Linus,
please pull the latest core/entry branch from:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git core-entry-2024-03-23
up to: fb13b11d5387: entry: Respect changes to system call number by trace_sys_enter()
A single fix for the generic entry code:
THe trace_sys_enter() tracepoint can modify the syscall number via
kprobes or BPF in pt_regs, but that requires that the syscall number is
re-evaluted from pt_regs after the tracepoint.
A seccomp fix in that area removed the re-evaluation so the change does
not take effect as the code just uses the locally cached number.
Restore the original behaviour by re-evaluating the syscall number after
the tracepoint.
Thanks,
tglx
------------------>
André Rösti (1):
entry: Respect changes to system call number by trace_sys_enter()
kernel/entry/common.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/kernel/entry/common.c b/kernel/entry/common.c
index 88cb3c88aaa5..90843cc38588 100644
--- a/kernel/entry/common.c
+++ b/kernel/entry/common.c
@@ -57,8 +57,14 @@ long syscall_trace_enter(struct pt_regs *regs, long syscall,
/* Either of the above might have changed the syscall number */
syscall = syscall_get_nr(current, regs);
- if (unlikely(work & SYSCALL_WORK_SYSCALL_TRACEPOINT))
+ if (unlikely(work & SYSCALL_WORK_SYSCALL_TRACEPOINT)) {
trace_sys_enter(regs, syscall);
+ /*
+ * Probes or BPF hooks in the tracepoint may have changed the
+ * system call number as well.
+ */
+ syscall = syscall_get_nr(current, regs);
+ }
syscall_enter_audit(regs, syscall);
The pull request you sent on Sat, 23 Mar 2024 20:51:59 +0100 (CET):
> git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git core-entry-2024-03-23
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/976b029d06607f98f4156d8690d447ea8ed61c84
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html