Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'seccomp-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull seccomp fixes from Kees Cook:
"Fix UM seccomp vs ptrace, after reordering landed"

* tag 'seccomp-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
seccomp: Remove 2-phase API documentation
um/ptrace: Fix the syscall number update after a ptrace
um/ptrace: Fix the syscall_trace_leave call

+10 -18
-11
arch/Kconfig
··· 336 336 results in the system call being skipped immediately. 337 337 - seccomp syscall wired up 338 338 339 - For best performance, an arch should use seccomp_phase1 and 340 - seccomp_phase2 directly. It should call seccomp_phase1 for all 341 - syscalls if TIF_SECCOMP is set, but seccomp_phase1 does not 342 - need to be called from a ptrace-safe context. It must then 343 - call seccomp_phase2 if seccomp_phase1 returns anything other 344 - than SECCOMP_PHASE1_OK or SECCOMP_PHASE1_SKIP. 345 - 346 - As an additional optimization, an arch may provide seccomp_data 347 - directly to seccomp_phase1; this avoids multiple calls 348 - to the syscall_xyz helpers for every syscall. 349 - 350 339 config SECCOMP_FILTER 351 340 def_bool y 352 341 depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET
+3 -7
arch/um/kernel/skas/syscall.c
··· 21 21 PT_REGS_SET_SYSCALL_RETURN(regs, -ENOSYS); 22 22 23 23 if (syscall_trace_enter(regs)) 24 - return; 24 + goto out; 25 25 26 26 /* Do the seccomp check after ptrace; failures should be fast. */ 27 27 if (secure_computing(NULL) == -1) 28 - return; 28 + goto out; 29 29 30 - /* Update the syscall number after orig_ax has potentially been updated 31 - * with ptrace. 32 - */ 33 - UPT_SYSCALL_NR(r) = PT_SYSCALL_NR(r->gp); 34 30 syscall = UPT_SYSCALL_NR(r); 35 - 36 31 if (syscall >= 0 && syscall <= __NR_syscall_max) 37 32 PT_REGS_SET_SYSCALL_RETURN(regs, 38 33 EXECUTE_SYSCALL(syscall, regs)); 39 34 35 + out: 40 36 syscall_trace_leave(regs); 41 37 }
+3
arch/x86/um/ptrace_32.c
··· 84 84 case EAX: 85 85 case EIP: 86 86 case UESP: 87 + break; 87 88 case ORIG_EAX: 89 + /* Update the syscall number. */ 90 + UPT_SYSCALL_NR(&child->thread.regs.regs) = value; 88 91 break; 89 92 case FS: 90 93 if (value && (value & 3) != 3)
+4
arch/x86/um/ptrace_64.c
··· 78 78 case RSI: 79 79 case RDI: 80 80 case RBP: 81 + break; 82 + 81 83 case ORIG_RAX: 84 + /* Update the syscall number. */ 85 + UPT_SYSCALL_NR(&child->thread.regs.regs) = value; 82 86 break; 83 87 84 88 case FS: