29ef73b7a8
This patch provides functionality to audit system call events on the ARM platform. The implementation was based off the structure of the MIPS platform and information in this (http://lists.fedoraproject.org/pipermail/arm/2009-October/000382.html) mailing list thread. The required audit_syscall_exit and audit_syscall_entry checks were added to ptrace using the standard registers for system call values (r0 through r3). A thread information flag was added for auditing (TIF_SYSCALL_AUDIT) and a meta-flag was added (_TIF_SYSCALL_WORK) to simplify modifications to the syscall entry/exit. Now, if either the TRACE flag is set or the AUDIT flag is set, the syscall_trace function will be executed. The prober changes were made to Kconfig to allow CONFIG_AUDITSYSCALL to be enabled. Due to platform availability limitations, this patch was only tested on the Android platform running the modified "android-goldfish-2.6.29" kernel. A test compile was performed using Code Sourcery's cross-compilation toolset and the current linux-3.0 stable kernel. The changes compile without error. I'm hoping, due to the simple modifications, the patch is "obviously correct". Signed-off-by: Nathaniel Husted <nhusted@gmail.com> Signed-off-by: Eric Paris <eparis@redhat.com>
66 lines
1.9 KiB
C
66 lines
1.9 KiB
C
/*
|
|
* arch/arm/include/asm/kprobes.h
|
|
*
|
|
* Copyright (C) 2006, 2007 Motorola Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*/
|
|
|
|
#ifndef _ARM_KPROBES_H
|
|
#define _ARM_KPROBES_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/ptrace.h>
|
|
#include <linux/percpu.h>
|
|
|
|
#define __ARCH_WANT_KPROBES_INSN_SLOT
|
|
#define MAX_INSN_SIZE 2
|
|
#define MAX_STACK_SIZE 64 /* 32 would probably be OK */
|
|
|
|
#define flush_insn_slot(p) do { } while (0)
|
|
#define kretprobe_blacklist_size 0
|
|
|
|
typedef u32 kprobe_opcode_t;
|
|
|
|
struct kprobe;
|
|
typedef void (kprobe_insn_handler_t)(struct kprobe *, struct pt_regs *);
|
|
typedef unsigned long (kprobe_check_cc)(unsigned long);
|
|
typedef void (kprobe_insn_singlestep_t)(struct kprobe *, struct pt_regs *);
|
|
typedef void (kprobe_insn_fn_t)(void);
|
|
|
|
/* Architecture specific copy of original instruction. */
|
|
struct arch_specific_insn {
|
|
kprobe_opcode_t *insn;
|
|
kprobe_insn_handler_t *insn_handler;
|
|
kprobe_check_cc *insn_check_cc;
|
|
kprobe_insn_singlestep_t *insn_singlestep;
|
|
kprobe_insn_fn_t *insn_fn;
|
|
};
|
|
|
|
struct prev_kprobe {
|
|
struct kprobe *kp;
|
|
unsigned int status;
|
|
};
|
|
|
|
/* per-cpu kprobe control block */
|
|
struct kprobe_ctlblk {
|
|
unsigned int kprobe_status;
|
|
struct prev_kprobe prev_kprobe;
|
|
struct pt_regs jprobe_saved_regs;
|
|
char jprobes_stack[MAX_STACK_SIZE];
|
|
};
|
|
|
|
void arch_remove_kprobe(struct kprobe *);
|
|
int kprobe_fault_handler(struct pt_regs *regs, unsigned int fsr);
|
|
int kprobe_exceptions_notify(struct notifier_block *self,
|
|
unsigned long val, void *data);
|
|
|
|
|
|
#endif /* _ARM_KPROBES_H */
|