Hi, I recently fixed a bug in seccomp on ARM that I think may be present in the MIPS implementation too. In arch/mips/kernel/ptrace.c syscall_trace_enter, the syscall variable is used (and returned), but the syscall may be changed by either secure_computing or tracehook_report_syscall_entry (via ptracers which can block and change the registers). (I would note that "ret" is also set but never used, so tracehook_report_syscall_entry failures actually won't get noticed.) The discussion about this bug on ARM is here: https://lkml.org/lkml/2014/6/20/439 I don't yet have a working MIPS environment to test this on, but it feels like the same bug. (Though, for testing, what's the right way to change syscall during PTRACE_SYSCALL? On x86 it's the orig_ax register, on ARM it's a arch-specific ptrace function (PTRACE_SET_SYSCALL). Thanks! -Kees -- Kees Cook Chrome OS Security
