git.baikalelectronics.ru Git - kernel.git/commit

author	Matt Redfearn <matt.redfearn@imgtec.com>
	Tue, 29 Mar 2016 08:35:31 +0000 (09:35 +0100)
committer	Ralf Baechle <ralf@linux-mips.org>
	Fri, 13 May 2016 12:02:00 +0000 (14:02 +0200)
commit	16bf0af94ba62357fcf2afceb172e0baca1bd26d
tree	9ef0d11b16f9e94aa0e890cbc0e8a74b4b5c0031	tree \| snapshot
parent	1288544a84510d2de8e7ae9dfaed284716028152	commit \| diff

MIPS: scall: Handle seccomp filters which redirect syscalls

Commit 20f00212e303 ("MIPS: scall: Always run the seccomp syscall
filters") modified the syscall code to always call the seccomp filters,
but missed the case where a filter may redirect the syscall, as
revealed by the seccomp_bpf self test.

The syscall path now restores the syscall from the stack after the
filter rather than saving it locally. Syscall number checking and
syscall function table lookup is done after the filter may have run such
that redirected syscalls are also checked, and executed.

The regular path of syscall number checking and pointer lookup is also
made more consistent between ABIs with scall64-64.S being the reference.

With this patch in place, the seccomp_bpf self test now passes
TRACE_syscall.syscall_redirected and TRACE_syscall.syscall_dropped on
all MIPS ABIs.

Fixes: 20f00212e303 ("MIPS: scall: Always run the seccomp syscall filters")
Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Eric B Munson <emunson@akamai.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-mips@linux-mips.org
Cc: IMG-MIPSLinuxKerneldevelopers@imgtec.com
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/12916/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

arch/mips/kernel/scall32-o32.S		diff \| blob \| history
arch/mips/kernel/scall64-64.S		diff \| blob \| history
arch/mips/kernel/scall64-n32.S		diff \| blob \| history
arch/mips/kernel/scall64-o32.S		diff \| blob \| history