Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <greg@kroah.com>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: stable <stable@vger.kernel.org>,
	linux-mips@linux-mips.org, Ralf Baechle <ralf@linux-mips.org>,
	751417@bugs.debian.org, team@security.debian.org,
	Plamen Alexandrov <plamen@aomeda.com>,
	Markos Chandras <markos.chandras@imgtec.com>
Subject: Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
Date: Thu, 12 Jun 2014 14:59:47 -0700	[thread overview]
Message-ID: <20140612215947.GA8176@kroah.com> (raw)
In-Reply-To: <1402607459.31756.58.camel@deadeye.wl.decadent.org.uk>

On Thu, Jun 12, 2014 at 10:10:59PM +0100, Ben Hutchings wrote:
> On Thu, 2014-06-12 at 14:05 -0700, Greg KH wrote:
> > On Thu, Jun 12, 2014 at 02:03:23PM -0700, Greg KH wrote:
> > > On Thu, Jun 12, 2014 at 09:21:41PM +0100, Ben Hutchings wrote:
> > > > On Thu, 2014-06-12 at 20:36 +0100, Ben Hutchings wrote:
> > > > > Control: tag -1 security upstream patch moreinfo
> > > > > Control: severity -1 grave
> > > > > Control: found -1 3.14.5-1
> > > > 
> > > > Aurelien Jarno pointed out this appears to be fixed upstream in 3.15:
> > > > 
> > > > commit 137f7df8cead00688524c82360930845396b8a21
> > > > Author: Markos Chandras <markos.chandras@imgtec.com>
> > > > Date:   Wed Jan 22 14:40:00 2014 +0000
> > > > 
> > > >     MIPS: asm: thread_info: Add _TIF_SECCOMP flag
> > > > 
> > > > It looks like this can be cherry-picked cleanly onto stable branches for
> > > > 3.13 and 3.14.  For 3.11 and 3.12, it will need trivial adjustment.
> > > > 
> > > > For branches older than 3.11, this needs to be cherry-picked first:
> > > > 
> > > > commit e7f3b48af7be9f8007a224663a5b91340626fed5
> > > > Author: Ralf Baechle <ralf@linux-mips.org>
> > > > Date:   Wed May 29 01:02:18 2013 +0200
> > > > 
> > > >     MIPS: Cleanup flags in syscall flags handlers.
> > > 
> > > It also needs parts of 1d7bf993e0731b4ac790667c196b2a2d787f95c3 (MIPS:
> > > ftrace: Add support for syscall tracepoints.) to apply properly to stuff
> > > older than 3.11.  But, I'm not so sure that is good to apply as that is
> > > a whole new feature.
> > > 
> > > So I think I'll just do this "by hand" to get it to work properly...
> > 
> > Wait, no, SECCOMP for MIPS isn't even in 3.10 or older kernels, so why
> > is this a 3.2 issue?  Did you add it there to your kernel for some
> > reason?
> 
> Seccomp mode 2 (i.e. filtering with BPF) was only just implenented for
> MIPS in 3.15.  Mode 1 (fixed set of syscalls) was implemented long ago.

Really?  I don't see _TIF_SECCOMP in the mips asm files in 3.10.  I
don't feel comfortable backporting it to 3.10 or 3.4, are you going to
do that for 3.2?

> (If prctl(PR_SET_SECCOMP) could return success when CONFIG_SECCOMP is
> not enabled, that would be even worse!)

True, but this seems to have always been broken, right?  :)

thanks,

greg k-h

next prev parent reply	other threads:[~2014-06-12 21:56 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20140612161903.32229.20589.reportbug@debian-mips."">
     [not found] ` <1402601767.31756.38.camel@deadeye.wl.decadent.org.uk>
2014-06-12 20:21   ` Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS Ben Hutchings
2014-06-12 21:03     ` Greg KH
2014-06-12 21:05       ` Greg KH
2014-06-12 21:10         ` Ben Hutchings
2014-06-12 21:59           ` Greg KH [this message]
2014-06-15 20:01             ` Ben Hutchings
2014-06-23  9:19     ` Luis Henriques

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140612215947.GA8176@kroah.com \
    --to=greg@kroah.com \
    --cc=751417@bugs.debian.org \
    --cc=ben@decadent.org.uk \
    --cc=linux-mips@linux-mips.org \
    --cc=markos.chandras@imgtec.com \
    --cc=plamen@aomeda.com \
    --cc=ralf@linux-mips.org \
    --cc=stable@vger.kernel.org \
    --cc=team@security.debian.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.