MIPS: Add syscall auditing support

The original patch is from Ralf. I have maintained it for more than six
years on Loongson platform, and it works perfectly. Most of the commit
messages are written by Ralf.

MIPS doesn't quite fit into the existing pattern of other architectures
and I'd appreciate your comments and maybe even an Acked-by.

 - Linux on MIPS extends the traditional syscall table used by older UNIX
   implementations.  This is why 32-bit Linux syscalls are starting from
   4000; the native 64-bit syscalls start from 5000 and the N32 compat ABI
   from 6000.  The existing syscall bitmap is only large enough for at most
   2048 syscalls, so I had to increase AUDIT_BITMASK_SIZE to 256 which
   provides enough space for 8192 syscalls.  Because include/uapi/linux/
   audit.h and AUDIT_BITMASK_SIZE are exported to userspace I've used an
   #ifdef __mips__ for this.

 - The code treats the little endian MIPS architecture as separate from
   big endian.  Combined with the 3 ABIs that's 6 combinations.  I tried
   to sort of follow the example set by ARM which explicitly lists the
   (rare) big endian architecture variant - but it doesn't seem to very
   useful so I wonder if this could be squashed to just the three ABIs
   without consideration of endianness?

Signed-off-by: Ralf Baechle <[email protected]>
Signed-off-by: Huacai Chen <[email protected]>
Reviewed-by: Jiaxun Yang <[email protected]>

Source: https://www.spinics.net/lists/mips/msg76903.html
- includes code cleanup to silent few checkpatch.pl errors and warnings.

Orabug: 31245225

Signed-off-by: Vijay Kumar <[email protected]>
Reviewed-by: Dave Kleikamp <[email protected]>
Signed-off-by: Somasundaram Krishnasamy <[email protected]>

Author: ralfbaechle

arch/mips/Kconfig

@@ -15,6 +15,7 @@ config MIPS
 	select ARCH_USE_QUEUED_RWLOCKS
 	select ARCH_USE_QUEUED_SPINLOCKS
 	select ARCH_WANT_IPC_PARSE_VERSION
+	select AUDIT_ARCH
 	select BUILDTIME_EXTABLE_SORT
 	select CLONE_BACKWARDS
 	select CPU_PM if CPU_IDLE
@@ -29,6 +30,7 @@ config MIPS
 	select GENERIC_SMP_IDLE_THREAD
 	select GENERIC_TIME_VSYSCALL
 	select HANDLE_DOMAIN_IRQ
+	select HAVE_ARCH_AUDITSYSCALL
 	select HAVE_ARCH_JUMP_LABEL
 	select HAVE_ARCH_KGDB
 	select HAVE_ARCH_MMAP_RND_BITS if MMU
@@ -1069,6 +1071,15 @@ config FW_ARC
 config ARCH_MAY_HAVE_PC_FDC
 	bool
 
+config AUDIT_ARCH
+	bool
+
+config AUDITSYSCALL_O32
+	bool
+
+config AUDITSYSCALL_N32
+	bool
+
 config BOOT_RAW
 	bool
 
@@ -3172,6 +3183,7 @@ config MIPS32_O32
 	select COMPAT
 	select MIPS32_COMPAT
 	select SYSVIPC_COMPAT if SYSVIPC
+	select AUDITSYSCALL_O32 if AUDITSYSCALL
 	help
 	  Select this option if you want to run o32 binaries.  These are pure
 	  32-bit binaries as used by the 32-bit Linux/MIPS port.  Most of
@@ -3185,6 +3197,7 @@ config MIPS32_N32
 	select COMPAT
 	select MIPS32_COMPAT
 	select SYSVIPC_COMPAT if SYSVIPC
+	select AUDITSYSCALL_N32 if AUDITSYSCALL
 	help
 	  Select this option if you want to run n32 binaries.  These are
 	  64-bit binaries using 32-bit quantities for addressing and certain

arch/mips/include/asm/abi.h

@@ -21,6 +21,7 @@ struct mips_abi {
 	int (* const setup_rt_frame)(void *sig_return, struct ksignal *ksig,
 				     struct pt_regs *regs, sigset_t *set);
 	const unsigned long	restart;
+	const int audit_arch;
 
 	unsigned	off_sc_fpregs;
 	unsigned	off_sc_fpc_csr;

arch/mips/include/asm/unistd.h

@@ -67,4 +67,14 @@
 
 #endif /* !__ASSEMBLY__ */
 
+#ifdef CONFIG_MIPS32_N32
+#define NR_syscalls    (__NR_N32_Linux + __NR_N32_Linux_syscalls)
+#elif defined(CONFIG_64BIT)
+#define NR_syscalls    (__NR_64_Linux  + __NR_64_Linux_syscalls)
+#elif defined(CONFIG_32BIT)
+#define NR_syscalls    (__NR_O32_Linux + __NR_O32_Linux_syscalls)
+#else
+#error Must know ABIs in use to define NR_syscalls
+#endif
+
 #endif /* _ASM_UNISTD_H */

arch/mips/include/uapi/asm/unistd.h

@@ -7,15 +7,16 @@
  * Copyright (C) 1995, 96, 97, 98, 99, 2000 by Ralf Baechle
  * Copyright (C) 1999, 2000 Silicon Graphics, Inc.
  *
- * Changed system calls macros _syscall5 - _syscall7 to push args 5 to 7 onto
- * the stack. Robin Farine for ACN S.A, Copyright (C) 1996 by ACN S.A
  */
 #ifndef _UAPI_ASM_UNISTD_H
 #define _UAPI_ASM_UNISTD_H
 
 #include <asm/sgidefs.h>
 
-#if _MIPS_SIM == _MIPS_SIM_ABI32
+#if (defined(__WANT_SYSCALL_NUMBERS) &&                                        \
+	(__WANT_SYSCALL_NUMBERS == _MIPS_SIM_ABI32)) ||                 \
+	(!defined(__WANT_SYSCALL_NUMBERS) && _MIPS_SIM == _MIPS_SIM_ABI32)
+
 
 /*
  * Linux o32 style syscalls are in the range from 4000 to 4999.
@@ -394,13 +395,14 @@
  * Offset of the last Linux o32 flavoured syscall
  */
 #define __NR_Linux_syscalls		366
-
-#endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */
+#endif /* Want O32 || _MIPS_SIM == _MIPS_SIM_ABI32  */
 
 #define __NR_O32_Linux			4000
 #define __NR_O32_Linux_syscalls		366
 
-#if _MIPS_SIM == _MIPS_SIM_ABI64
+#if (defined(__WANT_SYSCALL_NUMBERS) &&                                        \
+	(__WANT_SYSCALL_NUMBERS == _MIPS_SIM_ABI64)) ||                 \
+	(!defined(__WANT_SYSCALL_NUMBERS) && _MIPS_SIM == _MIPS_SIM_ABI64)
 
 /*
  * Linux 64-bit syscalls are in the range from 5000 to 5999.
@@ -739,12 +741,14 @@
  */
 #define __NR_Linux_syscalls		326
 
-#endif /* _MIPS_SIM == _MIPS_SIM_ABI64 */
+#endif /* Want N64 || _MIPS_SIM == _MIPS_SIM_ABI64  */
 
 #define __NR_64_Linux			5000
 #define __NR_64_Linux_syscalls		326
 
-#if _MIPS_SIM == _MIPS_SIM_NABI32
+#if (defined(__WANT_SYSCALL_NUMBERS) &&                                        \
+	(__WANT_SYSCALL_NUMBERS == _MIPS_SIM_NABI32)) ||                \
+	(!defined(__WANT_SYSCALL_NUMBERS) && _MIPS_SIM == _MIPS_SIM_NABI32)
 
 /*
  * Linux N32 syscalls are in the range from 6000 to 6999.
@@ -1087,7 +1091,7 @@
  */
 #define __NR_Linux_syscalls		330
 
-#endif /* _MIPS_SIM == _MIPS_SIM_NABI32 */
+#endif /* Want N32 || _MIPS_SIM == _MIPS_SIM_NABI32  */
 
 #define __NR_N32_Linux			6000
 #define __NR_N32_Linux_syscalls		330

arch/mips/kernel/Makefile

@@ -107,6 +107,10 @@ obj-$(CONFIG_HW_PERF_EVENTS)	+= perf_event_mipsxx.o
 obj-$(CONFIG_JUMP_LABEL)	+= jump_label.o
 obj-$(CONFIG_UPROBES)		+= uprobes.o
 
+obj-$(CONFIG_AUDITSYSCALL_O32) += audit-o32.o
+obj-$(CONFIG_AUDITSYSCALL_N32) += audit-n32.o
+obj-$(CONFIG_AUDITSYSCALL)     += audit-native.o
+
 obj-$(CONFIG_MIPS_CM)		+= mips-cm.o
 obj-$(CONFIG_MIPS_CPC)		+= mips-cpc.o
 

arch/mips/kernel/audit-n32.c

@@ -0,0 +1,59 @@
+#define __WANT_SYSCALL_NUMBERS _MIPS_SIM_NABI32
+
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/audit.h>
+#include <asm/unistd.h>
+
+static unsigned int dir_class_n32[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+
+static unsigned int read_class_n32[] = {
+#include <asm-generic/audit_read.h>
+0U
+};
+
+static unsigned int write_class_n32[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+
+static unsigned int chattr_class_n32[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+
+static unsigned int signal_class_n32[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+
+int audit_classify_syscall_n32(int abi, unsigned int syscall)
+{
+	switch (syscall) {
+	case __NR_open:
+		return 2;
+	case __NR_openat:
+		return 3;
+	case __NR_execve:
+		return 5;
+	default:
+		return 0;
+	}
+}
+
+static int __init audit_classes_n32_init(void)
+{
+	audit_register_class(AUDIT_CLASS_WRITE_N32, write_class_n32);
+	audit_register_class(AUDIT_CLASS_READ_N32, read_class_n32);
+	audit_register_class(AUDIT_CLASS_DIR_WRITE_N32, dir_class_n32);
+	audit_register_class(AUDIT_CLASS_CHATTR_N32, chattr_class_n32);
+	audit_register_class(AUDIT_CLASS_SIGNAL_N32, signal_class_n32);
+
+	return 0;
+}
+
+arch_initcall(audit_classes_n32_init);
+

arch/mips/kernel/audit-native.c

@@ -0,0 +1,102 @@
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/audit.h>
+#include <asm/unistd.h>
+
+static unsigned int dir_class[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+
+static unsigned int read_class[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+
+static unsigned int write_class[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+
+static unsigned int chattr_class[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+
+static unsigned int signal_class[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+
+
+/*
+ * Pretend to be a single architecture
+ */
+int audit_classify_arch(int arch)
+{
+	return 0;
+}
+
+extern int audit_classify_syscall_o32(int abi, unsigned int syscall);
+extern int audit_classify_syscall_n32(int abi, unsigned int syscall);
+
+int audit_classify_syscall(int abi, unsigned int syscall)
+{
+	int res;
+
+	switch (syscall) {
+	case __NR_open:
+		res = 2;
+		break;
+	case __NR_openat:
+		res = 3;
+		break;
+#ifdef __NR_socketcall         /* Only exists on O32 */
+	case __NR_socketcall:
+		res = 4;
+		break;
+#endif
+	case __NR_execve:
+		res = 5;
+		break;
+	default:
+#ifdef CONFIG_AUDITSYSCALL_O32
+		res = audit_classify_syscall_o32(abi, syscall);
+		if (res)
+			break;
+#endif
+#ifdef CONFIG_AUDITSYSCALL_N32
+		res = audit_classify_syscall_n32(abi, syscall);
+		if (res)
+			break;
+#endif
+		switch (abi) {
+		case AUDIT_ARCH_MIPS:
+		case AUDIT_ARCH_MIPSEL:
+			res = 1;
+			break;
+		case AUDIT_ARCH_MIPS64:
+		case AUDIT_ARCH_MIPSEL64:
+			res = 0;
+			break;
+		case AUDIT_ARCH_MIPS64N32:
+		case AUDIT_ARCH_MIPSEL64N32:
+			res = 6;
+		}
+	}
+
+	return res;
+}
+
+static int __init audit_classes_init(void)
+{
+	audit_register_class(AUDIT_CLASS_WRITE, write_class);
+	audit_register_class(AUDIT_CLASS_READ, read_class);
+	audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
+	audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
+	audit_register_class(AUDIT_CLASS_SIGNAL, signal_class);
+
+	return 0;
+}
+
+arch_initcall(audit_classes_init);

arch/mips/kernel/audit-o32.c

@@ -0,0 +1,61 @@
+#define __WANT_SYSCALL_NUMBERS _MIPS_SIM_ABI32
+
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/audit.h>
+#include <linux/unistd.h>
+
+static unsigned int dir_class_o32[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+
+static unsigned int read_class_o32[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+
+static unsigned int write_class_o32[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+
+static unsigned int chattr_class_o32[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+
+static unsigned int signal_class_o32[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+
+int audit_classify_syscall_o32(int abi, unsigned int syscall)
+{
+	switch (syscall) {
+	case __NR_open:
+		return 2;
+	case __NR_openat:
+		return 3;
+	case __NR_socketcall:
+		return 4;
+	case __NR_execve:
+		return 5;
+	default:
+		return 0;
+	}
+}
+
+static int __init audit_classes_o32_init(void)
+{
+	audit_register_class(AUDIT_CLASS_WRITE_32, write_class_o32);
+	audit_register_class(AUDIT_CLASS_READ_32, read_class_o32);
+	audit_register_class(AUDIT_CLASS_DIR_WRITE_32, dir_class_o32);
+	audit_register_class(AUDIT_CLASS_CHATTR_32, chattr_class_o32);
+	audit_register_class(AUDIT_CLASS_SIGNAL_32, signal_class_o32);
+
+	return 0;
+}
+
+arch_initcall(audit_classes_o32_init);
+