projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1addc57)
tile/ptrace: run seccomp after ptrace
authorKees Cook <keescook@chromium.org>
Fri, 3 Jun 2016 02:56:43 +0000 (19:56 -0700)
committerKees Cook <keescook@chromium.org>
Tue, 14 Jun 2016 17:54:46 +0000 (10:54 -0700)
Close the hole where ptrace can change a syscall out from under seccomp.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Chris Metcalf <cmetcalf@mellanox.com>
arch/tile/kernel/ptrace.c patch | blob | blame | history

diff --git a/arch/tile/kernel/ptrace.c b/arch/tile/kernel/ptrace.c
index 8c6d2f2fefa3ddc8fee3a646983e110bd030cb33..d89b7011667cb4f1a6f3ad55238d2c815e229c41 100644 (file)
--- a/arch/tile/kernel/ptrace.c
+++ b/arch/tile/kernel/ptrace.c
@@ -255,14 +255,15 @@ int do_syscall_trace_enter(struct pt_regs *regs)
 {
        u32 work = ACCESS_ONCE(current_thread_info()->flags);
 
-       if (secure_computing(NULL) == -1)
+       if ((work & _TIF_SYSCALL_TRACE) &&
+           tracehook_report_syscall_entry(regs)) {
+               regs->regs[TREG_SYSCALL_NR] = -1;
                return -1;
-
-       if (work & _TIF_SYSCALL_TRACE) {
-               if (tracehook_report_syscall_entry(regs))
-                       regs->regs[TREG_SYSCALL_NR] = -1;
        }
 
+       if (secure_computing(NULL) == -1)
+               return -1;
+
        if (work & _TIF_SYSCALL_TRACEPOINT)
                trace_sys_enter(regs, regs->regs[TREG_SYSCALL_NR]);