1 files changed, 61 insertions, 18 deletions
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 6bc07f0f1202..109792bc7cfa 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -54,6 +54,16 @@
 #include <asm/ftrace.h>
 #include <asm/irq_vectors.h>
+/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this.  */
+#include <linux/elf-em.h>
+#define AUDIT_ARCH_I386         (EM_386|__AUDIT_ARCH_LE)
+#define __AUDIT_ARCH_LE    0x40000000
+#ifndef CONFIG_AUDITSYSCALL
+#define sysenter_audit  syscall_trace_entry
+#define sysexit_audit   syscall_exit_work
+#endif
 /*
 * We use macros for low-level operations which need to be overridden
 * for paravirtualization.  The following will never clobber any registers:
@@ -332,8 +342,9 @@ sysenter_past_esp:
        GET_THREAD_INFO(%ebp)
        /* Note, _TIF_SECCOMP is bit number 8, and so it needs testw and not testb */
-        testw $(_TIF_SYSCALL_EMU|_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT),TI_flags(%ebp)
+        testw $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
-        jnz syscall_trace_entry
+        jnz sysenter_audit
+sysenter_do_call:
        cmpl $(nr_syscalls), %eax
        jae syscall_badsys
        call *sys_call_table(,%eax,4)
@@ -343,7 +354,8 @@ sysenter_past_esp:
        TRACE_IRQS_OFF
        movl TI_flags(%ebp), %ecx
        testw $_TIF_ALLWORK_MASK, %cx
-        jne syscall_exit_work
+        jne sysexit_audit
+sysenter_exit:
 /* if something modifies registers it must also disable sysexit */
        movl PT_EIP(%esp), %edx
        movl PT_OLDESP(%esp), %ecx
@@ -351,6 +363,45 @@ sysenter_past_esp:
        TRACE_IRQS_ON
 1:      mov  PT_FS(%esp), %fs
        ENABLE_INTERRUPTS_SYSEXIT
+#ifdef CONFIG_AUDITSYSCALL
+sysenter_audit:
+        testw $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%ebp)
+        jnz syscall_trace_entry
+        addl $4,%esp
+        CFI_ADJUST_CFA_OFFSET -4
+        /* %esi already in 8(%esp)         6th arg: 4th syscall arg */
+        /* %edx already in 4(%esp)         5th arg: 3rd syscall arg */
+        /* %ecx already in 0(%esp)         4th arg: 2nd syscall arg */
+        movl %ebx,%ecx                  /* 3rd arg: 1st syscall arg */
+        movl %eax,%edx                  /* 2nd arg: syscall number */
+        movl $AUDIT_ARCH_I386,%eax      /* 1st arg: audit arch */
+        call audit_syscall_entry
+        pushl %ebx
+        CFI_ADJUST_CFA_OFFSET 4
+        movl PT_EAX(%esp),%eax          /* reload syscall number */
+        jmp sysenter_do_call
+sysexit_audit:
+        testw $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT), %cx
+        jne syscall_exit_work
+        TRACE_IRQS_ON
+        ENABLE_INTERRUPTS(CLBR_ANY)
+        movl %eax,%edx          /* second arg, syscall return value */
+        cmpl $0,%eax            /* is it < 0? */
+        setl %al                /* 1 if so, 0 if not */
+        movzbl %al,%eax         /* zero-extend that */
+        inc %eax /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
+        call audit_syscall_exit
+        DISABLE_INTERRUPTS(CLBR_ANY)
+        TRACE_IRQS_OFF
+        movl TI_flags(%ebp), %ecx
+        testw $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT), %cx
+        jne syscall_exit_work
+        movl PT_EAX(%esp),%eax  /* reload syscall return value */
+        jmp sysenter_exit
+#endif
        CFI_ENDPROC
 .pushsection .fixup,"ax"
 2:      movl $0,PT_FS(%esp)
@@ -370,7 +421,7 @@ ENTRY(system_call)
        GET_THREAD_INFO(%ebp)
                                        # system call tracing in operation / emulation
        /* Note, _TIF_SECCOMP is bit number 8, and so it needs testw and not testb */
-        testw $(_TIF_SYSCALL_EMU|_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT),TI_flags(%ebp)
+        testw $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
        jnz syscall_trace_entry
        cmpl $(nr_syscalls), %eax
        jae syscall_badsys
@@ -383,10 +434,6 @@ syscall_exit:
                                        # setting need_resched or sigpending
                                        # between sampling and the iret
        TRACE_IRQS_OFF
-        testl $X86_EFLAGS_TF,PT_EFLAGS(%esp)    # If tracing set singlestep flag on exit
-        jz no_singlestep
-        orl $_TIF_SINGLESTEP,TI_flags(%ebp)
-no_singlestep:
        movl TI_flags(%ebp), %ecx
        testw $_TIF_ALLWORK_MASK, %cx   # current->work
        jne syscall_exit_work
@@ -514,12 +561,8 @@ END(work_pending)
 syscall_trace_entry:
        movl $-ENOSYS,PT_EAX(%esp)
        movl %esp, %eax
-        xorl %edx,%edx
+        call syscall_trace_enter
-        call do_syscall_trace
+        /* What it returned is what we'll actually use.  */
-        cmpl $0, %eax
-        jne resume_userspace            # ret != 0 -> running under PTRACE_SYSEMU,
-                                        # so must skip actual syscall
-        movl PT_ORIG_EAX(%esp), %eax
        cmpl $(nr_syscalls), %eax
        jnae syscall_call
        jmp syscall_exit
@@ -528,14 +571,13 @@ END(syscall_trace_entry)
        # perform syscall exit tracing
        ALIGN
 syscall_exit_work:
-        testb $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SINGLESTEP), %cl
+        testb $_TIF_WORK_SYSCALL_EXIT, %cl
        jz work_pending
        TRACE_IRQS_ON
-        ENABLE_INTERRUPTS(CLBR_ANY)     # could let do_syscall_trace() call
+        ENABLE_INTERRUPTS(CLBR_ANY)     # could let syscall_trace_leave() call
                                        # schedule() instead
        movl %esp, %eax
-        movl $1, %edx
+        call syscall_trace_leave
-        call do_syscall_trace
        jmp resume_userspace
 END(syscall_exit_work)
        CFI_ENDPROC
@@ -1024,6 +1066,7 @@ ENDPROC(kernel_thread_helper)
 ENTRY(xen_sysenter_target)
        RING0_INT_FRAME
        addl $5*4, %esp         /* remove xen-provided frame */
+        CFI_ADJUST_CFA_OFFSET -5*4
        jmp sysenter_past_esp
        CFI_ENDPROC