MIPS/ptrace: Update syscall nr on register changes

Update the thread_info::syscall field when registers are modified via
ptrace to change or cancel the system call being entered.

This is important to allow seccomp and the syscall entry and exit trace
events to observe the new syscall number changed by the normal ptrace
hook or seccomp. That includes allowing seccomp's recheck of the system
call number after SECCOMP_RET_TRACE to notice if the syscall is changed
to a denied one, which happens in seccomp since commit ce6526e8afa4
("seccomp: recheck the syscall after RET_TRACE") in v4.8.

In the process of doing this, the logic to determine whether an indirect
system call is in progress (i.e. the O32 ABI's syscall()) is abstracted
into mips_syscall_is_indirect(), and a new mips_syscall_update_nr() is
used to update the thread_info::syscall based on the register state.

The following ptrace operations are updated:
 - PTRACE_SETREGS (ptrace_setregs()).
 - PTRACE_SETREGSET with NT_PRSTATUS (gpr32_set() and gpr64_set()).
 - PTRACE_POKEUSR with 2/v0 or 4/a0 for indirect syscall
   ([compat_]arch_ptrace()).

Fixes: c2d9f1775731 ("MIPS: Fix syscall_get_nr for the syscall exit tracing.")
Signed-off-by: James Hogan <jhogan@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Lars Persson <larper@axis.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/16995/

diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h
index 7c713025b23f6fbb9c06c9fb735ca0b35bbcf344..0170602a1e4e3f920b0b3834e0df26203d81c5a5 100644 (file)
--- a/arch/mips/include/asm/syscall.h
+++ b/arch/mips/include/asm/syscall.h
@@ -26,12 +26,34 @@
 #define __NR_syscall 4000
 #endif
 
+static inline bool mips_syscall_is_indirect(struct task_struct *task,
+                                           struct pt_regs *regs)
+{
+       /* O32 ABI syscall() - Either 64-bit with O32 or 32-bit */
+       return (IS_ENABLED(CONFIG_32BIT) ||
+               test_tsk_thread_flag(task, TIF_32BIT_REGS)) &&
+               (regs->regs[2] == __NR_syscall);
+}
+
 static inline long syscall_get_nr(struct task_struct *task,
                                  struct pt_regs *regs)
 {
        return current_thread_info()->syscall;
 }
 
+static inline void mips_syscall_update_nr(struct task_struct *task,
+                                         struct pt_regs *regs)
+{
+       /*
+        * v0 is the system call number, except for O32 ABI syscall(), where it
+        * ends up in a0.
+        */
+       if (mips_syscall_is_indirect(task, regs))
+               task_thread_info(task)->syscall = regs->regs[4];
+       else
+               task_thread_info(task)->syscall = regs->regs[2];
+}
+
 static inline unsigned long mips_get_syscall_arg(unsigned long *arg,
        struct task_struct *task, struct pt_regs *regs, unsigned int n)
 {
@@ -98,10 +120,9 @@ static inline void syscall_get_arguments(struct task_struct *task,
                                         unsigned long *args)
 {
        int ret;
-       /* O32 ABI syscall() - Either 64-bit with O32 or 32-bit */
-       if ((IS_ENABLED(CONFIG_32BIT) ||
-           test_tsk_thread_flag(task, TIF_32BIT_REGS)) &&
-           (regs->regs[2] == __NR_syscall))
+
+       /* O32 ABI syscall() */
+       if (mips_syscall_is_indirect(task, regs))
                i++;
 
        while (n--)

diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index 011993e0cce218ea0b9c831d7732947468395f24..efbd8df8b6652e7a81baed64134858fd8b3d733a 100644 (file)
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -144,6 +144,9 @@ int ptrace_setregs(struct task_struct *child, struct user_pt_regs __user *data)
 
        /* badvaddr, status, and cause may not be written.  */
 
+       /* System call number may have been changed */
+       mips_syscall_update_nr(child, regs);
+
        return 0;
 }
 
@@ -345,6 +348,9 @@ static int gpr32_set(struct task_struct *target,
                }
        }
 
+       /* System call number may have been changed */
+       mips_syscall_update_nr(target, regs);
+
        return 0;
 }
 
@@ -405,6 +411,9 @@ static int gpr64_set(struct task_struct *target,
                }
        }
 
+       /* System call number may have been changed */
+       mips_syscall_update_nr(target, regs);
+
        return 0;
 }
 
@@ -770,6 +779,12 @@ long arch_ptrace(struct task_struct *child, long request,
                switch (addr) {
                case 0 ... 31:
                        regs->regs[addr] = data;
+                       /* System call number may have been changed */
+                       if (addr == 2)
+                               mips_syscall_update_nr(child, regs);
+                       else if (addr == 4 &&
+                                mips_syscall_is_indirect(child, regs))
+                               mips_syscall_update_nr(child, regs);
                        break;
                case FPR_BASE ... FPR_BASE + 31: {
                        union fpureg *fregs = get_fpu_regs(child);

diff --git a/arch/mips/kernel/ptrace32.c b/arch/mips/kernel/ptrace32.c
index 40e212d6b26b2dc6055f5e6648964b9f35877cd8..2b9260f92ccd3019fe3d733c96a631faa7f59e2b 100644 (file)
--- a/arch/mips/kernel/ptrace32.c
+++ b/arch/mips/kernel/ptrace32.c
@@ -33,6 +33,7 @@
 #include <asm/pgtable.h>
 #include <asm/page.h>
 #include <asm/reg.h>
+#include <asm/syscall.h>
 #include <linux/uaccess.h>
 #include <asm/bootinfo.h>
 
@@ -195,6 +196,12 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
                switch (addr) {
                case 0 ... 31:
                        regs->regs[addr] = data;
+                       /* System call number may have been changed */
+                       if (addr == 2)
+                               mips_syscall_update_nr(child, regs);
+                       else if (addr == 4 &&
+                                mips_syscall_is_indirect(child, regs))
+                               mips_syscall_update_nr(child, regs);
                        break;
                case FPR_BASE ... FPR_BASE + 31: {
                        union fpureg *fregs = get_fpu_regs(child);