]> err.no Git - linux-2.6/commitdiff
[AUDIT] Log correct syscall args for i386 processes on x86_64
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>
Tue, 3 May 2005 13:11:02 +0000 (14:11 +0100)
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>
Tue, 3 May 2005 13:11:02 +0000 (14:11 +0100)
The i386 syscall ABI uses different registers. Log those instead of the
x86_64 ones.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
arch/x86_64/kernel/ptrace.c

index 19eba9aaedd1373cee28e7d14c5f9bb81a1398e2..e26e86bb56fe53381e2016e4f478dbdc37ec0294 100644 (file)
@@ -630,8 +630,6 @@ static void syscall_trace(struct pt_regs *regs)
        }
 }
 
-#define audit_arch() (test_thread_flag(TIF_IA32) ? AUDIT_ARCH_I386 : AUDIT_ARCH_X86_64)
-
 asmlinkage void syscall_trace_enter(struct pt_regs *regs)
 {
        /* do the secure computing check first */
@@ -641,11 +639,19 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
            && (current->ptrace & PT_PTRACED))
                syscall_trace(regs);
 
-       if (unlikely(current->audit_context))
-               audit_syscall_entry(current, audit_arch(), regs->orig_rax,
-                                   regs->rdi, regs->rsi,
-                                   regs->rdx, regs->r10);
-
+       if (unlikely(current->audit_context)) {
+               if (test_thread_flag(TIF_IA32)) {
+                       audit_syscall_entry(current, AUDIT_ARCH_I386,
+                                           regs->orig_rax,
+                                           regs->rbx, regs->rcx,
+                                           regs->rdx, regs->rsi);
+               } else {
+                       audit_syscall_entry(current, AUDIT_ARCH_X86_64,
+                                           regs->orig_rax,
+                                           regs->rdi, regs->rsi,
+                                           regs->rdx, regs->r10);
+               }
+       }
 }
 
 asmlinkage void syscall_trace_leave(struct pt_regs *regs)