diff options
author | <dwmw2@shinybook.infradead.org> | 2005-04-29 11:08:28 -0400 |
---|---|---|
committer | <dwmw2@shinybook.infradead.org> | 2005-04-29 11:08:28 -0400 |
commit | 2fd6f58ba6efc82ea2c9c2630f7ff5ed9eeaf34a (patch) | |
tree | 87cf236a78ad242ae01f1b71c289131e6d1c0662 /arch/s390/kernel | |
parent | ea3834d9fb348fb1144ad3affea22df933eaf62e (diff) |
[AUDIT] Don't allow ptrace to fool auditing, log arch of audited syscalls.
We were calling ptrace_notify() after auditing the syscall and arguments,
but the debugger could have _changed_ them before the syscall was actually
invoked. Reorder the calls to fix that.
While we're touching ever call to audit_syscall_entry(), we also make it
take an extra argument: the architecture of the syscall which was made,
because some architectures allow more than one type of syscall.
Also add an explicit success/failure flag to audit_syscall_exit(), for
the benefit of architectures which return that in a condition register
rather than only returning a single register.
Change type of syscall return value to 'long' not 'int'.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'arch/s390/kernel')
-rw-r--r-- | arch/s390/kernel/ptrace.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index 647233c02fc8..2d546c67f7c3 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c | |||
@@ -711,18 +711,13 @@ out: | |||
711 | asmlinkage void | 711 | asmlinkage void |
712 | syscall_trace(struct pt_regs *regs, int entryexit) | 712 | syscall_trace(struct pt_regs *regs, int entryexit) |
713 | { | 713 | { |
714 | if (unlikely(current->audit_context)) { | 714 | if (unlikely(current->audit_context) && entryexit) |
715 | if (!entryexit) | 715 | audit_syscall_exit(current, AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]); |
716 | audit_syscall_entry(current, regs->gprs[2], | 716 | |
717 | regs->orig_gpr2, regs->gprs[3], | ||
718 | regs->gprs[4], regs->gprs[5]); | ||
719 | else | ||
720 | audit_syscall_exit(current, regs->gprs[2]); | ||
721 | } | ||
722 | if (!test_thread_flag(TIF_SYSCALL_TRACE)) | 717 | if (!test_thread_flag(TIF_SYSCALL_TRACE)) |
723 | return; | 718 | goto out; |
724 | if (!(current->ptrace & PT_PTRACED)) | 719 | if (!(current->ptrace & PT_PTRACED)) |
725 | return; | 720 | goto out; |
726 | ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) | 721 | ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) |
727 | ? 0x80 : 0)); | 722 | ? 0x80 : 0)); |
728 | 723 | ||
@@ -735,4 +730,10 @@ syscall_trace(struct pt_regs *regs, int entryexit) | |||
735 | send_sig(current->exit_code, current, 1); | 730 | send_sig(current->exit_code, current, 1); |
736 | current->exit_code = 0; | 731 | current->exit_code = 0; |
737 | } | 732 | } |
733 | out: | ||
734 | if (unlikely(current->audit_context) && !entryexit) | ||
735 | audit_syscall_entry(current, | ||
736 | test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X, | ||
737 | regs->gprs[2], regs->orig_gpr2, regs->gprs[3], | ||
738 | regs->gprs[4], regs->gprs[5]); | ||
738 | } | 739 | } |