[PATCH] ARM: SECCOMP support

Nicolas Pitre nico at fluxnic.net
Sat Sep 25 15:46:16 EDT 2010


On Sat, 25 Sep 2010, Russell King - ARM Linux wrote:

> On Sat, Sep 25, 2010 at 12:31:07PM -0400, Nicolas Pitre wrote:
> > Well, for one thing, the syscall tracing has the ability to change the 
> > actual syscall number.  So this looked like a possible hole that could 
> > somehow be exploited to escape the seccomp control.  So I went with the 
> > safest way.
> 
> That is also true for x86 - the seccomp test on x86 is done first,
> before the syscall entry trap.

OK, what about this then:

diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index f05a35a..5f3c4bf 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -293,7 +293,6 @@ ENTRY(vector_swi)
 
 	get_thread_info tsk
 	adr	tbl, sys_call_table		@ load syscall table pointer
-	ldr	ip, [tsk, #TI_FLAGS]		@ check for syscall tracing
 
 #if defined(CONFIG_OABI_COMPAT)
 	/*
@@ -310,8 +309,20 @@ ENTRY(vector_swi)
 	eor	scno, scno, #__NR_SYSCALL_BASE	@ check OS number
 #endif
 
+	ldr	r10, [tsk, #TI_FLAGS]		@ check for syscall tracing
 	stmdb	sp!, {r4, r5}			@ push fifth and sixth args
-	tst	ip, #_TIF_SYSCALL_TRACE		@ are we tracing syscalls?
+
+#ifdef CONFIG_SECCOMP
+	tst	r10, #_TIF_SECCOMP
+	beq	1f
+	mov	r0, scno
+	bl	__secure_computing	
+	add	r0, sp, #S_R0 + S_OFF		@ pointer to regs
+	ldmia	r0, {r0 - r3}			@ have to reload r0 - r3
+1:
+#endif
+
+	tst	r10, #_TIF_SYSCALL_TRACE		@ are we tracing syscalls?
 	bne	__sys_trace
 
 	cmp	scno, #NR_syscalls		@ check upper syscall limit

Nicolas



More information about the linux-arm-kernel mailing list