On Thu, Jul 23, 2020 at 01:13:21AM +0200, Michael Karcher wrote: > Port sh to use the new SECCOMP_FILTER code. > > Signed-off-by: Michael Karcher <ker...@mkarcher.dialup.fu-berlin.de> > --- > arch/sh/Kconfig | 1 + > arch/sh/kernel/entry-common.S | 2 ++ > arch/sh/kernel/ptrace_32.c | 5 +++-- > tools/testing/selftests/seccomp/seccomp_bpf.c | 8 +++++++- > 4 files changed, 13 insertions(+), 3 deletions(-) > > diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig > index 32d959849df9..10b510c16841 100644 > --- a/arch/sh/Kconfig > +++ b/arch/sh/Kconfig > @@ -27,6 +27,7 @@ config SUPERH > select GENERIC_SMP_IDLE_THREAD > select GUP_GET_PTE_LOW_HIGH if X2TLB > select HAVE_ARCH_AUDITSYSCALL > + select HAVE_ARCH_SECCOMP_FILTER > select HAVE_ARCH_KGDB > select HAVE_ARCH_TRACEHOOK > select HAVE_DEBUG_BUGVERBOSE > diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S > index c4d88d61890d..ad963104d22d 100644 > --- a/arch/sh/kernel/entry-common.S > +++ b/arch/sh/kernel/entry-common.S > @@ -368,6 +368,8 @@ syscall_trace_entry: > mov.l 7f, r11 ! Call do_syscall_trace_enter which notifies > jsr @r11 ! superior (will chomp R[0-7]) > nop > + cmp/eq #-1, r0 > + bt syscall_exit > mov.l r0, @(OFF_R0,r15) ! Save return value > ! Reload R0-R4 from kernel stack, where the > ! parent may have modified them using > diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c > index 64bfb714943e..25ccfbd02bfa 100644 > --- a/arch/sh/kernel/ptrace_32.c > +++ b/arch/sh/kernel/ptrace_32.c > @@ -485,8 +485,6 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs > *regs) > { > long ret = 0; > > - secure_computing_strict(regs->regs[0]); > - > if (test_thread_flag(TIF_SYSCALL_TRACE) && > tracehook_report_syscall_entry(regs)) > /* > @@ -496,6 +494,9 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs > *regs) > */ > ret = -1L; > > + if (secure_computing() == -1) > + return -1; > + > if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) > trace_sys_enter(regs, regs->regs[0]); >
This patch broke strace - it spews out bogus syscalls and gets the tracee hung. I suspect the last hunk is wrong and breaks all non-seccomp tracing. I'll follow up with further analysis and possibly a fix if you don't find one sooner. Rich