Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'core-entry-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull core entry fix from Thomas Gleixner:
"A single fix for the generic entry code:
The trace_sys_enter() tracepoint can modify the syscall number via
kprobes or BPF in pt_regs, but that requires that the syscall number
is re-evaluted from pt_regs after the tracepoint.
A seccomp fix in that area removed the re-evaluation so the change
does not take effect as the code just uses the locally cached number.
Restore the original behaviour by re-evaluating the syscall number
after the tracepoint"
* tag 'core-entry-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
entry: Respect changes to system call number by trace_sys_enter()
+7
-1
+7
-1
kernel/entry/common.c
+7
-1
kernel/entry/common.c
···
57
57
/* Either of the above might have changed the syscall number */
58
58
syscall = syscall_get_nr(current, regs);
59
59
60
-
if (unlikely(work & SYSCALL_WORK_SYSCALL_TRACEPOINT))
60
+
if (unlikely(work & SYSCALL_WORK_SYSCALL_TRACEPOINT)) {
61
61
trace_sys_enter(regs, syscall);
62
+
/*
63
+
* Probes or BPF hooks in the tracepoint may have changed the
64
+
* system call number as well.
65
+
*/
66
+
syscall = syscall_get_nr(current, regs);
67
+
}
62
68
63
69
syscall_enter_audit(regs, syscall);
64
70