/* * Given the set of registers, extract the syscall code and * arguments array */ int audit_get_args(struct pt_regs *regs, struct aud_syscall_data *syscall) { struct sysent *entry; unsigned long code; syscall->entry = NULL; syscall->major = 0; syscall->minor = 0; syscall->arch = AUDIT_ARCH_S390X; if (regs == NULL) return -EPERM; code = regs->gprs[2]; /* XXX should we try to log calls to invalid syscalls? */ if (code >= NR_syscalls) return -ENOSYS; if (audit_policy_ignore(code)) return 0; entry = &linux_sysent[code]; switch (entry->sy_narg) { case 6: syscall->raw_args[5] = regs->gprs[7]; case 5: syscall->raw_args[4] = regs->gprs[6]; case 4: syscall->raw_args[3] = regs->gprs[5]; case 3: syscall->raw_args[2] = regs->gprs[4]; case 2: syscall->raw_args[1] = regs->gprs[3]; case 1: syscall->raw_args[0] = regs->orig_gpr2; case 0: break; default: printk("audit: invalid argument count?!\n"); BUG(); } syscall->major = code; syscall->entry = entry; /* Special treatment for special functions */ if (code == __NR_socketcall) return audit_get_socketargs(syscall); if (code == __NR_ipc) return audit_get_ipcargs(syscall); return 0; }
/* * Given the set of registers, extract the syscall code and * arguments array */ int audit_get_args(struct pt_regs *regs, struct aud_syscall_data *syscall) { struct sysent *entry; int code; int i; syscall->entry = NULL; syscall->major = 0; syscall->minor = 0; if (regs == NULL) /* "can't happen" -- paulus. */ return -EPERM; code = regs->gpr[0]; /* XXX may need to define and use a linux_sysent_32 for 32-bit processes -- paulus. */ entry = audit_get_syscall_entry(code); /* XXX should we try to log calls to invalid syscalls? */ if (entry == NULL) return -ENOSYS; if (audit_policy_ignore(code)) return 0; syscall->major = code; syscall->entry = entry; if (current->thread.flags & PPC_FLAG_32BIT) { /* 32-bit process */ syscall->arch = AUDIT_ARCH_PPC; for (i = 0; i < entry->sy_narg; ++i) { unsigned long val = regs->gpr[3+i] & 0xFFFFFFFFUL; /* sign-extend if necessary */ if (entry->sy_args[i].sa_flags & AUD_ARG_SIGNED) val = (int) val; syscall->raw_args[i] = val; } /* Special treatment for socket call */ if (code == __NR_socketcall) return audit_get_socketargs32(syscall); if (code == __NR_truncate64 || code == __NR_ftruncate64) { syscall->raw_args[1] = (((u_int64_t) regs->gpr[4]) << 32) | regs->gpr[5]; } } else { /* 64-bit process */ syscall->arch = AUDIT_ARCH_PPC64; for (i = 0; i < entry->sy_narg; ++i) syscall->raw_args[i] = regs->gpr[3+i]; /* Special treatment for socket call */ if (code == __NR_socketcall) return audit_get_socketargs(syscall); } /* Special treatment for IPC syscalls */ if (code == __NR_ipc) return audit_get_ipcargs(syscall); return 0; }