tile/ptrace: run seccomp after ptrace

Close the hole where ptrace can change a syscall out from under seccomp. Signed-off-by: N Kees Cook <keescook@chromium.org> Cc: Chris Metcalf <cmetcalf@mellanox.com>

tile/ptrace: run seccomp after ptrace
Close the hole where ptrace can change a syscall out from under seccomp. Signed-off-by: N Kees Cook <keescook@chromium.org> Cc: Chris Metcalf <cmetcalf@mellanox.com>
635efc70 · Kees Cook · 1addc57e · 635efc70
显示空白变更内容
内联并排

Showing with 6 addition and 5 deletion

arch/tile/kernel/ptrace.c arch/tile/kernel/ptrace.c +6 -5

未找到文件。
--- a/arch/tile/kernel/ptrace.c
+++ b/arch/tile/kernel/ptrace.c
@@ -255,14 +255,15 @@ int do_syscall_trace_enter(struct pt_regs *regs)
 {
 	u32 work = ACCESS_ONCE(current_thread_info()->flags);

-	if (secure_computing(NULL) == -1)
-		return -1;
-
-	if (work & _TIF_SYSCALL_TRACE) {
-		if (tracehook_report_syscall_entry(regs))
+	if ((work & _TIF_SYSCALL_TRACE) &&
+	    tracehook_report_syscall_entry(regs)) {
 		regs->regs[TREG_SYSCALL_NR] = -1;
+		return -1;
 	}

+	if (secure_computing(NULL) == -1)
+		return -1;
+
 	if (work & _TIF_SYSCALL_TRACEPOINT)
 		trace_sys_enter(regs, regs->regs[TREG_SYSCALL_NR]);