DESC
Ptrace - i386: fix sysaudit / singlestep interaction
EDESC
From: Bodo Stroesser <bstroesser@fujitsu-siemens.com>, Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
CC: Roland McGrath <roland@redhat.com>

This patch applies on top of SKAS/SYSEMU patches, however the bug it fixes is
of general relevance:

			/* With TIF_SYSCALL_AUDIT | TIF_SINGLESTEP we
			 * come in here, but must not continue with
			 * ptrace_notify()

In fact, we must avoid to do the tracing for syscall entry, since
TIF_SINGLESTEP does not trigger inside entry.S the syscall tracing (see the
testb line below):

(around line 277 of arch/i386/kernel/entry.S):

ENTRY(system_call)
        pushl %eax                      # save orig_eax
        SAVE_ALL
        GET_THREAD_INFO(%ebp)
# system call tracing in operation / emulation
#in the mask _TIF_SINGLESTEP is not set !!! <<<<<<<<<<<<<<
        testb $(_TIF_SYSCALL_EMU|_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT),TI_flags(%ebp)
        jnz syscall_trace_entry
        cmpl $(nr_syscalls), %eax
        jae syscall_badsys
syscall_call:
        call *sys_call_table(,%eax,4)
        movl %eax,EAX(%esp)             # store the return value
syscall_exit:

So, it means that auditing a SINGLESTEP'ed process causes the tracer to get
one more trap on the syscall entry path, beyond the one on the syscall exit
path.