From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Kees Cook Subject: [PATCH 06/14] x86/ptrace: run seccomp after ptrace Date: Thu, 9 Jun 2016 14:01:56 -0700 Message-Id: <1465506124-21866-7-git-send-email-keescook@chromium.org> In-Reply-To: <1465506124-21866-1-git-send-email-keescook@chromium.org> References: <1465506124-21866-1-git-send-email-keescook@chromium.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+geert=linux-m68k.org@lists.infradead.org To: linux-kernel@vger.kernel.org Cc: Mark Rutland , linux-mips@linux-mips.org, Benjamin Herrenschmidt , Heiko Carstens , Russell King , Paul Mackerras , Kees Cook , linux-arch@vger.kernel.org, linux-s390@vger.kernel.org, Michael Ellerman , Helge Deller , x86@kernel.org, "James E.J. Bottomley" , Catalin Marinas , James Hogan , Chris Metcalf , user-mode-linux-devel@lists.sourceforge.net, Will Deacon , Jeff Dike , Andy Lutomirski , linux-arm-kernel@lists.infradead.org, linux-parisc@vger.kernel.org, Ralf Baechle , Richard Weinberger , Martin Schwidefsky , "Maciej W. Rozycki" , linuxppc-dev@lists.ozlabs.org List-ID: This moves seccomp after ptrace on x86 to that seccomp can catch changes made by ptrace. Emulation should skip the rest of processing too. We can get rid of test_thread_flag because there's no longer any opportunity for seccomp to mess with ptrace state before invoking ptrace. Suggested-by: Andy Lutomirski Signed-off-by: Kees Cook Cc: x86@kernel.org Cc: Andy Lutomirski --- arch/x86/entry/common.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index df56ca394877..81c0e12d831c 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -73,6 +73,7 @@ static long syscall_trace_enter(struct pt_regs *regs) struct thread_info *ti = pt_regs_to_thread_info(regs); unsigned long ret = 0; + bool emulated = false; u32 work; if (IS_ENABLED(CONFIG_DEBUG_ENTRY)) @@ -80,11 +81,19 @@ static long syscall_trace_enter(struct pt_regs *regs) work = ACCESS_ONCE(ti->flags) & _TIF_WORK_SYSCALL_ENTRY; + if (unlikely(work & _TIF_SYSCALL_EMU)) + emulated = true; + + if ((emulated || (work & _TIF_SYSCALL_TRACE)) && + tracehook_report_syscall_entry(regs)) + return -1L; + + if (emulated) + return -1L; + #ifdef CONFIG_SECCOMP /* - * Do seccomp first -- it should minimize exposure of other - * code, and keeping seccomp fast is probably more valuable - * than the rest of this. + * Do seccomp after ptrace, to catch any tracer changes. */ if (work & _TIF_SECCOMP) { struct seccomp_data sd; @@ -117,13 +126,6 @@ static long syscall_trace_enter(struct pt_regs *regs) } #endif - if (unlikely(work & _TIF_SYSCALL_EMU)) - ret = -1L; - - if ((ret || test_thread_flag(TIF_SYSCALL_TRACE)) && - tracehook_report_syscall_entry(regs)) - ret = -1L; - if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->orig_ax); -- 2.7.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel