aboutsummaryrefslogtreecommitdiffstats
path: root/arch/ppc64/kernel
diff options
context:
space:
mode:
author <dwmw2@shinybook.infradead.org>2005-04-29 11:08:28 -0400
committer <dwmw2@shinybook.infradead.org>2005-04-29 11:08:28 -0400
commit2fd6f58ba6efc82ea2c9c2630f7ff5ed9eeaf34a (patch)
tree87cf236a78ad242ae01f1b71c289131e6d1c0662 /arch/ppc64/kernel
parentea3834d9fb348fb1144ad3affea22df933eaf62e (diff)
[AUDIT] Don't allow ptrace to fool auditing, log arch of audited syscalls.
We were calling ptrace_notify() after auditing the syscall and arguments, but the debugger could have _changed_ them before the syscall was actually invoked. Reorder the calls to fix that. While we're touching ever call to audit_syscall_entry(), we also make it take an extra argument: the architecture of the syscall which was made, because some architectures allow more than one type of syscall. Also add an explicit success/failure flag to audit_syscall_exit(), for the benefit of architectures which return that in a condition register rather than only returning a single register. Change type of syscall return value to 'long' not 'int'. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'arch/ppc64/kernel')
-rw-r--r--arch/ppc64/kernel/ptrace.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/arch/ppc64/kernel/ptrace.c b/arch/ppc64/kernel/ptrace.c
index 354a287c67eb..3c76333ec3a9 100644
--- a/arch/ppc64/kernel/ptrace.c
+++ b/arch/ppc64/kernel/ptrace.c
@@ -304,14 +304,17 @@ static void do_syscall_trace(void)
304 304
305void do_syscall_trace_enter(struct pt_regs *regs) 305void do_syscall_trace_enter(struct pt_regs *regs)
306{ 306{
307 if (test_thread_flag(TIF_SYSCALL_TRACE)
308 && (current->ptrace & PT_PTRACED))
309 do_syscall_trace();
310
307 if (unlikely(current->audit_context)) 311 if (unlikely(current->audit_context))
308 audit_syscall_entry(current, regs->gpr[0], 312 audit_syscall_entry(current,
313 test_thread_flag(TIF_32BIT)?AUDIT_ARCH_PPC:AUDIT_ARCH_PPC64,
314 regs->gpr[0],
309 regs->gpr[3], regs->gpr[4], 315 regs->gpr[3], regs->gpr[4],
310 regs->gpr[5], regs->gpr[6]); 316 regs->gpr[5], regs->gpr[6]);
311 317
312 if (test_thread_flag(TIF_SYSCALL_TRACE)
313 && (current->ptrace & PT_PTRACED))
314 do_syscall_trace();
315} 318}
316 319
317void do_syscall_trace_leave(struct pt_regs *regs) 320void do_syscall_trace_leave(struct pt_regs *regs)
@@ -319,7 +322,9 @@ void do_syscall_trace_leave(struct pt_regs *regs)
319 secure_computing(regs->gpr[0]); 322 secure_computing(regs->gpr[0]);
320 323
321 if (unlikely(current->audit_context)) 324 if (unlikely(current->audit_context))
322 audit_syscall_exit(current, regs->result); 325 audit_syscall_exit(current,
326 (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
327 regs->result);
323 328
324 if ((test_thread_flag(TIF_SYSCALL_TRACE) 329 if ((test_thread_flag(TIF_SYSCALL_TRACE)
325 || test_thread_flag(TIF_SINGLESTEP)) 330 || test_thread_flag(TIF_SINGLESTEP))