From: Purcareata Bogdan <b43198@freescale.com>
To: Michael Ellerman <mpe@ellerman.id.au>,
Bogdan Purcareata <bogdan.purcareata@freescale.com>
Cc: linux-kernel@vger.kernel.org, pmoore@redhat.com,
paulus@samba.org, strosake@linux.vnet.ibm.com,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v2 1/3] powerpc: Don't force ENOSYS as error on syscall fail
Date: Thu, 12 Feb 2015 10:38:32 +0200 [thread overview]
Message-ID: <54DC6688.5080101@freescale.com> (raw)
In-Reply-To: <1423718679.24302.3.camel@ellerman.id.au>
On 12.02.2015 07:24, Michael Ellerman wrote:
> On Wed, 2015-02-11 at 08:36 +0000, Bogdan Purcareata wrote:
>> In certain scenarios - e.g. seccomp filtering with ERRNO as default action -
>> the system call fails for other reasons than the syscall not being available.
>> The seccomp filter can be configured to store a user-defined error code on
>> return from a blacklisted syscall. Don't always set ENOSYS on
>> do_syscall_trace_enter failure.
>>
>> v2:
>> - move setting ENOSYS as errno from the syscall entry assembly to
>> do_syscall_trace_enter, only in the specific case
>
>> diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
>> index 194e46d..0111e04 100644
>> --- a/arch/powerpc/kernel/entry_64.S
>> +++ b/arch/powerpc/kernel/entry_64.S
>> @@ -269,7 +269,6 @@ syscall_dotrace:
>> b .Lsyscall_dotrace_cont
>>
>> syscall_enosys:
>> - li r3,-ENOSYS
>> b syscall_exit
>
>
> This still looks wrong to me.
>
> On 64 bit we do:
>
> CURRENT_THREAD_INFO(r11, r1)
> ld r10,TI_FLAGS(r11)
> andi. r11,r10,_TIF_SYSCALL_DOTRACE
> bne syscall_dotrace
> .Lsyscall_dotrace_cont:
> cmpldi 0,r0,NR_syscalls
> bge- syscall_enosys
> ...
>
> syscall_enosys:
> li r3,-ENOSYS
> b .Lsyscall_exit
>
>
> Your patch removes the load of ENOSYS.
>
> Which means if we're not doing syscall tracing, and we get an out-of-bounds
> syscall number, we'll return with something random on r3. Won't we?
Thanks for pointing this out, you are absolutely right. Perhaps this is
a fix for the issue - on 64 bit:
ld r10,TI_FLAGS(r11)
andi. r11,r10,_TIF_SYSCALL_T_OR_A
bne syscall_dotrace
-.Lsyscall_dotrace_cont:
cmpldi 0,r0,NR_syscalls
bge- syscall_enosys
system_call:
...
syscall_enosys:
li r3,-ENOSYS
b .Lsyscall_exit
...
syscall_dotrace:
...
addi r9,r1,STACK_FRAME_OVERHEAD
CURRENT_THREAD_INFO(r10, r1)
ld r10,TI_FLAGS(r10)
- b .Lsyscall_dotrace_cont
+ cmpldi 0,r0,NR_syscalls
+ bge syscall_exit
+ b system_call
So basically I leave the code for syscall_enosys unchanged, but I keep
using it only when not doing syscall tracing. When doing syscall
tracing, I'm assuming do_syscall_trace_enter will take care of setting
the errno, and should it return an invalid syscall number, go directly
to syscall_exit.
> The 32-bit code looks more or less similar, although the label has a different
> name.
Same thing for 32-bit:
_GLOBAL(DoSyscall)
lwz r11,TI_FLAGS(r10)
andi. r11,r11,_TIF_SYSCALL_T_OR_A
bne- syscall_dotrace
-syscall_dotrace_cont:
cmplwi 0,r0,NR_syscalls
lis r10,sys_call_table@h
ori r10,r10,sys_call_table@l
slwi r0,r0,2
bge 66f
+syscall_dotrace_cont:
lwzx r10,r10,r0 /* Fetch system call handler [ptr] */
mtlr r10
addi r9,r1,STACK_FRAME_OVERHEAD
...
66: li r3,-ENOSYS
b ret_from_syscall
...
syscall_dotrace:
lwz r7,GPR7(r1)
lwz r8,GPR8(r1)
REST_NVGPRS(r1)
+ cmplwi 0,r0,NR_syscalls
+ lis r10,sys_call_table@h
+ ori r10,r10,sys_call_table@l
+ slwi r0,r0,2
+ bge- ret_from_syscall
b syscall_dotrace_cont
However I must admit that I don't like duplicating those 4 lines of code
associated with verifying the syscall number. I can't think of any
better way to do this. I also thought about leaving this check in one
place, and then branch differently according to _TIF_SYSCALL_T_OR_A. Do
you think that would be a better approach?
Thank you,
Bogdan P.
WARNING: multiple messages have this Message-ID (diff)
From: Purcareata Bogdan <b43198@freescale.com>
To: Michael Ellerman <mpe@ellerman.id.au>,
Bogdan Purcareata <bogdan.purcareata@freescale.com>
Cc: <benh@kernel.crashing.org>, <paulus@samba.org>,
<linuxppc-dev@lists.ozlabs.org>, <pmoore@redhat.com>,
<linux-kernel@vger.kernel.org>, <strosake@linux.vnet.ibm.com>
Subject: Re: [PATCH v2 1/3] powerpc: Don't force ENOSYS as error on syscall fail
Date: Thu, 12 Feb 2015 10:38:32 +0200 [thread overview]
Message-ID: <54DC6688.5080101@freescale.com> (raw)
In-Reply-To: <1423718679.24302.3.camel@ellerman.id.au>
On 12.02.2015 07:24, Michael Ellerman wrote:
> On Wed, 2015-02-11 at 08:36 +0000, Bogdan Purcareata wrote:
>> In certain scenarios - e.g. seccomp filtering with ERRNO as default action -
>> the system call fails for other reasons than the syscall not being available.
>> The seccomp filter can be configured to store a user-defined error code on
>> return from a blacklisted syscall. Don't always set ENOSYS on
>> do_syscall_trace_enter failure.
>>
>> v2:
>> - move setting ENOSYS as errno from the syscall entry assembly to
>> do_syscall_trace_enter, only in the specific case
>
>> diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
>> index 194e46d..0111e04 100644
>> --- a/arch/powerpc/kernel/entry_64.S
>> +++ b/arch/powerpc/kernel/entry_64.S
>> @@ -269,7 +269,6 @@ syscall_dotrace:
>> b .Lsyscall_dotrace_cont
>>
>> syscall_enosys:
>> - li r3,-ENOSYS
>> b syscall_exit
>
>
> This still looks wrong to me.
>
> On 64 bit we do:
>
> CURRENT_THREAD_INFO(r11, r1)
> ld r10,TI_FLAGS(r11)
> andi. r11,r10,_TIF_SYSCALL_DOTRACE
> bne syscall_dotrace
> .Lsyscall_dotrace_cont:
> cmpldi 0,r0,NR_syscalls
> bge- syscall_enosys
> ...
>
> syscall_enosys:
> li r3,-ENOSYS
> b .Lsyscall_exit
>
>
> Your patch removes the load of ENOSYS.
>
> Which means if we're not doing syscall tracing, and we get an out-of-bounds
> syscall number, we'll return with something random on r3. Won't we?
Thanks for pointing this out, you are absolutely right. Perhaps this is
a fix for the issue - on 64 bit:
ld r10,TI_FLAGS(r11)
andi. r11,r10,_TIF_SYSCALL_T_OR_A
bne syscall_dotrace
-.Lsyscall_dotrace_cont:
cmpldi 0,r0,NR_syscalls
bge- syscall_enosys
system_call:
...
syscall_enosys:
li r3,-ENOSYS
b .Lsyscall_exit
...
syscall_dotrace:
...
addi r9,r1,STACK_FRAME_OVERHEAD
CURRENT_THREAD_INFO(r10, r1)
ld r10,TI_FLAGS(r10)
- b .Lsyscall_dotrace_cont
+ cmpldi 0,r0,NR_syscalls
+ bge syscall_exit
+ b system_call
So basically I leave the code for syscall_enosys unchanged, but I keep
using it only when not doing syscall tracing. When doing syscall
tracing, I'm assuming do_syscall_trace_enter will take care of setting
the errno, and should it return an invalid syscall number, go directly
to syscall_exit.
> The 32-bit code looks more or less similar, although the label has a different
> name.
Same thing for 32-bit:
_GLOBAL(DoSyscall)
lwz r11,TI_FLAGS(r10)
andi. r11,r11,_TIF_SYSCALL_T_OR_A
bne- syscall_dotrace
-syscall_dotrace_cont:
cmplwi 0,r0,NR_syscalls
lis r10,sys_call_table@h
ori r10,r10,sys_call_table@l
slwi r0,r0,2
bge 66f
+syscall_dotrace_cont:
lwzx r10,r10,r0 /* Fetch system call handler [ptr] */
mtlr r10
addi r9,r1,STACK_FRAME_OVERHEAD
...
66: li r3,-ENOSYS
b ret_from_syscall
...
syscall_dotrace:
lwz r7,GPR7(r1)
lwz r8,GPR8(r1)
REST_NVGPRS(r1)
+ cmplwi 0,r0,NR_syscalls
+ lis r10,sys_call_table@h
+ ori r10,r10,sys_call_table@l
+ slwi r0,r0,2
+ bge- ret_from_syscall
b syscall_dotrace_cont
However I must admit that I don't like duplicating those 4 lines of code
associated with verifying the syscall number. I can't think of any
better way to do this. I also thought about leaving this check in one
place, and then branch differently according to _TIF_SYSCALL_T_OR_A. Do
you think that would be a better approach?
Thank you,
Bogdan P.
next prev parent reply other threads:[~2015-02-12 8:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-11 8:36 [PATCH v2 0/3] powerpc: Enable seccomp filter support Bogdan Purcareata
2015-02-11 8:36 ` Bogdan Purcareata
2015-02-11 8:36 ` [PATCH v2 1/3] powerpc: Don't force ENOSYS as error on syscall fail Bogdan Purcareata
2015-02-11 8:36 ` Bogdan Purcareata
2015-02-12 5:24 ` Michael Ellerman
2015-02-12 5:24 ` Michael Ellerman
2015-02-12 8:38 ` Purcareata Bogdan [this message]
2015-02-12 8:38 ` Purcareata Bogdan
2015-02-11 8:36 ` [PATCH 2/3] powerpc: Relax secure computing on syscall entry trace Bogdan Purcareata
2015-02-11 8:36 ` Bogdan Purcareata
2015-02-11 8:36 ` [PATCH 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER Bogdan Purcareata
2015-02-11 8:36 ` Bogdan Purcareata
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54DC6688.5080101@freescale.com \
--to=b43198@freescale.com \
--cc=bogdan.purcareata@freescale.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=pmoore@redhat.com \
--cc=strosake@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.