Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757990AbaGQW37 (ORCPT ); Thu, 17 Jul 2014 18:29:59 -0400 Received: from mail-oa0-f46.google.com ([209.85.219.46]:36469 "EHLO mail-oa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752829AbaGQW36 (ORCPT ); Thu, 17 Jul 2014 18:29:58 -0400 MIME-Version: 1.0 Date: Thu, 17 Jul 2014 15:29:57 -0700 X-Google-Sender-Auth: NgsoIT7dFzFxC9ZjdvZBTKzELf8 Message-ID: Subject: MIPS seccomp and changing syscalls From: Kees Cook To: Markos Chandras Cc: James Hogan , Paul Burton , Linux MIPS Mailing List , Ralf Baechle , LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, I recently fixed a bug in seccomp on ARM that I think may be present in the MIPS implementation too. In arch/mips/kernel/ptrace.c syscall_trace_enter, the syscall variable is used (and returned), but the syscall may be changed by either secure_computing or tracehook_report_syscall_entry (via ptracers which can block and change the registers). (I would note that "ret" is also set but never used, so tracehook_report_syscall_entry failures actually won't get noticed.) The discussion about this bug on ARM is here: https://lkml.org/lkml/2014/6/20/439 I don't yet have a working MIPS environment to test this on, but it feels like the same bug. (Though, for testing, what's the right way to change syscall during PTRACE_SYSCALL? On x86 it's the orig_ax register, on ARM it's a arch-specific ptrace function (PTRACE_SET_SYSCALL). Thanks! -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/