Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge tag 'seccomp-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull seccomp fixes from Kees Cook:
 "Fix UM seccomp vs ptrace, after reordering landed"

* tag 'seccomp-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  seccomp: Remove 2-phase API documentation
  um/ptrace: Fix the syscall number update after a ptrace
  um/ptrace: Fix the syscall_trace_leave call
Linus Torvalds 9 years ago
parent
08411a7554 4fadd04d50
commit
ab29b33a84
4 changed files with 10 additions and 18 deletions
Split View Show Diff Stats
  1. 0 11
      arch/Kconfig
  2. 3 7
      arch/um/kernel/skas/syscall.c
  3. 3 0
      arch/x86/um/ptrace_32.c
  4. 4 0
      arch/x86/um/ptrace_64.c

+ 0 - 11
arch/Kconfig
View File 

@@ -336,17 +336,6 @@ config HAVE_ARCH_SECCOMP_FILTER
 
 	    results in the system call being skipped immediately.
 
 	  - seccomp syscall wired up
 
 
-	  For best performance, an arch should use seccomp_phase1 and
 
-	  seccomp_phase2 directly.  It should call seccomp_phase1 for all
 
-	  syscalls if TIF_SECCOMP is set, but seccomp_phase1 does not
 
-	  need to be called from a ptrace-safe context.  It must then
 
-	  call seccomp_phase2 if seccomp_phase1 returns anything other
 
-	  than SECCOMP_PHASE1_OK or SECCOMP_PHASE1_SKIP.
 
-
 
-	  As an additional optimization, an arch may provide seccomp_data
 
-	  directly to seccomp_phase1; this avoids multiple calls
 
-	  to the syscall_xyz helpers for every syscall.
 
-
 
 config SECCOMP_FILTER
 
 	def_bool y
 
 	depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET

+ 3 - 7
arch/um/kernel/skas/syscall.c
View File 

@@ -21,21 +21,17 @@ void handle_syscall(struct uml_pt_regs *r)
 
 	PT_REGS_SET_SYSCALL_RETURN(regs, -ENOSYS);
 
 
 	if (syscall_trace_enter(regs))
 
-		return;
 
+		goto out;
 
 
 	/* Do the seccomp check after ptrace; failures should be fast. */
 
 	if (secure_computing(NULL) == -1)
 
-		return;
 
+		goto out;
 
 
-	/* Update the syscall number after orig_ax has potentially been updated
 
-	 * with ptrace.
 
-	 */
 
-	UPT_SYSCALL_NR(r) = PT_SYSCALL_NR(r->gp);
 
 	syscall = UPT_SYSCALL_NR(r);
 
-
 
 	if (syscall >= 0 && syscall <= __NR_syscall_max)
 
 		PT_REGS_SET_SYSCALL_RETURN(regs,
 
 				EXECUTE_SYSCALL(syscall, regs));
 
 
+out:
 
 	syscall_trace_leave(regs);
 
 }

+ 3 - 0
arch/x86/um/ptrace_32.c
View File 

@@ -84,7 +84,10 @@ int putreg(struct task_struct *child, int regno, unsigned long value)
 
 	case EAX:
 
 	case EIP:
 
 	case UESP:
 
+		break;
 
 	case ORIG_EAX:
 
+		/* Update the syscall number. */
 
+		UPT_SYSCALL_NR(&child->thread.regs.regs) = value;
 
 		break;
 
 	case FS:
 
 		if (value && (value & 3) != 3)

+ 4 - 0
arch/x86/um/ptrace_64.c
View File 

@@ -78,7 +78,11 @@ int putreg(struct task_struct *child, int regno, unsigned long value)
 
 	case RSI:
 
 	case RDI:
 
 	case RBP:
 
+		break;
 
+
 
 	case ORIG_RAX:
 
+		/* Update the syscall number. */
 
+		UPT_SYSCALL_NR(&child->thread.regs.regs) = value;
 
 		break;
 
 
 	case FS: