On Fri, Mar 11, 2005 at 09:58:39AM +0900, Yoichi Yuasa wrote:
> > > Signed-off-by: Yoichi Yuasa <[EMAIL PROTECTED]>
> > > Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
> >
> > > @@ -307,7 +308,7 @@ asmlinkage void do_syscall_trace(struct
> > > {
> > > if (unlikely(current->audit_context)) {
> > > if (!entryexit)
> > > - audit_syscall_entry(current, regs->orig_eax,
> > > + audit_syscall_entry(current, regs->regs[2],
> >
> > Wrong. regs[2] can will contain the syscall return value and can be
> > modified by ptrace also.
>
> Thank you for your comment,
> I consider a good way based on your comment.
>
> Do you already have a good idea?
Basically do what x86 did, keep a copy of the the original regs[2] around.
The only potencial problem with this approach is debuggers might be
affected so I want to look into that first.
Ralf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
