On Fri, Aug 11, 2017 at 1:56 PM, James Hogan <james.hogan@xxxxxxxxxx> wrote: > The MIPS syscall_trace_enter() allows the system call number to be > altered or cancelled by a ptrace tracer, via the normal ptrace hook > (PTRACE_SYSCALL) and changing the system call number register on entry, > and similarly via seccomp (PTRACE_EVENT_SECCOMP when a seccomp filter > returns SECCOMP_RET_TRACE). > > Be sure to update the syscall local variable if this happens, so that > seccomp will filter the correct system call number if the normal ptrace > hook changes it first, and so that if either the normal ptrace hook or > seccomp change it the correct system call number is passed to the trace > event. > > This won't have any effect until the next commit, which fixes ptrace to > update thread_info::syscall. > > Fixes: c2d9f1775731 ("MIPS: Fix syscall_get_nr for the syscall exit tracing.") > Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx> > Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx> > Cc: Lars Persson <lars.persson@xxxxxxxx> > Cc: Oleg Nesterov <oleg@xxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx> > Cc: Will Drewry <wad@xxxxxxxxxxxx> > Cc: linux-mips@xxxxxxxxxxxxxx Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees > --- > arch/mips/kernel/ptrace.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c > index 1395654cfc8d..be5d5fefcc7c 100644 > --- a/arch/mips/kernel/ptrace.c > +++ b/arch/mips/kernel/ptrace.c > @@ -864,9 +864,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) > > current_thread_info()->syscall = syscall; > > - if (test_thread_flag(TIF_SYSCALL_TRACE) && > - tracehook_report_syscall_entry(regs)) > - return -1; > + if (test_thread_flag(TIF_SYSCALL_TRACE)) { > + if (tracehook_report_syscall_entry(regs)) > + return -1; > + syscall = current_thread_info()->syscall; > + } > > #ifdef CONFIG_SECCOMP > if (unlikely(test_thread_flag(TIF_SECCOMP))) { > @@ -884,6 +886,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) > ret = __secure_computing(&sd); > if (ret == -1) > return ret; > + syscall = current_thread_info()->syscall; > } > #endif > > -- > 2.13.2 > -- Kees Cook Pixel Security