From: Will Drewry <w...@chromium.org> There is very little difference in the TIF_SECCOMP and TIF_SYSCALL_TRACE path in entry-common.S. In order to add support for CONFIG_HAVE_ARCH_SECCOMP_FILTER without mangling the assembly too badly, seccomp was moved into the syscall_trace_enter() handler.
Additionally, the return value for secure_computing() is now checked and a -1 value will result in the system call being skipped. Signed-off-by: Will Drewry <w...@chromium.org> Signed-off-by: Kees Cook <keesc...@chromium.org> --- arch/arm/kernel/entry-common.S | 9 ++------- arch/arm/kernel/ptrace.c | 3 +++ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 3471175..c781012 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -418,13 +418,8 @@ local_restart: stmdb sp!, {r4, r5} @ push fifth and sixth args #ifdef CONFIG_SECCOMP - tst r10, #_TIF_SECCOMP - beq 1f - mov r0, scno - bl __secure_computing - add r0, sp, #S_R0 + S_OFF @ pointer to regs - ldmia r0, {r0 - r3} @ have to reload r0 - r3 -1: + tst r10, #_TIF_SECCOMP @ is seccomp enabled? + bne __sys_trace #endif tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 739db3a..aa4d93f 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -923,6 +923,9 @@ static int ptrace_syscall_trace(struct pt_regs *regs, int scno, current_thread_info()->syscall = scno; + if (dir == PTRACE_SYSCALL_ENTER && secure_computing(scno) == -1) + return -1; + if (!test_thread_flag(TIF_SYSCALL_TRACE)) return scno; -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/