Commit 28cc1f4e authored Dec 22, 2020 by Xiongfeng Wang Committed by Chen Jun Jan 07, 2021

arm64: secomp: fix the secure computing mode 1 syscall check for ilp32



hulk inclusion
category: bugfix
bugzilla: 46790
CVE: NA

--------------------------------

ILP32 application belongs to the compat application. But its syscall
number is different from the traditional compat a32 application. The
syscall number is the same with the lp64 application. So we need to fix
the secure computing mode 1 syscall check for ilp32.

Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Yury Norov <ynorov@caviumnetworks.com>
Reviewed-by: Hanjun Guo <guohanjun@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Acked-by: Xie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: Chen Jun <chenjun102@huawei.com>

parent 347baa65

arch/arm64/include/asm/seccomp.h

+30 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,36 @@
		#define __NR_seccomp_sigreturn_32 __NR_compat_rt_sigreturn
		#endif /* CONFIG_COMPAT */

		#ifdef CONFIG_COMPAT
		#ifndef __COMPAT_SYSCALL_NR

		static inline const int *get_compat_mode1_syscalls(void)
		{
		#ifdef CONFIG_AARCH32_EL0
		static const int mode1_syscalls_a32[] = {
		__NR_compat_read, __NR_compat_write,
		__NR_compat_read, __NR_compat_sigreturn,
		0, /* null terminated */
		};
		#endif
		static const int mode1_syscalls_ilp32[] = {
		__NR_read, __NR_write,
		__NR_exit, __NR_rt_sigreturn,
		0, /* null terminated */
		};

		#ifdef CONFIG_AARCH32_EL0
		if (is_a32_compat_task())
		return mode1_syscalls_a32;
		#endif
		return mode1_syscalls_ilp32;
		}

		#define get_compat_mode1_syscalls get_compat_mode1_syscalls

		#endif
		#endif

		#include <asm-generic/seccomp.h>

		#endif /* _ASM_SECCOMP_H */