[PATCH v3 1/2] vsyscall: allow seccomp in vsyscall=emulate

If a seccomp filter program is installed, older static binaries and
distributions with older libc implementations (glibc 2.13 and earlier)
that rely on vsyscall use will be terminated regardless of the filter
program policy when executing time, gettimeofday, or getcpu.  This is
only the case when vsyscall emulation is in use (vsyscall=emulate is the
default).

This patch emulates system call entry inside a vsyscall=emulate by
populating regs->ax and regs->orig_ax with the system call number prior
to calling into seccomp such that all seccomp-dependencies function
normally.  Additionally, system call return behavior is emulated in line
with other vsyscall entrypoints for the trace/trap cases.

Note, v3 adds support for a ptracer to skip and emulate vsyscalls. This
is not required behavior but the documentation should reflect the behavior
for whichever is preferred (v2 or v3).

Reported-by: Owen Kibel <qmewlo <at> gmail.com>
Signed-off-by: Will Drewry <wad <at> chromium.org>

v3: - allow ptrace orig_ax changes to skip the syscall since changing it is not
      an option. (result of discussions with luto)
    - ensure ptrace register modification doesn't change return behavior taking
      the "normal" return path
    - add some comments
v2: - fixed ip and sp on SECCOMP_RET_TRAP/ERRNO (thanks to luto <at> mit.edu)
---
 arch/x86/kernel/vsyscall_64.c |   42 +++++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)