git.baikalelectronics.ru Git - kernel.git/commit

author	Will Drewry <wad@chromium.org>
	Fri, 13 Jul 2012 17:06:35 +0000 (12:06 -0500)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Fri, 13 Jul 2012 21:25:55 +0000 (14:25 -0700)
commit	6f967b82253197822d5574a2a348f965880afde5
tree	dc43e7c23455cd61fa2bafad7faffe45b44d6885	tree \| snapshot
parent	5cb5abe4a7b3ded50897ba6248834be32949df39	commit \| diff

x86/vsyscall: allow seccomp filter in vsyscall=emulate

If a seccomp filter program is installed, older static binaries and
distributions with older libc implementations (glibc 2.13 and earlier)
that rely on vsyscall use will be terminated regardless of the filter
program policy when executing time, gettimeofday, or getcpu. This is
only the case when vsyscall emulation is in use (vsyscall=emulate is the
default).

This patch emulates system call entry inside a vsyscall=emulate by
populating regs->ax and regs->orig_ax with the system call number prior
to calling into seccomp such that all seccomp-dependencies function
normally. Additionally, system call return behavior is emulated in line
with other vsyscall entrypoints for the trace/trap cases.

[ v2: fixed ip and sp on SECCOMP_RET_TRAP/TRACE (thanks to luto@mit.edu) ]
Reported-and-tested-by: Owen Kibel <qmewlo@gmail.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>