aboutsummaryrefslogtreecommitdiffstats
path: root/arch/x86_64
diff options
context:
space:
mode:
author <dwmw2@shinybook.infradead.org>2005-04-29 11:08:28 -0400
committer <dwmw2@shinybook.infradead.org>2005-04-29 11:08:28 -0400
commit2fd6f58ba6efc82ea2c9c2630f7ff5ed9eeaf34a (patch)
tree87cf236a78ad242ae01f1b71c289131e6d1c0662 /arch/x86_64
parentea3834d9fb348fb1144ad3affea22df933eaf62e (diff)
[AUDIT] Don't allow ptrace to fool auditing, log arch of audited syscalls.
We were calling ptrace_notify() after auditing the syscall and arguments, but the debugger could have _changed_ them before the syscall was actually invoked. Reorder the calls to fix that. While we're touching ever call to audit_syscall_entry(), we also make it take an extra argument: the architecture of the syscall which was made, because some architectures allow more than one type of syscall. Also add an explicit success/failure flag to audit_syscall_exit(), for the benefit of architectures which return that in a condition register rather than only returning a single register. Change type of syscall return value to 'long' not 'int'. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'arch/x86_64')
-rw-r--r--arch/x86_64/kernel/ptrace.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
index c7011675007d..ecbccbbf5c2a 100644
--- a/arch/x86_64/kernel/ptrace.c
+++ b/arch/x86_64/kernel/ptrace.c
@@ -629,25 +629,28 @@ static void syscall_trace(struct pt_regs *regs)
629 } 629 }
630} 630}
631 631
632#define audit_arch() (test_thread_flag(TIF_IA32) ? AUDIT_ARCH_I386 : AUDIT_ARCH_X86_64)
633
632asmlinkage void syscall_trace_enter(struct pt_regs *regs) 634asmlinkage void syscall_trace_enter(struct pt_regs *regs)
633{ 635{
634 /* do the secure computing check first */ 636 /* do the secure computing check first */
635 secure_computing(regs->orig_rax); 637 secure_computing(regs->orig_rax);
636 638
639 if (test_thread_flag(TIF_SYSCALL_TRACE)
640 && (current->ptrace & PT_PTRACED))
641 syscall_trace(regs);
642
637 if (unlikely(current->audit_context)) 643 if (unlikely(current->audit_context))
638 audit_syscall_entry(current, regs->orig_rax, 644 audit_syscall_entry(current, audit_arch(), regs->orig_rax,
639 regs->rdi, regs->rsi, 645 regs->rdi, regs->rsi,
640 regs->rdx, regs->r10); 646 regs->rdx, regs->r10);
641 647
642 if (test_thread_flag(TIF_SYSCALL_TRACE)
643 && (current->ptrace & PT_PTRACED))
644 syscall_trace(regs);
645} 648}
646 649
647asmlinkage void syscall_trace_leave(struct pt_regs *regs) 650asmlinkage void syscall_trace_leave(struct pt_regs *regs)
648{ 651{
649 if (unlikely(current->audit_context)) 652 if (unlikely(current->audit_context))
650 audit_syscall_exit(current, regs->rax); 653 audit_syscall_exit(current, AUDITSC_RESULT(regs->rax), regs->rax);
651 654
652 if ((test_thread_flag(TIF_SYSCALL_TRACE) 655 if ((test_thread_flag(TIF_SYSCALL_TRACE)
653 || test_thread_flag(TIF_SINGLESTEP)) 656 || test_thread_flag(TIF_SINGLESTEP))