Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp10957481imu; Thu, 6 Dec 2018 09:16:25 -0800 (PST) X-Google-Smtp-Source: AFSGD/VCqfLlsJLjLqomwCI2rl9oL4inCZhiKHrl1hijcEg4nM6VbS6CY/2qjWMu2iHcbqjpSQeU X-Received: by 2002:a62:fb07:: with SMTP id x7mr2482278pfm.71.1544116585546; Thu, 06 Dec 2018 09:16:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544116585; cv=none; d=google.com; s=arc-20160816; b=rRlkbQ7oHJL3R1pUd30RWKVXqYibRIcJdoKF0j2LYfyvsO91PK33pT3h+Rb04oPIPn SwQdliOZXWG+m0B29KSDFqBYMD5XjOoMqCaqVTBlGx1gUNHGLfCU5aLuPnWLLOXIM0vc PvlNWZ9aj53e+sbTeMmpLEQO3hJaVCLy73U8LmimO0GZHedsWHRMwwQ1UYTIQVUWUk6E MFkJjYaO3H7TB5V3fHDzyheVGLoWnwg/qI41k9BmJ00qTTbr9Z+pS5lbTsX7X5xfHR1g Reo5nhON9lxJBNOW2EuMu+bSqnfYVUNOv61d2Ts/RjfjyMlgHzP/O9aW6gWrXlzgyI1x OxtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=edg5vVlFXGfLGKF6ea0U9cQt+wxSKOvI8w0tmoAHM1g=; b=PZZnDQXe1ccElFrR0NqHY+3kAfKGUthhfg8VtzN06zvQbWLdSBZiITY7vmohMRb/Ze PVZkmJw/7uWE7Jr/8ti47o+1kqyWWpCE9Ok2Wj8HBmaIoJwmNRT5lPBBuAh3OUGa1Dx9 ZwaOQOfWJopNg3TmFlG/64bGWMyHlPo7Iab+d4USiDBxe9994YJVW/xz5vbgtBQWV8Jp ECj+65a3Jb+KAG4a5h98PiKMnUI7CkduGXkpbBqH/O3nkB7kCJTiHnMiLxs0izBD0qVB Y33+YRb3YTJwRvTLa9DawzmwHah4aLczL4JhVCvE7Mew1f5om2B26ArN/miiEWEYVav7 JadA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XK6acA+c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 72si651604pla.218.2018.12.06.09.16.07; Thu, 06 Dec 2018 09:16:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XK6acA+c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726019AbeLFROF (ORCPT + 99 others); Thu, 6 Dec 2018 12:14:05 -0500 Received: from mail-ot1-f68.google.com ([209.85.210.68]:33973 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725862AbeLFROF (ORCPT ); Thu, 6 Dec 2018 12:14:05 -0500 Received: by mail-ot1-f68.google.com with SMTP id t5so1123721otk.1 for ; Thu, 06 Dec 2018 09:14:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=edg5vVlFXGfLGKF6ea0U9cQt+wxSKOvI8w0tmoAHM1g=; b=XK6acA+c97r6t2PkvrDoiP6rlFEF+Inn3e1uwpmWSKrEPJkLi3VJLJst+oJdwnKp7V YfsPWhfn8g6E5cGiXPi7YSEVJLr+ADjPrpGX0FHNpz1PeGj4B97KUWfQF/tskzI9TZJX +gcnTu+iIBmhVzKlGbuf9GFvIuTMndiCZD9XJnsZwSgNNqc3HUCiGL544hkoGdjI4Z6w RdBEX76mYiAsoAqqaqzX47UgaWZP+xo5AbGT+ADrK977KnP2fOIP0MD+Nik0umjU6NKf +c5bAc+B7qFmM+4IJeBJFIhrD8KlzprjMVUx1JZeDgs7dB1JgDnhJiI2kVfWovz6Ay5a VB2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=edg5vVlFXGfLGKF6ea0U9cQt+wxSKOvI8w0tmoAHM1g=; b=a5acqYZxnOlE99cDAKEDHpVzUGsRTcKEdcjhMU9U/0CecYstXHW48Q/I74mp2Dnxn9 XuHSFQl51tvuaSamNEBfjR2OamUyH/I7RWnvc/NiW9ZyFcnfkYyYgSwIYOIC1IszqQJl Vzy+aBtpVVYFNYf4E5b4tfqh5gREhGO4TifOz0sveWB09AomzgK72gHOvyHxYpBZhGcR XELqQlmIt4Xz9HN5EWXFNDp7xcUMG9+1L4DaAEa2dSNU9CcWQW7kvuQyU9RS+hhXarTU 7xnN0iZus6g7MJ/xOajYYHcx+ofJo95aRFOvxYluOew7Gpr4dOt8qhdxXuL7ynwpsxx1 9ZpA== X-Gm-Message-State: AA+aEWaNg3U9x91InteMY8QXcUUT9w0FR6pVZldgJDhldvQVDAhrMuOX xSZDSxPMK+MsWgzKLFsO+rbhQc27faYkZEiIC50= X-Received: by 2002:a9d:8e4:: with SMTP id 91mr17941339otf.169.1544116444375; Thu, 06 Dec 2018 09:14:04 -0800 (PST) MIME-Version: 1.0 References: <20181206150156.28210-1-david.abdurachmanov@gmail.com> <20181206150156.28210-3-david.abdurachmanov@gmail.com> In-Reply-To: From: David Abdurachmanov Date: Thu, 6 Dec 2018 18:13:52 +0100 Message-ID: Subject: Re: [PATCH 2/2] riscv: fix syscall_{get,set}_arguments To: Kees Cook Cc: Palmer Dabbelt , aou@eecs.berkeley.edu, luto@amacapital.net, Will Drewry , Green Hu , deanbo422@gmail.com, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 6, 2018 at 5:49 PM Kees Cook wrote: > > On Thu, Dec 6, 2018 at 7:02 AM David Abdurachmanov > wrote: > > > > Testing with libseccomp master branch revealed that testcases with > > filters on syscall arguments were failing due to wrong values. Seccomp > > uses syscall_get_argumentsi() to copy syscall arguments, and there is a > > bug in pointer arithmetics in memcpy() call. > > > > Two alternative implementation were tested: the one in this patch and > > another one based on while-break loop. Both delivered the same results. > > > > This implementation is also used in arm, arm64 and nds32 arches. > > Minor nit: can you make this the first patch? That way seccomp works > correctly from the point of introduction. :) Ok. I will do it. david > > -Kees > > > > > Signed-off-by: David Abdurachmanov > > --- > > arch/riscv/include/asm/syscall.h | 42 ++++++++++++++++++++++++-------- > > 1 file changed, 32 insertions(+), 10 deletions(-) > > > > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h > > index bba3da6ef157..26ceb434a433 100644 > > --- a/arch/riscv/include/asm/syscall.h > > +++ b/arch/riscv/include/asm/syscall.h > > @@ -70,19 +70,32 @@ static inline void syscall_set_return_value(struct task_struct *task, > > regs->a0 = (long) error ?: val; > > } > > > > +#define SYSCALL_MAX_ARGS 6 > > + > > static inline void syscall_get_arguments(struct task_struct *task, > > struct pt_regs *regs, > > unsigned int i, unsigned int n, > > unsigned long *args) > > { > > - BUG_ON(i + n > 6); > > + if (n == 0) > > + return; > > + > > + if (i + n > SYSCALL_MAX_ARGS) { > > + unsigned long *args_bad = args + SYSCALL_MAX_ARGS - i; > > + unsigned int n_bad = n + i - SYSCALL_MAX_ARGS; > > + pr_warning("%s called with max args %d, handling only %d\n", > > + __func__, i + n, SYSCALL_MAX_ARGS); > > + memset(args_bad, 0, n_bad * sizeof(args[0])); > > + } > > + > > if (i == 0) { > > args[0] = regs->orig_a0; > > args++; > > i++; > > n--; > > } > > - memcpy(args, ®s->a1 + i * sizeof(regs->a1), n * sizeof(args[0])); > > + > > + memcpy(args, ®s->a0 + i, n * sizeof(args[0])); > > } > > > > static inline void syscall_set_arguments(struct task_struct *task, > > @@ -90,14 +103,23 @@ static inline void syscall_set_arguments(struct task_struct *task, > > unsigned int i, unsigned int n, > > const unsigned long *args) > > { > > - BUG_ON(i + n > 6); > > - if (i == 0) { > > - regs->orig_a0 = args[0]; > > - args++; > > - i++; > > - n--; > > - } > > - memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0)); > > + if (n == 0) > > + return; > > + > > + if (i + n > SYSCALL_MAX_ARGS) { > > + pr_warning("%s called with max args %d, handling only %d\n", > > + __func__, i + n, SYSCALL_MAX_ARGS); > > + n = SYSCALL_MAX_ARGS - i; > > + } > > + > > + if (i == 0) { > > + regs->orig_a0 = args[0]; > > + args++; > > + i++; > > + n--; > > + } > > + > > + memcpy(®s->a0 + i, args, n * sizeof(args[0])); > > } > > > > static inline int syscall_get_arch(void) > > -- > > 2.19.2 > > > > > -- > Kees Cook