[ARCH question] Do syscall_get_nr and syscall_get_arguments always work?
Richard Guy Briggs
rgb at redhat.com
Fri Feb 21 21:21:44 UTC 2014
On 14/02/07, Andy Lutomirski wrote:
> On Fri, Feb 7, 2014 at 4:58 AM, Jonas Bonn <jonas.bonn at gmail.com> wrote:
> > Hi Andy,
> >
> > On 5 February 2014 00:50, Andy Lutomirski <luto at amacapital.net> wrote:
> >>
> >> I can't even find the system call entry point on mips.
> >>
> >>
> >> Is there a semi-official answer here?
> >
> > I don't have an official answer for you, but when I wanted to do
> > something with these entry points a couple of years back I discovered
> > that they aren't very thoroughly implemented across the various
> > architectures. I started cleaning this up and can probably dig up
> > some of this for you if you need it.
>
> The syscall_get_xyz functions are certainly implemented and functional
> in all relevant architectures -- the audit code is already using them.
> The thing I'm uncertain about is whether they are usable with no
> syscall slow path bits set.
I just stumbled on syscall_get_arch missing on at least s390x. Others
may have it missing too, but the build quit on discovering that one.
> I guess that, if the syscall restart logic needs to read the argument
> registers, then they're probably reliably saved...
>
> --Andy
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list