[PATCH 06/13] arc: define syscall_get_arch()

Andy Lutomirski luto at amacapital.net
Fri Nov 9 15:56:12 UTC 2018 


> On Nov 9, 2018, at 7:27 AM, Alexey Brodkin <alexey.brodkin at synopsys.com> wrote:
> 
> Hi Andy,
> 
>> On Fri, 2018-11-09 at 07:17 -0800, Andy Lutomirski wrote:
>> On Fri, Nov 9, 2018 at 6:22 AM Alexey Brodkin
>> <alexey.brodkin at synopsys.com> wrote:
>>> Hi Dmitry,
>>> 
>>>> On Fri, 2018-11-09 at 06:16 +0300, Dmitry V. Levin wrote:
>>>> syscall_get_arch() is required to be implemented on all architectures
>>>> that use tracehook_report_syscall_entry() in order to extend
>>>> the generic ptrace API with PTRACE_GET_SYSCALL_INFO request.
>>>> 
>>>> Signed-off-by: Dmitry V. Levin <ldv at altlinux.org>
>>>> ---
>>>> arch/arc/include/asm/syscall.h | 6 ++++++
>>>> include/uapi/linux/audit.h     | 1 +
>>>> 2 files changed, 7 insertions(+)
>>> 
>>> [snip]
>>> 
>>>> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
>>>> index 818ae690ab79..a7149ceb5b98 100644
>>>> --- a/include/uapi/linux/audit.h
>>>> +++ b/include/uapi/linux/audit.h
>>>> @@ -375,6 +375,7 @@ enum {
>>>> 
>>>> #define AUDIT_ARCH_AARCH64   (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>>>> #define AUDIT_ARCH_ALPHA     (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>>>> +#define AUDIT_ARCH_ARC               (EM_ARC)
>>> 
>>> Similarly here we need to have:
>>> ---------------------------->8-----------------------------
>>> +#define AUDIT_ARCH_ARC         (EM_ARC|EM_ARCV2)
>>> ---------------------------->8-----------------------------
>>> 
>> 
>> Huh?  How does the bitwise or of two ELF machine codes make any sense?
> 
> Oops... I didn't read examples of AUDIT_ARCH_ALPHA above :(
> Indeed that was stupid.
> 
> But what would be a proper fix then?
> 
> Something like that?
> ---------------------------->8-----------------------------
> #define AUDIT_ARCH_ARC               (EM_ARC)
> #define AUDIT_ARCH_ARCV2             (EM_ARCV2)
> 
> 
> static inline int syscall_get_arch(void)
> {
> #ifdef __ARC700__
>       return AUDIT_ARCH_ARC;
> #else
>       return AUDIT_ARCH_ARCV2;
> #endif
> }
> ---------------------------->8-----------------------------
> 

Maybe, but I know basically nothing about ARC.  Is the syscall numbering or calling convention different on ARC vs ARCv2?

More information about the Linux-audit mailing list