Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp1324718pxa; Fri, 28 Aug 2020 09:32:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzbft4rrLRmodSjaLEGzWgZWdDdo5QPtScoRYTTOYJbjq3Vd6lyVPbkTq7oOjIwQzGYwkdt X-Received: by 2002:a17:907:20e5:: with SMTP id rh5mr2713853ejb.194.1598632322458; Fri, 28 Aug 2020 09:32:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598632322; cv=none; d=google.com; s=arc-20160816; b=r1OiHovKZxjr44g5XPZEepWB28/YndikDOchlJYUjSrctl/nxXQdNJskGrpE5LI5FY 6dPTrE50s1M8uy/PkMrRh9Y6ms1rmvyUX6Pjc/E3sDKxdtuRylKornq/yw28a7/OB+Yw dqH41vHpx9FhReIqlTyXzf541doJKp5aLYoI7VRIRJFvM8zMHCo6JJBy44/ELNqdriBl fC7GwNcUSJW29v3j+5RLuYxaOruDUENNo4d/+4RyL1TfuAFtbdWi4RHXtaK1rYPob1AS BRbdtJB6kJam/hwpr/cqMyrcPufSJ0hooaW7f/kkhk7h/8YqG4pnkIKFCTqJyAknYj0N dyxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=+0uxojVATcdVxbtBcQLvwWYgCHjeD9D9+AnrZvp5Ue0=; b=WtxqzUuw7TNi1guV0AZIDUqogPVeeoJy5dWhoUq6jVaR++McIIsAN+susoaZLSt8Gx Yfkatyvjtk4yD3PoAUI5kHOmPCDIMSeGf1wZ+1TMKbwBq1SMFuDAr/9XPX4kvS7bAouA M/QXAt65Ze/+JxuI13+goTBx0Y7zs9A2pkpHBRxTjuVNBB9/0FhuZTv4+mwEzPneesta UUB6ztPolBfMX4NveGg7ownj6jErqX2G6ABqdhS+5JxXvKfOFDjvU70XiXYI95bEL2dC 9+HR2F+tSb46kO+aIPw+VQTfNhbO/mV7Xmi+d2rhqv5ESHUFMIWGFBuo7w9/+myOseHI viMg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t7si993723edc.145.2020.08.28.09.31.36; Fri, 28 Aug 2020 09:32:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726821AbgH1QbA (ORCPT + 99 others); Fri, 28 Aug 2020 12:31:00 -0400 Received: from brightrain.aerifal.cx ([216.12.86.13]:47696 "EHLO brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726649AbgH1Qa7 (ORCPT ); Fri, 28 Aug 2020 12:30:59 -0400 Date: Fri, 28 Aug 2020 12:30:58 -0400 From: Rich Felker To: Michael Karcher Cc: linux-sh@vger.kernel.org, linux-kernel@vger.kernel.org, Yoshinori Sato , Adrian Glaubitz Subject: Re: [PATCH 3/4] sh: Add SECCOMP_FILTER Message-ID: <20200828163057.GY3265@brightrain.aerifal.cx> References: <20200722231322.419642-1-kernel@mkarcher.dialup.fu-berlin.de> <20200722231322.419642-3-kernel@mkarcher.dialup.fu-berlin.de> <20200828155024.GX3265@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200828155024.GX3265@brightrain.aerifal.cx> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 28, 2020 at 11:50:25AM -0400, Rich Felker wrote: > On Thu, Jul 23, 2020 at 01:13:21AM +0200, Michael Karcher wrote: > > Port sh to use the new SECCOMP_FILTER code. > > > > Signed-off-by: Michael Karcher > > --- > > arch/sh/Kconfig | 1 + > > arch/sh/kernel/entry-common.S | 2 ++ > > arch/sh/kernel/ptrace_32.c | 5 +++-- > > tools/testing/selftests/seccomp/seccomp_bpf.c | 8 +++++++- > > 4 files changed, 13 insertions(+), 3 deletions(-) > > > > diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig > > index 32d959849df9..10b510c16841 100644 > > --- a/arch/sh/Kconfig > > +++ b/arch/sh/Kconfig > > @@ -27,6 +27,7 @@ config SUPERH > > select GENERIC_SMP_IDLE_THREAD > > select GUP_GET_PTE_LOW_HIGH if X2TLB > > select HAVE_ARCH_AUDITSYSCALL > > + select HAVE_ARCH_SECCOMP_FILTER > > select HAVE_ARCH_KGDB > > select HAVE_ARCH_TRACEHOOK > > select HAVE_DEBUG_BUGVERBOSE > > diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S > > index c4d88d61890d..ad963104d22d 100644 > > --- a/arch/sh/kernel/entry-common.S > > +++ b/arch/sh/kernel/entry-common.S > > @@ -368,6 +368,8 @@ syscall_trace_entry: > > mov.l 7f, r11 ! Call do_syscall_trace_enter which notifies > > jsr @r11 ! superior (will chomp R[0-7]) > > nop > > + cmp/eq #-1, r0 > > + bt syscall_exit > > mov.l r0, @(OFF_R0,r15) ! Save return value > > ! Reload R0-R4 from kernel stack, where the > > ! parent may have modified them using > > diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c > > index 64bfb714943e..25ccfbd02bfa 100644 > > --- a/arch/sh/kernel/ptrace_32.c > > +++ b/arch/sh/kernel/ptrace_32.c > > @@ -485,8 +485,6 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) > > { > > long ret = 0; > > > > - secure_computing_strict(regs->regs[0]); > > - > > if (test_thread_flag(TIF_SYSCALL_TRACE) && > > tracehook_report_syscall_entry(regs)) > > /* > > @@ -496,6 +494,9 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) > > */ > > ret = -1L; > > > > + if (secure_computing() == -1) > > + return -1; > > + > > if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) > > trace_sys_enter(regs, regs->regs[0]); > > > > This patch broke strace - it spews out bogus syscalls and gets the > tracee hung. I suspect the last hunk is wrong and breaks all > non-seccomp tracing. I'll follow up with further analysis and possibly > a fix if you don't find one sooner. It looks like the problem is actually the hunk in entry-common.S, but this code has been wrong since ab99c733ae in 2008: it was storing the return value of do_syscall_trace_enter, which is supposed to replace the syscall number and make it fail, in r0 (the 5th argument) rather than r3 (the syscall number). This looks like the reason you put the (apparently wrong) branch to syscall_exit in there -- the existing code was not actually causing ENOSYS when do_syscall_trace_enter tried to replace nr with -1, because the -1 was put in the wrong place. I'm guessing something in syscall_exit assumes the registers have been reloaded (the code skipped by your branch) and blows up when they haven't. I think the right change is going to be something like replacing mov.l r0, @(OFF_R0,r15) with mov r0, r3 and getting rid of the r3 reload below. do_syscall_trace_enter should also be returning regs->regs[3] in the success case, not regs->regs[0] as it's doing, at least if it's to match other archs (that return the original syscall number on success). In any case, returning the 5th argument register is nonsense. I'm about to test a patch along these lines and will report what I find. Rich