Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp1296682pxa; Fri, 28 Aug 2020 08:53:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz/Sxok6XyEef7oPyfX9calkRGfwqVQIU66S7iNYMk1KrNXhbO2jORId3VcmzRl7cpu6GFX X-Received: by 2002:aa7:cd57:: with SMTP id v23mr2632705edw.342.1598630004663; Fri, 28 Aug 2020 08:53:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598630004; cv=none; d=google.com; s=arc-20160816; b=oLKfp6VAmgclEBmRSgTl1rNWgRrtRT/k1iNJqgKnGp4FUkrg3GUKbi+UvEdSPS6eCo 5InCzOEkENUqBnR7lXjWebwjwm2wxP6Gp2OC+STXZbzH+pFdf5wkPUuc1UYYcWF/csn2 wQ4AfB6f0MPt3kwgVSOsydwe7ytDnc1JtojINN5rll9OoztAbaKlgX/zP9wIYO1GrI4K vLgpnUUloNv65anMWbEjqSl6HZI/6UL9Nn/Zl/sdmBlk6eDPCONykdWU4E2mNd7Yt9MG ERU1dMyMfFGLFJpjcsvxZYtIRtGQy+B1YSz9tk8D7DYAq0L0yYnkKTEy5FXxSgK7d28Q sFEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=WXFEknW0wteKsp6ZYubvx2bjC+Fh7Ononn/epQoW36A=; b=XKufQdZmJUuI/VMzbZ5rEs5eX9V8AGXVoUqmHA2IZjpWEQpyutXgU1x7N9eB23JqBO VPqAD+Ndw9YGPJDYPXnIdx/ccX9U11CBSSb+6ozklVWBIlMo1Ob7mJy76SzKJmQQl7ex u3zOrS2QILV9Q4Z/VG75ISn787jlsnA1zHJCbF+2IBGb33/Aj9XRPxCOO73bclAt/hz1 whSju8vt0ksHz1R7+zuGdGePq1wHSAwHccbLgosWAUsXimUS+GY+6Px1pniUdmT1N/nG 6PL5oeN1I5qNidZMTi91DZJYElceUqMRkPEjF4kbGNp+3sKX4KeVGLvwclk0cc5a6hyv 94bw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d22si861299edv.484.2020.08.28.08.53.02; Fri, 28 Aug 2020 08:53:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726594AbgH1Pu2 (ORCPT + 99 others); Fri, 28 Aug 2020 11:50:28 -0400 Received: from brightrain.aerifal.cx ([216.12.86.13]:47682 "EHLO brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726379AbgH1Pu0 (ORCPT ); Fri, 28 Aug 2020 11:50:26 -0400 Date: Fri, 28 Aug 2020 11:50:25 -0400 From: Rich Felker To: Michael Karcher Cc: linux-sh@vger.kernel.org, linux-kernel@vger.kernel.org, Yoshinori Sato , Adrian Glaubitz Subject: Re: [PATCH 3/4] sh: Add SECCOMP_FILTER Message-ID: <20200828155024.GX3265@brightrain.aerifal.cx> References: <20200722231322.419642-1-kernel@mkarcher.dialup.fu-berlin.de> <20200722231322.419642-3-kernel@mkarcher.dialup.fu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200722231322.419642-3-kernel@mkarcher.dialup.fu-berlin.de> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 23, 2020 at 01:13:21AM +0200, Michael Karcher wrote: > Port sh to use the new SECCOMP_FILTER code. > > Signed-off-by: Michael Karcher > --- > arch/sh/Kconfig | 1 + > arch/sh/kernel/entry-common.S | 2 ++ > arch/sh/kernel/ptrace_32.c | 5 +++-- > tools/testing/selftests/seccomp/seccomp_bpf.c | 8 +++++++- > 4 files changed, 13 insertions(+), 3 deletions(-) > > diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig > index 32d959849df9..10b510c16841 100644 > --- a/arch/sh/Kconfig > +++ b/arch/sh/Kconfig > @@ -27,6 +27,7 @@ config SUPERH > select GENERIC_SMP_IDLE_THREAD > select GUP_GET_PTE_LOW_HIGH if X2TLB > select HAVE_ARCH_AUDITSYSCALL > + select HAVE_ARCH_SECCOMP_FILTER > select HAVE_ARCH_KGDB > select HAVE_ARCH_TRACEHOOK > select HAVE_DEBUG_BUGVERBOSE > diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S > index c4d88d61890d..ad963104d22d 100644 > --- a/arch/sh/kernel/entry-common.S > +++ b/arch/sh/kernel/entry-common.S > @@ -368,6 +368,8 @@ syscall_trace_entry: > mov.l 7f, r11 ! Call do_syscall_trace_enter which notifies > jsr @r11 ! superior (will chomp R[0-7]) > nop > + cmp/eq #-1, r0 > + bt syscall_exit > mov.l r0, @(OFF_R0,r15) ! Save return value > ! Reload R0-R4 from kernel stack, where the > ! parent may have modified them using > diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c > index 64bfb714943e..25ccfbd02bfa 100644 > --- a/arch/sh/kernel/ptrace_32.c > +++ b/arch/sh/kernel/ptrace_32.c > @@ -485,8 +485,6 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) > { > long ret = 0; > > - secure_computing_strict(regs->regs[0]); > - > if (test_thread_flag(TIF_SYSCALL_TRACE) && > tracehook_report_syscall_entry(regs)) > /* > @@ -496,6 +494,9 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) > */ > ret = -1L; > > + if (secure_computing() == -1) > + return -1; > + > if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) > trace_sys_enter(regs, regs->regs[0]); > This patch broke strace - it spews out bogus syscalls and gets the tracee hung. I suspect the last hunk is wrong and breaks all non-seccomp tracing. I'll follow up with further analysis and possibly a fix if you don't find one sooner. Rich