/*
* Given the set of registers, extract the syscall code and
* arguments array
*/
int
audit_get_args(struct pt_regs *regs, struct aud_syscall_data *syscall)
{
struct sysent *entry;
unsigned long code;
syscall->entry = NULL;
syscall->major = 0;
syscall->minor = 0;
syscall->arch = AUDIT_ARCH_S390X;
if (regs == NULL)
return -EPERM;
code = regs->gprs[2];
/* XXX should we try to log calls to invalid syscalls? */
if (code >= NR_syscalls)
return -ENOSYS;
if (audit_policy_ignore(code))
return 0;
entry = &linux_sysent[code];
switch (entry->sy_narg) {
case 6: syscall->raw_args[5] = regs->gprs[7];
case 5: syscall->raw_args[4] = regs->gprs[6];
case 4: syscall->raw_args[3] = regs->gprs[5];
case 3: syscall->raw_args[2] = regs->gprs[4];
case 2: syscall->raw_args[1] = regs->gprs[3];
case 1: syscall->raw_args[0] = regs->orig_gpr2;
case 0: break;
default:
printk("audit: invalid argument count?!\n");
BUG();
}
syscall->major = code;
syscall->entry = entry;
/* Special treatment for special functions */
if (code == __NR_socketcall)
return audit_get_socketargs(syscall);
if (code == __NR_ipc)
return audit_get_ipcargs(syscall);
return 0;
}
/*
* Given the set of registers, extract the syscall code and
* arguments array
*/
int
audit_get_args(struct pt_regs *regs, struct aud_syscall_data *syscall)
{
struct sysent *entry;
int code;
int i;
syscall->entry = NULL;
syscall->major = 0;
syscall->minor = 0;
if (regs == NULL) /* "can't happen" -- paulus. */
return -EPERM;
code = regs->gpr[0];
/* XXX may need to define and use a linux_sysent_32
for 32-bit processes -- paulus. */
entry = audit_get_syscall_entry(code);
/* XXX should we try to log calls to invalid syscalls? */
if (entry == NULL)
return -ENOSYS;
if (audit_policy_ignore(code))
return 0;
syscall->major = code;
syscall->entry = entry;
if (current->thread.flags & PPC_FLAG_32BIT) {
/* 32-bit process */
syscall->arch = AUDIT_ARCH_PPC;
for (i = 0; i < entry->sy_narg; ++i) {
unsigned long val = regs->gpr[3+i] & 0xFFFFFFFFUL;
/* sign-extend if necessary */
if (entry->sy_args[i].sa_flags & AUD_ARG_SIGNED)
val = (int) val;
syscall->raw_args[i] = val;
}
/* Special treatment for socket call */
if (code == __NR_socketcall)
return audit_get_socketargs32(syscall);
if (code == __NR_truncate64
|| code == __NR_ftruncate64) {
syscall->raw_args[1] =
(((u_int64_t) regs->gpr[4]) << 32) | regs->gpr[5];
}
} else {
/* 64-bit process */
syscall->arch = AUDIT_ARCH_PPC64;
for (i = 0; i < entry->sy_narg; ++i)
syscall->raw_args[i] = regs->gpr[3+i];
/* Special treatment for socket call */
if (code == __NR_socketcall)
return audit_get_socketargs(syscall);
}
/* Special treatment for IPC syscalls */
if (code == __NR_ipc)
return audit_get_ipcargs(syscall);
return 0;
}
