Date: Fri, 1 Sep 2006 08:11:07 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: ppc@FreeBSD.org, ia64@FreeBSD.org Cc: marcel@FreeBSD.org Subject: IA64, PPC system call path audit patches Message-ID: <20060901080402.W97485@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
(This is a resend of a previously sent patch to ppc@, FYI)
Attached is a patch that adds the audit event points in the system call paths
for ia64, the ia32 emulation in ia64, and the system call path for ppc. I'd
like to get these committed in the next few days, but am not set up to test
them. A head nod from ia64/ppc maintainers would be good regardless of
whether audit itself has specifically been tested, and it also wouldn't hurt
to compile boot it :-).
(I'm set up to test/run audit on i386 and amd64, but not other platforms.)
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
--- //depot/projects/trustedbsd/base/sys/ia64/ia32/ia32_trap.c 2006/08/05 14:21:26
+++ //depot/projects/trustedbsd/audit3/sys/ia64/ia32/ia32_trap.c 2006/08/06 13:19:15
@@ -46,6 +46,8 @@
#include <machine/md_var.h>
#include <i386/include/psl.h>
+#include <security/audit/audit.h>
+
extern char *syscallnames[];
static void
@@ -122,7 +124,9 @@
PTRACESTOP_SC(p, td, S_PT_SCE);
+ AUDIT_SYSCALL_ENTER(code, td);
error = (*callp->sy_call)(td, args64);
+ AUDIT_SYSCALL_EXIT(error, td);
}
switch (error) {
--- //depot/projects/trustedbsd/base/sys/ia64/ia64/trap.c 2006/08/05 14:21:26
+++ //depot/projects/trustedbsd/audit3/sys/ia64/ia64/trap.c 2006/08/06 13:21:12
@@ -72,6 +72,8 @@
#include <sys/ktrace.h>
#endif
+#include <security/audit/audit.h>
+
#include <ia64/disasm/disasm.h>
static int print_usertrap = 0;
@@ -1016,7 +1018,9 @@
PTRACESTOP_SC(p, td, S_PT_SCE);
+ AUDIT_SYSCALL_ENTER(code, td);
error = (*callp->sy_call)(td, args);
+ AUDIT_SYSCALL_EXIT(error, td);
if (error != EJUSTRETURN) {
/*
--- //depot/projects/trustedbsd/base/sys/powerpc/powerpc/trap.c 2006/08/05 14:21:26
+++ //depot/projects/trustedbsd/audit3/sys/powerpc/powerpc/trap.c 2006/08/06 13:22:21
@@ -55,6 +55,8 @@
#endif
#include <sys/vmmeter.h>
+#include <security/audit/audit.h>
+
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_extern.h>
@@ -418,7 +420,9 @@
PTRACESTOP_SC(p, td, S_PT_SCE);
+ AUDIT_SYSCALL_ENTER(code, td);
error = (*callp->sy_call)(td, params);
+ AUDIT_SYSCALL_EXIT(error, td);
CTR3(KTR_SYSC, "syscall: p=%s %s ret=%x", p->p_comm,
syscallnames[code], td->td_retval[0]);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060901080402.W97485>