[SRU][Xenial][PATCH] arm/ptrace: run seccomp after ptrace
Connor Kuehl
connor.kuehl at canonical.com
Mon Jun 3 22:22:57 UTC 2019
From: Kees Cook <keescook at chromium.org>
CVE-2019-2054
Close the hole where ptrace can change a syscall out from under seccomp.
Signed-off-by: Kees Cook <keescook at chromium.org>
Cc: Russell King <linux at armlinux.org.uk>
Cc: linux-arm-kernel at lists.infradead.org
(cherry picked from commit 0f3912fd934cdfd03d93f2dc6f064099795bf638)
Signed-off-by: Connor Kuehl <connor.kuehl at canonical.com>
---
arch/arm/kernel/ptrace.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index d54c53b7ab63..2b00c030775c 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -932,18 +932,19 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno)
{
current_thread_info()->syscall = scno;
- /* Do the secure computing check first; failures should be fast. */
+ if (test_thread_flag(TIF_SYSCALL_TRACE))
+ tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
+
+ /* Do seccomp after ptrace; syscall may have changed. */
#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
if (secure_computing() == -1)
return -1;
#else
/* XXX: remove this once OABI gets fixed */
- secure_computing_strict(scno);
+ secure_computing_strict(current_thread_info()->syscall);
#endif
- if (test_thread_flag(TIF_SYSCALL_TRACE))
- tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
-
+ /* Tracer or seccomp may have changed syscall. */
scno = current_thread_info()->syscall;
if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
--
2.20.1
More information about the kernel-team
mailing list