From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Oleg Nesterov <oleg@redhat.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Kees Cook <keescook@chromium.org>,
Sudeep Holla <sudeep.holla@arm.com>,
Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>,
Will Deacon <will@kernel.org>
Subject: [PATCH 5.4 13/22] arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL)
Date: Mon, 8 Mar 2021 13:30:30 +0100 [thread overview]
Message-ID: <20210308122715.036978550@linuxfoundation.org> (raw)
In-Reply-To: <20210308122714.391917404@linuxfoundation.org>
From: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
commit df84fe94708985cdfb78a83148322bcd0a699472 upstream.
Since commit f086f67485c5 ("arm64: ptrace: add support for syscall
emulation"), if system call number -1 is called and the process is being
traced with PTRACE_SYSCALL, for example by strace, the seccomp check is
skipped and -ENOSYS is returned unconditionally (unless altered by the
tracer) rather than carrying out action specified in the seccomp filter.
The consequence of this is that it is not possible to reliably strace
a seccomp based implementation of a foreign system call interface in
which r7/x8 is permitted to be -1 on entry to a system call.
Also trace_sys_enter and audit_syscall_entry are skipped if a system
call is skipped.
Fix by removing the in_syscall(regs) check restoring the previous
behaviour which is like AArch32, x86 (which uses generic code) and
everything else.
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Catalin Marinas<catalin.marinas@arm.com>
Cc: <stable@vger.kernel.org>
Fixes: f086f67485c5 ("arm64: ptrace: add support for syscall emulation")
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Tested-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
Link: https://lore.kernel.org/r/90edd33b-6353-1228-791f-0336d94d5f8c@majoroak.me.uk
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/ptrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -1844,7 +1844,7 @@ int syscall_trace_enter(struct pt_regs *
if (flags & (_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE)) {
tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
- if (!in_syscall(regs) || (flags & _TIF_SYSCALL_EMU))
+ if (flags & _TIF_SYSCALL_EMU)
return -1;
}
next prev parent reply other threads:[~2021-03-08 12:32 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-08 12:30 [PATCH 5.4 00/22] 5.4.104-rc1 review Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 01/22] tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 02/22] tpm, tpm_tis: Decorate tpm_get_timeouts() " Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 03/22] btrfs: raid56: simplify tracking of Q stripe presence Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 04/22] btrfs: fix raid6 qstripe kmap Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 05/22] btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 06/22] btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 07/22] btrfs: unlock extents in btrfs_zero_range in case of quota reservation errors Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 08/22] btrfs: fix warning when creating a directory with smack enabled Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 09/22] PM: runtime: Update device status before letting suppliers suspend Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 10/22] dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 11/22] dm verity: fix FEC for RS roots unaligned to block size Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 12/22] drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie Greg Kroah-Hartman
2021-03-08 12:30 ` Greg Kroah-Hartman [this message]
2021-03-08 12:30 ` [PATCH 5.4 14/22] crypto - shash: reduce minimum alignment of shash_desc structure Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 15/22] usbip: tools: fix build error for multiple definition Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 16/22] ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 17/22] RDMA/rxe: Fix missing kconfig dependency on CRYPTO Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 18/22] IB/mlx5: Add missing error code Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 19/22] ALSA: hda: intel-nhlt: verify config type Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 20/22] ftrace: Have recordmcount use w8 to read relp->r_info in arm64_is_fake_mcount Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 21/22] rsxx: Return -EFAULT if copy_to_user() fails Greg Kroah-Hartman
2021-03-08 12:30 ` [PATCH 5.4 22/22] r8169: fix resuming from suspend on RTL8105e if machine runs on battery Greg Kroah-Hartman
2021-03-08 16:59 ` [PATCH 5.4 00/22] 5.4.104-rc1 review Florian Fainelli
2021-03-08 17:18 ` Jon Hunter
2021-03-08 22:29 ` Guenter Roeck
2021-03-09 1:59 ` Samuel Zou
2021-03-09 4:59 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210308122715.036978550@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=T.E.Baldwin99@members.leeds.ac.uk \
--cc=catalin.marinas@arm.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=stable@vger.kernel.org \
--cc=sudeep.holla@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox