mirror of
https://github.com/torvalds/linux.git
synced 2025-11-01 17:18:25 +02:00
02aff8db64
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAlzRrzoUHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNc7hAApgsi+3Jf9i29mgrKdrTciZ35TegK
C8pTlOIndpBcmdwDakR50/PgfMHdHll8M9TReVNEjbe0S+Ww5GTE7eWtL3YqoPC2
MuXEqcriz6UNi5Xma6vCZrDznWLXkXnzMDoDoYGDSoKuUYxef0fuqxDBnERM60Ht
s52+0XvR5ZseBw7I1KIv/ix2fXuCGq6eCdqassm0rvLPQ7bq6nWzFAlNXOLud303
DjIWu6Op2EL0+fJSmG+9Z76zFjyEbhMIhw5OPDeH4eO3pxX29AIv0m0JlI7ZXxfc
/VVC3r5G4WrsWxwKMstOokbmsQxZ5pB3ZaceYpco7U+9N2e3SlpsNM9TV+Y/0ac/
ynhYa//GK195LpMXx1BmWmLpjBHNgL8MvQkVTIpDia0GT+5sX7+haDxNLGYbocmw
A/mR+KM2jAU3QzNseGh6c659j3K4tbMIFMNxt7pUBxVPLafcccNngFGTpzCwu5GU
b7y4d21g6g/3Irj14NYU/qS8dTjW0rYrCMDquTpxmMfZ2xYuSvQmnBw91NQzVBp2
98L2/fsUG3yOa5MApgv+ryJySsIM+SW+7leKS5tjy/IJINzyPEZ85l3o8ck8X4eT
nohpKc/ELmeyi3omFYq18ecvFf2YRS5jRnz89i9q65/3ESgGiC0wyGOhNTvjvsyv
k4jT0slIK614aGk=
=p8Fp
-----END PGP SIGNATURE-----
Merge tag 'audit-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit updates from Paul Moore:
"We've got a reasonably broad set of audit patches for the v5.2 merge
window, the highlights are below:
- The biggest change, and the source of all the arch/* changes, is
the patchset from Dmitry to help enable some of the work he is
doing around PTRACE_GET_SYSCALL_INFO.
To be honest, including this in the audit tree is a bit of a
stretch, but it does help move audit a little further along towards
proper syscall auditing for all arches, and everyone else seemed to
agree that audit was a "good" spot for this to land (or maybe they
just didn't want to merge it? dunno.).
- We can now audit time/NTP adjustments.
- We continue the work to connect associated audit records into a
single event"
* tag 'audit-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: (21 commits)
audit: fix a memory leak bug
ntp: Audit NTP parameters adjustment
timekeeping: Audit clock adjustments
audit: purge unnecessary list_empty calls
audit: link integrity evm_write_xattrs record to syscall event
syscall_get_arch: add "struct task_struct *" argument
unicore32: define syscall_get_arch()
Move EM_UNICORE to uapi/linux/elf-em.h
nios2: define syscall_get_arch()
nds32: define syscall_get_arch()
Move EM_NDS32 to uapi/linux/elf-em.h
m68k: define syscall_get_arch()
hexagon: define syscall_get_arch()
Move EM_HEXAGON to uapi/linux/elf-em.h
h8300: define syscall_get_arch()
c6x: define syscall_get_arch()
arc: define syscall_get_arch()
Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h
audit: Make audit_log_cap and audit_copy_inode static
audit: connect LOGIN record to its syscall record
...
147 lines
5.6 KiB
C
147 lines
5.6 KiB
C
/*
|
|
* Access to user system call parameters and results
|
|
*
|
|
* Copyright (C) 2008-2009 Red Hat, Inc. All rights reserved.
|
|
*
|
|
* This copyrighted material is made available to anyone wishing to use,
|
|
* modify, copy, or redistribute it subject to the terms and conditions
|
|
* of the GNU General Public License v.2.
|
|
*
|
|
* This file is a stub providing documentation for what functions
|
|
* asm-ARCH/syscall.h files need to define. Most arch definitions
|
|
* will be simple inlines.
|
|
*
|
|
* All of these functions expect to be called with no locks,
|
|
* and only when the caller is sure that the task of interest
|
|
* cannot return to user mode while we are looking at it.
|
|
*/
|
|
|
|
#ifndef _ASM_SYSCALL_H
|
|
#define _ASM_SYSCALL_H 1
|
|
|
|
struct task_struct;
|
|
struct pt_regs;
|
|
|
|
/**
|
|
* syscall_get_nr - find what system call a task is executing
|
|
* @task: task of interest, must be blocked
|
|
* @regs: task_pt_regs() of @task
|
|
*
|
|
* If @task is executing a system call or is at system call
|
|
* tracing about to attempt one, returns the system call number.
|
|
* If @task is not executing a system call, i.e. it's blocked
|
|
* inside the kernel for a fault or signal, returns -1.
|
|
*
|
|
* Note this returns int even on 64-bit machines. Only 32 bits of
|
|
* system call number can be meaningful. If the actual arch value
|
|
* is 64 bits, this truncates to 32 bits so 0xffffffff means -1.
|
|
*
|
|
* It's only valid to call this when @task is known to be blocked.
|
|
*/
|
|
int syscall_get_nr(struct task_struct *task, struct pt_regs *regs);
|
|
|
|
/**
|
|
* syscall_rollback - roll back registers after an aborted system call
|
|
* @task: task of interest, must be in system call exit tracing
|
|
* @regs: task_pt_regs() of @task
|
|
*
|
|
* It's only valid to call this when @task is stopped for system
|
|
* call exit tracing (due to TIF_SYSCALL_TRACE or TIF_SYSCALL_AUDIT),
|
|
* after tracehook_report_syscall_entry() returned nonzero to prevent
|
|
* the system call from taking place.
|
|
*
|
|
* This rolls back the register state in @regs so it's as if the
|
|
* system call instruction was a no-op. The registers containing
|
|
* the system call number and arguments are as they were before the
|
|
* system call instruction. This may not be the same as what the
|
|
* register state looked like at system call entry tracing.
|
|
*/
|
|
void syscall_rollback(struct task_struct *task, struct pt_regs *regs);
|
|
|
|
/**
|
|
* syscall_get_error - check result of traced system call
|
|
* @task: task of interest, must be blocked
|
|
* @regs: task_pt_regs() of @task
|
|
*
|
|
* Returns 0 if the system call succeeded, or -ERRORCODE if it failed.
|
|
*
|
|
* It's only valid to call this when @task is stopped for tracing on exit
|
|
* from a system call, due to %TIF_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
|
|
*/
|
|
long syscall_get_error(struct task_struct *task, struct pt_regs *regs);
|
|
|
|
/**
|
|
* syscall_get_return_value - get the return value of a traced system call
|
|
* @task: task of interest, must be blocked
|
|
* @regs: task_pt_regs() of @task
|
|
*
|
|
* Returns the return value of the successful system call.
|
|
* This value is meaningless if syscall_get_error() returned nonzero.
|
|
*
|
|
* It's only valid to call this when @task is stopped for tracing on exit
|
|
* from a system call, due to %TIF_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
|
|
*/
|
|
long syscall_get_return_value(struct task_struct *task, struct pt_regs *regs);
|
|
|
|
/**
|
|
* syscall_set_return_value - change the return value of a traced system call
|
|
* @task: task of interest, must be blocked
|
|
* @regs: task_pt_regs() of @task
|
|
* @error: negative error code, or zero to indicate success
|
|
* @val: user return value if @error is zero
|
|
*
|
|
* This changes the results of the system call that user mode will see.
|
|
* If @error is zero, the user sees a successful system call with a
|
|
* return value of @val. If @error is nonzero, it's a negated errno
|
|
* code; the user sees a failed system call with this errno code.
|
|
*
|
|
* It's only valid to call this when @task is stopped for tracing on exit
|
|
* from a system call, due to %TIF_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
|
|
*/
|
|
void syscall_set_return_value(struct task_struct *task, struct pt_regs *regs,
|
|
int error, long val);
|
|
|
|
/**
|
|
* syscall_get_arguments - extract system call parameter values
|
|
* @task: task of interest, must be blocked
|
|
* @regs: task_pt_regs() of @task
|
|
* @args: array filled with argument values
|
|
*
|
|
* Fetches 6 arguments to the system call. First argument is stored in
|
|
* @args[0], and so on.
|
|
*
|
|
* It's only valid to call this when @task is stopped for tracing on
|
|
* entry to a system call, due to %TIF_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
|
|
*/
|
|
void syscall_get_arguments(struct task_struct *task, struct pt_regs *regs,
|
|
unsigned long *args);
|
|
|
|
/**
|
|
* syscall_set_arguments - change system call parameter value
|
|
* @task: task of interest, must be in system call entry tracing
|
|
* @regs: task_pt_regs() of @task
|
|
* @args: array of argument values to store
|
|
*
|
|
* Changes 6 arguments to the system call.
|
|
* The first argument gets value @args[0], and so on.
|
|
*
|
|
* It's only valid to call this when @task is stopped for tracing on
|
|
* entry to a system call, due to %TIF_SYSCALL_TRACE or %TIF_SYSCALL_AUDIT.
|
|
*/
|
|
void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
|
|
const unsigned long *args);
|
|
|
|
/**
|
|
* syscall_get_arch - return the AUDIT_ARCH for the current system call
|
|
* @task: task of interest, must be blocked
|
|
*
|
|
* Returns the AUDIT_ARCH_* based on the system call convention in use.
|
|
*
|
|
* It's only valid to call this when @task is stopped on entry to a system
|
|
* call, due to %TIF_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or %TIF_SECCOMP.
|
|
*
|
|
* Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must
|
|
* provide an implementation of this.
|
|
*/
|
|
int syscall_get_arch(struct task_struct *task);
|
|
#endif /* _ASM_SYSCALL_H */
|