| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Sep 2015 23:20:18 +0200 From: Arnd Bergmann <arnd@...db.de> To: Kees Cook <keescook@...omium.org> Cc: "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, Will Drewry <wad@...omium.org>, Linux API <linux-api@...r.kernel.org>, Shuah Khan <shuahkh@....samsung.com>, Andy Lutomirski <luto@...capital.net>, Bamvor Zhang Jian <bamvor.zhangjian@...aro.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] selftests/seccomp: build on aarch64, document ABI On Wednesday 09 September 2015 13:52:39 Kees Cook wrote: > On Wed, Sep 9, 2015 at 1:08 PM, Arnd Bergmann <arnd@...db.de> wrote: > > On Wednesday 09 September 2015 12:30:27 Kees Cook wrote: > > If this is intentional, it at least needs a comment to explain the > > situation, and be extended to all other architectures that do not have > > a poll() system call. > > > > The arm32 version of sys_poll should be available as 168 in both native > > and compat mode. > > Does ppoll still get interrupted like poll to require a restart_syscall call? Yes, the only difference between the two is the optional signal mask argument in ppoll. > Regardless, the primary problem is this (emphasis added): > > >> + * - native ARM does _not_ expose true syscall. > >> + * - compat ARM on ARM64 _does_ expose true syscall. > > When you ptrace or seccomp an arm32 binary under and arm32 kernel, > restart_syscall is invisible. When you ptrace or seccomp an arm32 > binary under and arm64 kernel, suddenly it's visible. This means, for > example, seccomp filters will break under an arm64 kernel. Ok, I see. > (And apologies if I'm not remembering pieces of this correctly, I > don't have access to arm64 hardware at the moment, which is why I'm > reaching out for some help on this... I'm trying to close out this old > thread: https://lkml.org/lkml/2015/1/20/778 ) FWIW, it should not be too hard to get an image that runs in qemu-system-arm64. I suppose the same problem exists on all restartable system calls (e.g. nanosleep, select, recvmsg, clock_nanosleep, ...)? I also believe there are various architectures that cannot see the original system call number for a restarted syscall, in particular when the syscall number argument is in the same register as the return code of the syscall and gets overwritten on the way out of the kernel. Is this the problem you are seeing? If so, we should find a solution that works on all such architectures. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists