd64/linux32/linux32_machdep.c       Tue Oct 27 13:13:04 
2020        (r367080)
@@ -69,6 +69,8 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm.h>
 #include <vm/vm_map.h>
 
+#include <security/audit/audit.h>
+
 #include <compat/freebsd32/freebsd32_util.h>
 #include <amd64/linux32/linux.h>
 #include <amd64/linux32/linux32_proto.h>
@@ -138,6 +140,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
        free(path, M_TEMP);
        if (error == 0)
                error = linux_common_execve(td, &eargs);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 }
 

Modified: stable/12/sys/arm64/linux/linux_machdep.c
==============================================================================
--- stable/12/sys/arm64/linux/linux_machdep.c   Tue Oct 27 12:49:40 2020        
(r367079)
+++ stable/12/sys/arm64/linux/linux_machdep.c   Tue Oct 27 13:13:04 2020        
(r367080)
@@ -38,6 +38,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/proc.h>
 #include <sys/sdt.h>
 
+#include <security/audit/audit.h>
+
 #include <arm64/linux/linux.h>
 #include <arm64/linux/linux_proto.h>
 #include <compat/linux/linux_dtrace.h>
@@ -74,6 +76,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
        free(path, M_TEMP);
        if (error == 0)
                error = linux_common_execve(td, &eargs);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 }
 

Modified: stable/12/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- stable/12/sys/compat/freebsd32/freebsd32_misc.c     Tue Oct 27 12:49:40 
2020        (r367079)
+++ stable/12/sys/compat/freebsd32/freebsd32_misc.c     Tue Oct 27 13:13:04 
2020        (r367080)
@@ -440,6 +440,7 @@ freebsd32_execve(struct thread *td, struct freebsd32_e
        if (error == 0)
                error = kern_execve(td, &eargs, NULL, oldvmspace);
        post_execve(td, error, oldvmspace);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 }
 
@@ -460,6 +461,7 @@ freebsd32_fexecve(struct thread *td, struct freebsd32_
                error = kern_execve(td, &eargs, NULL, oldvmspace);
        }
        post_execve(td, error, oldvmspace);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 }
 

Modified: stable/12/sys/i386/linux/linux_machdep.c
==============================================================================
--- stable/12/sys/i386/linux/linux_machdep.c    Tue Oct 27 12:49:40 2020        
(r367079)
+++ stable/12/sys/i386/linux/linux_machdep.c    Tue Oct 27 13:13:04 2020        
(r367080)
@@ -61,6 +61,8 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm.h>
 #include <vm/vm_map.h>
 
+#include <security/audit/audit.h>
+
 #include <i386/linux/linux.h>
 #include <i386/linux/linux_proto.h>
 #include <compat/linux/linux_emul.h>
@@ -111,6 +113,7 @@ linux_execve(struct thread *td, struct linux_execve_ar
        free(newpath, M_TEMP);
        if (error == 0)
                error = linux_common_execve(td, &eargs);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 }
 

Modified: stable/12/sys/kern/kern_exec.c
==============================================================================
--- stable/12/sys/kern/kern_exec.c      Tue Oct 27 12:49:40 2020        
(r367079)
+++ stable/12/sys/kern/kern_exec.c      Tue Oct 27 13:13:04 2020        
(r367080)
@@ -224,6 +224,7 @@ sys_execve(struct thread *td, struct execve_args *uap)
        if (error == 0)
                error = kern_execve(td, &args, NULL, oldvmspace);
        post_execve(td, error, oldvmspace);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 }
 
@@ -251,6 +252,7 @@ sys_fexecve(struct thread *td, struct fexecve_args *ua
                error = kern_execve(td, &args, NULL, oldvmspace);
        }
        post_execve(td, error, oldvmspace);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 }
 
@@ -279,6 +281,7 @@ sys___mac_execve(struct thread *td, struct __mac_execv
        if (error == 0)
                error = kern_execve(td, &args, uap->mac_p, oldvmspace);
        post_execve(td, error, oldvmspace);
+       AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
        return (error);
 #else
        return (ENOSYS);

Modified: stable/12/sys/kern/subr_syscall.c
==============================================================================
--- stable/12/sys/kern/subr_syscall.c   Tue Oct 27 12:49:40 2020        
(r367079)
+++ stable/12/sys/kern/subr_syscall.c   Tue Oct 27 13:13:04 2020        
(r367080)
@@ -142,6 +142,16 @@ syscallenter(struct thread *td)
 
        AUDIT_SYSCALL_ENTER(sa->code, td);
        error = (sa->callp->sy_call)(td, sa->args);
+
+       /*
+        * Note that some syscall implementations (e.g., sys_execve)
+        * will commit the audit record just before their final return.
+        * These were done under the assumption that nothing of interest
+        * would happen between their return and here, where we would
+        * normally commit the audit record.  These assumptions will
+        * need to be revisited should any substantial logic be added
+        * above.
+        */
        AUDIT_SYSCALL_EXIT(error, td);
 
        /* Save the latest error return value. */
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to