From: Purcareata Bogdan <b43198@freescale.com>
To: Michael Ellerman <mpe@ellerman.id.au>,
Bogdan Purcareata <bogdan.purcareata@freescale.com>
Cc: linux-kernel@vger.kernel.org, pmoore@redhat.com,
paulus@samba.org, strosake@linux.vnet.ibm.com,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [RFC][PATCH 1/3] powerpc: Don't force ENOSYS as error on syscall fail
Date: Wed, 11 Feb 2015 09:59:25 +0200 [thread overview]
Message-ID: <54DB0BDD.2010807@freescale.com> (raw)
In-Reply-To: <1423623845.12568.1.camel@ellerman.id.au>
On 11.02.2015 05:04, Michael Ellerman wrote:
> On Mon, 2015-02-09 at 07:55 +0000, Bogdan Purcareata wrote:
>> In certain scenarios - e.g. seccomp filtering with ERRNO as default action -
>> the system call fails for other reasons than the syscall not being available.
>> The seccomp filter can be configured to store a user-defined error code on
>> return from a blacklisted syscall.
>>
>> The RFC is this: are there currently any user-space scenarios where it is
>> required that the system call return ENOSYS as error code on failure, no matter
>> the circumstances? I don't want to break userspace requirements. I have not
>> added code to force this error code in situations different than
>> secure_computing failure, in order to keep overhead at a minimum.
>>
>> Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
>> ---
>> arch/powerpc/kernel/entry_32.S | 3 ++-
>> arch/powerpc/kernel/entry_64.S | 2 +-
>> 2 files changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
>> index 59848e5..52e48dd 100644
>> --- a/arch/powerpc/kernel/entry_32.S
>> +++ b/arch/powerpc/kernel/entry_32.S
>> @@ -425,7 +425,8 @@ END_FTR_SECTION_IFSET(CPU_FTR_NEED_PAIRED_STWCX)
>> b 1b
>> #endif /* CONFIG_44x */
>>
>> -66: li r3,-ENOSYS
>> +66:
>> +# li r3,-ENOSYS
>> b ret_from_syscall
>>
>> .globl ret_from_fork
>> diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
>> index e6bfe8e..80db02e 100644
>> --- a/arch/powerpc/kernel/entry_64.S
>> +++ b/arch/powerpc/kernel/entry_64.S
>> @@ -269,7 +269,7 @@ syscall_dotrace:
>> b .Lsyscall_dotrace_cont
>>
>> syscall_enosys:
>> - li r3,-ENOSYS
>> +# li r3,-ENOSYS
>> b syscall_exit
>
> So what happens if you call this with a syscall number that's out of bounds?
As far as my current understanding goes, the call will return with -1
with a errno that's undefined (or I've not seen it be defined anywhere).
I've thought more about this, and I guess the best option would be to
move setting -ENOSYS as errno from the syscall entry assembly to
do_syscall_trace_enter (as opposed to eliminating it at all). I was a
little reluctant to do this at first in order to keep overhead to a
minimum, but it's certainly not an option to change behavior if the
syscall number is out of bounds.
v2 to come shortly.
Thanks,
Bogdan P.
WARNING: multiple messages have this Message-ID (diff)
From: Purcareata Bogdan <b43198@freescale.com>
To: Michael Ellerman <mpe@ellerman.id.au>,
Bogdan Purcareata <bogdan.purcareata@freescale.com>
Cc: <benh@kernel.crashing.org>, <paulus@samba.org>,
<linuxppc-dev@lists.ozlabs.org>, <pmoore@redhat.com>,
<linux-kernel@vger.kernel.org>, <strosake@linux.vnet.ibm.com>
Subject: Re: [RFC][PATCH 1/3] powerpc: Don't force ENOSYS as error on syscall fail
Date: Wed, 11 Feb 2015 09:59:25 +0200 [thread overview]
Message-ID: <54DB0BDD.2010807@freescale.com> (raw)
In-Reply-To: <1423623845.12568.1.camel@ellerman.id.au>
On 11.02.2015 05:04, Michael Ellerman wrote:
> On Mon, 2015-02-09 at 07:55 +0000, Bogdan Purcareata wrote:
>> In certain scenarios - e.g. seccomp filtering with ERRNO as default action -
>> the system call fails for other reasons than the syscall not being available.
>> The seccomp filter can be configured to store a user-defined error code on
>> return from a blacklisted syscall.
>>
>> The RFC is this: are there currently any user-space scenarios where it is
>> required that the system call return ENOSYS as error code on failure, no matter
>> the circumstances? I don't want to break userspace requirements. I have not
>> added code to force this error code in situations different than
>> secure_computing failure, in order to keep overhead at a minimum.
>>
>> Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
>> ---
>> arch/powerpc/kernel/entry_32.S | 3 ++-
>> arch/powerpc/kernel/entry_64.S | 2 +-
>> 2 files changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
>> index 59848e5..52e48dd 100644
>> --- a/arch/powerpc/kernel/entry_32.S
>> +++ b/arch/powerpc/kernel/entry_32.S
>> @@ -425,7 +425,8 @@ END_FTR_SECTION_IFSET(CPU_FTR_NEED_PAIRED_STWCX)
>> b 1b
>> #endif /* CONFIG_44x */
>>
>> -66: li r3,-ENOSYS
>> +66:
>> +# li r3,-ENOSYS
>> b ret_from_syscall
>>
>> .globl ret_from_fork
>> diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
>> index e6bfe8e..80db02e 100644
>> --- a/arch/powerpc/kernel/entry_64.S
>> +++ b/arch/powerpc/kernel/entry_64.S
>> @@ -269,7 +269,7 @@ syscall_dotrace:
>> b .Lsyscall_dotrace_cont
>>
>> syscall_enosys:
>> - li r3,-ENOSYS
>> +# li r3,-ENOSYS
>> b syscall_exit
>
> So what happens if you call this with a syscall number that's out of bounds?
As far as my current understanding goes, the call will return with -1
with a errno that's undefined (or I've not seen it be defined anywhere).
I've thought more about this, and I guess the best option would be to
move setting -ENOSYS as errno from the syscall entry assembly to
do_syscall_trace_enter (as opposed to eliminating it at all). I was a
little reluctant to do this at first in order to keep overhead to a
minimum, but it's certainly not an option to change behavior if the
syscall number is out of bounds.
v2 to come shortly.
Thanks,
Bogdan P.
next prev parent reply other threads:[~2015-02-11 7:59 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-09 7:55 [PATCH 0/3] powerpc: Enable seccomp filter support Bogdan Purcareata
2015-02-09 7:55 ` Bogdan Purcareata
2015-02-09 7:55 ` [RFC][PATCH 1/3] powerpc: Don't force ENOSYS as error on syscall fail Bogdan Purcareata
2015-02-09 7:55 ` Bogdan Purcareata
2015-02-09 8:56 ` Purcareata Bogdan
2015-02-09 8:56 ` Purcareata Bogdan
2015-02-11 3:04 ` Michael Ellerman
2015-02-11 3:04 ` Michael Ellerman
2015-02-11 7:59 ` Purcareata Bogdan [this message]
2015-02-11 7:59 ` Purcareata Bogdan
2015-02-09 7:55 ` [PATCH 2/3] powerpc: Relax secure computing on syscall entry trace Bogdan Purcareata
2015-02-09 7:55 ` Bogdan Purcareata
2015-02-09 7:55 ` [PATCH] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER Bogdan Purcareata
2015-02-09 7:55 ` Bogdan Purcareata
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54DB0BDD.2010807@freescale.com \
--to=b43198@freescale.com \
--cc=bogdan.purcareata@freescale.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=pmoore@redhat.com \
--cc=strosake@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.