From patchwork Thu Jun 9 21:02:01 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9167971 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7CE13607DA for ; Thu, 9 Jun 2016 21:07:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6FBF128359 for ; Thu, 9 Jun 2016 21:07:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 648592835B; Thu, 9 Jun 2016 21:07:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 131DB28359 for ; Thu, 9 Jun 2016 21:07:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751703AbcFIVFz (ORCPT ); Thu, 9 Jun 2016 17:05:55 -0400 Received: from mail-pf0-f174.google.com ([209.85.192.174]:34761 "EHLO mail-pf0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752025AbcFIVCa (ORCPT ); Thu, 9 Jun 2016 17:02:30 -0400 Received: by mail-pf0-f174.google.com with SMTP id 62so16361729pfd.1 for ; Thu, 09 Jun 2016 14:02:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=MsvE6N6UqdLeFMmaS/9rZC4XR2ujr1fHSLfiP2y/Gn0=; b=bpwssgpewcKPO78yV+657MZdSY0DX34/P/3SKXqet/xN2BYH3+qOeNGtKDySd2ee5s qEu/ZAt8SE9mIvFdMM6RC8nX71yoEoI9AfUfe8T2ZPiAcGNqDewn0ADRsYwjUa4HS/y4 k80kVO4ijjVpJ6N6uWlfgnGzuZVevhqGjgt9Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=MsvE6N6UqdLeFMmaS/9rZC4XR2ujr1fHSLfiP2y/Gn0=; b=KP/EH3DKQO62kBoLy9ldh5+IzvypneAFzfsJ9bjiR9RRt+7CrZHPfcOzMmlDqKKfnK 3pnn2ntie6Wwc95I3NJUJhODW4EUEmZTFEg94cMf3wT/q054XeEQfGJSc5ffnj1X4oh3 BIaxDtRKqWFYcn2t7qgzelBGkRLS+GF9fbBdk91zY6mxwDp2eN/lbL8uZkaPErXRNKMQ DregV8XRpSFsHS7aKS+ya3wX32rj4aUp+stCTU6b17PbafZe7yLqCAduzZOjq1XIpCKF FWO3eX/CHTaNInuoSqA3/v7H+xOdIuOynvvrScf0i9VupHhiJtNplba26dXOLrY20irU Oa8g== X-Gm-Message-State: ALyK8tJ+Y7EDMnLJtlY9giWkcjvRvflACMm0QbM1LhAwaUsvEeOrFu0pZqD4Pt+QsX3ub9se X-Received: by 10.98.41.133 with SMTP id p127mr6463692pfp.18.1465506150029; Thu, 09 Jun 2016 14:02:30 -0700 (PDT) Received: from www.outflux.net ([2002:ada4:7085:0:ae16:2dff:fe07:4fb6]) by smtp.gmail.com with ESMTPSA id 12sm12152345pfx.68.2016.06.09.14.02.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Jun 2016 14:02:27 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Heiko Carstens , Martin Schwidefsky , linux-s390@vger.kernel.org, Andy Lutomirski , Benjamin Herrenschmidt , Catalin Marinas , Chris Metcalf , Helge Deller , "James E.J. Bottomley" , James Hogan , Jeff Dike , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mips@linux-mips.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, "Maciej W. Rozycki" , Mark Rutland , Michael Ellerman , Paul Mackerras , Ralf Baechle , Richard Weinberger , Russell King , user-mode-linux-devel@lists.sourceforge.net, Will Deacon , x86@kernel.org Subject: [PATCH 11/14] s390/ptrace: run seccomp after ptrace Date: Thu, 9 Jun 2016 14:02:01 -0700 Message-Id: <1465506124-21866-12-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1465506124-21866-1-git-send-email-keescook@chromium.org> References: <1465506124-21866-1-git-send-email-keescook@chromium.org> Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Close the hole where ptrace can change a syscall out from under seccomp. Signed-off-by: Kees Cook Cc: Heiko Carstens Cc: Martin Schwidefsky Cc: linux-s390@vger.kernel.org --- arch/s390/kernel/ptrace.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index c238e9958c2a..cea17010448f 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c @@ -821,15 +821,6 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) { - long ret = 0; - - /* Do the secure computing check first. */ - if (secure_computing(NULL)) { - /* seccomp failures shouldn't expose any additional code. */ - ret = -1; - goto out; - } - /* * The sysc_tracesys code in entry.S stored the system * call number to gprs[2]. @@ -843,7 +834,13 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) * the system call and the system call restart handling. */ clear_pt_regs_flag(regs, PIF_SYSCALL); - ret = -1; + return -1; + } + + /* Do the secure computing check after ptrace. */ + if (secure_computing(NULL)) { + /* seccomp failures shouldn't expose any additional code. */ + return -1; } if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) @@ -852,8 +849,8 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) audit_syscall_entry(regs->gprs[2], regs->orig_gpr2, regs->gprs[3], regs->gprs[4], regs->gprs[5]); -out: - return ret ?: regs->gprs[2]; + + return regs->gprs[2]; } asmlinkage void do_syscall_trace_exit(struct pt_regs *regs)