[v2, PATCH 1/2] MIPS syscall auditing patches
Ralf Baechle
ralf at linux-mips.org
Wed Jun 8 15:15:34 UTC 2011
this is the first cut of the MIPS auditing patches. MIPS doesn't quite
fit into the existing pattern of other architectures and I'd appreciate
your comments and maybe even an Acked-by.
- MIPS syscalls return a success / error flag in register $7. If the
flag is set then the return value in $2 is a *positive* error value.
This means the existing AUDITSC_RESULT() macro does not work on
MIPS and thus ptrace.c defines it's own version MIPS_AUDITSC_RESULT().
- Linux on MIPS extends the traditional syscall table used by older UNIX
implementations. This is why 32-bit Linux syscalls are starting from
4000; the native 64-bit syscalls start from 5000 and the N32 compat ABI
from 6000. The existing syscall bitmap is only large enough for at most
2048 syscalls, so I had to increase AUDIT_BITMASK_SIZE to 256 which
provides enough space for 8192 syscalls. Because include/linux/audit.h
and AUDIT_BITMASK_SIZE are exported to userspace I've used an #ifdef
__mips__ for this.
- I've introduced a flag __AUDIT_ARCH_ALT to indicate an alternative ABI.
The name of the flag is intentionally very generic to make the name
hopefully fit other architectures' eventual need as well. On MIPS it
indicates the 3rd ABI known as N32.
- To make matters worse, most MIPS processors can be configured to be
big or little endian. Traditionally the the 64-bit little endian
configuration is named mips64el, so I've changed references to MIPSEL64
in audit.h to MIPS64EL.
- The code treats the little endian MIPS architecture as separate from
big endian. Combined with the 3 ABIs that's 6 combinations. I tried
to sort of follow the example set by ARM which explicitly lists the
(rare) big endian architecture variant - but it doesn't seem to very
useful so I wonder if this could be squashed to just the three ABIs
without consideration of endianess?
- Talking about flags; I've defined the the N32 architecture flags were defined
#define AUDIT_ARCH_MIPS64_N32 (EM_MIPS|__AUDIT_ARCH_ALT)
#define AUDIT_ARCH_MIPS64EL_N32 (EM_MIPS|__AUDIT_ARCH_ALT|__AUDIT_ARCH_LE
N32 is a 32-bit ABI but one that only runs on 64-bit processors as it
uses 64-bit registers for 64-bit integers. So I'm uncertain if the
__AUDIT_ARCH_64BIT flags should be set or not.
Thanks in advance,
Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
---
v2: 8b659a393171aed3dafa1d7455ac9eec1f3ed315 (kernel.org) rsp.
25c81f4d5cec9ac8fe1f5b2072d995d0cdc9f361 (linux-mips.org) [MIPS: Split
do_syscall_trace into two functions.] and Eric's patch [Audit: push
audit success and retcode into arch ptrace.h] made my previous patch
go stale and no longer applicable.
arch/mips/Kconfig | 12 +++++
arch/mips/include/asm/abi.h | 1 +
arch/mips/include/asm/unistd.h | 33 +++++++++-----
arch/mips/kernel/Makefile | 4 ++
arch/mips/kernel/audit-n32.c | 58 ++++++++++++++++++++++++
arch/mips/kernel/audit-native.c | 92 +++++++++++++++++++++++++++++++++++++++
arch/mips/kernel/audit-o32.c | 60 +++++++++++++++++++++++++
arch/mips/kernel/ptrace.c | 22 ++++------
arch/mips/kernel/signal.c | 20 ++++++++-
arch/mips/kernel/signal32.c | 10 ++++-
arch/mips/kernel/signal_n32.c | 10 ++++-
arch/mips/kernel/syscall.c | 2 +
include/linux/audit.h | 21 ++++++++-
init/Kconfig | 2 +-
14 files changed, 318 insertions(+), 29 deletions(-)
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 653da62..2172fd3 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -1,6 +1,7 @@
config MIPS
bool
default y
+ select AUDIT_ARCH
select HAVE_GENERIC_DMA_COHERENT
select HAVE_IDE
select HAVE_OPROFILE
@@ -850,6 +851,15 @@ config ARC
config ARCH_MAY_HAVE_PC_FDC
bool
+config AUDIT_ARCH
+ bool
+
+config AUDITSYSCALL_O32
+ bool
+
+config AUDITSYSCALL_N32
+ bool
+
config BOOT_RAW
bool
@@ -2437,6 +2447,7 @@ config SYSVIPC_COMPAT
config MIPS32_O32
bool "Kernel support for o32 binaries"
depends on MIPS32_COMPAT
+ select AUDITSYSCALL_O32 if AUDITSYSCALL
help
Select this option if you want to run o32 binaries. These are pure
32-bit binaries as used by the 32-bit Linux/MIPS port. Most of
@@ -2447,6 +2458,7 @@ config MIPS32_O32
config MIPS32_N32
bool "Kernel support for n32 binaries"
depends on MIPS32_COMPAT
+ select AUDITSYSCALL_N32 if AUDITSYSCALL
help
Select this option if you want to run n32 binaries. These are
64-bit binaries using 32-bit quantities for addressing and certain
diff --git a/arch/mips/include/asm/abi.h b/arch/mips/include/asm/abi.h
index 9252d9b..af5f558 100644
--- a/arch/mips/include/asm/abi.h
+++ b/arch/mips/include/asm/abi.h
@@ -22,6 +22,7 @@ struct mips_abi {
sigset_t *set, siginfo_t *info);
const unsigned long rt_signal_return_offset;
const unsigned long restart;
+ const int audit_arch;
};
#endif /* _ASM_ABI_H */
diff --git a/arch/mips/include/asm/unistd.h b/arch/mips/include/asm/unistd.h
index ecea787..873fbef 100644
--- a/arch/mips/include/asm/unistd.h
+++ b/arch/mips/include/asm/unistd.h
@@ -5,16 +5,15 @@
*
* Copyright (C) 1995, 96, 97, 98, 99, 2000 by Ralf Baechle
* Copyright (C) 1999, 2000 Silicon Graphics, Inc.
- *
- * Changed system calls macros _syscall5 - _syscall7 to push args 5 to 7 onto
- * the stack. Robin Farine for ACN S.A, Copyright (C) 1996 by ACN S.A
*/
#ifndef _ASM_UNISTD_H
#define _ASM_UNISTD_H
#include <asm/sgidefs.h>
-#if _MIPS_SIM == _MIPS_SIM_ABI32
+#if (defined(__WANT_SYSCALL_NUMBERS) && \
+ (__WANT_SYSCALL_NUMBERS == _MIPS_SIM_ABI32)) || \
+ (!defined(__WANT_SYSCALL_NUMBERS) && _MIPS_SIM == _MIPS_SIM_ABI32)
/*
* Linux o32 style syscalls are in the range from 4000 to 4999.
@@ -369,14 +368,14 @@
/*
* Offset of the last Linux o32 flavoured syscall
*/
-#define __NR_Linux_syscalls 344
-
-#endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */
+#endif /* Want O32 || _MIPS_SIM == _MIPS_SIM_ABI32 */
#define __NR_O32_Linux 4000
#define __NR_O32_Linux_syscalls 344
-#if _MIPS_SIM == _MIPS_SIM_ABI64
+#if (defined(__WANT_SYSCALL_NUMBERS) && \
+ (__WANT_SYSCALL_NUMBERS == _MIPS_SIM_ABI64)) || \
+ (!defined(__WANT_SYSCALL_NUMBERS) && _MIPS_SIM == _MIPS_SIM_ABI64)
/*
* Linux 64-bit syscalls are in the range from 5000 to 5999.
@@ -692,12 +691,14 @@
*/
#define __NR_Linux_syscalls 303
-#endif /* _MIPS_SIM == _MIPS_SIM_ABI64 */
+#endif /* Want N64 || _MIPS_SIM == _MIPS_SIM_ABI64 */
#define __NR_64_Linux 5000
#define __NR_64_Linux_syscalls 303
-#if _MIPS_SIM == _MIPS_SIM_NABI32
+#if (defined(__WANT_SYSCALL_NUMBERS) && \
+ (__WANT_SYSCALL_NUMBERS == _MIPS_SIM_NABI32)) || \
+ (!defined(__WANT_SYSCALL_NUMBERS) && _MIPS_SIM == _MIPS_SIM_NABI32)
/*
* Linux N32 syscalls are in the range from 6000 to 6999.
@@ -1018,7 +1019,7 @@
*/
#define __NR_Linux_syscalls 308
-#endif /* _MIPS_SIM == _MIPS_SIM_NABI32 */
+#endif /* Want N32 || _MIPS_SIM == _MIPS_SIM_NABI32 */
#define __NR_N32_Linux 6000
#define __NR_N32_Linux_syscalls 308
@@ -1081,5 +1082,15 @@
*/
#define cond_syscall(x) asm(".weak\t" #x "\n" #x "\t=\tsys_ni_syscall")
+#ifdef CONFIG_MIPS32_N32
+#define NR_syscalls (__NR_N32_Linux + __NR_N32_Linux_syscalls)
+#elif defined(CONFIG_64BIT)
+#define NR_syscalls (__NR_64_Linux + __NR_64_Linux_syscalls)
+#elif defined(CONFIG_32BIT)
+#define NR_syscalls (__NR_O32_Linux + __NR_O32_Linux_syscalls)
+#else
+#error Must know ABIs in use to define NR_syscalls
+#endif
+
#endif /* __KERNEL__ */
#endif /* _ASM_UNISTD_H */
diff --git a/arch/mips/kernel/Makefile b/arch/mips/kernel/Makefile
index 83bba33..d389893 100644
--- a/arch/mips/kernel/Makefile
+++ b/arch/mips/kernel/Makefile
@@ -110,4 +110,8 @@ obj-$(CONFIG_HW_PERF_EVENTS) += perf_event.o
obj-$(CONFIG_JUMP_LABEL) += jump_label.o
+obj-$(CONFIG_AUDITSYSCALL_O32) += audit-o32.o
+obj-$(CONFIG_AUDITSYSCALL_N32) += audit-n32.o
+obj-$(CONFIG_AUDITSYSCALL) += audit-native.o
+
CPPFLAGS_vmlinux.lds := $(KBUILD_CFLAGS)
diff --git a/arch/mips/kernel/audit-n32.c b/arch/mips/kernel/audit-n32.c
new file mode 100644
index 0000000..2248bad
--- /dev/null
+++ b/arch/mips/kernel/audit-n32.c
@@ -0,0 +1,58 @@
+#define __WANT_SYSCALL_NUMBERS _MIPS_SIM_NABI32
+
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/audit.h>
+#include <asm/unistd.h>
+
+static unsigned dir_class_n32[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+
+static unsigned read_class_n32[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+
+static unsigned write_class_n32[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+
+static unsigned chattr_class_n32[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+
+static unsigned signal_class_n32[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+
+int audit_classify_syscall_n32(int abi, unsigned syscall)
+{
+ switch (syscall) {
+ case __NR_open:
+ return 2;
+ case __NR_openat:
+ return 3;
+ case __NR_execve:
+ return 5;
+ default:
+ return 0;
+ }
+}
+
+static int __init audit_classes_n32_init(void)
+{
+ audit_register_class(AUDIT_CLASS_WRITE_N32, write_class_n32);
+ audit_register_class(AUDIT_CLASS_READ_N32, read_class_n32);
+ audit_register_class(AUDIT_CLASS_DIR_WRITE_N32, dir_class_n32);
+ audit_register_class(AUDIT_CLASS_CHATTR_N32, chattr_class_n32);
+ audit_register_class(AUDIT_CLASS_SIGNAL_N32, signal_class_n32);
+
+ return 0;
+}
+
+__initcall(audit_classes_n32_init);
diff --git a/arch/mips/kernel/audit-native.c b/arch/mips/kernel/audit-native.c
new file mode 100644
index 0000000..e883094
--- /dev/null
+++ b/arch/mips/kernel/audit-native.c
@@ -0,0 +1,92 @@
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/audit.h>
+#include <asm/unistd.h>
+
+static unsigned dir_class[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+
+static unsigned read_class[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+
+static unsigned write_class[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+
+static unsigned chattr_class[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+
+static unsigned signal_class[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+
+
+/*
+ * Pretend to be a single architecture
+ */
+int audit_classify_arch(int arch)
+{
+ return 0;
+}
+
+extern int audit_classify_syscall_o32(int abi, unsigned syscall);
+extern int audit_classify_syscall_n32(int abi, unsigned syscall);
+
+int audit_classify_syscall(int abi, unsigned syscall)
+{
+ int res;
+
+ switch (syscall) {
+ case __NR_open:
+ res = 2;
+ break;
+
+ case __NR_openat:
+ res = 3;
+ break;
+
+#ifdef __NR_socketcall /* Only exists on O32 */
+ case __NR_socketcall:
+ res = 4;
+ break;
+#endif
+ case __NR_execve:
+ res = 5;
+ break;
+ default:
+#ifdef CONFIG_AUDITSYSCALL_O32
+ res = audit_classify_syscall_o32(abi, syscall);
+ if (res)
+ break;
+#endif
+#ifdef CONFIG_AUDITSYSCALL_N32
+ res = audit_classify_syscall_n32(abi, syscall);
+ if (res)
+ break;
+#endif
+ res = 0;
+ }
+
+ return res;
+}
+
+static int __init audit_classes_init(void)
+{
+ audit_register_class(AUDIT_CLASS_WRITE, write_class);
+ audit_register_class(AUDIT_CLASS_READ, read_class);
+ audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
+ audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
+ audit_register_class(AUDIT_CLASS_SIGNAL, signal_class);
+
+ return 0;
+}
+
+__initcall(audit_classes_init);
diff --git a/arch/mips/kernel/audit-o32.c b/arch/mips/kernel/audit-o32.c
new file mode 100644
index 0000000..e8b9b50
--- /dev/null
+++ b/arch/mips/kernel/audit-o32.c
@@ -0,0 +1,60 @@
+#define __WANT_SYSCALL_NUMBERS _MIPS_SIM_ABI32
+
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/audit.h>
+#include <linux/unistd.h>
+
+static unsigned dir_class_o32[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+
+static unsigned read_class_o32[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+
+static unsigned write_class_o32[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+
+static unsigned chattr_class_o32[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+
+static unsigned signal_class_o32[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+
+int audit_classify_syscall_o32(int abi, unsigned syscall)
+{
+ switch (syscall) {
+ case __NR_open:
+ return 2;
+ case __NR_openat:
+ return 3;
+ case __NR_socketcall:
+ return 4;
+ case __NR_execve:
+ return 5;
+ default:
+ return 0;
+ }
+}
+
+static int __init audit_classes_o32_init(void)
+{
+ audit_register_class(AUDIT_CLASS_WRITE_32, write_class_o32);
+ audit_register_class(AUDIT_CLASS_READ_32, read_class_o32);
+ audit_register_class(AUDIT_CLASS_DIR_WRITE_32, dir_class_o32);
+ audit_register_class(AUDIT_CLASS_CHATTR_32, chattr_class_o32);
+ audit_register_class(AUDIT_CLASS_SIGNAL_32, signal_class_o32);
+
+ return 0;
+}
+
+__initcall(audit_classes_o32_init);
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index ab0f196..127cd13 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -26,6 +26,7 @@
#include <linux/audit.h>
#include <linux/seccomp.h>
+#include <asm/abi.h>
#include <asm/byteorder.h>
#include <asm/cpu.h>
#include <asm/dsp.h>
@@ -40,6 +41,12 @@
#include <asm/reg.h>
/*
+ * The standard AUDITSC_RESULT() assumes errno values < 0 indicate error
+ * but MIPS passes an error flag instead.
+ */
+#define MIPS_AUDITSC_RESULT(x) ((x) ? AUDITSC_FAILURE : AUDITSC_SUCCESS)
+
+/*
* Called by kernel/ptrace.c when detaching..
*
* Make sure single step bits etc are not set.
@@ -517,18 +524,6 @@ long arch_ptrace(struct task_struct *child, long request,
return ret;
}
-static inline int audit_arch(void)
-{
- int arch = EM_MIPS;
-#ifdef CONFIG_64BIT
- arch |= __AUDIT_ARCH_64BIT;
-#endif
-#if defined(__LITTLE_ENDIAN)
- arch |= __AUDIT_ARCH_LE;
-#endif
- return arch;
-}
-
/*
* Notification of system call entry/exit
* - triggered by current->work.syscall_trace
@@ -561,7 +556,8 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
out:
if (unlikely(current->audit_context))
- audit_syscall_entry(audit_arch(), regs->regs[2],
+ audit_syscall_entry(current->thread.abi->audit_arch,
+ regs->regs[2],
regs->regs[4], regs->regs[5],
regs->regs[6], regs->regs[7]);
}
diff --git a/arch/mips/kernel/signal.c b/arch/mips/kernel/signal.c
index dbbe0ce..71dafb0 100644
--- a/arch/mips/kernel/signal.c
+++ b/arch/mips/kernel/signal.c
@@ -7,6 +7,7 @@
* Copyright (C) 1994 - 2000 Ralf Baechle
* Copyright (C) 1999, 2000 Silicon Graphics, Inc.
*/
+#include <linux/audit.h>
#include <linux/cache.h>
#include <linux/sched.h>
#include <linux/mm.h>
@@ -537,7 +538,24 @@ struct mips_abi mips_abi = {
.setup_rt_frame = setup_rt_frame,
.rt_signal_return_offset =
offsetof(struct mips_vdso, rt_signal_trampoline),
- .restart = __NR_restart_syscall
+ .restart = __NR_restart_syscall,
+#ifdef CONFIG_64BIT
+# ifdef __BIG_ENDIAN
+ .audit_arch = AUDIT_ARCH_MIPS64,
+# elif defined(__LITTLE_ENDIAN)
+ .audit_arch = AUDIT_ARCH_MIPS64EL,
+# else
+# error "Neither big nor little endian ???"
+# endif
+#else
+# ifdef __BIG_ENDIAN
+ .audit_arch = AUDIT_ARCH_MIPS,
+# elif defined(__LITTLE_ENDIAN)
+ .audit_arch = AUDIT_ARCH_MIPSEL,
+# else
+# error "Neither big nor little endian ???"
+# endif
+#endif
};
static int handle_signal(unsigned long sig, siginfo_t *info,
diff --git a/arch/mips/kernel/signal32.c b/arch/mips/kernel/signal32.c
index aae9866..a633edc 100644
--- a/arch/mips/kernel/signal32.c
+++ b/arch/mips/kernel/signal32.c
@@ -7,6 +7,7 @@
* Copyright (C) 1994 - 2000, 2006 Ralf Baechle
* Copyright (C) 1999, 2000 Silicon Graphics, Inc.
*/
+#include <linux/audit.h>
#include <linux/cache.h>
#include <linux/compat.h>
#include <linux/sched.h>
@@ -683,7 +684,14 @@ struct mips_abi mips_abi_32 = {
.setup_rt_frame = setup_rt_frame_32,
.rt_signal_return_offset =
offsetof(struct mips_vdso, o32_rt_signal_trampoline),
- .restart = __NR_O32_restart_syscall
+ .restart = __NR_O32_restart_syscall,
+#ifdef __BIG_ENDIAN
+ .audit_arch = AUDIT_ARCH_MIPS,
+#elif defined(__LITTLE_ENDIAN)
+ .audit_arch = AUDIT_ARCH_MIPSEL,
+#else
+# error "Neither big nor little endian ???"
+#endif
};
SYSCALL_DEFINE4(32_rt_sigaction, int, sig,
diff --git a/arch/mips/kernel/signal_n32.c b/arch/mips/kernel/signal_n32.c
index ee24d81..1e9603b 100644
--- a/arch/mips/kernel/signal_n32.c
+++ b/arch/mips/kernel/signal_n32.c
@@ -15,6 +15,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
+#include <linux/audit.h>
#include <linux/cache.h>
#include <linux/sched.h>
#include <linux/mm.h>
@@ -226,5 +227,12 @@ struct mips_abi mips_abi_n32 = {
.setup_rt_frame = setup_rt_frame_n32,
.rt_signal_return_offset =
offsetof(struct mips_vdso, n32_rt_signal_trampoline),
- .restart = __NR_N32_restart_syscall
+ .restart = __NR_N32_restart_syscall,
+#ifdef __BIG_ENDIAN
+ .audit_arch = AUDIT_ARCH_MIPS64_N32,
+#elif defined(__LITTLE_ENDIAN)
+ .audit_arch = AUDIT_ARCH_MIPSEL64_N32,
+#else
+# error "Neither big nor little endian ???"
+#endif
};
diff --git a/arch/mips/kernel/syscall.c b/arch/mips/kernel/syscall.c
index d027657..1692cae 100644
--- a/arch/mips/kernel/syscall.c
+++ b/arch/mips/kernel/syscall.c
@@ -327,6 +327,8 @@ int kernel_execve(const char *filename,
register unsigned long __a3 asm("$7");
unsigned long __v0;
+ current->thread.abi = &mips_abi;
+
__asm__ volatile (" \n"
" .set noreorder \n"
" li $2, %5 # __NR_execve \n"
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8f9c73d..e0ac3e8 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -160,7 +160,11 @@
* AUDIT_LIST commands must be implemented. */
#define AUDIT_MAX_FIELDS 64
#define AUDIT_MAX_KEY_LEN 256
+#ifdef __mips__
+#define AUDIT_BITMASK_SIZE 256
+#else
#define AUDIT_BITMASK_SIZE 64
+#endif
#define AUDIT_WORD(nr) ((__u32)((nr)/32))
#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
@@ -176,6 +180,18 @@
#define AUDIT_CLASS_SIGNAL 8
#define AUDIT_CLASS_SIGNAL_32 9
+/*
+ * WARNING: Not officially assigned by upstream yet; the names of these
+ * constants might change breaking source compatibility. The values might
+ * change breaking binary compatibility. With the audit package being the
+ * only known user at this time the potencial problem is small
+ */
+#define AUDIT_CLASS_DIR_WRITE_N32 10
+#define AUDIT_CLASS_CHATTR_N32 11
+#define AUDIT_CLASS_READ_N32 12
+#define AUDIT_CLASS_WRITE_N32 13
+#define AUDIT_CLASS_SIGNAL_N32 14
+
/* This bitmask is used to validate user input. It represents all bits that
* are currently used in an audit field constant understood by the kernel.
* If you are adding a new #define AUDIT_<whatever>, please ensure that
@@ -285,6 +301,7 @@ enum {
/* distinguish syscall tables */
#define __AUDIT_ARCH_64BIT 0x80000000
#define __AUDIT_ARCH_LE 0x40000000
+#define __AUDIT_ARCH_ALT 0x20000000 /* indicates alternative ABI */
#define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_ARMEB (EM_ARM)
@@ -298,7 +315,9 @@ enum {
#define AUDIT_ARCH_MIPS (EM_MIPS)
#define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT)
-#define AUDIT_ARCH_MIPSEL64 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_MIPS64EL (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_MIPS64_N32 (EM_MIPS|__AUDIT_ARCH_ALT)
+#define AUDIT_ARCH_MIPS64EL_N32 (EM_MIPS|__AUDIT_ARCH_ALT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_PARISC (EM_PARISC)
#define AUDIT_ARCH_PARISC64 (EM_PARISC|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_PPC (EM_PPC)
diff --git a/init/Kconfig b/init/Kconfig
index ebafac4..0830f4a 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -347,7 +347,7 @@ config AUDIT
config AUDITSYSCALL
bool "Enable system-call auditing support"
- depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH)
+ depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || MIPS)
default y if SECURITY_SELINUX
help
Enable low-overhead system-call auditing infrastructure that
More information about the Linux-audit
mailing list