|
Mian Yousaf Kaukab |
e55a09 |
From: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
|
|
Mian Yousaf Kaukab |
e55a09 |
Date: Sat, 16 Jan 2021 15:18:54 +0000
|
|
Mian Yousaf Kaukab |
e55a09 |
Subject: arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL)
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
Git-commit: df84fe94708985cdfb78a83148322bcd0a699472
|
|
Mian Yousaf Kaukab |
e55a09 |
Patch-mainline: v5.12-rc1
|
|
Mian Yousaf Kaukab |
e55a09 |
References: git-fixes
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
Since commit f086f67485c5 ("arm64: ptrace: add support for syscall
|
|
Mian Yousaf Kaukab |
e55a09 |
emulation"), if system call number -1 is called and the process is being
|
|
Mian Yousaf Kaukab |
e55a09 |
traced with PTRACE_SYSCALL, for example by strace, the seccomp check is
|
|
Mian Yousaf Kaukab |
e55a09 |
skipped and -ENOSYS is returned unconditionally (unless altered by the
|
|
Mian Yousaf Kaukab |
e55a09 |
tracer) rather than carrying out action specified in the seccomp filter.
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
The consequence of this is that it is not possible to reliably strace
|
|
Mian Yousaf Kaukab |
e55a09 |
a seccomp based implementation of a foreign system call interface in
|
|
Mian Yousaf Kaukab |
e55a09 |
which r7/x8 is permitted to be -1 on entry to a system call.
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
Also trace_sys_enter and audit_syscall_entry are skipped if a system
|
|
Mian Yousaf Kaukab |
e55a09 |
call is skipped.
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
Fix by removing the in_syscall(regs) check restoring the previous
|
|
Mian Yousaf Kaukab |
e55a09 |
behaviour which is like AArch32, x86 (which uses generic code) and
|
|
Mian Yousaf Kaukab |
e55a09 |
everything else.
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
Cc: Oleg Nesterov <oleg@redhat.com>
|
|
Mian Yousaf Kaukab |
e55a09 |
Cc: Catalin Marinas<catalin.marinas@arm.com>
|
|
Mian Yousaf Kaukab |
e55a09 |
Cc: <stable@vger.kernel.org>
|
|
Mian Yousaf Kaukab |
e55a09 |
Fixes: f086f67485c5 ("arm64: ptrace: add support for syscall emulation")
|
|
Mian Yousaf Kaukab |
e55a09 |
Reviewed-by: Kees Cook <keescook@chromium.org>
|
|
Mian Yousaf Kaukab |
e55a09 |
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
|
|
Mian Yousaf Kaukab |
e55a09 |
Tested-by: Sudeep Holla <sudeep.holla@arm.com>
|
|
Mian Yousaf Kaukab |
e55a09 |
Signed-off-by: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
|
|
Mian Yousaf Kaukab |
e55a09 |
Link: https://lore.kernel.org/r/90edd33b-6353-1228-791f-0336d94d5f8c@majoroak.me.uk
|
|
Mian Yousaf Kaukab |
e55a09 |
Signed-off-by: Will Deacon <will@kernel.org>
|
|
Mian Yousaf Kaukab |
e55a09 |
Signed-off-by: Mian Yousaf Kaukab <ykaukab@suse.de>
|
|
Mian Yousaf Kaukab |
e55a09 |
---
|
|
Mian Yousaf Kaukab |
e55a09 |
arch/arm64/kernel/ptrace.c | 2 +-
|
|
Mian Yousaf Kaukab |
e55a09 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
|
|
Mian Yousaf Kaukab |
e55a09 |
index 3d5c8afca75b..170f42fd6101 100644
|
|
Mian Yousaf Kaukab |
e55a09 |
--- a/arch/arm64/kernel/ptrace.c
|
|
Mian Yousaf Kaukab |
e55a09 |
+++ b/arch/arm64/kernel/ptrace.c
|
|
Mian Yousaf Kaukab |
e55a09 |
@@ -1797,7 +1797,7 @@ int syscall_trace_enter(struct pt_regs *regs)
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
if (flags & (_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE)) {
|
|
Mian Yousaf Kaukab |
e55a09 |
tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
|
|
Mian Yousaf Kaukab |
e55a09 |
- if (!in_syscall(regs) || (flags & _TIF_SYSCALL_EMU))
|
|
Mian Yousaf Kaukab |
e55a09 |
+ if (flags & _TIF_SYSCALL_EMU)
|
|
Mian Yousaf Kaukab |
e55a09 |
return NO_SYSCALL;
|
|
Mian Yousaf Kaukab |
e55a09 |
}
|
|
Mian Yousaf Kaukab |
e55a09 |
|
|
Mian Yousaf Kaukab |
e55a09 |
--
|
|
Mian Yousaf Kaukab |
e55a09 |
2.26.2
|
|
Mian Yousaf Kaukab |
e55a09 |
|