[PATCH] i386/audit: stop scribbling on the stack frame
H. Peter Anvin
hpa at zytor.com
Fri Oct 24 20:19:46 UTC 2014
On 10/23/2014 12:38 PM, Eric Paris wrote:
>>
>> After the call __audit_syscall_entry aren't they already polluted?
>> Isn't that the reason we need to reload EAX?
>
> Well, I guess EAX is special...
>
Because system calls are "asmlinkage", all the parameters are on the
stack, but %eax is used as the index into the system call table. This
should thus be fine until we get rid of regparm(0) entirely, if that
ever happens.
-hpa
More information about the Linux-audit
mailing list