6 files changed, 25 insertions, 9 deletions

diff --git a/arch/arm/include/asm/kprobes.h b/arch/arm/include/asm/kprobes.h
index feec86768f9c..f82ec22eeb11 100644
--- a/arch/arm/include/asm/kprobes.h
+++ b/arch/arm/include/asm/kprobes.h
@@ -24,7 +24,6 @@
 #define MAX_INSN_SIZE                   2
 #define MAX_STACK_SIZE                  64      /* 32 would probably be OK */
 
-#define regs_return_value(regs)         ((regs)->ARM_r0)
 #define flush_insn_slot(p)              do { } while (0)
 #define kretprobe_blacklist_size        0
 
diff --git a/arch/arm/include/asm/ptrace.h b/arch/arm/include/asm/ptrace.h
index 96187ff58c24..451808ba1211 100644
--- a/arch/arm/include/asm/ptrace.h
+++ b/arch/arm/include/asm/ptrace.h
@@ -189,6 +189,11 @@ static inline int valid_user_regs(struct pt_regs *regs)
         return 0;
 }
 
+static inline long regs_return_value(struct pt_regs *regs)
+{
+        return regs->ARM_r0;
+}
+
 #define instruction_pointer(regs)       (regs)->ARM_pc
 
 #ifdef CONFIG_SMP
diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
index 0f30c3a78fc1..d4c24d412a8d 100644
--- a/arch/arm/include/asm/thread_info.h
+++ b/arch/arm/include/asm/thread_info.h
@@ -129,6 +129,7 @@ extern void vfp_flush_hwstate(struct thread_info *);
 /*
  * thread information flags:
  *  TIF_SYSCALL_TRACE   - syscall trace active
+ *  TIF_SYSCAL_AUDIT    - syscall auditing active
  *  TIF_SIGPENDING      - signal pending
  *  TIF_NEED_RESCHED    - rescheduling necessary
  *  TIF_NOTIFY_RESUME   - callback before returning to user
@@ -139,6 +140,7 @@ extern void vfp_flush_hwstate(struct thread_info *);
 #define TIF_NEED_RESCHED        1
 #define TIF_NOTIFY_RESUME       2       /* callback before returning to user */
 #define TIF_SYSCALL_TRACE       8
+#define TIF_SYSCALL_AUDIT       9
 #define TIF_POLLING_NRFLAG      16
 #define TIF_USING_IWMMXT        17
 #define TIF_MEMDIE              18      /* is terminating due to OOM killer */
@@ -149,11 +151,15 @@ extern void vfp_flush_hwstate(struct thread_info *);
 #define _TIF_NEED_RESCHED       (1 << TIF_NEED_RESCHED)
 #define _TIF_NOTIFY_RESUME      (1 << TIF_NOTIFY_RESUME)
 #define _TIF_SYSCALL_TRACE      (1 << TIF_SYSCALL_TRACE)
+#define _TIF_SYSCALL_AUDIT      (1 << TIF_SYSCALL_AUDIT)
 #define _TIF_POLLING_NRFLAG     (1 << TIF_POLLING_NRFLAG)
 #define _TIF_USING_IWMMXT       (1 << TIF_USING_IWMMXT)
 #define _TIF_RESTORE_SIGMASK    (1 << TIF_RESTORE_SIGMASK)
 #define _TIF_SECCOMP            (1 << TIF_SECCOMP)
 
+/* Checks for any syscall work in entry-common.S */
+#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT)
+
 /*
  * Change these and you break ASM code in entry-common.S
  */
diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index b2a27b6b0046..520889cf1b5b 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -87,7 +87,7 @@ ENTRY(ret_from_fork)
         get_thread_info tsk
         ldr     r1, [tsk, #TI_FLAGS]            @ check for syscall tracing
         mov     why, #1
-        tst     r1, #_TIF_SYSCALL_TRACE         @ are we tracing syscalls?
+        tst     r1, #_TIF_SYSCALL_WORK          @ are we tracing syscalls?
         beq     ret_slow_syscall
         mov     r1, sp
         mov     r0, #1                          @ trace exit [IP = 1]
@@ -443,7 +443,7 @@ ENTRY(vector_swi)
 1:
 #endif
 
-        tst     r10, #_TIF_SYSCALL_TRACE                @ are we tracing syscalls?
+        tst     r10, #_TIF_SYSCALL_WORK         @ are we tracing syscalls?
         bne     __sys_trace
 
         cmp     scno, #NR_syscalls              @ check upper syscall limit
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 483727ad6892..e1d5e1929fbd 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -906,11 +906,6 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
 {
         unsigned long ip;
 
-        if (!test_thread_flag(TIF_SYSCALL_TRACE))
-                return scno;
-        if (!(current->ptrace & PT_PTRACED))
-                return scno;
-
         /*
          * Save IP.  IP is used to denote syscall entry/exit:
          *  IP = 0 -> entry, = 1 -> exit
@@ -918,6 +913,17 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
         ip = regs->ARM_ip;
         regs->ARM_ip = why;
 
+        if (!ip)
+                audit_syscall_exit(regs);
+        else
+                audit_syscall_entry(AUDIT_ARCH_ARMEB, scno, regs->ARM_r0,
+                                    regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);
+
+        if (!test_thread_flag(TIF_SYSCALL_TRACE))
+                return scno;
+        if (!(current->ptrace & PT_PTRACED))
+                return scno;
+
         current_thread_info()->syscall = scno;
 
         /* the 0x80 provides a way for the tracing parent to distinguish
diff --git a/init/Kconfig b/init/Kconfig
index 5ad8b775f2ac..fe25ffbe818b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -355,7 +355,7 @@ config AUDIT
 
 config AUDITSYSCALL
         bool "Enable system-call auditing support"
-        depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH)
+        depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || ARM)
         default y if SECURITY_SELINUX
         help
           Enable low-overhead system-call auditing infrastructure that