[PATCH] ARM: SECCOMP support
Nicolas Pitre
nico at fluxnic.net
Sat Sep 25 12:31:07 EDT 2010
On Sat, 25 Sep 2010, Russell King - ARM Linux wrote:
> On Thu, Sep 23, 2010 at 05:11:36PM -0400, Nicolas Pitre wrote:
> > diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
> > index f05a35a..cdd0a88 100644
> > --- a/arch/arm/kernel/entry-common.S
> > +++ b/arch/arm/kernel/entry-common.S
> > @@ -314,6 +314,16 @@ ENTRY(vector_swi)
> > tst ip, #_TIF_SYSCALL_TRACE @ are we tracing syscalls?
> > bne __sys_trace
> >
> > +#ifdef CONFIG_SECCOMP
> > + tst ip, #_TIF_SECCOMP
> > + beq 1f
> > + mov r0, scno
> > + bl __secure_computing
> > + add r0, sp, #S_R0 + S_OFF @ pointer to regs
> > + ldmia r0, {r0 - r3} @ have to reload r0 - r3
> > +1:
> > +#endif
>
> Why not do this before the test for TIF_SYSCALL_TRACE? You're doing
> the same check in both paths, and x86 checks for secure computing
> before any syscall tracing stuff.
Well, for one thing, the syscall tracing has the ability to change the
actual syscall number. So this looked like a possible hole that could
somehow be exploited to escape the seccomp control. So I went with the
safest way.
Nicolas
More information about the linux-arm-kernel
mailing list