• Will Drewry's avatar
    x86/vsyscall: allow seccomp filter in vsyscall=emulate · 5651721e
    Will Drewry authored
    If a seccomp filter program is installed, older static binaries and
    distributions with older libc implementations (glibc 2.13 and earlier)
    that rely on vsyscall use will be terminated regardless of the filter
    program policy when executing time, gettimeofday, or getcpu.  This is
    only the case when vsyscall emulation is in use (vsyscall=emulate is the
    default).
    
    This patch emulates system call entry inside a vsyscall=emulate by
    populating regs->ax and regs->orig_ax with the system call number prior
    to calling into seccomp such that all seccomp-dependencies function
    normally.  Additionally, system call return behavior is emulated in line
    with other vsyscall entrypoints for the trace/trap cases.
    
    [ v2: fixed ip and sp on SECCOMP_RET_TRAP/TRACE (thanks to luto@mit.edu) ]
    Reported-and-tested-by: default avatarOwen Kibel <qmewlo@gmail.com>
    Signed-off-by: default avatarWill Drewry <wad@chromium.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    5651721e
vsyscall_64.c 9.68 KB