On 02/16/2012 08:26 PM, Will Drewry wrote: >> >> For x32 you have the option of introducing a new value or relying on bit >> 30 in eax (and AUDIT_ARCH_X86_64). The latter is more natural, probably. > > Will that bit be visible as the syscall number or will it be stripped > out before passing the number around? If it's visible, then it > doesn't seem like there'd need to be a new AUDIT_ARCH, but I suspect > someone like Eric will have an actually useful opinion. > Bit 30 is visible in orig_eax; whether you export it as part of "the syscall number" is presumably TBD, but I think it's more natural to do so. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf. -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
