From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/6] ARM: audit: fix treatment of saved ip register during syscall tracing
Date: Thu, 3 May 2012 18:42:55 +0100 [thread overview]
Message-ID: <1336066980-24000-2-git-send-email-will.deacon@arm.com> (raw)
In-Reply-To: <1336066980-24000-1-git-send-email-will.deacon@arm.com>
The ARM audit code incorrectly uses the saved application ip register
value to infer syscall entry or exit. Additionally, the saved value will
be clobbered if the current task is not being traced, which can lead to
libc corruption if ip is live (apparently glibc uses it for the TLS
pointer).
This patch fixes the syscall tracing code so that the why parameter is
used to infer the syscall direction and the saved ip is only updated if
we know that we will be signalling a ptrace trap.
Cc: Eric Paris <eparis@redhat.com>
Reported-and-tested-by: Jon Masters <jcm@jonmasters.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
---
arch/arm/kernel/ptrace.c | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 80abafb..d8dbe9c 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -916,14 +916,7 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
{
unsigned long ip;
- /*
- * Save IP. IP is used to denote syscall entry/exit:
- * IP = 0 -> entry, = 1 -> exit
- */
- ip = regs->ARM_ip;
- regs->ARM_ip = why;
-
- if (!ip)
+ if (why)
audit_syscall_exit(regs);
else
audit_syscall_entry(AUDIT_ARCH_NR, scno, regs->ARM_r0,
@@ -936,6 +929,13 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
current_thread_info()->syscall = scno;
+ /*
+ * IP is used to denote syscall entry/exit:
+ * IP = 0 -> entry, =1 -> exit
+ */
+ ip = regs->ARM_ip;
+ regs->ARM_ip = why;
+
/* the 0x80 provides a way for the tracing parent to distinguish
between a syscall stop and SIGTRAP delivery */
ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
--
1.7.4.1
next prev parent reply other threads:[~2012-05-03 17:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-03 17:42 [PATCH 0/6] syscall_trace fixes and cleanups Will Deacon
2012-05-03 17:42 ` Will Deacon [this message]
2012-05-03 17:42 ` [PATCH 2/6] ARM: audit: use only AUDIT_ARCH_ARM regardless of endianness Will Deacon
2012-05-03 17:42 ` [PATCH 3/6] audit: arm: only allow syscall auditing for pure EABI userspace Will Deacon
2012-05-03 17:42 ` [PATCH 4/6] ARM: entry: don't bother with syscall tracing on ret_from_fork path Will Deacon
2012-05-03 17:42 ` [PATCH 5/6] ARM: audit: move syscall auditing until after ptrace SIGTRAP handling Will Deacon
2012-05-03 17:43 ` [PATCH 6/6] ARM: ptrace: provide separate functions for tracing syscall {entry, exit} Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1336066980-24000-2-git-send-email-will.deacon@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).