diff options
| author | <dwmw2@shinybook.infradead.org> | 2005-04-29 11:08:28 -0400 |
|---|---|---|
| committer | <dwmw2@shinybook.infradead.org> | 2005-04-29 11:08:28 -0400 |
| commit | 2fd6f58ba6efc82ea2c9c2630f7ff5ed9eeaf34a (patch) | |
| tree | 87cf236a78ad242ae01f1b71c289131e6d1c0662 /arch/ppc64 | |
| parent | ea3834d9fb348fb1144ad3affea22df933eaf62e (diff) | |
[AUDIT] Don't allow ptrace to fool auditing, log arch of audited syscalls.
We were calling ptrace_notify() after auditing the syscall and arguments,
but the debugger could have _changed_ them before the syscall was actually
invoked. Reorder the calls to fix that.
While we're touching ever call to audit_syscall_entry(), we also make it
take an extra argument: the architecture of the syscall which was made,
because some architectures allow more than one type of syscall.
Also add an explicit success/failure flag to audit_syscall_exit(), for
the benefit of architectures which return that in a condition register
rather than only returning a single register.
Change type of syscall return value to 'long' not 'int'.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'arch/ppc64')
| -rw-r--r-- | arch/ppc64/kernel/ptrace.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/arch/ppc64/kernel/ptrace.c b/arch/ppc64/kernel/ptrace.c index 354a287c67eb..3c76333ec3a9 100644 --- a/arch/ppc64/kernel/ptrace.c +++ b/arch/ppc64/kernel/ptrace.c | |||
| @@ -304,14 +304,17 @@ static void do_syscall_trace(void) | |||
| 304 | 304 | ||
| 305 | void do_syscall_trace_enter(struct pt_regs *regs) | 305 | void do_syscall_trace_enter(struct pt_regs *regs) |
| 306 | { | 306 | { |
| 307 | if (test_thread_flag(TIF_SYSCALL_TRACE) | ||
| 308 | && (current->ptrace & PT_PTRACED)) | ||
| 309 | do_syscall_trace(); | ||
| 310 | |||
| 307 | if (unlikely(current->audit_context)) | 311 | if (unlikely(current->audit_context)) |
| 308 | audit_syscall_entry(current, regs->gpr[0], | 312 | audit_syscall_entry(current, |
| 313 | test_thread_flag(TIF_32BIT)?AUDIT_ARCH_PPC:AUDIT_ARCH_PPC64, | ||
| 314 | regs->gpr[0], | ||
| 309 | regs->gpr[3], regs->gpr[4], | 315 | regs->gpr[3], regs->gpr[4], |
| 310 | regs->gpr[5], regs->gpr[6]); | 316 | regs->gpr[5], regs->gpr[6]); |
| 311 | 317 | ||
| 312 | if (test_thread_flag(TIF_SYSCALL_TRACE) | ||
| 313 | && (current->ptrace & PT_PTRACED)) | ||
| 314 | do_syscall_trace(); | ||
| 315 | } | 318 | } |
| 316 | 319 | ||
| 317 | void do_syscall_trace_leave(struct pt_regs *regs) | 320 | void do_syscall_trace_leave(struct pt_regs *regs) |
| @@ -319,7 +322,9 @@ void do_syscall_trace_leave(struct pt_regs *regs) | |||
| 319 | secure_computing(regs->gpr[0]); | 322 | secure_computing(regs->gpr[0]); |
| 320 | 323 | ||
| 321 | if (unlikely(current->audit_context)) | 324 | if (unlikely(current->audit_context)) |
| 322 | audit_syscall_exit(current, regs->result); | 325 | audit_syscall_exit(current, |
| 326 | (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS, | ||
| 327 | regs->result); | ||
| 323 | 328 | ||
| 324 | if ((test_thread_flag(TIF_SYSCALL_TRACE) | 329 | if ((test_thread_flag(TIF_SYSCALL_TRACE) |
| 325 | || test_thread_flag(TIF_SINGLESTEP)) | 330 | || test_thread_flag(TIF_SINGLESTEP)) |