lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 11 Aug 2017 21:56:49 +0100
From:   James Hogan <james.hogan@...tec.com>
To:     <linux-mips@...ux-mips.org>
CC:     <linux-kernel@...r.kernel.org>,
        James Hogan <james.hogan@...tec.com>,
        Ralf Baechle <ralf@...ux-mips.org>,
        David Daney <david.daney@...ium.com>,
        Kees Cook <keescook@...omium.org>,
        Andy Lutomirski <luto@...capital.net>,
        Will Drewry <wad@...omium.org>,
        Oleg Nesterov <oleg@...hat.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Lars Persson <lars.persson@...s.com>, <netdev@...r.kernel.org>
Subject: [PATCH 0/4] MIPS: syscall tracing fixes

These patches fix some system call tracing issues around seccomp and
ptrace on MIPS.

Patch 1 fixes an issue introduced in v4.13-rc1, where o32 indirect
syscall arguments aren't shifted when filling out seccomp_data struct.
Arguably the samples/bpf/tracex5 case that was being fixed in -rc1 is
flawed, or else other arches are broken too. thoughts welcome on that,
but either way this fix should be okay. It'd be good to get this fix
in particular into v4.13.

Patches 2 and 3 fix changing of system calls by ptrace and
SECCOMP_RET_TRACE so that seccomp & syscall trace don't use the stale
system call number, which appears to have been conceptually broken since
v3.19 when thread_info::syscall was introduced, but also prevented the
change in v4.8 to re-run the seccomp filter against a changed syscall
from being effective on MIPS.
First (patch 2) syscall_trace_enter() is fixed to re-read the syscall
number from thread_info:syscall, then (patch 3) ptrace is fixed to
update thread_info::syscall when the relevant registers are altered.

Finally patch 4 fixes an API gap for MIPS which prevents a
SECCOMP_RET_TRACE tracer from being able to cancel a system call, since
you can't set both the system call number (v0) to -1 and the return
value (v0) to the chosen error code. A PTRACE_SET_SYSCALL is added which
allows thread_info::syscall to be set to -1 after the return value has
already been set in the v0 register to some other value.

Cc: Ralf Baechle <ralf@...ux-mips.org>
Cc: David Daney <david.daney@...ium.com>
Cc: Kees Cook <keescook@...omium.org>
Cc: Andy Lutomirski <luto@...capital.net>
Cc: Will Drewry <wad@...omium.org>
Cc: Oleg Nesterov <oleg@...hat.com>
Cc: Alexei Starovoitov <ast@...nel.org>
Cc: Daniel Borkmann <daniel@...earbox.net>
Cc: Lars Persson <lars.persson@...s.com>
Cc: netdev@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Cc: linux-mips@...ux-mips.org

James Hogan (4):
  MIPS/seccomp: Fix indirect syscall args
  MIPS/ptrace: Pick up ptrace/seccomp changed syscalls
  MIPS/ptrace: Update syscall nr on register changes
  MIPS/ptrace: Add PTRACE_SET_SYSCALL operation

 arch/mips/include/asm/syscall.h     | 29 ++++++++++++++++++++----
 arch/mips/include/uapi/asm/ptrace.h |  1 +
 arch/mips/kernel/ptrace.c           | 45 +++++++++++++++++++++++++++++--------
 arch/mips/kernel/ptrace32.c         | 18 +++++++++++++++
 4 files changed, 80 insertions(+), 13 deletions(-)

-- 
2.13.2

Powered by blists - more mailing lists