[PATCH 05/14] seccomp: recheck the syscall after RET_TRACE
Andy Lutomirski
luto at amacapital.net
Thu Jun 9 15:46:10 PDT 2016
On Thu, Jun 9, 2016 at 2:01 PM, Kees Cook <keescook at chromium.org> wrote:
> When RET_TRACE triggers, a tracer may change a syscall into something that
> should be filtered by seccomp. This re-runs seccomp after a trace event
> to make sure things continue to pass.
>
> Signed-off-by: Kees Cook <keescook at chromium.org>
> Cc: Andy Lutomirski <luto at kernel.org>
> ---
> kernel/seccomp.c | 21 ++++++++++++++++++---
> 1 file changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index 14a37d71b612..54d15eb2b701 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -556,7 +556,8 @@ void secure_computing_strict(int this_syscall)
> #else
>
> #ifdef CONFIG_SECCOMP_FILTER
> -static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd)
> +static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd,
> + const bool recheck_after_trace)
This patch looks good with one minor nit: I read this as "pass true if
you want to recheck after trace", which is exactly the opposite of how
it works.
--Andy
More information about the linux-arm-kernel
mailing list