From 7c28351cb077580d315d32a60ba3b432f6f73b60 Mon Sep 17 00:00:00 2001
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Date: Tue, 22 Sep 2020 10:14:31 +0800
Subject: [PATCH] arm64: secomp: fix the secure computing mode 1 syscall check
 for ilp32

hulk inclusion
category: bugfix
bugzilla: NA
CVE: NA
---------------------------

ILP32 application belongs to the compat application. But its syscall
number is different from the traditional compat a32 application. The
syscall number is the same with the lp64 application. So we need to fix
the secure computing mode 1 syscall check for ilp32.

Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Yury Norov <ynorov@caviumnetworks.com>
Reviewed-by: Hanjun Guo <guohanjun@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 arch/arm64/include/asm/seccomp.h | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/arch/arm64/include/asm/seccomp.h b/arch/arm64/include/asm/seccomp.h
index 00ef0bf63230..b7c986c3dbca 100644
--- a/arch/arm64/include/asm/seccomp.h
+++ b/arch/arm64/include/asm/seccomp.h
@@ -20,6 +20,36 @@
 #define __NR_seccomp_sigreturn_32	__NR_compat_rt_sigreturn
 #endif /* CONFIG_COMPAT */
 
+#ifdef CONFIG_COMPAT
+#ifndef __COMPAT_SYSCALL_NR
+
+static inline const int *get_compat_mode1_syscalls(void)
+{
+#ifdef CONFIG_AARCH32_EL0
+	static const int mode1_syscalls_a32[] = {
+		__NR_compat_read, __NR_compat_write,
+		__NR_compat_read, __NR_compat_sigreturn,
+		0, /* null terminated */
+	};
+#endif
+	static const int mode1_syscalls_ilp32[] = {
+		__NR_read, __NR_write,
+		__NR_exit, __NR_rt_sigreturn,
+		0, /* null terminated */
+	};
+
+#ifdef CONFIG_AARCH32_EL0
+	if (is_a32_compat_task())
+		return mode1_syscalls_a32;
+#endif
+	return mode1_syscalls_ilp32;
+}
+
+#define get_compat_mode1_syscalls get_compat_mode1_syscalls
+
+#endif
+#endif
+
 #include <asm-generic/seccomp.h>
 
 #endif /* _ASM_SECCOMP_H */
-- 
GitLab