[PATCH] Ptrace/i386: fix "syscall audit" interaction with singlestep

Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Avoid giving two traps for singlestep instead of one, when syscall auditing is enabled. In fact no singlestep trap is sent on syscall entry, only on syscall exit, as can be seen in entry.S: # Note that in this mask _TIF_SINGLESTEP is not tested !!! <<<<<<<<<<<<<< testb $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP),TI_flags(%ebp) jnz syscall_trace_entry ... syscall_trace_entry: ... call do_syscall_trace But auditing a SINGLESTEP'ed process causes do_syscall_trace to be called, so the tracer will get one more trap on the syscall entry path, which it shouldn't. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> CC: Roland McGrath <roland@redhat.com> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Bodo Stroesser <bstroesser@fujitsu-siemens.com> 2005-09-03 18:57:13 -0400
committer: Linus Torvalds <torvalds@evo.osdl.org> 2005-09-05 03:06:19 -0400
commit: 94c80b2598dbd2b8a6fe5f5c2c3af1beb37f66c7 (patch)
tree: 7e4221c42418898084961f66670c7f66042f164c
parent: 08b178ebf37bbfb78329e0ae6ea688b103d205bf (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
index 0da59b42843c..5ee9e1d60653 100644
--- a/arch/i386/kernel/ptrace.c
+++ b/arch/i386/kernel/ptrace.c
@@ -683,8 +683,19 @@ void do_syscall_trace(struct pt_regs *regs, int entryexit)
        /* do the secure computing check first */
        secure_computing(regs->orig_eax);
-        if (unlikely(current->audit_context) && entryexit)
+        if (unlikely(current->audit_context)) {
-                audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), regs->eax);
+                if (entryexit)
+                        audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), regs->eax);
+                /* Debug traps, when using PTRACE_SINGLESTEP, must be sent only
+                 * on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is
+                 * not used, entry.S will call us only on syscall exit, not
+                 * entry ; so when TIF_SYSCALL_AUDIT is used we must avoid
+                 * calling send_sigtrap() on syscall entry.
+                 */
+                else if (is_singlestep)
+                        goto out;
+        }
        if (!(current->ptrace & PT_PTRACED))
                goto out;
author	Bodo Stroesser <bstroesser@fujitsu-siemens.com>	2005-09-03 18:57:13 -0400
committer	Linus Torvalds <torvalds@evo.osdl.org>	2005-09-05 03:06:19 -0400
commit	94c80b2598dbd2b8a6fe5f5c2c3af1beb37f66c7 (patch)
tree	7e4221c42418898084961f66670c7f66042f164c
parent	08b178ebf37bbfb78329e0ae6ea688b103d205bf (diff)

diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c index 0da59b42843c..5ee9e1d60653 100644 --- a/arch/i386/kernel/ptrace.c +++ b/arch/i386/kernel/ptrace.c
@@ -683,8 +683,19 @@ void do_syscall_trace(struct pt_regs *regs, int entryexit)
683	/* do the secure computing check first */	683	/* do the secure computing check first */
684	secure_computing(regs->orig_eax);	684	secure_computing(regs->orig_eax);
685		685
686	if (unlikely(current->audit_context) && entryexit)	686	if (unlikely(current->audit_context)) {
687	audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), regs->eax);	687	if (entryexit)
		688	audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), regs->eax);
		689
		690	/* Debug traps, when using PTRACE_SINGLESTEP, must be sent only
		691	* on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is
		692	* not used, entry.S will call us only on syscall exit, not
		693	* entry ; so when TIF_SYSCALL_AUDIT is used we must avoid
		694	* calling send_sigtrap() on syscall entry.
		695	*/
		696	else if (is_singlestep)
		697	goto out;
		698	}
688		699
689	if (!(current->ptrace & PT_PTRACED))	700	if (!(current->ptrace & PT_PTRACED))
690	goto out;	701	goto out;