git.baikalelectronics.ru Git - kernel.git/commit

author	Will Drewry <wad@chromium.org>
	Fri, 13 Jul 2012 17:06:35 +0000 (12:06 -0500)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Fri, 13 Jul 2012 21:25:55 +0000 (14:25 -0700)
commit	0127cfc1584851aebe25bc6588776cab8cd8434e
tree	dc43e7c23455cd61fa2bafad7faffe45b44d6885	tree \| snapshot
parent	8722acae96e95824970d017dbfe0ea82ef577cca	commit \| diff

x86/vsyscall: allow seccomp filter in vsyscall=emulate

If a seccomp filter program is installed, older static binaries and
distributions with older libc implementations (glibc 2.13 and earlier)
that rely on vsyscall use will be terminated regardless of the filter
program policy when executing time, gettimeofday, or getcpu. This is
only the case when vsyscall emulation is in use (vsyscall=emulate is the
default).

This patch emulates system call entry inside a vsyscall=emulate by
populating regs->ax and regs->orig_ax with the system call number prior
to calling into seccomp such that all seccomp-dependencies function
normally. Additionally, system call return behavior is emulated in line
with other vsyscall entrypoints for the trace/trap cases.

[ v2: fixed ip and sp on SECCOMP_RET_TRAP/TRACE (thanks to luto@mit.edu) ]
Reported-and-tested-by: Owen Kibel <qmewlo@gmail.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>