From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Huacai Chen <chenhuacai@loongson.cn>
Subject: [PATCH 6.6 04/67] LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h
Date: Thu, 15 Aug 2024 15:25:18 +0200 [thread overview]
Message-ID: <20240815131838.486320821@linuxfoundation.org> (raw)
In-Reply-To: <20240815131838.311442229@linuxfoundation.org>
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhuacai@loongson.cn>
commit 7697a0fe0154468f5df35c23ebd7aa48994c2cdc upstream.
Chromium sandbox apparently wants to deny statx [1] so it could properly
inspect arguments after the sandboxed process later falls back to fstat.
Because there's currently not a "fd-only" version of statx, so that the
sandbox has no way to ensure the path argument is empty without being
able to peek into the sandboxed process's memory. For architectures able
to do newfstatat though, glibc falls back to newfstatat after getting
-ENOSYS for statx, then the respective SIGSYS handler [2] takes care of
inspecting the path argument, transforming allowed newfstatat's into
fstat instead which is allowed and has the same type of return value.
But, as LoongArch is the first architecture to not have fstat nor
newfstatat, the LoongArch glibc does not attempt falling back at all
when it gets -ENOSYS for statx -- and you see the problem there!
Actually, back when the LoongArch port was under review, people were
aware of the same problem with sandboxing clone3 [3], so clone was
eventually kept. Unfortunately it seemed at that time no one had noticed
statx, so besides restoring fstat/newfstatat to LoongArch uapi (and
postponing the problem further), it seems inevitable that we would need
to tackle seccomp deep argument inspection.
However, this is obviously a decision that shouldn't be taken lightly,
so we just restore fstat/newfstatat by defining __ARCH_WANT_NEW_STAT
in unistd.h. This is the simplest solution for now, and so we hope the
community will tackle the long-standing problem of seccomp deep argument
inspection in the future [4][5].
Also add "newstat" to syscall_abis_64 in Makefile.syscalls due to
upstream asm-generic changes.
More infomation please reading this thread [6].
[1] https://chromium-review.googlesource.com/c/chromium/src/+/2823150
[2] https://chromium.googlesource.com/chromium/src/sandbox/+/c085b51940bd/linux/seccomp-bpf-helpers/sigsys_handlers.cc#355
[3] https://lore.kernel.org/linux-arch/20220511211231.GG7074@brightrain.aerifal.cx/
[4] https://lwn.net/Articles/799557/
[5] https://lpc.events/event/4/contributions/560/attachments/397/640/deep-arg-inspection.pdf
[6] https://lore.kernel.org/loongarch/20240226-granit-seilschaft-eccc2433014d@brauner/T/#t
Cc: stable@vger.kernel.org
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/loongarch/include/uapi/asm/unistd.h | 1 +
1 file changed, 1 insertion(+)
--- a/arch/loongarch/include/uapi/asm/unistd.h
+++ b/arch/loongarch/include/uapi/asm/unistd.h
@@ -1,4 +1,5 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#define __ARCH_WANT_NEW_STAT
#define __ARCH_WANT_SYS_CLONE
#define __ARCH_WANT_SYS_CLONE3
next prev parent reply other threads:[~2024-08-15 14:07 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-15 13:25 [PATCH 6.6 00/67] 6.6.47-rc1 review Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 01/67] exec: Fix ToCToU between perm check and set-uid/gid usage Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 02/67] ASoC: topology: Clean up route loading Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 03/67] ASoC: topology: Fix route memory corruption Greg Kroah-Hartman
2024-08-15 13:25 ` Greg Kroah-Hartman [this message]
2024-08-15 13:25 ` [PATCH 6.6 05/67] NFSD: Rewrite synopsis of nfsd_percpu_counters_init() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 06/67] NFSD: Fix frame size warning in svc_export_parse() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 07/67] sunrpc: dont change ->sv_stats if it doesnt exist Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 08/67] nfsd: stop setting ->pg_stats for unused stats Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 09/67] sunrpc: pass in the sv_stats struct through svc_create_pooled Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 10/67] sunrpc: remove ->pg_stats from svc_program Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 11/67] sunrpc: use the struct net as the svc proc private Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 12/67] nfsd: rename NFSD_NET_* to NFSD_STATS_* Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 13/67] nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 14/67] nfsd: make all of the nfsd stats per-network namespace Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 15/67] nfsd: remove nfsd_stats, make th_cnt a global counter Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 16/67] nfsd: make svc_stat per-network namespace instead of global Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 17/67] mm: gup: stop abusing try_grab_folio Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 18/67] nvme/pci: Add APST quirk for Lenovo N60z laptop Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 19/67] genirq/cpuhotplug: Skip suspended interrupts when restoring affinity Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 20/67] genirq/cpuhotplug: Retry with cpu_online_mask when migration fails Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 21/67] cgroup: Make operations on the cgroup root_list RCU safe Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 22/67] tcp_metrics: optimize tcp_metrics_flush_all() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 23/67] wifi: mac80211: take wiphy lock for MAC addr change Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 24/67] wifi: mac80211: fix change_address deadlock during unregister Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 25/67] fs: Convert to bdev_open_by_dev() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 26/67] jfs: " Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 27/67] jfs: fix log->bdev_handle null ptr deref in lbmStartIO Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 28/67] net: dont dump stack on queue timeout Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 29/67] jfs: fix shift-out-of-bounds in dbJoin Greg Kroah-Hartman
2024-08-15 14:13 ` Dave Kleikamp
2024-08-15 14:19 ` Greg Kroah-Hartman
2024-08-15 16:24 ` Dave Kleikamp
2024-08-15 13:25 ` [PATCH 6.6 30/67] squashfs: squashfs_read_data need to check if the length is 0 Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 31/67] Squashfs: fix variable overflow triggered by sysbot Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 32/67] reiserfs: fix uninit-value in comp_keys Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 33/67] erofs: avoid debugging output for (de)compressed data Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 34/67] net: tls, add test to capture error on large splice Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 35/67] Input: bcm5974 - check endpoint type before starting traffic Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 36/67] quota: Detect loops in quota tree Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 37/67] net:rds: Fix possible deadlock in rds_message_put Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 38/67] net: sctp: fix skb leak in sctp_inq_free() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 39/67] pppoe: Fix memory leak in pppoe_sendmsg() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 40/67] bpf: Replace bpf_lpm_trie_key 0-length array with flexible array Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 41/67] bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 42/67] fs: Annotate struct file_handle with __counted_by() and use struct_size() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 43/67] mISDN: fix MISDN_TIME_STAMP handling Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 44/67] net: add copy_safe_from_sockptr() helper Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.6 45/67] nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 46/67] Bluetooth: RFCOMM: Fix not validating setsockopt user input Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 47/67] ext4: fold quota accounting into ext4_xattr_inode_lookup_create() Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 48/67] ext4: do not create EA inode under buffer lock Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 49/67] mm/page_table_check: support userfault wr-protect entries Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 50/67] wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 51/67] ext4: convert ext4_da_do_write_end() to take a folio Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 52/67] ext4: sanity check for NULL pointer after ext4_force_shutdown Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 53/67] bpf, net: Use DEV_STAT_INC() Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 54/67] f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 55/67] f2fs: fix to cover read extent cache access with lock Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 56/67] fou: remove warn in gue_gro_receive on unsupported protocol Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 57/67] jfs: fix null ptr deref in dtInsertEntry Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 58/67] jfs: Fix shift-out-of-bounds in dbDiscardAG Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 59/67] fs/ntfs3: Do copy_to_user out of run_lock Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 60/67] ALSA: usb: Fix UBSAN warning in parse_audio_unit() Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 61/67] binfmt_flat: Fix corruption when not offsetting data start Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 62/67] Revert "jfs: fix shift-out-of-bounds in dbJoin" Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 63/67] Revert "Input: bcm5974 - check endpoint type before starting traffic" Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 64/67] mm/debug_vm_pgtable: drop RANDOM_ORVALUE trick Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 65/67] cgroup: Move rcu_head up near the top of cgroup_root Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 66/67] KVM: arm64: Dont defer TLB invalidation when zapping table entries Greg Kroah-Hartman
2024-08-15 13:26 ` [PATCH 6.6 67/67] KVM: arm64: Dont pass a TLBI level hint " Greg Kroah-Hartman
2024-08-15 19:35 ` [PATCH 6.6 00/67] 6.6.47-rc1 review ChromeOS Kernel Stable Merge
2024-08-15 19:46 ` Peter Schneider
2024-08-15 21:59 ` Florian Fainelli
2024-08-16 8:47 ` Anders Roxell
2024-08-16 11:24 ` Mark Brown
2024-08-16 11:56 ` Takeshi Ogasawara
2024-08-16 19:47 ` Jon Hunter
2024-08-16 20:40 ` Ron Economos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240815131838.486320821@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=chenhuacai@loongson.cn \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox