aboutsummaryrefslogtreecommitdiffstats
path: root/mm
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2010-10-30 02:54:44 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2010-10-30 08:45:43 -0400
commit120a795da07c9a02221ca23464c28a7c6ad7de1d (patch)
tree14e0f5ab35e9397f4a1b2f5e24b8394a601aa409 /mm
parentaf2951325bd6c26cb2c91943c7b11aed53504056 (diff)
downloadmrst-s0i3-test-120a795da07c9a02221ca23464c28a7c6ad7de1d.tar.gz
mrst-s0i3-test-120a795da07c9a02221ca23464c28a7c6ad7de1d.tar.xz
mrst-s0i3-test-120a795da07c9a02221ca23464c28a7c6ad7de1d.zip
audit mmap
Normal syscall audit doesn't catch 5th argument of syscall. It also doesn't catch the contents of userland structures pointed to be syscall argument, so for both old and new mmap(2) ABI it doesn't record the descriptor we are mapping. For old one it also misses flags. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'mm')
-rw-r--r--mm/mmap.c2
-rw-r--r--mm/nommu.c2
2 files changed, 4 insertions, 0 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index 00161a48a45..b179abb1474 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -28,6 +28,7 @@
#include <linux/rmap.h>
#include <linux/mmu_notifier.h>
#include <linux/perf_event.h>
+#include <linux/audit.h>
#include <asm/uaccess.h>
#include <asm/cacheflush.h>
@@ -1108,6 +1109,7 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
unsigned long retval = -EBADF;
if (!(flags & MAP_ANONYMOUS)) {
+ audit_mmap_fd(fd, flags);
if (unlikely(flags & MAP_HUGETLB))
return -EINVAL;
file = fget(fd);
diff --git a/mm/nommu.c b/mm/nommu.c
index 30b5c20eec1..3613517c759 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -29,6 +29,7 @@
#include <linux/personality.h>
#include <linux/security.h>
#include <linux/syscalls.h>
+#include <linux/audit.h>
#include <asm/uaccess.h>
#include <asm/tlb.h>
@@ -1458,6 +1459,7 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
struct file *file = NULL;
unsigned long retval = -EBADF;
+ audit_mmap_fd(fd, flags);
if (!(flags & MAP_ANONYMOUS)) {
file = fget(fd);
if (!file)