From patchwork Fri Mar 5 19:12:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Timothy E Baldwin X-Patchwork-Id: 393590 Delivered-To: patch@linaro.org Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp708109jai; Fri, 5 Mar 2021 11:36:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJwJG3fykKT52JeBz+rj7Tqo88cIRgFA8QxrHWi4945x7yTh+6ktSDn5IpreZGXBmCCoQbR3 X-Received: by 2002:a05:6402:22bb:: with SMTP id cx27mr10656950edb.148.1614972984645; Fri, 05 Mar 2021 11:36:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614972984; cv=none; d=google.com; s=arc-20160816; b=1Fb84s6PxDtZKdDLVi/MLVjE5qaiKQx6+qo2X1nG0wth1kAbkfgTyYfq5kLnoGIQbC 7jFWxUMrAy3NZF/TGLZ/pg2nZKSp+X0Hmz0c48UbI7q39fjUjDbfTftquzrurSV8NVNV ARcjk5FTxAz/cGqfY1K+UTzMpRMiMFkNH+vTVmffpF7H3JeGYXzZAHG8gYHOEr2MO+ni szdlYniP7f1Sav12ZtMLvmUCV2aNLJqJcdVSY+Aau38/j1lwariORTIr1augkAfmTtQJ ykDqN5m36clwI+MZdcVfJWmOmHVjnomXTJd0Wifk5bUJoB3uFuDUZYcEp/p+eee/apBh SJrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=fNj8NYcf7Px9yGJS6mFKujckCNgJ6vf2/9pl9FUCTgo=; b=m3Szc61JgOFRnKghzAHM+dBWAV1mXoX3Kk0RBhighSC11rOQN8nG1juzXSoQUqT3pC n+qyPBftl+m/iu7VFqulAkPafgAODmyQ7uF6h81diuald8I3av6vMVWPkpRhjlFb8cOB yTFTW30augK7ep+M/Nf8GWaGEpl6C3iPuEDtwIWjwr+K76e4N2isdBAxnbVVcluiAuGH +GGZ2ZF80c6pXsLF0p49KHayx3pYiAUMHXGnN5HeUyAKglcOcS5SHMcsjq4DnZNqerMM JWizJGg4RXey6xBGNcs0SBSH4vzG32aNB9c6Z4vtjaVRCmyptV5bUyx+1Co6uX4/8zN5 dOrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@majoroak.me.uk header.s=default header.b=zC4Jjlxt; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=leeds.ac.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s10si1891882ejy.131.2021.03.05.11.36.24; Fri, 05 Mar 2021 11:36:24 -0800 (PST) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@majoroak.me.uk header.s=default header.b=zC4Jjlxt; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=leeds.ac.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229517AbhCETfv (ORCPT + 13 others); Fri, 5 Mar 2021 14:35:51 -0500 Received: from svr21.theemailshop.co.uk ([185.119.110.12]:45706 "EHLO svr21.theemailshop.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229592AbhCETfZ (ORCPT ); Fri, 5 Mar 2021 14:35:25 -0500 X-Greylist: delayed 1391 seconds by postgrey-1.27 at vger.kernel.org; Fri, 05 Mar 2021 14:35:25 EST DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=majoroak.me.uk; s=default; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=fNj8NYcf7Px9yGJS6mFKujckCNgJ6vf2/9pl9FUCTgo=; b=zC4JjlxtGYF31xHENDAjbncA/s YwPZuamSk+EukdxXzYkhhtO8A9j7eVyMlygL2EQZhQ+9GvE8xR1XOnftbCH+Yj2y0rk51lURzOydB 2l9D0Ghl/tmWpCq91jiDwRZYJOE1EiNv0bi7thh7I9/a/Eo2IVUrRxhgB7iZVztNsYtu2mtrQ1v68 O6ZYVXcWVBnwgtA/+GTApJ9hYn4Q0czM01Y2Sfbu1S15GtVzV/zQeg5xTR5m8v2ff2qQyKWzBiPwG aICN/mCxeoNJNEeODenCTbrNaWQAmOAe3t+DlmcOBT5VxUJTE0G0W+fcV/X8RcabRnx5FyF1yOVkD 5Kq/we5w==; Received: from [31.132.33.241] (port=54168 helo=localhost.localdomain) by svr21.theemailshop.co.uk with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1lIFrp-0009jP-Sm; Fri, 05 Mar 2021 19:12:05 +0000 From: Timothy E Baldwin To: tim@majoroak.me.uk Cc: Timothy E Baldwin , Oleg Nesterov , Catalin Marinas , stable@vger.kernel.org, Kees Cook , Sudeep Holla Subject: [PATCH] arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) Date: Fri, 5 Mar 2021 19:12:05 +0000 Message-Id: <20210305191205.2239589-1-T.E.Baldwin99@members.leeds.ac.uk> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210301131000.avqjoi4vousakiq2@bogus> References: <20210301131000.avqjoi4vousakiq2@bogus> MIME-Version: 1.0 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - svr21.theemailshop.co.uk X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - members.leeds.ac.uk X-Get-Message-Sender-Via: svr21.theemailshop.co.uk: authenticated_id: tim@majoroak.me.uk X-Authenticated-Sender: svr21.theemailshop.co.uk: tim@majoroak.me.uk X-Source: X-Source-Args: X-Source-Dir: Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org commit df84fe94708985cdfb78a83148322bcd0a699472 upstream. Backported to Linux 5.4 by changing "return NO_SYSCALL" to "return -1" in patch context. Since commit f086f67485c5 ("arm64: ptrace: add support for syscall emulation"), if system call number -1 is called and the process is being traced with PTRACE_SYSCALL, for example by strace, the seccomp check is skipped and -ENOSYS is returned unconditionally (unless altered by the tracer) rather than carrying out action specified in the seccomp filter. The consequence of this is that it is not possible to reliably strace a seccomp based implementation of a foreign system call interface in which r7/x8 is permitted to be -1 on entry to a system call. Also trace_sys_enter and audit_syscall_entry are skipped if a system call is skipped. Fix by removing the in_syscall(regs) check restoring the previous behaviour which is like AArch32, x86 (which uses generic code) and everything else. Cc: Oleg Nesterov Cc: Catalin Marinas Cc: Fixes: f086f67485c5 ("arm64: ptrace: add support for syscall emulation") Reviewed-by: Kees Cook Reviewed-by: Sudeep Holla Tested-by: Sudeep Holla Signed-off-by: Timothy E Baldwin Link: https://lore.kernel.org/r/90edd33b-6353-1228-791f-0336d94d5f8c@majoroak.me.uk Signed-off-by: Will Deacon Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/ptrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.27.0 diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 30b877f8b85e..0cfd68577489 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -1844,7 +1844,7 @@ int syscall_trace_enter(struct pt_regs *regs) if (flags & (_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE)) { tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); - if (!in_syscall(regs) || (flags & _TIF_SYSCALL_EMU)) + if (flags & _TIF_SYSCALL_EMU) return -1; }