From: Catalin Marinas <catalin.marinas@arm.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: linux-arm-kernel@lists.infradead.org, weiyuchen3@huawei.com,
will@kernel.org, zhe.he@windriver.com
Subject: Re: [PATCH] arm64: fix compat syscall return truncation
Date: Mon, 2 Aug 2021 17:54:23 +0100 [thread overview]
Message-ID: <20210802165422.GM18685@arm.com> (raw)
In-Reply-To: <20210802104200.21390-1-mark.rutland@arm.com>
On Mon, Aug 02, 2021 at 11:42:00AM +0100, Mark Rutland wrote:
> Due to inconsistencies in the way we manipulate compat GPRs, we have a
> few issues today:
>
> * For audit and tracing, where error codes are handled as a (native)
> long, negative error codes are expected to be sign-extended to the
> native 64-bits, or they may fail to be matched correctly. Thus a
> syscall which fails with an error may erroneously be identified as
> failing.
>
> * For ptrace, *all* compat return values should be sign-extended for
> consistency with 32-bit arm, but we currently only do this for
> negative return codes.
>
> * As we may transiently set the upper 32 bits of some compat GPRs while
> in the kernel, these can be sampled by perf, which is somewhat
> confusing. This means that where a syscall returns a pointer above 2G,
> this will be sign-extended, but will not be mistaken for an error as
> error codes are constrained to the inclusive range [-4096, -1] where
> no user pointer can exists.
>
> To fix all of these, we must consistently use helpers to get/set the
> compat GPRs, ensuring that we never write the upper 32 bits of the
> return code, and always sign-extend when reading the return code. This
> patch does so, with the following changes:
>
> * We re-organise syscall_get_return_value() to always sign-extend for
> compat tasks, and reimplement syscall_get_error() atop. We update
> syscall_trace_exit() to use syscall_get_return_value().
>
> * We consistently use syscall_set_return_value() to set the return
> value, ensureing the upper 32 bits are never set unexpectedly.
>
> * As the core audit code currently uses regs_return_value() rather than
> syscall_get_return_value(), we special-case this for
> compat_user_mode(regs) such that this will do the right thing. Going
> forward, we should try to move the core audit code over to
> syscall_get_return_value().
>
> Signed-off-by: Mark Rutland <mark.rutland@arm.com>
> Reported-by: He Zhe <zhe.he@windriver.com>
> Reported-by: weiyuchen <weiyuchen3@huawei.com>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Will Deacon <will@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
(to the best of my knowledge, I can't guarantee all cases have been
covered)
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-08-02 16:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-02 10:42 [PATCH] arm64: fix compat syscall return truncation Mark Rutland
2021-08-02 16:54 ` Catalin Marinas [this message]
2021-08-03 10:05 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210802165422.GM18685@arm.com \
--to=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=weiyuchen3@huawei.com \
--cc=will@kernel.org \
--cc=zhe.he@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.