ARM: 7578/1: arch/move secure_computing into trace

There is very little difference in the TIF_SECCOMP and TIF_SYSCALL_WORK path in entry-common.S, so merge TIF_SECCOMP into TIF_SYSCALL_WORK and move seccomp into the syscall_trace_enter() handler. Expanded some of the tracehook logic into the callers to make this code more readable. Since tracehook needs to do register changing, this portion is best left in its own function instead of copy/pasting into the callers. Additionally, the return value for secure_computing() is now checked and a -1 value will result in the system call being skipped. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Will Drewry <wad@chromium.org> Reviewed-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
author: Kees Cook <keescook@chromium.org> 2012-11-15 16:12:00 -0500
committer: Russell King <rmk+kernel@arm.linux.org.uk> 2012-11-19 09:14:17 -0500
commit: 9b790d71d58be65f9508ab60920eb978af828412 (patch)
tree: 42114518c27f840aca3ef395636ca1f2fcf09a0e /arch/arm/kernel/ptrace.c
parent: 1f59d13bee172945ccdfbc5018477ba94a0ac28e (diff)
1 files changed, 20 insertions, 9 deletions
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 739db3a1b2d2..518536d93fba 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -916,16 +916,11 @@ enum ptrace_syscall_dir {
        PTRACE_SYSCALL_EXIT,
 };
-static int ptrace_syscall_trace(struct pt_regs *regs, int scno,
+static int tracehook_report_syscall(struct pt_regs *regs,
-                                enum ptrace_syscall_dir dir)
+                                    enum ptrace_syscall_dir dir)
 {
        unsigned long ip;
-        current_thread_info()->syscall = scno;
-        if (!test_thread_flag(TIF_SYSCALL_TRACE))
-                return scno;
        /*
         * IP is used to denote syscall entry/exit:
         * IP = 0 -> entry, =1 -> exit
@@ -944,19 +939,35 @@ static int ptrace_syscall_trace(struct pt_regs *regs, int scno,
 asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno)
 {
-        scno = ptrace_syscall_trace(regs, scno, PTRACE_SYSCALL_ENTER);
+        current_thread_info()->syscall = scno;
+        /* Do the secure computing check first; failures should be fast. */
+        if (secure_computing(scno) == -1)
+                return -1;
+        if (test_thread_flag(TIF_SYSCALL_TRACE))
+                scno = tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
        if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
                trace_sys_enter(regs, scno);
        audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0, regs->ARM_r1,
                            regs->ARM_r2, regs->ARM_r3);
        return scno;
 }
 asmlinkage int syscall_trace_exit(struct pt_regs *regs, int scno)
 {
-        scno = ptrace_syscall_trace(regs, scno, PTRACE_SYSCALL_EXIT);
+        current_thread_info()->syscall = scno;
+        if (test_thread_flag(TIF_SYSCALL_TRACE))
+                scno = tracehook_report_syscall(regs, PTRACE_SYSCALL_EXIT);
        if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
                trace_sys_exit(regs, scno);
        audit_syscall_exit(regs);
        return scno;
 }
author	Kees Cook <keescook@chromium.org>	2012-11-15 16:12:00 -0500
committer	Russell King <rmk+kernel@arm.linux.org.uk>	2012-11-19 09:14:17 -0500
commit	9b790d71d58be65f9508ab60920eb978af828412 (patch)
tree	42114518c27f840aca3ef395636ca1f2fcf09a0e /arch/arm/kernel/ptrace.c
parent	1f59d13bee172945ccdfbc5018477ba94a0ac28e (diff)