IA64, PPC system call path audit patches

Robert Watson rwatson at FreeBSD.org
Fri Sep 1 07:11:08 UTC 2006 

(This is a resend of a previously sent patch to ppc@, FYI)

Attached is a patch that adds the audit event points in the system call paths 
for ia64, the ia32 emulation in ia64, and the system call path for ppc.  I'd 
like to get these committed in the next few days, but am not set up to test 
them.  A head nod from ia64/ppc maintainers would be good regardless of 
whether audit itself has specifically been tested, and it also wouldn't hurt 
to compile boot it :-).

(I'm set up to test/run audit on i386 and amd64, but not other platforms.)

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge

--- //depot/projects/trustedbsd/base/sys/ia64/ia32/ia32_trap.c	2006/08/05 14:21:26
+++ //depot/projects/trustedbsd/audit3/sys/ia64/ia32/ia32_trap.c	2006/08/06 13:19:15
@@ -46,6 +46,8 @@
  #include <machine/md_var.h>
  #include <i386/include/psl.h>

+#include <security/audit/audit.h>
+
  extern char *syscallnames[];

  static void
@@ -122,7 +124,9 @@

  		PTRACESTOP_SC(p, td, S_PT_SCE);

+		AUDIT_SYSCALL_ENTER(code, td);
  		error = (*callp->sy_call)(td, args64);
+		AUDIT_SYSCALL_EXIT(error, td);
  	}

  	switch (error) {
--- //depot/projects/trustedbsd/base/sys/ia64/ia64/trap.c	2006/08/05 14:21:26
+++ //depot/projects/trustedbsd/audit3/sys/ia64/ia64/trap.c	2006/08/06 13:21:12
@@ -72,6 +72,8 @@
  #include <sys/ktrace.h>
  #endif

+#include <security/audit/audit.h>
+
  #include <ia64/disasm/disasm.h>

  static int print_usertrap = 0;
@@ -1016,7 +1018,9 @@

  	PTRACESTOP_SC(p, td, S_PT_SCE);

+	AUDIT_SYSCALL_ENTER(code, td);
  	error = (*callp->sy_call)(td, args);
+	AUDIT_SYSCALL_EXIT(error, td);

  	if (error != EJUSTRETURN) {
  		/*
--- //depot/projects/trustedbsd/base/sys/powerpc/powerpc/trap.c	2006/08/05 14:21:26
+++ //depot/projects/trustedbsd/audit3/sys/powerpc/powerpc/trap.c	2006/08/06 13:22:21
@@ -55,6 +55,8 @@
  #endif
  #include <sys/vmmeter.h>

+#include <security/audit/audit.h>
+
  #include <vm/vm.h>
  #include <vm/pmap.h>
  #include <vm/vm_extern.h>
@@ -418,7 +420,9 @@

  		PTRACESTOP_SC(p, td, S_PT_SCE);

+		AUDIT_SYSCALL_ENTER(code, td);
  		error = (*callp->sy_call)(td, params);
+		AUDIT_SYSCALL_EXIT(error, td);

  		CTR3(KTR_SYSC, "syscall: p=%s %s ret=%x", p->p_comm,
  		     syscallnames[code], td->td_retval[0]);

More information about the freebsd-ppc mailing list