lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 27 Jun 2024 22:23:39 +0800
From: Celeste Liu <coelacanthushex@...il.com>
To: linux-riscv@...ts.infradead.org,
	Björn Töpel <bjorn@...osinc.com>
Cc: linux-kernel@...r.kernel.org,
	"Dmitry V . Levin" <ldv@...ace.io>,
	Guo Ren <guoren@...nel.org>,
	Palmer Dabbelt <palmer@...osinc.com>,
	Emil Renner Berthing <emil.renner.berthing@...onical.com>,
	Felix Yan <felixonmars@...hlinux.org>,
	Ruizhe Pan <c141028@...il.com>,
	Celeste Liu <CoelacanthusHex@...il.com>,
	stable@...r.kernel.org
Subject: [PATCH v2] riscv: entry: always initialize regs->a0 to -ENOSYS

Otherwise when the tracer changes syscall number to -1, the kernel fails
to initialize a0 with -ENOSYS and subsequently fails to return the error
code of the failed syscall to userspace. For example, it will break
strace syscall tampering.

Fixes: 52449c17bdd1 ("riscv: entry: set a0 = -ENOSYS only when syscall != -1")
Reported-by: "Dmitry V. Levin" <ldv@...ace.io>
Reviewed-by: Björn Töpel <bjorn@...osinc.com>
Cc: stable@...r.kernel.org
Signed-off-by: Celeste Liu <CoelacanthusHex@...il.com>
---
 arch/riscv/kernel/traps.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
index 05a16b1f0aee..51ebfd23e007 100644
--- a/arch/riscv/kernel/traps.c
+++ b/arch/riscv/kernel/traps.c
@@ -319,6 +319,7 @@ void do_trap_ecall_u(struct pt_regs *regs)
 
 		regs->epc += 4;
 		regs->orig_a0 = regs->a0;
+		regs->a0 = -ENOSYS;
 
 		riscv_v_vstate_discard(regs);
 
@@ -328,8 +329,7 @@ void do_trap_ecall_u(struct pt_regs *regs)
 
 		if (syscall >= 0 && syscall < NR_syscalls)
 			syscall_handler(regs, syscall);
-		else if (syscall != -1)
-			regs->a0 = -ENOSYS;
+
 		/*
 		 * Ultimately, this value will get limited by KSTACK_OFFSET_MAX(),
 		 * so the maximum stack offset is 1k bytes (10 bits).
-- 
2.45.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ