From: Bodo Stroesser <bstroesser@fujitsu-siemens.com>, Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
CC: Roland McGrath <roland@redhat.com>

This patch applies on top of SKAS/SYSEMU patches, however the bug it fixes is
of general relevance:

			/* With TIF_SYSCALL_AUDIT | TIF_SINGLESTEP we
			 * come in here, but must not continue with
			 * ptrace_notify()

In fact, we must avoid to do the tracing for syscall entry, since
TIF_SINGLESTEP does not trigger inside entry.S the syscall tracing (see the
testb line below):

(around line 277 of arch/i386/kernel/entry.S):

ENTRY(system_call)
        pushl %eax                      # save orig_eax
        SAVE_ALL
        GET_THREAD_INFO(%ebp)
# system call tracing in operation / emulation
#in the mask _TIF_SINGLESTEP is not set !!! <<<<<<<<<<<<<<
        testb $(_TIF_SYSCALL_EMU|_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT),TI_flags(%ebp)
        jnz syscall_trace_entry
        cmpl $(nr_syscalls), %eax
        jae syscall_badsys
syscall_call:
        call *sys_call_table(,%eax,4)
        movl %eax,EAX(%esp)             # store the return value
syscall_exit:

So, it means that auditing a SINGLESTEP'ed process causes the tracer to get
one more trap on the syscall entry path, beyond the one on the syscall exit
path.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
---

 clean-linux-2.6.11-paolo/arch/i386/kernel/ptrace.c |   14 +++++++++++++-
 1 files changed, 13 insertions(+), 1 deletion(-)

diff -puN arch/i386/kernel/ptrace.c~sysaudit-singlestep-umlhost arch/i386/kernel/ptrace.c
--- clean-linux-2.6.11/arch/i386/kernel/ptrace.c~sysaudit-singlestep-umlhost	2005-07-10 16:55:40.000000000 +0200
+++ clean-linux-2.6.11-paolo/arch/i386/kernel/ptrace.c	2005-07-10 16:57:36.000000000 +0200
@@ -270,6 +270,8 @@ static void clear_singlestep(struct task
 void ptrace_disable(struct task_struct *child)
 { 
 	clear_singlestep(child);
+	clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
+	clear_tsk_thread_flag(child, TIF_SYSCALL_EMU);
 }
 
 /*
@@ -748,10 +750,20 @@ int do_syscall_trace(struct pt_regs *reg
 	int is_singlestep = !is_sysemu && test_thread_flag(TIF_SINGLESTEP);
 
 	if (unlikely(current->audit_context)) {
-		if (!entryexit)
+		if (!entryexit) {
 			audit_syscall_entry(current, regs->orig_eax,
 					    regs->ebx, regs->ecx,
 					    regs->edx, regs->esi);
+			/* With TIF_SYSCALL_AUDIT | TIF_SINGLESTEP &&
+			 * !TIF_SYSCALL_EMU we come in here, but must not
+			 * continue with ptrace_notify().
+			 * In the SINGLESTEP && ! _AUDIT case (i.e. normal one),
+			 * entry.S will call us only on syscall exit and not on
+			 * the syscall entry path, so let's be consistent.
+			 */
+			if (is_singlestep)
+				return 0;
+		}
 		else
 			audit_syscall_exit(current, regs->eax);
 	}
_