aboutsummaryrefslogtreecommitdiffstats
path: root/arch/s390/kernel
diff options
context:
space:
mode:
author <dwmw2@shinybook.infradead.org>2005-04-29 11:08:28 -0400
committer <dwmw2@shinybook.infradead.org>2005-04-29 11:08:28 -0400
commit2fd6f58ba6efc82ea2c9c2630f7ff5ed9eeaf34a (patch)
tree87cf236a78ad242ae01f1b71c289131e6d1c0662 /arch/s390/kernel
parentea3834d9fb348fb1144ad3affea22df933eaf62e (diff)
[AUDIT] Don't allow ptrace to fool auditing, log arch of audited syscalls.
We were calling ptrace_notify() after auditing the syscall and arguments, but the debugger could have _changed_ them before the syscall was actually invoked. Reorder the calls to fix that. While we're touching ever call to audit_syscall_entry(), we also make it take an extra argument: the architecture of the syscall which was made, because some architectures allow more than one type of syscall. Also add an explicit success/failure flag to audit_syscall_exit(), for the benefit of architectures which return that in a condition register rather than only returning a single register. Change type of syscall return value to 'long' not 'int'. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'arch/s390/kernel')
-rw-r--r--arch/s390/kernel/ptrace.c21
1 files changed, 11 insertions, 10 deletions
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
index 647233c02fc8..2d546c67f7c3 100644
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -711,18 +711,13 @@ out:
711asmlinkage void 711asmlinkage void
712syscall_trace(struct pt_regs *regs, int entryexit) 712syscall_trace(struct pt_regs *regs, int entryexit)
713{ 713{
714 if (unlikely(current->audit_context)) { 714 if (unlikely(current->audit_context) && entryexit)
715 if (!entryexit) 715 audit_syscall_exit(current, AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]);
716 audit_syscall_entry(current, regs->gprs[2], 716
717 regs->orig_gpr2, regs->gprs[3],
718 regs->gprs[4], regs->gprs[5]);
719 else
720 audit_syscall_exit(current, regs->gprs[2]);
721 }
722 if (!test_thread_flag(TIF_SYSCALL_TRACE)) 717 if (!test_thread_flag(TIF_SYSCALL_TRACE))
723 return; 718 goto out;
724 if (!(current->ptrace & PT_PTRACED)) 719 if (!(current->ptrace & PT_PTRACED))
725 return; 720 goto out;
726 ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) 721 ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
727 ? 0x80 : 0)); 722 ? 0x80 : 0));
728 723
@@ -735,4 +730,10 @@ syscall_trace(struct pt_regs *regs, int entryexit)
735 send_sig(current->exit_code, current, 1); 730 send_sig(current->exit_code, current, 1);
736 current->exit_code = 0; 731 current->exit_code = 0;
737 } 732 }
733 out:
734 if (unlikely(current->audit_context) && !entryexit)
735 audit_syscall_entry(current,
736 test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
737 regs->gprs[2], regs->orig_gpr2, regs->gprs[3],
738 regs->gprs[4], regs->gprs[5]);
738} 739}