7 files changed, 98 insertions, 58 deletions
diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
index e8c965ce86eb..e34f651fa13c 100644
--- a/arch/i386/kernel/ptrace.c
+++ b/arch/i386/kernel/ptrace.c
@@ -683,24 +683,18 @@ void do_syscall_trace(struct pt_regs *regs, int entryexit)
        /* do the secure computing check first */
        secure_computing(regs->orig_eax);
-        if (unlikely(current->audit_context)) {
+        if (unlikely(current->audit_context) && entryexit)
-                if (!entryexit)
+                audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), regs->eax);
-                        audit_syscall_entry(current, regs->orig_eax,
-                                            regs->ebx, regs->ecx,
-                                            regs->edx, regs->esi);
-                else
-                        audit_syscall_exit(current, regs->eax);
-        }
        if (!(current->ptrace & PT_PTRACED))
-                return;
+                goto out;
        /* Fake a debug trap */
        if (test_thread_flag(TIF_SINGLESTEP))
                send_sigtrap(current, regs, 0);
        if (!test_thread_flag(TIF_SYSCALL_TRACE))
-                return;
+                goto out;
        /* the 0x80 provides a way for the tracing parent to distinguish
           between a syscall stop and SIGTRAP delivery */
@@ -715,4 +709,9 @@ void do_syscall_trace(struct pt_regs *regs, int entryexit)
                send_sig(current->exit_code, current, 1);
                current->exit_code = 0;
        }
+ out:
+        if (unlikely(current->audit_context) && !entryexit)
+                audit_syscall_entry(current, AUDIT_ARCH_I386, regs->orig_eax,
+                                    regs->ebx, regs->ecx, regs->edx, regs->esi);
 }
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
index c253fd5914fc..907464ee7273 100644
--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
@@ -1596,20 +1596,25 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3,
                     long arg4, long arg5, long arg6, long arg7,
                     struct pt_regs regs)
 {
-        long syscall;
+        if (test_thread_flag(TIF_SYSCALL_TRACE) 
+            && (current->ptrace & PT_PTRACED))
+                syscall_trace();
        if (unlikely(current->audit_context)) {
-                if (IS_IA32_PROCESS(&regs))
+                long syscall;
+                int arch;
+                if (IS_IA32_PROCESS(&regs)) {
                        syscall = regs.r1;
-                else
+                        arch = AUDIT_ARCH_I386;
+                } else {
                        syscall = regs.r15;
+                        arch = AUDIT_ARCH_IA64;
+                }
-                audit_syscall_entry(current, syscall, arg0, arg1, arg2, arg3);
+                audit_syscall_entry(current, arch, syscall, arg0, arg1, arg2, arg3);
        }
-        if (test_thread_flag(TIF_SYSCALL_TRACE)
-            && (current->ptrace & PT_PTRACED))
-                syscall_trace();
 }
 /* "asmlinkage" so the input arguments are preserved... */
@@ -1620,7 +1625,7 @@ syscall_trace_leave (long arg0, long arg1, long arg2, long arg3,
                     struct pt_regs regs)
 {
        if (unlikely(current->audit_context))
-                audit_syscall_exit(current, regs.r8);
+                audit_syscall_exit(current, AUDITSC_RESULT(regs.r10), regs.r8);
        if (test_thread_flag(TIF_SYSCALL_TRACE)
            && (current->ptrace & PT_PTRACED))
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index a2f899c2f4d4..92e70ca3bff9 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -301,25 +301,38 @@ out:
        return ret;
 }
+static inline int audit_arch(void)
+{
+#ifdef CONFIG_CPU_LITTLE_ENDIAN
+#ifdef CONFIG_MIPS64
+        if (!(current->thread.mflags & MF_32BIT_REGS))
+                return AUDIT_ARCH_MIPSEL64;
+#endif /* MIPS64 */
+        return AUDIT_ARCH_MIPSEL;
+#else /* big endian... */
+#ifdef CONFIG_MIPS64
+        if (!(current->thread.mflags & MF_32BIT_REGS))
+                return AUDIT_ARCH_MIPS64;
+#endif /* MIPS64 */
+        return AUDIT_ARCH_MIPS;
+#endif /* endian */
+}
 /*
 * Notification of system call entry/exit
 * - triggered by current->work.syscall_trace
 */
 asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
 {
-        if (unlikely(current->audit_context)) {
+        if (unlikely(current->audit_context) && entryexit)
-                if (!entryexit)
+                audit_syscall_exit(current, AUDITSC_RESULT(regs->regs[2]), regs->regs[2]);
-                        audit_syscall_entry(current, regs->regs[2],
-                                            regs->regs[4], regs->regs[5],
-                                            regs->regs[6], regs->regs[7]);
-                else
-                        audit_syscall_exit(current, regs->regs[2]);
-        }
        if (!test_thread_flag(TIF_SYSCALL_TRACE))
-                return;
+                goto out;
        if (!(current->ptrace & PT_PTRACED))
-                return;
+                goto out;
        /* The 0x80 provides a way for the tracing parent to distinguish
           between a syscall stop and SIGTRAP delivery */
@@ -335,4 +348,9 @@ asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
                send_sig(current->exit_code, current, 1);
                current->exit_code = 0;
        }
+ out:
+        if (unlikely(current->audit_context) && !entryexit)
+                audit_syscall_entry(current, audit_arch(), regs->regs[2],
+                                    regs->regs[4], regs->regs[5],
+                                    regs->regs[6], regs->regs[7]);
 }
diff --git a/arch/ppc64/kernel/ptrace.c b/arch/ppc64/kernel/ptrace.c
index 5a846324ca8c..9f8c6087ae56 100644
--- a/arch/ppc64/kernel/ptrace.c
+++ b/arch/ppc64/kernel/ptrace.c
@@ -305,14 +305,17 @@ static void do_syscall_trace(void)
 void do_syscall_trace_enter(struct pt_regs *regs)
 {
+        if (test_thread_flag(TIF_SYSCALL_TRACE)
+            && (current->ptrace & PT_PTRACED))
+                do_syscall_trace();
        if (unlikely(current->audit_context))
-                audit_syscall_entry(current, regs->gpr[0],
+                audit_syscall_entry(current,
+                                    test_thread_flag(TIF_32BIT)?AUDIT_ARCH_PPC:AUDIT_ARCH_PPC64,
+                                    regs->gpr[0],
                                    regs->gpr[3], regs->gpr[4],
                                    regs->gpr[5], regs->gpr[6]);
-        if (test_thread_flag(TIF_SYSCALL_TRACE)
-            && (current->ptrace & PT_PTRACED))
-                do_syscall_trace();
 }
 void do_syscall_trace_leave(struct pt_regs *regs)
@@ -320,7 +323,9 @@ void do_syscall_trace_leave(struct pt_regs *regs)
        secure_computing(regs->gpr[0]);
        if (unlikely(current->audit_context))
-                audit_syscall_exit(current, regs->result);
+                audit_syscall_exit(current, 
+                                   (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
+                                   regs->result);
        if ((test_thread_flag(TIF_SYSCALL_TRACE)
             || test_thread_flag(TIF_SINGLESTEP))
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
index 9f0d73e3f5f7..26889366929a 100644
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -712,18 +712,13 @@ out:
 asmlinkage void
 syscall_trace(struct pt_regs *regs, int entryexit)
 {
-        if (unlikely(current->audit_context)) {
+        if (unlikely(current->audit_context) && entryexit)
-                if (!entryexit)
+                audit_syscall_exit(current, AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]);
-                        audit_syscall_entry(current, regs->gprs[2],
-                                            regs->orig_gpr2, regs->gprs[3],
-                                            regs->gprs[4], regs->gprs[5]);
-                else
-                        audit_syscall_exit(current, regs->gprs[2]);
-        }
        if (!test_thread_flag(TIF_SYSCALL_TRACE))
-                return;
+                goto out;
        if (!(current->ptrace & PT_PTRACED))
-                return;
+                goto out;
        ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
                                 ? 0x80 : 0));
@@ -736,4 +731,10 @@ syscall_trace(struct pt_regs *regs, int entryexit)
                send_sig(current->exit_code, current, 1);
                current->exit_code = 0;
        }
+ out:
+        if (unlikely(current->audit_context) && !entryexit)
+                audit_syscall_entry(current, 
+                                    test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
+                                    regs->gprs[2], regs->orig_gpr2, regs->gprs[3],
+                                    regs->gprs[4], regs->gprs[5]);
 }
diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c
index e50e60ff5d27..959b2d2490df 100644
--- a/arch/um/kernel/ptrace.c
+++ b/arch/um/kernel/ptrace.c
@@ -337,15 +337,18 @@ void syscall_trace(union uml_pt_regs *regs, int entryexit)
        if (unlikely(current->audit_context)) {
                if (!entryexit)
-                        audit_syscall_entry(current, 
+                        audit_syscall_entry(current,
-                                            UPT_SYSCALL_NR(&regs->regs),
+                                            HOST_AUDIT_ARCH,
-                                            UPT_SYSCALL_ARG1(&regs->regs),
+                                            UPT_SYSCALL_NR(regs),
-                                            UPT_SYSCALL_ARG2(&regs->regs),
+                                            UPT_SYSCALL_ARG1(regs),
-                                            UPT_SYSCALL_ARG3(&regs->regs),
+                                            UPT_SYSCALL_ARG2(regs),
-                                            UPT_SYSCALL_ARG4(&regs->regs));
+                                            UPT_SYSCALL_ARG3(regs),
-                else
+                                            UPT_SYSCALL_ARG4(regs));
-                        audit_syscall_exit(current, 
+                else {
-                                           UPT_SYSCALL_RET(&regs->regs));
+                        int res = UPT_SYSCALL_RET(regs);
+                        audit_syscall_exit(current, AUDITSC_RESULT(res),
+                                           res);
+                }
        }
        /* Fake a debug trap */
diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
index c64b9c97c745..e26e86bb56fe 100644
--- a/arch/x86_64/kernel/ptrace.c
+++ b/arch/x86_64/kernel/ptrace.c
@@ -635,20 +635,29 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
        /* do the secure computing check first */
        secure_computing(regs->orig_rax);
-        if (unlikely(current->audit_context))
-                audit_syscall_entry(current, regs->orig_rax,
-                                    regs->rdi, regs->rsi,
-                                    regs->rdx, regs->r10);
        if (test_thread_flag(TIF_SYSCALL_TRACE)
            && (current->ptrace & PT_PTRACED))
                syscall_trace(regs);
+        if (unlikely(current->audit_context)) {
+                if (test_thread_flag(TIF_IA32)) {
+                        audit_syscall_entry(current, AUDIT_ARCH_I386,
+                                            regs->orig_rax,
+                                            regs->rbx, regs->rcx,
+                                            regs->rdx, regs->rsi);
+                } else {
+                        audit_syscall_entry(current, AUDIT_ARCH_X86_64,
+                                            regs->orig_rax,
+                                            regs->rdi, regs->rsi,
+                                            regs->rdx, regs->r10);
+                }
+        }
 }
 asmlinkage void syscall_trace_leave(struct pt_regs *regs)
 {
        if (unlikely(current->audit_context))
-                audit_syscall_exit(current, regs->rax);
+                audit_syscall_exit(current, AUDITSC_RESULT(regs->rax), regs->rax);
        if ((test_thread_flag(TIF_SYSCALL_TRACE)
             || test_thread_flag(TIF_SINGLESTEP))

diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c index e8c965ce86eb..e34f651fa13c 100644 --- a/arch/i386/kernel/ptrace.c +++ b/arch/i386/kernel/ptrace.c
@@ -683,24 +683,18 @@ void do_syscall_trace(struct pt_regs *regs, int entryexit)
683	/* do the secure computing check first */	683	/* do the secure computing check first */
684	secure_computing(regs->orig_eax);	684	secure_computing(regs->orig_eax);
685		685
686	if (unlikely(current->audit_context)) {	686	if (unlikely(current->audit_context) && entryexit)
687	if (!entryexit)	687	audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), regs->eax);
688	audit_syscall_entry(current, regs->orig_eax,
689	regs->ebx, regs->ecx,
690	regs->edx, regs->esi);
691	else
692	audit_syscall_exit(current, regs->eax);
693	}
694		688
695	if (!(current->ptrace & PT_PTRACED))	689	if (!(current->ptrace & PT_PTRACED))
696	return;	690	goto out;
697		691
698	/* Fake a debug trap */	692	/* Fake a debug trap */
699	if (test_thread_flag(TIF_SINGLESTEP))	693	if (test_thread_flag(TIF_SINGLESTEP))
700	send_sigtrap(current, regs, 0);	694	send_sigtrap(current, regs, 0);
701		695
702	if (!test_thread_flag(TIF_SYSCALL_TRACE))	696	if (!test_thread_flag(TIF_SYSCALL_TRACE))
703	return;	697	goto out;
704		698
705	/* the 0x80 provides a way for the tracing parent to distinguish	699	/* the 0x80 provides a way for the tracing parent to distinguish
706	between a syscall stop and SIGTRAP delivery */	700	between a syscall stop and SIGTRAP delivery */
@@ -715,4 +709,9 @@ void do_syscall_trace(struct pt_regs *regs, int entryexit)
715	send_sig(current->exit_code, current, 1);	709	send_sig(current->exit_code, current, 1);
716	current->exit_code = 0;	710	current->exit_code = 0;
717	}	711	}
		712	out:
		713	if (unlikely(current->audit_context) && !entryexit)
		714	audit_syscall_entry(current, AUDIT_ARCH_I386, regs->orig_eax,
		715	regs->ebx, regs->ecx, regs->edx, regs->esi);
		716
718	}	717	}


diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c index c253fd5914fc..907464ee7273 100644 --- a/arch/ia64/kernel/ptrace.c +++ b/arch/ia64/kernel/ptrace.c
@@ -1596,20 +1596,25 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3,
1596	long arg4, long arg5, long arg6, long arg7,	1596	long arg4, long arg5, long arg6, long arg7,
1597	struct pt_regs regs)	1597	struct pt_regs regs)
1598	{	1598	{
1599	long syscall;	1599	if (test_thread_flag(TIF_SYSCALL_TRACE)
		1600	&& (current->ptrace & PT_PTRACED))
		1601	syscall_trace();
1600		1602
1601	if (unlikely(current->audit_context)) {	1603	if (unlikely(current->audit_context)) {
1602	if (IS_IA32_PROCESS(&regs))	1604	long syscall;
		1605	int arch;
		1606
		1607	if (IS_IA32_PROCESS(&regs)) {
1603	syscall = regs.r1;	1608	syscall = regs.r1;
1604	else	1609	arch = AUDIT_ARCH_I386;
		1610	} else {
1605	syscall = regs.r15;	1611	syscall = regs.r15;
		1612	arch = AUDIT_ARCH_IA64;
		1613	}
1606		1614
1607	audit_syscall_entry(current, syscall, arg0, arg1, arg2, arg3);	1615	audit_syscall_entry(current, arch, syscall, arg0, arg1, arg2, arg3);
1608	}	1616	}
1609		1617
1610	if (test_thread_flag(TIF_SYSCALL_TRACE)
1611	&& (current->ptrace & PT_PTRACED))
1612	syscall_trace();
1613	}	1618	}
1614		1619
1615	/* "asmlinkage" so the input arguments are preserved... */	1620	/* "asmlinkage" so the input arguments are preserved... */
@@ -1620,7 +1625,7 @@ syscall_trace_leave (long arg0, long arg1, long arg2, long arg3,
1620	struct pt_regs regs)	1625	struct pt_regs regs)
1621	{	1626	{
1622	if (unlikely(current->audit_context))	1627	if (unlikely(current->audit_context))
1623	audit_syscall_exit(current, regs.r8);	1628	audit_syscall_exit(current, AUDITSC_RESULT(regs.r10), regs.r8);
1624		1629
1625	if (test_thread_flag(TIF_SYSCALL_TRACE)	1630	if (test_thread_flag(TIF_SYSCALL_TRACE)
1626	&& (current->ptrace & PT_PTRACED))	1631	&& (current->ptrace & PT_PTRACED))


diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c index a2f899c2f4d4..92e70ca3bff9 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c
@@ -301,25 +301,38 @@ out:
301	return ret;	301	return ret;
302	}	302	}
303		303
		304	static inline int audit_arch(void)
		305	{
		306	#ifdef CONFIG_CPU_LITTLE_ENDIAN
		307	#ifdef CONFIG_MIPS64
		308	if (!(current->thread.mflags & MF_32BIT_REGS))
		309	return AUDIT_ARCH_MIPSEL64;
		310	#endif /* MIPS64 */
		311	return AUDIT_ARCH_MIPSEL;
		312
		313	#else /* big endian... */
		314	#ifdef CONFIG_MIPS64
		315	if (!(current->thread.mflags & MF_32BIT_REGS))
		316	return AUDIT_ARCH_MIPS64;
		317	#endif /* MIPS64 */
		318	return AUDIT_ARCH_MIPS;
		319
		320	#endif /* endian */
		321	}
		322
304	/*	323	/*
305	* Notification of system call entry/exit	324	* Notification of system call entry/exit
306	* - triggered by current->work.syscall_trace	325	* - triggered by current->work.syscall_trace
307	*/	326	*/
308	asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)	327	asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
309	{	328	{
310	if (unlikely(current->audit_context)) {	329	if (unlikely(current->audit_context) && entryexit)
311	if (!entryexit)	330	audit_syscall_exit(current, AUDITSC_RESULT(regs->regs[2]), regs->regs[2]);
312	audit_syscall_entry(current, regs->regs[2],
313	regs->regs[4], regs->regs[5],
314	regs->regs[6], regs->regs[7]);
315	else
316	audit_syscall_exit(current, regs->regs[2]);
317	}
318		331
319	if (!test_thread_flag(TIF_SYSCALL_TRACE))	332	if (!test_thread_flag(TIF_SYSCALL_TRACE))
320	return;	333	goto out;
321	if (!(current->ptrace & PT_PTRACED))	334	if (!(current->ptrace & PT_PTRACED))
322	return;	335	goto out;
323		336
324	/* The 0x80 provides a way for the tracing parent to distinguish	337	/* The 0x80 provides a way for the tracing parent to distinguish
325	between a syscall stop and SIGTRAP delivery */	338	between a syscall stop and SIGTRAP delivery */
@@ -335,4 +348,9 @@ asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
335	send_sig(current->exit_code, current, 1);	348	send_sig(current->exit_code, current, 1);
336	current->exit_code = 0;	349	current->exit_code = 0;
337	}	350	}
		351	out:
		352	if (unlikely(current->audit_context) && !entryexit)
		353	audit_syscall_entry(current, audit_arch(), regs->regs[2],
		354	regs->regs[4], regs->regs[5],
		355	regs->regs[6], regs->regs[7]);
338	}	356	}


diff --git a/arch/ppc64/kernel/ptrace.c b/arch/ppc64/kernel/ptrace.c index 5a846324ca8c..9f8c6087ae56 100644 --- a/arch/ppc64/kernel/ptrace.c +++ b/arch/ppc64/kernel/ptrace.c
@@ -305,14 +305,17 @@ static void do_syscall_trace(void)
305		305
306	void do_syscall_trace_enter(struct pt_regs *regs)	306	void do_syscall_trace_enter(struct pt_regs *regs)
307	{	307	{
		308	if (test_thread_flag(TIF_SYSCALL_TRACE)
		309	&& (current->ptrace & PT_PTRACED))
		310	do_syscall_trace();
		311
308	if (unlikely(current->audit_context))	312	if (unlikely(current->audit_context))
309	audit_syscall_entry(current, regs->gpr[0],	313	audit_syscall_entry(current,
		314	test_thread_flag(TIF_32BIT)?AUDIT_ARCH_PPC:AUDIT_ARCH_PPC64,
		315	regs->gpr[0],
310	regs->gpr[3], regs->gpr[4],	316	regs->gpr[3], regs->gpr[4],
311	regs->gpr[5], regs->gpr[6]);	317	regs->gpr[5], regs->gpr[6]);
312		318
313	if (test_thread_flag(TIF_SYSCALL_TRACE)
314	&& (current->ptrace & PT_PTRACED))
315	do_syscall_trace();
316	}	319	}
317		320
318	void do_syscall_trace_leave(struct pt_regs *regs)	321	void do_syscall_trace_leave(struct pt_regs *regs)
@@ -320,7 +323,9 @@ void do_syscall_trace_leave(struct pt_regs *regs)
320	secure_computing(regs->gpr[0]);	323	secure_computing(regs->gpr[0]);
321		324
322	if (unlikely(current->audit_context))	325	if (unlikely(current->audit_context))
323	audit_syscall_exit(current, regs->result);	326	audit_syscall_exit(current,
		327	(regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
		328	regs->result);
324		329
325	if ((test_thread_flag(TIF_SYSCALL_TRACE)	330	if ((test_thread_flag(TIF_SYSCALL_TRACE)
326	\|\| test_thread_flag(TIF_SINGLESTEP))	331	\|\| test_thread_flag(TIF_SINGLESTEP))


diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index 9f0d73e3f5f7..26889366929a 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c
@@ -712,18 +712,13 @@ out:
712	asmlinkage void	712	asmlinkage void
713	syscall_trace(struct pt_regs *regs, int entryexit)	713	syscall_trace(struct pt_regs *regs, int entryexit)
714	{	714	{
715	if (unlikely(current->audit_context)) {	715	if (unlikely(current->audit_context) && entryexit)
716	if (!entryexit)	716	audit_syscall_exit(current, AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]);
717	audit_syscall_entry(current, regs->gprs[2],	717
718	regs->orig_gpr2, regs->gprs[3],
719	regs->gprs[4], regs->gprs[5]);
720	else
721	audit_syscall_exit(current, regs->gprs[2]);
722	}
723	if (!test_thread_flag(TIF_SYSCALL_TRACE))	718	if (!test_thread_flag(TIF_SYSCALL_TRACE))
724	return;	719	goto out;
725	if (!(current->ptrace & PT_PTRACED))	720	if (!(current->ptrace & PT_PTRACED))
726	return;	721	goto out;
727	ptrace_notify(SIGTRAP \| ((current->ptrace & PT_TRACESYSGOOD)	722	ptrace_notify(SIGTRAP \| ((current->ptrace & PT_TRACESYSGOOD)
728	? 0x80 : 0));	723	? 0x80 : 0));
729		724
@@ -736,4 +731,10 @@ syscall_trace(struct pt_regs *regs, int entryexit)
736	send_sig(current->exit_code, current, 1);	731	send_sig(current->exit_code, current, 1);
737	current->exit_code = 0;	732	current->exit_code = 0;
738	}	733	}
		734	out:
		735	if (unlikely(current->audit_context) && !entryexit)
		736	audit_syscall_entry(current,
		737	test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
		738	regs->gprs[2], regs->orig_gpr2, regs->gprs[3],
		739	regs->gprs[4], regs->gprs[5]);
739	}	740	}


diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c index e50e60ff5d27..959b2d2490df 100644 --- a/arch/um/kernel/ptrace.c +++ b/arch/um/kernel/ptrace.c
@@ -337,15 +337,18 @@ void syscall_trace(union uml_pt_regs *regs, int entryexit)
337		337
338	if (unlikely(current->audit_context)) {	338	if (unlikely(current->audit_context)) {
339	if (!entryexit)	339	if (!entryexit)
340	audit_syscall_entry(current,	340	audit_syscall_entry(current,
341	UPT_SYSCALL_NR(&regs->regs),	341	HOST_AUDIT_ARCH,
342	UPT_SYSCALL_ARG1(&regs->regs),	342	UPT_SYSCALL_NR(regs),
343	UPT_SYSCALL_ARG2(&regs->regs),	343	UPT_SYSCALL_ARG1(regs),
344	UPT_SYSCALL_ARG3(&regs->regs),	344	UPT_SYSCALL_ARG2(regs),
345	UPT_SYSCALL_ARG4(&regs->regs));	345	UPT_SYSCALL_ARG3(regs),
346	else	346	UPT_SYSCALL_ARG4(regs));
347	audit_syscall_exit(current,	347	else {
348	UPT_SYSCALL_RET(&regs->regs));	348	int res = UPT_SYSCALL_RET(regs);
		349	audit_syscall_exit(current, AUDITSC_RESULT(res),
		350	res);
		351	}
349	}	352	}
350		353
351	/* Fake a debug trap */	354	/* Fake a debug trap */


diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c index c64b9c97c745..e26e86bb56fe 100644 --- a/arch/x86_64/kernel/ptrace.c +++ b/arch/x86_64/kernel/ptrace.c
@@ -635,20 +635,29 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
635	/* do the secure computing check first */	635	/* do the secure computing check first */
636	secure_computing(regs->orig_rax);	636	secure_computing(regs->orig_rax);
637		637
638	if (unlikely(current->audit_context))
639	audit_syscall_entry(current, regs->orig_rax,
640	regs->rdi, regs->rsi,
641	regs->rdx, regs->r10);
642
643	if (test_thread_flag(TIF_SYSCALL_TRACE)	638	if (test_thread_flag(TIF_SYSCALL_TRACE)
644	&& (current->ptrace & PT_PTRACED))	639	&& (current->ptrace & PT_PTRACED))
645	syscall_trace(regs);	640	syscall_trace(regs);
		641
		642	if (unlikely(current->audit_context)) {
		643	if (test_thread_flag(TIF_IA32)) {
		644	audit_syscall_entry(current, AUDIT_ARCH_I386,
		645	regs->orig_rax,
		646	regs->rbx, regs->rcx,
		647	regs->rdx, regs->rsi);
		648	} else {
		649	audit_syscall_entry(current, AUDIT_ARCH_X86_64,
		650	regs->orig_rax,
		651	regs->rdi, regs->rsi,
		652	regs->rdx, regs->r10);
		653	}
		654	}
646	}	655	}
647		656
648	asmlinkage void syscall_trace_leave(struct pt_regs *regs)	657	asmlinkage void syscall_trace_leave(struct pt_regs *regs)
649	{	658	{
650	if (unlikely(current->audit_context))	659	if (unlikely(current->audit_context))
651	audit_syscall_exit(current, regs->rax);	660	audit_syscall_exit(current, AUDITSC_RESULT(regs->rax), regs->rax);
652		661
653	if ((test_thread_flag(TIF_SYSCALL_TRACE)	662	if ((test_thread_flag(TIF_SYSCALL_TRACE)
654	\|\| test_thread_flag(TIF_SINGLESTEP))	663	\|\| test_thread_flag(TIF_SINGLESTEP))