powerpc: Change syscall_get_nr() to return int

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The documentation for syscall_get_nr() in asm-generic says:

Note this returns int even on 64-bit machines. Only 32 bits of
system call number can be meaningful. If the actual arch value
is 64 bits, this truncates to 32 bits so 0xffffffff means -1.

However our implementation was never updated to reflect this.

Generally it's not important, but there is once case where it matters.

For seccomp filter with SECCOMP_RET_TRACE, the tracer will set
regs->gpr[0] to -1 to reject the syscall. When the task is a compat
task, this means we end up with 0xffffffff in r0 because ptrace will
zero extend the 32-bit value.

If syscall_get_nr() returns an unsigned long, then a 64-bit kernel will
see a positive value in r0 and will incorrectly allow the syscall
through seccomp.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Kees Cook <keescook@chromium.org>

Michael Ellerman 10 years ago e9fbe686 1cb9839b

+8 -3

1 changed file

expand all

arch

powerpc

include

asm

syscall.h

+8 -3

arch/powerpc/include/asm/syscall.h

··· 22 22 extern const unsigned long sys_call_table[]; 23 23 #endif /* CONFIG_FTRACE_SYSCALLS */ 24 24 25 - static inline long syscall_get_nr(struct task_struct *task, 26 - struct pt_regs *regs) 25 + static inline int syscall_get_nr(struct task_struct *task, struct pt_regs *regs) 27 26 { 28 - return TRAP(regs) == 0xc00 ? regs->gpr[0] : -1L; 27 + /* 28 + * Note that we are returning an int here. That means 0xffffffff, ie. 29 + * 32-bit negative 1, will be interpreted as -1 on a 64-bit kernel. 30 + * This is important for seccomp so that compat tasks can set r0 = -1 31 + * to reject the syscall. 32 + */ 33 + return TRAP(regs) == 0xc00 ? regs->gpr[0] : -1; 29 34 } 30 35 31 36 static inline void syscall_rollback(struct task_struct *task,