From 5701ede884c2221e6ebbb54aec83dc433287bc50 Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Fri, 4 Jul 2014 08:28:31 +0100 Subject: [PATCH] arm64: audit: Add audit hook in syscall_trace_enter/exit() This patch adds auditing functions on entry to or exit from every system call invocation. Acked-by: Richard Guy Briggs Acked-by Will Deacon Signed-off-by: AKASHI Takahiro Signed-off-by: Catalin Marinas --- arch/arm64/kernel/ptrace.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 9fde010c945f..70526cfda056 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -19,6 +19,7 @@ * along with this program. If not, see . */ +#include #include #include #include @@ -39,6 +40,7 @@ #include #include #include +#include #include #include @@ -1113,11 +1115,16 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) trace_sys_enter(regs, regs->syscallno); + audit_syscall_entry(syscall_get_arch(), regs->syscallno, + regs->orig_x0, regs->regs[1], regs->regs[2], regs->regs[3]); + return regs->syscallno; } asmlinkage void syscall_trace_exit(struct pt_regs *regs) { + audit_syscall_exit(regs); + if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) trace_sys_exit(regs, regs_return_value(regs)); -- GitLab