| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241226133459.GA30481@strace.io>
Date: Thu, 26 Dec 2024 15:35:00 +0200
From: "Dmitry V. Levin" <ldv@...ace.io>
To: Celeste Liu <uwu@...lacanthus.name>
Cc: Oleg Nesterov <oleg@...hat.com>,
Paul Walmsley <paul.walmsley@...ive.com>,
Palmer Dabbelt <palmer@...belt.com>,
Eric Biederman <ebiederm@...ssion.com>, Kees Cook <kees@...nel.org>,
Shuah Khan <shuah@...nel.org>, Albert Ou <aou@...s.berkeley.edu>,
Alexandre Ghiti <alex@...ti.fr>,
Andrea Bolognani <abologna@...hat.com>,
Björn Töpel <bjorn@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>, Ron Economos <re@...z.net>,
Charlie Jenkins <charlie@...osinc.com>,
Andrew Jones <ajones@...tanamicro.com>,
Quan Zhou <zhouquan@...as.ac.cn>,
Felix Yan <felixonmars@...hlinux.org>,
Ruizhe Pan <c141028@...il.com>, Guo Ren <guoren@...nel.org>,
Yao Zi <ziyao@...root.org>, Eugene Syromyatnikov <evgsyr@...il.com>,
linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, linux-kselftest@...r.kernel.org,
Björn Töpel <bjorn@...osinc.com>
Subject: Re: [PATCH v4 2/2] riscv: selftests: Add a ptrace test to verify
syscall parameter modification
On Thu, Dec 26, 2024 at 06:52:52PM +0800, Celeste Liu wrote:
> This test checks that orig_a0 allows a syscall argument to be modified,
> and that changing a0 does not change the syscall argument.
>
> Co-developed-by: Quan Zhou <zhouquan@...as.ac.cn>
> Signed-off-by: Quan Zhou <zhouquan@...as.ac.cn>
> Co-developed-by: Charlie Jenkins <charlie@...osinc.com>
> Signed-off-by: Charlie Jenkins <charlie@...osinc.com>
> Reviewed-by: Björn Töpel <bjorn@...osinc.com>
> Signed-off-by: Celeste Liu <uwu@...lacanthus.name>
[...]
> diff --git a/tools/testing/selftests/riscv/abi/ptrace.c b/tools/testing/selftests/riscv/abi/ptrace.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..023695352215bb5de3f91c1a6f5ea3b4f9373ff9
> --- /dev/null
> +++ b/tools/testing/selftests/riscv/abi/ptrace.c
[...]
> + if (ptrace(PTRACE_GET_SYSCALL_INFO, pid, PTRACE_SYSCALL_INFO_ENTRY, &syscall_info_entry))
> + perr_and_exit("failed to get syscall info of entry\n");
> + result->orig_a0 = syscall_info_entry->entry.args[0];
> + if (ptrace(PTRACE_GET_SYSCALL_INFO, pid, PTRACE_SYSCALL_INFO_EXIT, &syscall_info_exit))
> + perr_and_exit("failed to get syscall info of exit\n");
> + result->a0 = syscall_info_exit->exit.rval;
I'm sorry but this is not how PTRACE_GET_SYSCALL_INFO should be used.
PTRACE_GET_SYSCALL_INFO operation takes a pointer and a size,
and in this example instead of size you pass constants 1 and 2, which
essentially means that both syscall_info_entry->entry.args[0] and
syscall_info_exit->exit.rval are not going to be assigned
and would just contain some garbage from the stack.
Also, PTRACE_GET_SYSCALL_INFO operation returns the number of bytes
available to be written by the kernel, which is always nonzero on any
PTRACE_GET_SYSCALL_INFO-capable kernel. In other words, this example
will always end up with perr_and_exit() call.
I wonder how this test was tested before the submission.
--
ldv
Powered by blists - more mailing lists