From 5ea62181f0366d29b373b714c203bfcb9127048d Mon Sep 17 00:00:00 2001 From: Will Drewry Date: Mon, 16 Apr 2012 16:37:17 -0500 Subject: [PATCH] CHROMIUM: arch/arm: move secure_computing into trace; respect return code There is very little difference in the TIF_SECCOMP and TIF_SYSCALL_TRACE patsh in entry-common.S. In order to add support for CONFIG_HAVE_ARCH_SECCOMP_FILTER without mangling the assembly too badly, seccomp was moved into the syscall_trace() handler. Additionally, the return value for secure_computing() is now checked and a -1 value will result in the system call being skipped. (Reworked for 3.4 merge to just piggyback on the audit enter path.) Signed-off-by: Will Drewry BUG=chromium-os:27878 TEST=compiles for arm. Need to test on a live machine. Change-Id: I9493f28c30356a10eccb320e0a2d1a141388af9a Reviewed-on: https://gerrit.chromium.org/gerrit/21376 Reviewed-by: Will Drewry Tested-by: Will Drewry --- arch/arm/kernel/entry-common.S | 7 +------ arch/arm/kernel/ptrace.c | 13 +++++++++++-- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 54ee265dd8192..e46333113252d 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -444,12 +444,7 @@ ENTRY(vector_swi) #ifdef CONFIG_SECCOMP tst r10, #_TIF_SECCOMP - beq 1f - mov r0, scno - bl __secure_computing - add r0, sp, #S_R0 + S_OFF @ pointer to regs - ldmia r0, {r0 - r3} @ have to reload r0 - r3 -1: + bne __sys_trace #endif tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 9650c143afc11..75902f8fa1a79 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -909,19 +909,28 @@ long arch_ptrace(struct task_struct *child, long request, asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno) { unsigned long ip; + current_thread_info()->syscall = scno; if (why) audit_syscall_exit(regs); - else + else { + if (secure_computing(scno) == -1) + return -1; audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0, regs->ARM_r1, regs->ARM_r2, regs->ARM_r3); + } if (!test_thread_flag(TIF_SYSCALL_TRACE)) return scno; if (!(current->ptrace & PT_PTRACED)) return scno; - current_thread_info()->syscall = scno; + /* + * IP is used to denote syscall entry/exit: + * IP = 0 -> entry, =1 -> exit + */ + ip = regs->ARM_ip; + regs->ARM_ip = why; /* * IP is used to denote syscall entry/exit: -- 2.39.5