| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <53E9BAD5.3080201@linaro.org> Date: Tue, 12 Aug 2014 15:57:25 +0900 From: AKASHI Takahiro <takahiro.akashi@...aro.org> To: Will Deacon <will.deacon@....com> CC: "linaro-kernel@...ts.linaro.org" <linaro-kernel@...ts.linaro.org>, Will Drewry <wad@...omium.org>, Kees Cook <keescook@...omium.org>, Catalin Marinas <Catalin.Marinas@....com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andy Lutomirski <luto@...capital.net>, Deepak Saxena <dsaxena@...aro.org>, Lee Campbell <leecam@...gle.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org> Subject: Re: [PATCH v5 3/3] arm64: Add seccomp support Will, On 08/11/2014 06:24 PM, Will Deacon wrote: > On Fri, Aug 08, 2014 at 08:35:42AM +0100, AKASHI Takahiro wrote: >> On 08/06/2014 12:08 AM, Kees Cook wrote: >>> On Fri, Jul 25, 2014 at 2:37 AM, AKASHI Takahiro >>> <takahiro.akashi@...aro.org> wrote: >>>> I found a bug in my current patch (v5). When 32-bit tracer skips a system call, >>>> we should not update syscallno from x8 since syscallno is re-written directly >>>> via ptrace(PTRACE_SET_SYSCALL). >>> >>> Ah, yes. Will aarch64 have a PTRACE_SET_SYSCALL option, or is this >>> strictly a 32-bit vs 64-bit issue? >> >> As discussed in a few weeks ago, aarch64 won't support PTRACE_SET_SYSCALL. > > Well, I don't think anything was set in stone. If you have a compelling > reason why adding the new request gives you something over setting w8 > directly, then we can extend ptrace. Yeah, I think I may have to change my mind. Looking into __secure_computing(), I found the code below: > case SECCOMP_MODE_FILTER: > case SECCOMP_RET_TRACE: > ... > if (syscall_get_nr(current, regs) < 0) > goto skip; This implies that we should modify syscallno *before* __secure_computing() returns. I assumed, in my next version, we could skip a system call by overwriting syscallno with x8 in syscall_trace_enter() after __secure_computing() returns 0, and it actually works. But we'd better implement PTRACE_SET_SYSCALL to comply with what __secure_computing() expects. -Takahiro AKASHI > Will > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@...ts.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists