arm64: secomp: fix the secure computing mode 1 syscall check for ilp32

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8JVJ3
CVE: NA

--------------------------------

ILP32 application belongs to the compat application. But its syscall
number is different from the traditional compat a32 application. The
syscall number is the same with the lp64 application. So we need to fix
the secure computing mode 1 syscall check for ilp32.

Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: Yury Norov <ynorov@caviumnetworks.com>
Reviewed-by: Hanjun Guo <guohanjun@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Acked-by: Xie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Chen Jiahao <chenjiahao16@huawei.com>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>

1 files changed, 30 insertions, 0 deletions

diff --git a/arch/arm64/include/asm/seccomp.h b/arch/arm64/include/asm/seccomp.h
index 0f4cc9322eb4..a6be48b9225a 100644
--- a/arch/arm64/include/asm/seccomp.h
+++ b/arch/arm64/include/asm/seccomp.h
@@ -17,6 +17,36 @@
 #define __NR_seccomp_sigreturn_32	__NR_compat_rt_sigreturn
 #endif /* CONFIG_COMPAT */
 
+#ifdef CONFIG_COMPAT
+#ifndef __COMPAT_SYSCALL_NR
+
+static inline const int *get_compat_mode1_syscalls(void)
+{
+#ifdef CONFIG_AARCH32_EL0
+	static const int mode1_syscalls_a32[] = {
+		__NR_compat_read, __NR_compat_write,
+		__NR_compat_exit, __NR_compat_sigreturn,
+		0, /* null terminated */
+	};
+#endif
+	static const int mode1_syscalls_ilp32[] = {
+		__NR_read, __NR_write,
+		__NR_exit, __NR_rt_sigreturn,
+		0, /* null terminated */
+	};
+
+#ifdef CONFIG_AARCH32_EL0
+	if (is_a32_compat_task())
+		return mode1_syscalls_a32;
+#endif
+	return mode1_syscalls_ilp32;
+}
+
+#define get_compat_mode1_syscalls get_compat_mode1_syscalls
+
+#endif
+#endif
+
 #include <asm-generic/seccomp.h>
 
 #define SECCOMP_ARCH_NATIVE		AUDIT_ARCH_AARCH64