On May 30, 2014 2:58 PM, "Andy Lutomirski" <[email protected]> wrote: > > syscall_in_syscall will return true if we're in a real syscall and > will return false if we're not in a syscall. If we're in a bad > syscall, the return value can vary. > > The idea is to use this to come up with a much simpler replacement > for syscall auditing. > > Signed-off-by: Andy Lutomirski <[email protected]> > --- > arch/x86/Kconfig | 1 + > arch/x86/include/asm/syscall.h | 21 +++++++++++++++++++++ > init/Kconfig | 3 +++ > 3 files changed, 25 insertions(+) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 25d2c6f..e2602d4 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -130,6 +130,7 @@ config X86 > select HAVE_CC_STACKPROTECTOR > select GENERIC_CPU_AUTOPROBE > select HAVE_ARCH_AUDITSYSCALL > + select HAVE_SYSCALL_IN_SYSCALL > > config INSTRUCTION_DECODER > def_bool y > diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h > index d6a756a..91e38b3 100644 > --- a/arch/x86/include/asm/syscall.h > +++ b/arch/x86/include/asm/syscall.h > @@ -23,6 +23,27 @@ > typedef void (*sys_call_ptr_t)(void); > extern const sys_call_ptr_t sys_call_table[]; > > +/** > + * syscall_in_syscall() - are we in a syscall context? > + * @task: The task to query. > + * @regs: The task's pt_regs. > + * > + * This checks whether we are in a syscall. If it returns true, then > + * syscall_get_nr(), etc are usable and the current task is guaranteed > + * to either die or to go through the syscall exit path when the syscall > + * is done. > + * > + * If it returns false, no particular guarantees are made. In > + * particular, a malicious task can issue a syscall that causes > + * syscall_in_syscall to return false. Such a syscall won't do much, > + * but it can still cause tracing code and such to run. > + */ > +static inline bool syscall_in_syscall(struct task_struct *task, > + struct pt_regs *regs) > +{ > + return regs->orig_ax != -1;
This is insufficient: anything that interrupts an errorentry too early will incorrectly return true. Also, the actual IRQ entries seem to shove the IRQ number into orig_ax. I'll send a new version. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
