aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--arch/i386/kernel/ptrace.c7
-rw-r--r--arch/i386/kernel/vm86.c2
-rw-r--r--arch/ia64/kernel/ptrace.c4
-rw-r--r--arch/mips/kernel/ptrace.c4
-rw-r--r--arch/powerpc/kernel/ptrace.c5
-rw-r--r--arch/s390/kernel/ptrace.c5
-rw-r--r--arch/sparc64/kernel/ptrace.c5
-rw-r--r--arch/um/kernel/ptrace.c6
-rw-r--r--arch/x86_64/kernel/ptrace.c6
-rw-r--r--include/linux/audit.h8
-rw-r--r--kernel/auditsc.c8
11 files changed, 27 insertions, 33 deletions
diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
index 506462ef36a..fd7eaf7866e 100644
--- a/arch/i386/kernel/ptrace.c
+++ b/arch/i386/kernel/ptrace.c
@@ -671,7 +671,7 @@ int do_syscall_trace(struct pt_regs *regs, int entryexit)
671 671
672 if (unlikely(current->audit_context)) { 672 if (unlikely(current->audit_context)) {
673 if (entryexit) 673 if (entryexit)
674 audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), 674 audit_syscall_exit(AUDITSC_RESULT(regs->eax),
675 regs->eax); 675 regs->eax);
676 /* Debug traps, when using PTRACE_SINGLESTEP, must be sent only 676 /* Debug traps, when using PTRACE_SINGLESTEP, must be sent only
677 * on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is 677 * on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is
@@ -720,14 +720,13 @@ int do_syscall_trace(struct pt_regs *regs, int entryexit)
720 ret = is_sysemu; 720 ret = is_sysemu;
721out: 721out:
722 if (unlikely(current->audit_context) && !entryexit) 722 if (unlikely(current->audit_context) && !entryexit)
723 audit_syscall_entry(current, AUDIT_ARCH_I386, regs->orig_eax, 723 audit_syscall_entry(AUDIT_ARCH_I386, regs->orig_eax,
724 regs->ebx, regs->ecx, regs->edx, regs->esi); 724 regs->ebx, regs->ecx, regs->edx, regs->esi);
725 if (ret == 0) 725 if (ret == 0)
726 return 0; 726 return 0;
727 727
728 regs->orig_eax = -1; /* force skip of syscall restarting */ 728 regs->orig_eax = -1; /* force skip of syscall restarting */
729 if (unlikely(current->audit_context)) 729 if (unlikely(current->audit_context))
730 audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), 730 audit_syscall_exit(AUDITSC_RESULT(regs->eax), regs->eax);
731 regs->eax);
732 return 1; 731 return 1;
733} 732}
diff --git a/arch/i386/kernel/vm86.c b/arch/i386/kernel/vm86.c
index aee14fafd13..00e0118e717 100644
--- a/arch/i386/kernel/vm86.c
+++ b/arch/i386/kernel/vm86.c
@@ -312,7 +312,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
312 312
313 /*call audit_syscall_exit since we do not exit via the normal paths */ 313 /*call audit_syscall_exit since we do not exit via the normal paths */
314 if (unlikely(current->audit_context)) 314 if (unlikely(current->audit_context))
315 audit_syscall_exit(current, AUDITSC_RESULT(eax), eax); 315 audit_syscall_exit(AUDITSC_RESULT(eax), eax);
316 316
317 __asm__ __volatile__( 317 __asm__ __volatile__(
318 "movl %0,%%esp\n\t" 318 "movl %0,%%esp\n\t"
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
index 9887c8787e7..e61e15e28d8 100644
--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
@@ -1644,7 +1644,7 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3,
1644 arch = AUDIT_ARCH_IA64; 1644 arch = AUDIT_ARCH_IA64;
1645 } 1645 }
1646 1646
1647 audit_syscall_entry(current, arch, syscall, arg0, arg1, arg2, arg3); 1647 audit_syscall_entry(arch, syscall, arg0, arg1, arg2, arg3);
1648 } 1648 }
1649 1649
1650} 1650}
@@ -1662,7 +1662,7 @@ syscall_trace_leave (long arg0, long arg1, long arg2, long arg3,
1662 1662
1663 if (success != AUDITSC_SUCCESS) 1663 if (success != AUDITSC_SUCCESS)
1664 result = -result; 1664 result = -result;
1665 audit_syscall_exit(current, success, result); 1665 audit_syscall_exit(success, result);
1666 } 1666 }
1667 1667
1668 if (test_thread_flag(TIF_SYSCALL_TRACE) 1668 if (test_thread_flag(TIF_SYSCALL_TRACE)
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index f3106d0771b..9b4733c1239 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -483,7 +483,7 @@ static inline int audit_arch(void)
483asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) 483asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
484{ 484{
485 if (unlikely(current->audit_context) && entryexit) 485 if (unlikely(current->audit_context) && entryexit)
486 audit_syscall_exit(current, AUDITSC_RESULT(regs->regs[2]), 486 audit_syscall_exit(AUDITSC_RESULT(regs->regs[2]),
487 regs->regs[2]); 487 regs->regs[2]);
488 488
489 if (!(current->ptrace & PT_PTRACED)) 489 if (!(current->ptrace & PT_PTRACED))
@@ -507,7 +507,7 @@ asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
507 } 507 }
508 out: 508 out:
509 if (unlikely(current->audit_context) && !entryexit) 509 if (unlikely(current->audit_context) && !entryexit)
510 audit_syscall_entry(current, audit_arch(), regs->regs[2], 510 audit_syscall_entry(audit_arch(), regs->regs[2],
511 regs->regs[4], regs->regs[5], 511 regs->regs[4], regs->regs[5],
512 regs->regs[6], regs->regs[7]); 512 regs->regs[6], regs->regs[7]);
513} 513}
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index bcb83574335..4a677d1bd4e 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -538,7 +538,7 @@ void do_syscall_trace_enter(struct pt_regs *regs)
538 do_syscall_trace(); 538 do_syscall_trace();
539 539
540 if (unlikely(current->audit_context)) 540 if (unlikely(current->audit_context))
541 audit_syscall_entry(current, 541 audit_syscall_entry(
542#ifdef CONFIG_PPC32 542#ifdef CONFIG_PPC32
543 AUDIT_ARCH_PPC, 543 AUDIT_ARCH_PPC,
544#else 544#else
@@ -556,8 +556,7 @@ void do_syscall_trace_leave(struct pt_regs *regs)
556#endif 556#endif
557 557
558 if (unlikely(current->audit_context)) 558 if (unlikely(current->audit_context))
559 audit_syscall_exit(current, 559 audit_syscall_exit((regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
560 (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
561 regs->result); 560 regs->result);
562 561
563 if ((test_thread_flag(TIF_SYSCALL_TRACE) 562 if ((test_thread_flag(TIF_SYSCALL_TRACE)
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
index 37dfe33dab7..8f36504075e 100644
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -734,7 +734,7 @@ asmlinkage void
734syscall_trace(struct pt_regs *regs, int entryexit) 734syscall_trace(struct pt_regs *regs, int entryexit)
735{ 735{
736 if (unlikely(current->audit_context) && entryexit) 736 if (unlikely(current->audit_context) && entryexit)
737 audit_syscall_exit(current, AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]); 737 audit_syscall_exit(AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]);
738 738
739 if (!test_thread_flag(TIF_SYSCALL_TRACE)) 739 if (!test_thread_flag(TIF_SYSCALL_TRACE))
740 goto out; 740 goto out;
@@ -761,8 +761,7 @@ syscall_trace(struct pt_regs *regs, int entryexit)
761 } 761 }
762 out: 762 out:
763 if (unlikely(current->audit_context) && !entryexit) 763 if (unlikely(current->audit_context) && !entryexit)
764 audit_syscall_entry(current, 764 audit_syscall_entry(test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
765 test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
766 regs->gprs[2], regs->orig_gpr2, regs->gprs[3], 765 regs->gprs[2], regs->orig_gpr2, regs->gprs[3],
767 regs->gprs[4], regs->gprs[5]); 766 regs->gprs[4], regs->gprs[5]);
768} 767}
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
index 49e6dedd027..d31975e6d6f 100644
--- a/arch/sparc64/kernel/ptrace.c
+++ b/arch/sparc64/kernel/ptrace.c
@@ -653,7 +653,7 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
653 if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) 653 if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY)))
654 result = AUDITSC_FAILURE; 654 result = AUDITSC_FAILURE;
655 655
656 audit_syscall_exit(current, result, regs->u_regs[UREG_I0]); 656 audit_syscall_exit(result, regs->u_regs[UREG_I0]);
657 } 657 }
658 658
659 if (!(current->ptrace & PT_PTRACED)) 659 if (!(current->ptrace & PT_PTRACED))
@@ -677,8 +677,7 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
677 677
678out: 678out:
679 if (unlikely(current->audit_context) && !syscall_exit_p) 679 if (unlikely(current->audit_context) && !syscall_exit_p)
680 audit_syscall_entry(current, 680 audit_syscall_entry((test_thread_flag(TIF_32BIT) ?
681 (test_thread_flag(TIF_32BIT) ?
682 AUDIT_ARCH_SPARC : 681 AUDIT_ARCH_SPARC :
683 AUDIT_ARCH_SPARC64), 682 AUDIT_ARCH_SPARC64),
684 regs->u_regs[UREG_G1], 683 regs->u_regs[UREG_G1],
diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c
index 60d2eda995c..9a77fb3c269 100644
--- a/arch/um/kernel/ptrace.c
+++ b/arch/um/kernel/ptrace.c
@@ -275,15 +275,13 @@ void syscall_trace(union uml_pt_regs *regs, int entryexit)
275 275
276 if (unlikely(current->audit_context)) { 276 if (unlikely(current->audit_context)) {
277 if (!entryexit) 277 if (!entryexit)
278 audit_syscall_entry(current, 278 audit_syscall_entry(HOST_AUDIT_ARCH,
279 HOST_AUDIT_ARCH,
280 UPT_SYSCALL_NR(regs), 279 UPT_SYSCALL_NR(regs),
281 UPT_SYSCALL_ARG1(regs), 280 UPT_SYSCALL_ARG1(regs),
282 UPT_SYSCALL_ARG2(regs), 281 UPT_SYSCALL_ARG2(regs),
283 UPT_SYSCALL_ARG3(regs), 282 UPT_SYSCALL_ARG3(regs),
284 UPT_SYSCALL_ARG4(regs)); 283 UPT_SYSCALL_ARG4(regs));
285 else audit_syscall_exit(current, 284 else audit_syscall_exit(AUDITSC_RESULT(UPT_SYSCALL_RET(regs)),
286 AUDITSC_RESULT(UPT_SYSCALL_RET(regs)),
287 UPT_SYSCALL_RET(regs)); 285 UPT_SYSCALL_RET(regs));
288 } 286 }
289 287
diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
index da8e7903d81..2d50024c9f3 100644
--- a/arch/x86_64/kernel/ptrace.c
+++ b/arch/x86_64/kernel/ptrace.c
@@ -600,12 +600,12 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
600 600
601 if (unlikely(current->audit_context)) { 601 if (unlikely(current->audit_context)) {
602 if (test_thread_flag(TIF_IA32)) { 602 if (test_thread_flag(TIF_IA32)) {
603 audit_syscall_entry(current, AUDIT_ARCH_I386, 603 audit_syscall_entry(AUDIT_ARCH_I386,
604 regs->orig_rax, 604 regs->orig_rax,
605 regs->rbx, regs->rcx, 605 regs->rbx, regs->rcx,
606 regs->rdx, regs->rsi); 606 regs->rdx, regs->rsi);
607 } else { 607 } else {
608 audit_syscall_entry(current, AUDIT_ARCH_X86_64, 608 audit_syscall_entry(AUDIT_ARCH_X86_64,
609 regs->orig_rax, 609 regs->orig_rax,
610 regs->rdi, regs->rsi, 610 regs->rdi, regs->rsi,
611 regs->rdx, regs->r10); 611 regs->rdx, regs->r10);
@@ -616,7 +616,7 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
616asmlinkage void syscall_trace_leave(struct pt_regs *regs) 616asmlinkage void syscall_trace_leave(struct pt_regs *regs)
617{ 617{
618 if (unlikely(current->audit_context)) 618 if (unlikely(current->audit_context))
619 audit_syscall_exit(current, AUDITSC_RESULT(regs->rax), regs->rax); 619 audit_syscall_exit(AUDITSC_RESULT(regs->rax), regs->rax);
620 620
621 if ((test_thread_flag(TIF_SYSCALL_TRACE) 621 if ((test_thread_flag(TIF_SYSCALL_TRACE)
622 || test_thread_flag(TIF_SINGLESTEP)) 622 || test_thread_flag(TIF_SINGLESTEP))
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 1c47c59058c..39fef6ebb85 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -287,10 +287,10 @@ struct netlink_skb_parms;
287 /* Public API */ 287 /* Public API */
288extern int audit_alloc(struct task_struct *task); 288extern int audit_alloc(struct task_struct *task);
289extern void audit_free(struct task_struct *task); 289extern void audit_free(struct task_struct *task);
290extern void audit_syscall_entry(struct task_struct *task, int arch, 290extern void audit_syscall_entry(int arch,
291 int major, unsigned long a0, unsigned long a1, 291 int major, unsigned long a0, unsigned long a1,
292 unsigned long a2, unsigned long a3); 292 unsigned long a2, unsigned long a3);
293extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); 293extern void audit_syscall_exit(int failed, long return_code);
294extern void audit_getname(const char *name); 294extern void audit_getname(const char *name);
295extern void audit_putname(const char *name); 295extern void audit_putname(const char *name);
296extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); 296extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
@@ -323,8 +323,8 @@ extern int audit_set_macxattr(const char *name);
323#else 323#else
324#define audit_alloc(t) ({ 0; }) 324#define audit_alloc(t) ({ 0; })
325#define audit_free(t) do { ; } while (0) 325#define audit_free(t) do { ; } while (0)
326#define audit_syscall_entry(t,ta,a,b,c,d,e) do { ; } while (0) 326#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
327#define audit_syscall_exit(t,f,r) do { ; } while (0) 327#define audit_syscall_exit(f,r) do { ; } while (0)
328#define audit_getname(n) do { ; } while (0) 328#define audit_getname(n) do { ; } while (0)
329#define audit_putname(n) do { ; } while (0) 329#define audit_putname(n) do { ; } while (0)
330#define __audit_inode(n,i,f) do { ; } while (0) 330#define __audit_inode(n,i,f) do { ; } while (0)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ba0ec1ba669..7ed82b088e4 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -736,10 +736,11 @@ void audit_free(struct task_struct *tsk)
736 * will only be written if another part of the kernel requests that it 736 * will only be written if another part of the kernel requests that it
737 * be written). 737 * be written).
738 */ 738 */
739void audit_syscall_entry(struct task_struct *tsk, int arch, int major, 739void audit_syscall_entry(int arch, int major,
740 unsigned long a1, unsigned long a2, 740 unsigned long a1, unsigned long a2,
741 unsigned long a3, unsigned long a4) 741 unsigned long a3, unsigned long a4)
742{ 742{
743 struct task_struct *tsk = current;
743 struct audit_context *context = tsk->audit_context; 744 struct audit_context *context = tsk->audit_context;
744 enum audit_state state; 745 enum audit_state state;
745 746
@@ -817,12 +818,11 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
817 * message), then write out the syscall information. In call cases, 818 * message), then write out the syscall information. In call cases,
818 * free the names stored from getname(). 819 * free the names stored from getname().
819 */ 820 */
820void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) 821void audit_syscall_exit(int valid, long return_code)
821{ 822{
823 struct task_struct *tsk = current;
822 struct audit_context *context; 824 struct audit_context *context;
823 825
824 /* tsk == current */
825
826 get_task_struct(tsk); 826 get_task_struct(tsk);
827 task_lock(tsk); 827 task_lock(tsk);
828 context = audit_get_context(tsk, valid, return_code); 828 context = audit_get_context(tsk, valid, return_code);