| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Aug 2014 10:40:58 +0100 From: Will Deacon <will.deacon@....com> To: AKASHI Takahiro <takahiro.akashi@...aro.org> Cc: "linaro-kernel@...ts.linaro.org" <linaro-kernel@...ts.linaro.org>, Will Drewry <wad@...omium.org>, Kees Cook <keescook@...omium.org>, Catalin Marinas <Catalin.Marinas@....com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andy Lutomirski <luto@...capital.net>, Deepak Saxena <dsaxena@...aro.org>, Lee Campbell <leecam@...gle.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org> Subject: Re: [PATCH v5 3/3] arm64: Add seccomp support Hi Akashi, On Tue, Aug 12, 2014 at 07:57:25AM +0100, AKASHI Takahiro wrote: > On 08/11/2014 06:24 PM, Will Deacon wrote: > > On Fri, Aug 08, 2014 at 08:35:42AM +0100, AKASHI Takahiro wrote: > >> As discussed in a few weeks ago, aarch64 won't support PTRACE_SET_SYSCALL. > > > > Well, I don't think anything was set in stone. If you have a compelling > > reason why adding the new request gives you something over setting w8 > > directly, then we can extend ptrace. > > Yeah, I think I may have to change my mind. Looking into __secure_computing(), > I found the code below: > > > case SECCOMP_MODE_FILTER: > > case SECCOMP_RET_TRACE: > > ... > > if (syscall_get_nr(current, regs) < 0) > > goto skip; > > This implies that we should modify syscallno *before* __secure_computing() > returns. Why does it imply that? There are four competing entities here: - seccomp - tracehook - ftrace (trace_sys_*) - audit With the exception of ftrace, they can all potentially rewrite the pt_regs (the code you cite above is just below a ptrace_event call), so we have to choose some order in which to call them. On entry, x86 and arm call them in the order I listed above, so it seems sensible to follow that. > I assumed, in my next version, we could skip a system call by overwriting > syscallno with x8 in syscall_trace_enter() after __secure_computing() > returns 0, and it actually works. Why does overwriting the syscallno with x8 skip the syscall? I thought the idea was that we would save w8 prior to each call that could change the pt_regs, then if it was changed to -1 we would replace it with the saved value and return -1? The only confusion I have is whether we should call the exit hooks after skipping a syscall. I *think* x86 does call them, but ARM doesn't. Andy says this can trigger an OOPs: http://lists.infradead.org/pipermail/linux-arm-kernel/2014-July/274988.html so we should fix that for ARM while we're here. Will -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists