Date: Tue, 27 Oct 2020 13:13:04 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r367080 - in stable/12/sys: amd64/linux amd64/linux32 arm64/linux compat/freebsd32 i386/linux kern Message-ID: <202010271313.09RDD48l048608@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Tue Oct 27 13:13:04 2020 New Revision: 367080 URL: https://svnweb.freebsd.org/changeset/base/367080 Log: MFC r367002, r367060 r367002: audit: correct reporting of *execve(2) success r326145 corrected do_execve() to return EJUSTRETURN upon success so that important registers are not clobbered. This had the side effect of tapping out 'failures' for all *execve(2) audit records, which is less than useful for auditing purposes. Audit exec returns earlier, where we can know for sure that EJUSTRETURN translates to success. Note that this unsets TDP_AUDITREC as we commit the audit record, so the usual audit in the syscall return path will do nothing. r367060: audit: also correctly audit linux_execve() Linux execve() gets audited as AUE_EXECVE as well, we should also interpret the return from this correctly for the same reasoning as in r367002. PR: 249179, 242938 Modified: stable/12/sys/amd64/linux/linux_machdep.c stable/12/sys/amd64/linux32/linux32_machdep.c stable/12/sys/arm64/linux/linux_machdep.c stable/12/sys/compat/freebsd32/freebsd32_misc.c stable/12/sys/i386/linux/linux_machdep.c stable/12/sys/kern/kern_exec.c stable/12/sys/kern/subr_syscall.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/amd64/linux/linux_machdep.c ============================================================================== --- stable/12/sys/amd64/linux/linux_machdep.c Tue Oct 27 12:49:40 2020 (r367079) +++ stable/12/sys/amd64/linux/linux_machdep.c Tue Oct 27 13:13:04 2020 (r367080) @@ -81,6 +81,8 @@ __FBSDID("$FreeBSD$"); #include <x86/ifunc.h> #include <x86/sysarch.h> +#include <security/audit/audit.h> + #include <amd64/linux/linux.h> #include <amd64/linux/linux_proto.h> #include <compat/linux/linux_emul.h> @@ -107,6 +109,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: stable/12/sys/amd64/linux32/linux32_machdep.c ============================================================================== --- stable/12/sys/amd64/linux32/linux32_machdep.c Tue Oct 27 12:49:40 2020 (r367079) +++ stable/12/sys/amd64/linux32/linux32_machdep.c Tue Oct 27 13:13:04 2020 (r367080) @@ -69,6 +69,8 @@ __FBSDID("$FreeBSD$"); #include <vm/vm.h> #include <vm/vm_map.h> +#include <security/audit/audit.h> + #include <compat/freebsd32/freebsd32_util.h> #include <amd64/linux32/linux.h> #include <amd64/linux32/linux32_proto.h> @@ -138,6 +140,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: stable/12/sys/arm64/linux/linux_machdep.c ============================================================================== --- stable/12/sys/arm64/linux/linux_machdep.c Tue Oct 27 12:49:40 2020 (r367079) +++ stable/12/sys/arm64/linux/linux_machdep.c Tue Oct 27 13:13:04 2020 (r367080) @@ -38,6 +38,8 @@ __FBSDID("$FreeBSD$"); #include <sys/proc.h> #include <sys/sdt.h> +#include <security/audit/audit.h> + #include <arm64/linux/linux.h> #include <arm64/linux/linux_proto.h> #include <compat/linux/linux_dtrace.h> @@ -74,6 +76,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(path, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: stable/12/sys/compat/freebsd32/freebsd32_misc.c ============================================================================== --- stable/12/sys/compat/freebsd32/freebsd32_misc.c Tue Oct 27 12:49:40 2020 (r367079) +++ stable/12/sys/compat/freebsd32/freebsd32_misc.c Tue Oct 27 13:13:04 2020 (r367080) @@ -440,6 +440,7 @@ freebsd32_execve(struct thread *td, struct freebsd32_e if (error == 0) error = kern_execve(td, &eargs, NULL, oldvmspace); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -460,6 +461,7 @@ freebsd32_fexecve(struct thread *td, struct freebsd32_ error = kern_execve(td, &eargs, NULL, oldvmspace); } post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: stable/12/sys/i386/linux/linux_machdep.c ============================================================================== --- stable/12/sys/i386/linux/linux_machdep.c Tue Oct 27 12:49:40 2020 (r367079) +++ stable/12/sys/i386/linux/linux_machdep.c Tue Oct 27 13:13:04 2020 (r367080) @@ -61,6 +61,8 @@ __FBSDID("$FreeBSD$"); #include <vm/vm.h> #include <vm/vm_map.h> +#include <security/audit/audit.h> + #include <i386/linux/linux.h> #include <i386/linux/linux_proto.h> #include <compat/linux/linux_emul.h> @@ -111,6 +113,7 @@ linux_execve(struct thread *td, struct linux_execve_ar free(newpath, M_TEMP); if (error == 0) error = linux_common_execve(td, &eargs); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } Modified: stable/12/sys/kern/kern_exec.c ============================================================================== --- stable/12/sys/kern/kern_exec.c Tue Oct 27 12:49:40 2020 (r367079) +++ stable/12/sys/kern/kern_exec.c Tue Oct 27 13:13:04 2020 (r367080) @@ -224,6 +224,7 @@ sys_execve(struct thread *td, struct execve_args *uap) if (error == 0) error = kern_execve(td, &args, NULL, oldvmspace); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -251,6 +252,7 @@ sys_fexecve(struct thread *td, struct fexecve_args *ua error = kern_execve(td, &args, NULL, oldvmspace); } post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); } @@ -279,6 +281,7 @@ sys___mac_execve(struct thread *td, struct __mac_execv if (error == 0) error = kern_execve(td, &args, uap->mac_p, oldvmspace); post_execve(td, error, oldvmspace); + AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td); return (error); #else return (ENOSYS); Modified: stable/12/sys/kern/subr_syscall.c ============================================================================== --- stable/12/sys/kern/subr_syscall.c Tue Oct 27 12:49:40 2020 (r367079) +++ stable/12/sys/kern/subr_syscall.c Tue Oct 27 13:13:04 2020 (r367080) @@ -142,6 +142,16 @@ syscallenter(struct thread *td) AUDIT_SYSCALL_ENTER(sa->code, td); error = (sa->callp->sy_call)(td, sa->args); + + /* + * Note that some syscall implementations (e.g., sys_execve) + * will commit the audit record just before their final return. + * These were done under the assumption that nothing of interest + * would happen between their return and here, where we would + * normally commit the audit record. These assumptions will + * need to be revisited should any substantial logic be added + * above. + */ AUDIT_SYSCALL_EXIT(error, td); /* Save the latest error return value. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010271313.09RDD48l048608>