diff options
| author | Andy Lutomirski <luto@amacapital.net> | 2014-07-21 21:49:14 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2014-09-03 17:58:17 -0400 |
| commit | a4412fc9486ec85686c6c7929e7e829f62ae377e (patch) | |
| tree | a267720d880085452257406ecf6f672ec8cbdbf9 /arch | |
| parent | 70c8038dd698b44daf7c8fc7e2eca142bec694c4 (diff) | |
seccomp,x86,arm,mips,s390: Remove nr parameter from secure_computing
The secure_computing function took a syscall number parameter, but
it only paid any attention to that parameter if seccomp mode 1 was
enabled. Rather than coming up with a kludge to get the parameter
to work in mode 2, just remove the parameter.
To avoid churn in arches that don't have seccomp filters (and may
not even support syscall_get_nr right now), this leaves the
parameter in secure_computing_strict, which is now a real function.
For ARM, this is a bit ugly due to the fact that ARM conditionally
supports seccomp filters. Fixing that would probably only be a
couple of lines of code, but it should be coordinated with the audit
maintainers.
This will be a slight slowdown on some arches. The right fix is to
pass in all of seccomp_data instead of trying to make just the
syscall nr part be fast.
This is a prerequisite for making two-phase seccomp work cleanly.
Cc: Russell King <linux@arm.linux.org.uk>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: x86@kernel.org
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/arm/kernel/ptrace.c | 7 | ||||
| -rw-r--r-- | arch/mips/kernel/ptrace.c | 2 | ||||
| -rw-r--r-- | arch/s390/kernel/ptrace.c | 2 | ||||
| -rw-r--r-- | arch/x86/kernel/ptrace.c | 2 | ||||
| -rw-r--r-- | arch/x86/kernel/vsyscall_64.c | 2 |
5 files changed, 10 insertions, 5 deletions
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 0c27ed6f3f23..5e772a21ab97 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c | |||
| @@ -933,8 +933,13 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) | |||
| 933 | current_thread_info()->syscall = scno; | 933 | current_thread_info()->syscall = scno; |
| 934 | 934 | ||
| 935 | /* Do the secure computing check first; failures should be fast. */ | 935 | /* Do the secure computing check first; failures should be fast. */ |
| 936 | if (secure_computing(scno) == -1) | 936 | #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER |
| 937 | if (secure_computing() == -1) | ||
| 937 | return -1; | 938 | return -1; |
| 939 | #else | ||
| 940 | /* XXX: remove this once OABI gets fixed */ | ||
| 941 | secure_computing_strict(scno); | ||
| 942 | #endif | ||
| 938 | 943 | ||
| 939 | if (test_thread_flag(TIF_SYSCALL_TRACE)) | 944 | if (test_thread_flag(TIF_SYSCALL_TRACE)) |
| 940 | tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); | 945 | tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); |
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c index 645b3c4fcfba..f7aac5b57b4b 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c | |||
| @@ -770,7 +770,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) | |||
| 770 | long ret = 0; | 770 | long ret = 0; |
| 771 | user_exit(); | 771 | user_exit(); |
| 772 | 772 | ||
| 773 | if (secure_computing(syscall) == -1) | 773 | if (secure_computing() == -1) |
| 774 | return -1; | 774 | return -1; |
| 775 | 775 | ||
| 776 | if (test_thread_flag(TIF_SYSCALL_TRACE) && | 776 | if (test_thread_flag(TIF_SYSCALL_TRACE) && |
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index 5dc7ad9e2fbf..bebacad48305 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c | |||
| @@ -803,7 +803,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) | |||
| 803 | long ret = 0; | 803 | long ret = 0; |
| 804 | 804 | ||
| 805 | /* Do the secure computing check first. */ | 805 | /* Do the secure computing check first. */ |
| 806 | if (secure_computing(regs->gprs[2])) { | 806 | if (secure_computing()) { |
| 807 | /* seccomp failures shouldn't expose any additional code. */ | 807 | /* seccomp failures shouldn't expose any additional code. */ |
| 808 | ret = -1; | 808 | ret = -1; |
| 809 | goto out; | 809 | goto out; |
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 678c0ada3b3c..93c182a00506 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c | |||
| @@ -1471,7 +1471,7 @@ long syscall_trace_enter(struct pt_regs *regs) | |||
| 1471 | regs->flags |= X86_EFLAGS_TF; | 1471 | regs->flags |= X86_EFLAGS_TF; |
| 1472 | 1472 | ||
| 1473 | /* do the secure computing check first */ | 1473 | /* do the secure computing check first */ |
| 1474 | if (secure_computing(regs->orig_ax)) { | 1474 | if (secure_computing()) { |
| 1475 | /* seccomp failures shouldn't expose any additional code. */ | 1475 | /* seccomp failures shouldn't expose any additional code. */ |
| 1476 | ret = -1L; | 1476 | ret = -1L; |
| 1477 | goto out; | 1477 | goto out; |
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c index e1e1e80fc6a6..957779f4eb40 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c | |||
| @@ -216,7 +216,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) | |||
| 216 | */ | 216 | */ |
| 217 | regs->orig_ax = syscall_nr; | 217 | regs->orig_ax = syscall_nr; |
| 218 | regs->ax = -ENOSYS; | 218 | regs->ax = -ENOSYS; |
| 219 | tmp = secure_computing(syscall_nr); | 219 | tmp = secure_computing(); |
| 220 | if ((!tmp && regs->orig_ax != syscall_nr) || regs->ip != address) { | 220 | if ((!tmp && regs->orig_ax != syscall_nr) || regs->ip != address) { |
| 221 | warn_bad_vsyscall(KERN_DEBUG, regs, | 221 | warn_bad_vsyscall(KERN_DEBUG, regs, |
| 222 | "seccomp tried to change syscall nr or ip"); | 222 | "seccomp tried to change syscall nr or ip"); |