UPSTREAM: arm64/ptrace: run seccomp after ptrace

Close the hole where ptrace can change a syscall out from under seccomp.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
(cherry picked from commit a5cd110cb8369d6b37ef5ccfe56b3fa1338c9615)

Bug: 119769499
Change-Id: I9fd3e8e6d38122866df434b2676bf7ba0e808e32
Signed-off-by: Greg Hackmann <ghackmann@google.com>

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index afed110..a546e22 100644 (file)
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -1254,13 +1254,13 @@ static void tracehook_report_syscall(struct pt_regs *regs,
 
 asmlinkage int syscall_trace_enter(struct pt_regs *regs)
 {
-       /* Do the secure computing check first; failures should be fast. */
-       if (secure_computing(NULL) == -1)
-               return -1;
-
        if (test_thread_flag(TIF_SYSCALL_TRACE))
                tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
 
+       /* Do the secure computing after ptrace; failures should be fast. */
+       if (secure_computing(NULL) == -1)
+               return -1;
+
        if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
                trace_sys_enter(regs, regs->syscallno);