tile/ptrace: run seccomp after ptrace

Close the hole where ptrace can change a syscall out from under seccomp.

Signed-off-by: Kees Cook <[email protected]>
Cc: Chris Metcalf <[email protected]>

diff --git a/arch/tile/kernel/ptrace.c b/arch/tile/kernel/ptrace.c
index 8c6d2f2fefa3ddc8fee3a646983e110bd030cb33..d89b7011667cb4f1a6f3ad55238d2c815e229c41 100644 (file)
--- a/arch/tile/kernel/ptrace.c
+++ b/arch/tile/kernel/ptrace.c
@@ -255,14 +255,15 @@ int do_syscall_trace_enter(struct pt_regs *regs)
 {
        u32 work = ACCESS_ONCE(current_thread_info()->flags);
 
-       if (secure_computing(NULL) == -1)
+       if ((work & _TIF_SYSCALL_TRACE) &&
+           tracehook_report_syscall_entry(regs)) {
+               regs->regs[TREG_SYSCALL_NR] = -1;
                return -1;
-
-       if (work & _TIF_SYSCALL_TRACE) {
-               if (tracehook_report_syscall_entry(regs))
-                       regs->regs[TREG_SYSCALL_NR] = -1;
        }
 
+       if (secure_computing(NULL) == -1)
+               return -1;
+
        if (work & _TIF_SYSCALL_TRACEPOINT)
                trace_sys_enter(regs, regs->regs[TREG_SYSCALL_NR]);