Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp667339pxy; Fri, 30 Apr 2021 13:37:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7pJ0RmUlqWV4xRxf8mEAVwQTkzyErm29tYR7A7z/5sBRZv1+p74IwDmCvcLNNRdLDwVA5 X-Received: by 2002:a17:906:5791:: with SMTP id k17mr6222621ejq.296.1619815076580; Fri, 30 Apr 2021 13:37:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619815076; cv=none; d=google.com; s=arc-20160816; b=CQi2jnEPTwxwB8rJ2EmmDK1H32ynnsN3muLXqMkXhzZyMibmDWrh3tLgnzOzTBe6+J 9U4c5hsmm6AkedyBJSuiQwroz1i1T0arSboNKhny1ZEx8Bqi9a0gGGwsfnAz8UYSyPif +gufh7vQqthHf0PWG4vLVCVymmaMN6LNjA8oJCU8Zv6p//vkHP1BvhXFRkVCN4jhPyEB vl4yoV0CkasgjO6P0pca9yG5al6Odfn2mWBmEupPNYCaPGoKllM+AWRk4B/xICc9S1wA LsgawFWXy0uzYgnve16D1TukFpIdNzYVQ4x6CneeNRI7fWGS6hp3+QLJG2PPP+xaWzRw smqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=6dBy9l8QU+7ZgqdM7cr2pe0TQ8wrq76o+ZpCXmDmlQY=; b=BG1xaaI4tdJItiIqvV5G1wBKlfsOdPQEPAoQs8UqOQRttjkop74/V4Cb0Kj+2gBqZ9 8NxIy1tNAx9G9vQ4iCbPc5Kd5z9902WtKiHBLiEU3UZSgjawdu165/TCoP8TyXyuJ2mJ UOhG6XwjhDUXPYdpXYc/+MOSPjJn5LUwJ506ROH3Gi+8Uaexkh5IHtnWhTxgO5vZsgIx fVX4eW+IDlIS63nmL3NR1fAvWz/lzt7RDZpCeZnRYogSfundI4BFlReMw1YI62loPc74 Wo7mo2smpNACh/FAj/atGqSKQuR9DYRIqzoo1PyTOi9XJzT+opFdT/YZrnM6nynvPpvH OV3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ErxdZRda; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cm24si2651670edb.149.2021.04.30.13.37.32; Fri, 30 Apr 2021 13:37:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ErxdZRda; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233445AbhD3UhZ (ORCPT + 99 others); Fri, 30 Apr 2021 16:37:25 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:50874 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232256AbhD3UhX (ORCPT ); Fri, 30 Apr 2021 16:37:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1619814994; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=6dBy9l8QU+7ZgqdM7cr2pe0TQ8wrq76o+ZpCXmDmlQY=; b=ErxdZRdaUS0ZSGl4/ww7oH5MOTwN2+9ZUoZ/SX7JXQM8AWIBsMN2Byn5g8ryVslaajH9Ua RuVWcljNPxy0MkdTlb1KoHzCUchkh3Si8gxlhr2X134f0OfxHKmEFV8fsjIm3gVXjmsMHj 5NmfJ4KvJ7fZ/2oTP/xUCrmeesEXF2Q= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-251-T2MzehsUP4mNxEb4snvoHg-1; Fri, 30 Apr 2021 16:36:30 -0400 X-MC-Unique: T2MzehsUP4mNxEb4snvoHg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4B0C318B613D; Fri, 30 Apr 2021 20:36:28 +0000 (UTC) Received: from madcap2.tricolour.ca (unknown [10.3.128.45]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4939C614EF; Fri, 30 Apr 2021 20:36:15 +0000 (UTC) From: Richard Guy Briggs To: Linux-Audit Mailing List , LKML , linux-fsdevel@vger.kernel.org Cc: Paul Moore , Eric Paris , Steve Grubb , Richard Guy Briggs , Alexander Viro , Eric Paris , x86@kernel.org, linux-alpha@vger.kernel.org, linux-ia64@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, Aleksa Sarai , Arnd Bergmann Subject: [PATCH v3 0/3] audit: add support for openat2 Date: Fri, 30 Apr 2021 16:35:20 -0400 Message-Id: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The openat2(2) syscall was added in v5.6. Add support for openat2 to the audit syscall classifier and for recording openat2 parameters that cannot be captured in the syscall parameters of the SYSCALL record. Supporting userspace code can be found in https://github.com/rgbriggs/audit-userspace/tree/ghau-openat2 Supporting test case can be found in https://github.com/linux-audit/audit-testsuite/pull/103 Changelog: v3: - re-add commit descriptions that somehow got dropped - add new file to MAINTAINERS v2: - add include/linux/auditscm.h for audit syscall class macros due to syscall redefinition warnings: arch/x86/ia32/audit.c:3: ./include/linux/audit.h:12, ./include/linux/sched.h:22, ./include/linux/seccomp.h:21, ./arch/x86/include/asm/seccomp.h:5, ./arch/x86/include/asm/unistd.h:20, ./arch/x86/include/generated/uapi/asm/unistd_64.h:4: warning: "__NR_read" redefined #define __NR_read 0 ... ./arch/x86/include/generated/uapi/asm/unistd_64.h:338: warning: "__NR_rseq" redefined #define __NR_rseq 334 previous: arch/x86/ia32/audit.c:2: ./arch/x86/include/generated/uapi/asm/unistd_32.h:7: note: this is the location of the previous definition #define __NR_read 3 ... ./arch/x86/include/generated/uapi/asm/unistd_32.h:386: note: this is the location of the previous definition #define __NR_rseq 386 Richard Guy Briggs (3): audit: replace magic audit syscall class numbers with macros audit: add support for the openat2 syscall audit: add OPENAT2 record to list how MAINTAINERS | 1 + arch/alpha/kernel/audit.c | 10 ++++++---- arch/ia64/kernel/audit.c | 10 ++++++---- arch/parisc/kernel/audit.c | 10 ++++++---- arch/parisc/kernel/compat_audit.c | 11 +++++++---- arch/powerpc/kernel/audit.c | 12 +++++++----- arch/powerpc/kernel/compat_audit.c | 13 ++++++++----- arch/s390/kernel/audit.c | 12 +++++++----- arch/s390/kernel/compat_audit.c | 13 ++++++++----- arch/sparc/kernel/audit.c | 12 +++++++----- arch/sparc/kernel/compat_audit.c | 13 ++++++++----- arch/x86/ia32/audit.c | 13 ++++++++----- arch/x86/kernel/audit_64.c | 10 ++++++---- fs/open.c | 2 ++ include/linux/audit.h | 11 +++++++++++ include/linux/auditscm.h | 24 +++++++++++++++++++++++ include/uapi/linux/audit.h | 1 + kernel/audit.h | 2 ++ kernel/auditsc.c | 31 ++++++++++++++++++++++++------ lib/audit.c | 14 +++++++++----- lib/compat_audit.c | 15 ++++++++++----- 21 files changed, 169 insertions(+), 71 deletions(-) create mode 100644 include/linux/auditscm.h -- 2.27.0