Am Samstag 04 Juni 2011, 00:04:51 schrieb Eric Paris: > The audit system previously expected arches calling to audit_syscall_exit > to supply as arguments if the syscall was a success and what the return > code was. Audit also provides a helper AUDITSC_RESULT which was supposed > to simplify things by converting from negative retcodes to an audit > internal magic value stating success or failure. This helper was wrong > and could indicate that a valid pointer returned to userspace was a failed > syscall. The fix is to fix the layering foolishness. We now pass > audit_syscall_exit a struct pt_reg and it in turns calls back into arch > code to collect the return value and to determine if the syscall was a > success or failure. We also define a generic is_syscall_success() macro > which determines success/failure based on if the value is < -MAX_ERRNO. > This works for arches like x86 which do not use a separate mechanism to > indicate syscall failure. > > In arch/sh/kernel/ptrace_64.c I see that we were using regs[9] in the old > audit code as the return value. But the ptrace_64.h code defined the macro > regs_return_value() as regs[3]. I have no idea which one is correct, but > this patch now uses the regs_return_value() function, so it now uses > regs[3]. > > We make both the is_syscall_success() and regs_return_value() static > inlines instead of macros. The reason is because the audit function must > take a void* for the regs. (uml calls theirs struct uml_pt_regs instead > of just struct pt_regs so audit_syscall_exit can't take a struct pt_regs). > Since the audit function takes a void* we need to use static inlines to > cast it back to the arch correct structure to dereference it. > > The other major change is that on some arches, like ia64, we change > regs_return_value() to give us the negative value on syscall failure. The > only other user of this macro, kretprobe_example.c, won't notice and it > makes the value signed consistently for the audit functions across all > archs. > > Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> > Acked-by: Acked-by: H. Peter Anvin <hpa@xxxxxxxxx> [for x86 portion] The UML part is now fine for me. :-) Acked-by: Richard Weinberger <richard@xxxxxx> Thanks, //richard
