BUG_ON() in audit_syscall_entry() will be hit if user issues syscall(-1) while syscall auditing is enabled (that is, by starting auditd). In fact, syscall(-1) just fails (not signaled despite the expectation, this is another minor bug), but the succeeding syscall hits BUG_ON.
When auditing syscall(-1), audit_syscall_entry() is called anyway, but audit_syscall_exit() is not called and then 'in_syscall' flag in thread's audit context is kept on. In this way, audit_syscall_entry() against the succeeding syscall will see BUG_ON(in_syscall). This patch fixes this bug by 1) enforcing syscall exit tracing, including audit_syscall_exit(), to be executed in all cases, 2) handling user-issued syscall(-1) with arm_syscall(). Signed-off-by: AKASHI Takahiro <[email protected]> --- arch/arm/kernel/entry-common.S | 4 ++-- arch/arm/kernel/ptrace.c | 10 +++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index e52fe5a..28d3931 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -426,7 +426,6 @@ ENTRY(vector_swi) local_restart: ldr r10, [tsk, #TI_FLAGS] @ check for syscall tracing stmdb sp!, {r4, r5} @ push fifth and sixth args - tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace @@ -476,10 +475,11 @@ __sys_trace: cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack - b ret_slow_syscall + b __sys_trace_return_skipped __sys_trace_return: str r0, [sp, #S_R0 + S_OFF]! @ save returned r0 +__sys_trace_return_skipped: mov r0, sp bl syscall_trace_exit b ret_slow_syscall diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 0c27ed6..f3339c8 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -928,9 +928,13 @@ static void tracehook_report_syscall(struct pt_regs *regs, regs->ARM_ip = ip; } +extern int arm_syscall(int, struct pt_regs *); + asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) { - current_thread_info()->syscall = scno; + int orig_scno; + + current_thread_info()->syscall = orig_scno = scno; /* Do the secure computing check first; failures should be fast. */ if (secure_computing(scno) == -1) @@ -947,6 +951,10 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0, regs->ARM_r1, regs->ARM_r2, regs->ARM_r3); + /* user-issued syscall of -1 */ + if (scno == -1 && orig_scno == -1) + arm_syscall(scno, regs); + return scno; } -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
