From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=ZThx=H2=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,
	INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0AB3AC433DB
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 24 Feb 2021 22:51:05 +0000 (UTC)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id BA33464F03
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 24 Feb 2021 22:51:04 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BA33464F03
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID:
	Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=3pCznghAV7V4y27nz4rFYigYRklzaVvt/7iIUjdVH2o=; b=A/ep00PAfEXOOr0EVQs/TX5ug
	nQtAkf5y0iIG8RKtw2mDZKQV606clpmPKnu7BhyXAC5w2m8UfV2cazwS4/1cIGRP86S6+hIJTFyl8
	F+3RAvJbWQs25t/KTjhhm9hOn7Mim+xftfZ3/BdHmfJmTf7j8H/3qSqPnJkBzLxWFRvbfC5UyWLzo
	gSAaRF7JEKqNIWulGZwBLS+YGL5eBcEZo7PtMbUWnlpqsH973KvSZnm7GR6h3Ny8Loa/AO+zdepCa
	3f6cqqM4vdzJxhYftG6hPkE8mVsV9Pk8HcTxYOkEVtIveCDKamTEzvcPUJ61BenEPz9QsbjLc2IuT
	WGh+YetdA==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1lF2x6-0006Hf-2r; Wed, 24 Feb 2021 22:48:16 +0000
Received: from mail-pj1-x102d.google.com ([2607:f8b0:4864:20::102d])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1lF2x2-0006H2-IS
 for linux-arm-kernel@lists.infradead.org; Wed, 24 Feb 2021 22:48:14 +0000
Received: by mail-pj1-x102d.google.com with SMTP id b15so2325308pjb.0
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 24 Feb 2021 14:48:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to;
 bh=aOFN/y2PhIFZuTneSge/YD7ChETm8aHL+JKdOsuU9tA=;
 b=SXt7R+/o/E8uP+/e2yDBnojGMApt4UFiRBTLFCqNwaeMlV9Hx7DBnYBnxnBYuJOOza
 rLqCqqewsoEv4kwHwLShdeoZoAg5SfSGMAZzKqFXthdheW9h20VPbrgMl2LAQ9kCqJMW
 0t2fuYGZ3iaBK0Q8sbxp3RvwIDuWYl0Ogkw7k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to;
 bh=aOFN/y2PhIFZuTneSge/YD7ChETm8aHL+JKdOsuU9tA=;
 b=BgKs3rwyR1eXiHJ1ua5brkgMC863SZIk4vSzwM1cNI++mHiEoB5sNIsNqPboViA4Nd
 216bl2NBq59xqOgbl3EvNc2uIpCiCqe7pcRGJi8zWr/5zZSWHDlqMQAm3v9/9zWzhMCs
 2fcS31DACkFrTzBsLN/cUSwdXzIq8UkTxSwKVPfPxpJII0nGDEEU2ZJ/6mYVDwUBhVw3
 oP62XaVZha765xiyM5YiCM9QUBuQsfmUQjG0O2+4H93nmvKJcKdjwSypxsKwFu7l/w6w
 phG2VJK3YtfSs6H1EP7v7Abytu53Xn+YOrlvL18EuE6GT1lSGDJUfXSpI09IZ7h34TQE
 pMKA==
X-Gm-Message-State: AOAM531nKvrBP//asvjs5foNvYHMPMFkykcJMarbcJHKethTDRnu31La
 QZJdKgv51gfTD3nyY+H65/UVVQ==
X-Google-Smtp-Source: ABdhPJwc2KYazXh4xzKLC1wVUhdxko87vCUsdgdqbp/QbUdh6/8sj+OkClb/7fjwemJv76xJ49YwDQ==
X-Received: by 2002:a17:90a:1503:: with SMTP id l3mr128755pja.41.1614206890147; 
 Wed, 24 Feb 2021 14:48:10 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
 by smtp.gmail.com with ESMTPSA id gj24sm3930060pjb.4.2021.02.24.14.48.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 24 Feb 2021 14:48:09 -0800 (PST)
Date: Wed, 24 Feb 2021 14:48:05 -0800
From: Kees Cook <keescook@chromium.org>
To: Sudeep Holla <sudeep.holla@arm.com>, Will Deacon <will@kernel.org>
Subject: Re: [PATCH] arm64: ptrace: Fix seccomp of traced syscall -1
 (NO_SYSCALL)
Message-ID: <202102241444.A8BC2EC3@keescook>
References: <90edd33b-6353-1228-791f-0336d94d5f8c@majoroak.me.uk>
 <20210224144920.jjk46kfgkokk4cck@bogus>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20210224144920.jjk46kfgkokk4cck@bogus>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210224_174812_646456_7EA790E5 
X-CRM114-Status: GOOD (  31.04  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
 Timothy Baldwin <T.E.Baldwin99@members.leeds.ac.uk>,
 Oleg Nesterov <oleg@redhat.com>, linux-arm-kernel@lists.infradead.org,
 Haibo Xu <Haibo.Xu@arm.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On Wed, Feb 24, 2021 at 02:49:20PM +0000, Sudeep Holla wrote:
> On Mon, Jan 18, 2021 at 02:58:58AM +0000, Timothy Baldwin wrote:
> > From c047f549699d31ed91d5ac0cadbcf76a02cd801e Mon Sep 17 00:00:00 2001
> > From: Timothy E Baldwin<T.E.Baldwin99@members.leeds.ac.uk>
> > Date: Sat, 16 Jan 2021 15:18:54 +0000
> > Subject: [PATCH] arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL)
> > 
> > Since commit f086f67485c5 ("arm64: ptrace: add support for syscall
> > emulation"), if system call number -1 is called and the process is being
> > traced with PTRACE_SYSCALL, for example by strace, the seccomp check is
> > skipped and -ENOSYS is returned unconditionally (unless altered by the
> > tracer) rather than carrying out action specified in the seccomp filter.
> > 
> > The consequence of this is that it is not possible to reliably strace
> > a seccomp based implementation of a foreign system call interface in
> > which r7/x8 is permitted to be -1 on entry to a system call.
> > 
> > Also trace_sys_enter and audit_syscall_entry are skipped if a system
> > call is skipped.
> > 
> > Fix by removing the in_syscall(regs) check restoring the previous behaviour
> > which is like AArch32, x86 (which uses generic code) and everything else.
> > 
> 
> Ah, my fault. At the time of timing this I didn't test with seccomp and
> also for some reason IIRC I had assumed the flags SYSCALL_{EMU,TRACE}
> and seccomp calls are mutually exclusive and can't happen together.
> 
> FWIW,
> Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
> 
> Also I ran some minimal tests I have, so
> Tested-by: Sudeep Holla <sudeep.holla@arm.com>
> 
> I have also asked Haibo Xu <Haibo.Xu@arm.com> who help me testing back then
> to test again.

Thanks for catching and fixing this! Does this pass the seccomp selftests?

Reviewed-by: Kees Cook <keescook@chromium.org>

Will, do you want to take this? I don't usually put the arch-specific
seccomp bits through the seccomp tree.

-Kees

> 
> 
> > Fixes: f086f67485c5 ("arm64: ptrace: add support for syscall emulation")
> > Signed-off-by: Timothy E Baldwin<T.E.Baldwin99@members.leeds.ac.uk>
> > Cc: Sudeep Holla<sudeep.holla@arm.com>
> > Cc: Oleg Nesterov <oleg@redhat.com>
> > Cc: Catalin Marinas<catalin.marinas@arm.com>
> > Cc: Will Deacon<will.deacon@arm.com>
> > Cc: Kees Cook<keescook@chromium.org>
> > Cc:stable@vger.kernel.org
> > ---
> >  arch/arm64/kernel/ptrace.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
> > index 8ac487c84e37..1d75471979cb 100644
> > --- a/arch/arm64/kernel/ptrace.c
> > +++ b/arch/arm64/kernel/ptrace.c
> > @@ -1796,7 +1796,7 @@ int syscall_trace_enter(struct pt_regs *regs)
> >  	if (flags & (_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE)) {
> >  		tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
> > -		if (!in_syscall(regs) || (flags & _TIF_SYSCALL_EMU))
> > +		if (flags & _TIF_SYSCALL_EMU)
> >  			return NO_SYSCALL;
> >  	}
> > -- 
> > 2.27.0
> > 
> > The specific implementation of a seccomp based foreign system call interface
> > is my port of RISC OS to Linux, in the spirit User Mode Linux:
> > https://github.com/TimothyEBaldwin/RISC_OS_Linux_Binary
> > 
> > 
> > 
> > _______________________________________________
> > linux-arm-kernel mailing list
> > linux-arm-kernel@lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
> 
> -- 
> Regards,
> Sudeep

-- 
Kees Cook

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel