[ARCH question] Do syscall_get_nr and syscall_get_arguments always work?
Andy Lutomirski
luto at amacapital.net
Fri Feb 7 16:40:45 UTC 2014
On Fri, Feb 7, 2014 at 4:58 AM, Jonas Bonn <jonas.bonn at gmail.com> wrote:
> Hi Andy,
>
> On 5 February 2014 00:50, Andy Lutomirski <luto at amacapital.net> wrote:
>>
>> I can't even find the system call entry point on mips.
>>
>>
>> Is there a semi-official answer here?
>
> I don't have an official answer for you, but when I wanted to do
> something with these entry points a couple of years back I discovered
> that they aren't very thoroughly implemented across the various
> architectures. I started cleaning this up and can probably dig up
> some of this for you if you need it.
The syscall_get_xyz functions are certainly implemented and functional
in all relevant architectures -- the audit code is already using them.
The thing I'm uncertain about is whether they are usable with no
syscall slow path bits set.
I guess that, if the syscall restart logic needs to read the argument
registers, then they're probably reliably saved...
--Andy
More information about the Linux-audit
mailing list