seccomp: check in_compat_syscall, not is_compat_task, in strict mode

Seccomp wants to know the syscall bitness, not the caller task bitness, when it selects the syscall whitelist. As far as I know, this makes no difference on any architecture, so it's not a security problem. (It generates identical code everywhere except sparc, and, on sparc, the syscall numbering is the same for both ABIs.) Signed-off-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Andy Lutomirski <luto@kernel.org> 2016-03-22 17:24:52 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2016-03-22 18:36:02 -0400
commit: 5c38065e021bc76f97fc08997f6d7fc7ea3fb7a7 (patch)
tree: b7a7e4c70c597fb4abbbdf45350e25fb08edb7b1
parent: 203f79078fea8525d0b0a13f2e13534b7ff3aa97 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 15a1795bbba1..e1e5a354854e 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -395,7 +395,7 @@ seccomp_prepare_user_filter(const char __user *user_filter)
        struct seccomp_filter *filter = ERR_PTR(-EFAULT);
 #ifdef CONFIG_COMPAT
-        if (is_compat_task()) {
+        if (in_compat_syscall()) {
                struct compat_sock_fprog fprog32;
                if (copy_from_user(&fprog32, user_filter, sizeof(fprog32)))
                        goto out;
@@ -529,7 +529,7 @@ static void __secure_computing_strict(int this_syscall)
 {
        int *syscall_whitelist = mode1_syscalls;
 #ifdef CONFIG_COMPAT
-        if (is_compat_task())
+        if (in_compat_syscall())
                syscall_whitelist = mode1_syscalls_32;
 #endif
        do {
author	Andy Lutomirski <luto@kernel.org>	2016-03-22 17:24:52 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2016-03-22 18:36:02 -0400
commit	5c38065e021bc76f97fc08997f6d7fc7ea3fb7a7 (patch)
tree	b7a7e4c70c597fb4abbbdf45350e25fb08edb7b1
parent	203f79078fea8525d0b0a13f2e13534b7ff3aa97 (diff)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 15a1795bbba1..e1e5a354854e 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c
@@ -395,7 +395,7 @@ seccomp_prepare_user_filter(const char __user *user_filter)
395	struct seccomp_filter *filter = ERR_PTR(-EFAULT);	395	struct seccomp_filter *filter = ERR_PTR(-EFAULT);
396		396
397	#ifdef CONFIG_COMPAT	397	#ifdef CONFIG_COMPAT
398	if (is_compat_task()) {	398	if (in_compat_syscall()) {
399	struct compat_sock_fprog fprog32;	399	struct compat_sock_fprog fprog32;
400	if (copy_from_user(&fprog32, user_filter, sizeof(fprog32)))	400	if (copy_from_user(&fprog32, user_filter, sizeof(fprog32)))
401	goto out;	401	goto out;
@@ -529,7 +529,7 @@ static void __secure_computing_strict(int this_syscall)
529	{	529	{
530	int *syscall_whitelist = mode1_syscalls;	530	int *syscall_whitelist = mode1_syscalls;
531	#ifdef CONFIG_COMPAT	531	#ifdef CONFIG_COMPAT
532	if (is_compat_task())	532	if (in_compat_syscall())
533	syscall_whitelist = mode1_syscalls_32;	533	syscall_whitelist = mode1_syscalls_32;
534	#endif	534	#endif
535	do {	535	do {