Merge tag 'core-entry-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git...

Pull core entry fix from Thomas Gleixner:
 "A single fix for the generic entry code:

  The trace_sys_enter() tracepoint can modify the syscall number via
  kprobes or BPF in pt_regs, but that requires that the syscall number
  is re-evaluted from pt_regs after the tracepoint.

  A seccomp fix in that area removed the re-evaluation so the change
  does not take effect as the code just uses the locally cached number.

  Restore the original behaviour by re-evaluating the syscall number
  after the tracepoint"

* tag 'core-entry-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  entry: Respect changes to system call number by trace_sys_enter()

diff --git a/kernel/entry/common.c b/kernel/entry/common.c
index 88cb3c88aaa5c6c1ca271c1cc95dcd60cdd8ca9c..90843cc38588065ee5c52f8549d6a32c69bdf102 100644 (file)
--- a/kernel/entry/common.c
+++ b/kernel/entry/common.c
@@ -57,8 +57,14 @@ long syscall_trace_enter(struct pt_regs *regs, long syscall,
        /* Either of the above might have changed the syscall number */
        syscall = syscall_get_nr(current, regs);
 
-       if (unlikely(work & SYSCALL_WORK_SYSCALL_TRACEPOINT))
+       if (unlikely(work & SYSCALL_WORK_SYSCALL_TRACEPOINT)) {
                trace_sys_enter(regs, syscall);
+               /*
+                * Probes or BPF hooks in the tracepoint may have changed the
+                * system call number as well.
+                */
+               syscall = syscall_get_nr(current, regs);
+       }
 
        syscall_enter_audit(regs, syscall);