lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190103165144.GA10221@edgewater-inn.cambridge.arm.com>
Date:   Thu, 3 Jan 2019 16:51:44 +0000
From:   Will Deacon <will.deacon@....com>
To:     Dave Martin <Dave.Martin@....com>
Cc:     Pi-Hsun Shih <pihsun@...omium.org>,
        Mark Rutland <mark.rutland@....com>,
        Catalin Marinas <catalin.marinas@....com>,
        open list <linux-kernel@...r.kernel.org>,
        Dominik Brodowski <linux@...inikbrodowski.net>,
        "moderated list:ARM64 PORT AARCH64 ARCHITECTURE" 
        <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH] arm64: Mirror arm for small unimplemented compat syscalls

On Thu, Jan 03, 2019 at 11:50:12AM +0000, Dave Martin wrote:
> On Thu, Jan 03, 2019 at 03:45:47PM +0800, Pi-Hsun Shih wrote:
> > For syscall number smaller than 0xf0000, arm calls sys_ni_syscall
> > instead of arm_syscall in arch/arm/kernel/entry-common.S, which returns
> > -ENOSYS instead of raising SIGILL. Mirror this behavior for compat
> > syscalls in arm64.
> > 
> > Fixes: 532826f3712b607 ("arm64: Mirror arm for unimplemented compat
> > syscalls")
> > Signed-off-by: Pi-Hsun Shih <pihsun@...omium.org>
> > ---
> >  arch/arm64/kernel/syscall.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c
> > index 8f3371415642ad..95fd8c7ec8a171 100644
> > --- a/arch/arm64/kernel/syscall.c
> > +++ b/arch/arm64/kernel/syscall.c
> > @@ -21,7 +21,7 @@ asmlinkage long do_ni_syscall(struct pt_regs *regs)
> >  {
> >  #ifdef CONFIG_COMPAT
> >  	long ret;
> > -	if (is_compat_task()) {
> > +	if (is_compat_task() && regs->regs[7] >= __ARM_NR_COMPAT_BASE) {
> 
> compat_arm_syscall() ignores all bits r7 except for bits [15:0].
> 
> So, doesn't this mean that 0xf0000, 0x100000, 0x110000 will all do the
> same thing now?  (Previously to your patch, 0xe0000, 0xd0000 etc. would
> also match in this code I've misunderstood something.)
> 
> The gating check in arch/arm/kernel/trapc.s:arm_syscall() is
> 
> 	if ((no >> 16) != (__ARM_NR_BASE>> 16))
> 
> I would expect that arm64 needs a similar check somewhere.  Is the check
> already present?  I may have missed it.

When not using OABI, __ARM_NR_BASE is zero, so I think the 32-bit semantics
for non-OABI are:

	0       - 399		: Invoke syscall via syscall table
	400     - 0xeffff	: -ENOSYS (to be allocated in future)
	0xf0000 - 0xfffff	: Private syscall or -ENOSYS if not allocated
	> 0xfffff		: SIGILL

so for arm64 compat, we need to do the following:

	1. Ensure we only SIGILL for that last region
	2. Don't pull the syscall number directly from pt_regs, since it
	   may have been changed by a tracer
	3. Hook up compat_sys_io_pgetevents

Patches incoming...

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ