• Bodo Stroesser's avatar
    [PATCH] Ptrace/i386: fix "syscall audit" interaction with singlestep · 94c80b25
    Bodo Stroesser authored
          Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
    
    Avoid giving two traps for singlestep instead of one, when syscall auditing is
    enabled.
    
    In fact no singlestep trap is sent on syscall entry, only on syscall exit, as
    can be seen in entry.S:
    
    # Note that in this mask _TIF_SINGLESTEP is not tested !!! <<<<<<<<<<<<<<
            testb $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP),TI_flags(%ebp)
            jnz syscall_trace_entry
    	...
    syscall_trace_entry:
    	...
    	call do_syscall_trace
    
    But auditing a SINGLESTEP'ed process causes do_syscall_trace to be called, so
    the tracer will get one more trap on the syscall entry path, which it
    shouldn't.
    Signed-off-by: default avatarPaolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
    CC: Roland McGrath <roland@redhat.com>
    Cc: Jeff Dike <jdike@addtoit.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    94c80b25
ptrace.c 17.7 KB