From patchwork Tue Jun 24 08:54:56 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 32406 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-ie0-f197.google.com (mail-ie0-f197.google.com [209.85.223.197]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 3C59A203AC for ; Tue, 24 Jun 2014 08:56:54 +0000 (UTC) Received: by mail-ie0-f197.google.com with SMTP id lx4sf54160726iec.8 for ; Tue, 24 Jun 2014 01:56:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:subject:date:message-id:cc :precedence:list-id:list-unsubscribe:list-archive:list-post :list-help:list-subscribe:mime-version:sender:errors-to :x-original-sender:x-original-authentication-results:mailing-list :content-type:content-transfer-encoding; bh=t9RPSFKb3l46JbckJicX/GydRnbdGzm9cWRolnFNn4E=; b=FfbaPz/vB3rAklxPwqemNniW9hkhDUJPWGDcW+k2AALhUgQCvCd8/ZNA+09VFdn0T+ 6fMGyllq+StDNDufsDJp2l4WqPxL3cAzUcoNwZNrsaIlm9O/TWw8zQxGtWtwRItMkYtK pDsOQrbaapi3t6kgKLqTGpYrytMs1WxH1AsPIEWLzBMI/8GPjVtcc+6901FzYZTbD455 xOV2oAU82YD6NVyMWo4ZweN7nXVTeDbNrP9M5w4xEnpGc0vg+JUyeou2UQeyVqdfk1zS UHrGbQu+HlsNCSGOxU8mLF8vRAbGDNX2ifrblBuccWFMEg/Cp1/ml/ABpRUeIsH+TNxb GDLA== X-Gm-Message-State: ALoCoQmbGJbeeOBU1/FpPRfnDOqr79adn05sfMsGh7MQTpbSLdGLAVpFl55piVuYBfymchh5r8Ss X-Received: by 10.42.40.148 with SMTP id l20mr11007111ice.12.1403600213601; Tue, 24 Jun 2014 01:56:53 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.19.70 with SMTP id 64ls2180948qgg.19.gmail; Tue, 24 Jun 2014 01:56:53 -0700 (PDT) X-Received: by 10.58.248.34 with SMTP id yj2mr1429806vec.43.1403600213485; Tue, 24 Jun 2014 01:56:53 -0700 (PDT) Received: from mail-ve0-f179.google.com (mail-ve0-f179.google.com [209.85.128.179]) by mx.google.com with ESMTPS id hf3si10492743veb.101.2014.06.24.01.56.53 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 24 Jun 2014 01:56:53 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.128.179 as permitted sender) client-ip=209.85.128.179; Received: by mail-ve0-f179.google.com with SMTP id sa20so7268980veb.10 for ; Tue, 24 Jun 2014 01:56:53 -0700 (PDT) X-Received: by 10.58.165.106 with SMTP id yx10mr10165502veb.17.1403600213394; Tue, 24 Jun 2014 01:56:53 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.221.37.5 with SMTP id tc5csp194237vcb; Tue, 24 Jun 2014 01:56:53 -0700 (PDT) X-Received: by 10.140.105.163 with SMTP id c32mr4020524qgf.85.1403600212992; Tue, 24 Jun 2014 01:56:52 -0700 (PDT) Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id u6si16139173qak.36.2014.06.24.01.56.52 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Jun 2014 01:56:52 -0700 (PDT) Received-SPF: none (google.com: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org does not designate permitted sender hosts) client-ip=2001:1868:205::9; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1WzMVc-00010f-95; Tue, 24 Jun 2014 08:55:20 +0000 Received: from cam-admin0.cambridge.arm.com ([217.140.96.50]) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1WzMVa-0008HT-2C for linux-arm-kernel@lists.infradead.org; Tue, 24 Jun 2014 08:55:18 +0000 Received: from edgewater-inn.cambridge.arm.com (edgewater-inn.cambridge.arm.com [10.1.203.161]) by cam-admin0.cambridge.arm.com (8.12.6/8.12.6) with ESMTP id s5O8srwo023977; Tue, 24 Jun 2014 09:54:53 +0100 (BST) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 3C8B41AE3352; Tue, 24 Jun 2014 09:54:57 +0100 (BST) From: Will Deacon To: linux-arm-kernel@lists.infradead.org Subject: [PATCH] ARM: ptrace: reload syscall number after secure_computing() check Date: Tue, 24 Jun 2014 09:54:56 +0100 Message-Id: <1403600096-26088-1-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.0.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20140624_015518_483521_030916A1 X-CRM114-Status: GOOD ( 12.54 ) X-Spam-Score: -5.0 (-----) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-5.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [217.140.96.50 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain Cc: Will Deacon , keescook@chromium.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: will.deacon@arm.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.128.179 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 On the syscall tracing path, we call out to secure_computing() to allow seccomp to check the syscall number being attempted. As part of this, a SIGTRAP may be sent to the tracer and the syscall could be re-written by a subsequent SET_SYSCALL ptrace request. Unfortunately, this new syscall is ignored by the current code unless TIF_SYSCALL_TRACE is also set on the current thread. This patch slightly reworks the enter path of the syscall tracing code so that we always reload the syscall number from current_thread_info()->syscall after the potential ptrace traps. Tested-by: Kees Cook Signed-off-by: Will Deacon Acked-by: Kees Cook --- arch/arm/kernel/ptrace.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 0dd3b79b15c3..0c27ed6f3f23 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -908,7 +908,7 @@ enum ptrace_syscall_dir { PTRACE_SYSCALL_EXIT, }; -static int tracehook_report_syscall(struct pt_regs *regs, +static void tracehook_report_syscall(struct pt_regs *regs, enum ptrace_syscall_dir dir) { unsigned long ip; @@ -926,7 +926,6 @@ static int tracehook_report_syscall(struct pt_regs *regs, current_thread_info()->syscall = -1; regs->ARM_ip = ip; - return current_thread_info()->syscall; } asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) @@ -938,7 +937,9 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) return -1; if (test_thread_flag(TIF_SYSCALL_TRACE)) - scno = tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); + tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); + + scno = current_thread_info()->syscall; if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) trace_sys_enter(regs, scno);