arm64: secomp: fix the secure computing mode 1 syscall check for ilp32

hulk inclusion
category: bugfix
bugzilla: 46790
CVE: NA

--------------------------------

ILP32 application belongs to the compat application. But its syscall
number is different from the traditional compat a32 application. The
syscall number is the same with the lp64 application. So we need to fix
the secure computing mode 1 syscall check for ilp32.
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: NYury Norov <ynorov@caviumnetworks.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NChen Jun <chenjun102@huawei.com>

arch/arm64/include/asm/seccomp.h

@@ -17,6 +17,36 @@
 #define __NR_seccomp_sigreturn_32	__NR_compat_rt_sigreturn
 #endif /* CONFIG_COMPAT */
 
+#ifdef CONFIG_COMPAT
+#ifndef __COMPAT_SYSCALL_NR
+
+static inline const int *get_compat_mode1_syscalls(void)
+{
+#ifdef CONFIG_AARCH32_EL0
+	static const int mode1_syscalls_a32[] = {
+		__NR_compat_read, __NR_compat_write,
+		__NR_compat_read, __NR_compat_sigreturn,
+		0, /* null terminated */
+	};
+#endif
+	static const int mode1_syscalls_ilp32[] = {
+		__NR_read, __NR_write,
+		__NR_exit, __NR_rt_sigreturn,
+		0, /* null terminated */
+	};
+
+#ifdef CONFIG_AARCH32_EL0
+	if (is_a32_compat_task())
+		return mode1_syscalls_a32;
+#endif
+	return mode1_syscalls_ilp32;
+}
+
+#define get_compat_mode1_syscalls get_compat_mode1_syscalls
+
+#endif
+#endif
+
 #include <asm-generic/seccomp.h>
 
 #endif /* _ASM_SECCOMP_H */