ARM: 7455/1: audit: move syscall auditing until after ptrace SIGTRAP handling

When auditing system calls on ARM, the audit code is called before
notifying the parent process in the case that the current task is being
ptraced. At this point, the parent (debugger) may choose to change the
system call being issued via the SET_SYSCALL ptrace request, causing
the wrong system call to be reported to the audit tools.

This patch moves the audit calls after the ptrace SIGTRAP handling code
in the syscall tracing implementation.

Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 14e38261cd31db9d852db2eb0b8046251a04613d..592a39d0ef31013cad7dfe8248a80930ec2d691c 100644 (file)
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -911,14 +911,8 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
 {
        unsigned long ip;
 
-       if (why)
-               audit_syscall_exit(regs);
-       else
-               audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0,
-                                   regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);
-
        if (!test_thread_flag(TIF_SYSCALL_TRACE))
-               return scno;
+               goto out_no_trace;
 
        current_thread_info()->syscall = scno;
 
@@ -935,6 +929,13 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
                current_thread_info()->syscall = -1;
 
        regs->ARM_ip = ip;
+       scno = current_thread_info()->syscall;
 
-       return current_thread_info()->syscall;
+out_no_trace:
+       if (why)
+               audit_syscall_exit(regs);
+       else
+               audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0,
+                                   regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);
+       return scno;
 }