ARM: 7455/1: audit: move syscall auditing until after ptrace SIGTRAP handling

When auditing system calls on ARM, the audit code is called before
notifying the parent process in the case that the current task is being
ptraced. At this point, the parent (debugger) may choose to change the
system call being issued via the SET_SYSCALL ptrace request, causing
the wrong system call to be reported to the audit tools.

This patch moves the audit calls after the ptrace SIGTRAP handling code
in the syscall tracing implementation.

Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

1 files changed, 9 insertions, 8 deletions

diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 14e38261cd31..592a39d0ef31 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -911,14 +911,8 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
 {
         unsigned long ip;
 
-        if (why)
-                audit_syscall_exit(regs);
-        else
-                audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0,
-                                    regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);
-
         if (!test_thread_flag(TIF_SYSCALL_TRACE))
-                return scno;
+                goto out_no_trace;
 
         current_thread_info()->syscall = scno;
 
@@ -935,6 +929,13 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
                 current_thread_info()->syscall = -1;
 
         regs->ARM_ip = ip;
+        scno = current_thread_info()->syscall;
 
-        return current_thread_info()->syscall;
+out_no_trace:
+        if (why)
+                audit_syscall_exit(regs);
+        else
+                audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0,
+                                    regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);
+        return scno;
 }