From: Will Drewry <w...@chromium.org>
There is very little difference in the TIF_SECCOMP and TIF_SYSCALL_TRACE
path in entry-common.S. In order to add support for
CONFIG_HAVE_ARCH_SECCOMP_FILTER without mangling the assembly too badly,
seccomp was moved into the syscall_trace_enter() handler.
Additionally, the return value for secure_computing() is now checked
and a -1 value will result in the system call being skipped.
Signed-off-by: Will Drewry <w...@chromium.org>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm/kernel/entry-common.S | 9 ++-------
arch/arm/kernel/ptrace.c | 3 +++
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index 3471175..c781012 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -418,13 +418,8 @@ local_restart:
stmdb sp!, {r4, r5} @ push fifth and sixth args
#ifdef CONFIG_SECCOMP
- tst r10, #_TIF_SECCOMP
- beq 1f
- mov r0, scno
- bl __secure_computing
- add r0, sp, #S_R0 + S_OFF @ pointer to regs
- ldmia r0, {r0 - r3} @ have to reload r0 - r3
-1:
+ tst r10, #_TIF_SECCOMP @ is seccomp enabled?
+ bne __sys_trace
#endif
tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls?
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 739db3a..aa4d93f 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -923,6 +923,9 @@ static int ptrace_syscall_trace(struct pt_regs *regs, int
scno,
current_thread_info()->syscall = scno;
+ if (dir == PTRACE_SYSCALL_ENTER && secure_computing(scno) == -1)
+ return -1;
+
if (!test_thread_flag(TIF_SYSCALL_TRACE))
return scno;
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
