| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+btS62MDJLRToydRfK-QAMBiihv9d7Du=zEf5U_GbiOMg@mail.gmail.com>
Date: Mon, 24 Feb 2025 09:48:19 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Gregory Price <gourry@...rry.net>
Cc: krisman@...labora.com, tglx@...utronix.de, luto@...nel.org,
peterz@...radead.org, keescook@...omium.org, gregory.price@...verge.com,
Marco Elver <elver@...gle.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] selftests: Extend syscall_user_dispatch test to check
allowed range
On Thu, 20 Feb 2025 at 16:17, Gregory Price <gourry@...rry.net> wrote:
>
> On Tue, Feb 18, 2025 at 05:04:36PM +0100, Dmitry Vyukov wrote:
> > diff --git a/tools/testing/selftests/syscall_user_dispatch/sud_test.c b/tools/testing/selftests/syscall_user_dispatch/sud_test.c
> > index b0969925ec64c..fa40e46e6d3e9 100644
> > --- a/tools/testing/selftests/syscall_user_dispatch/sud_test.c
> > +++ b/tools/testing/selftests/syscall_user_dispatch/sud_test.c
> ... snip ...
> > @@ -110,31 +111,15 @@ TEST(bad_prctl_param)
> > /* PR_SYS_DISPATCH_ON */
> > op = PR_SYS_DISPATCH_ON;
> >
> > - /* Dispatcher region is bad (offset > 0 && len == 0) */
> > - EXPECT_EQ(-1, prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0x1, 0x0, &sel));
> > - EXPECT_EQ(EINVAL, errno);
> > - EXPECT_EQ(-1, prctl(PR_SET_SYSCALL_USER_DISPATCH, op, -1L, 0x0, &sel));
> > - EXPECT_EQ(EINVAL, errno);
> > + /* All ranges are allowed */
> > + EXPECT_EQ(0, prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0x1, 0x0, &sel));
> > + EXPECT_EQ(0, prctl(PR_SET_SYSCALL_USER_DISPATCH, op, -1L, 0x0, &sel));
>
> A 0 length is ambiguous and nonsensical in every other context, not sure
> why you'd allow it here.
Yes, but it's also not special in any way. One asks for a range of N
bytes, one gets a range of N bytes. Works for 0 as well. We can move 0
to an own special category, and add production code to support that.
But I don't see strong reasons to do that. It's like it's possible to
do read/write with 0 bytes to get, well, exactly that.
How strong do you feel about special casing 0?
> > +bool test_range(unsigned long offset, unsigned long length)
> > +{
> > + nr_syscalls_emulated = 0;
> > + if (prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, offset, length, &glob_sel))
> > + return false;
>
> This creates an ambiguous failure state for your test. Is it failing
> because the range is bad or because you didn't intercept a syscall?
>
> Better to be more explicit here. It makes it difficult to understand
> what each individual test is doing at a glance.
Good point. Done in v2.
> > + SYSCALL_DISPATCH_ON(glob_sel);
> > + return syscall(MAGIC_SYSCALL_1) == MAGIC_SYSCALL_1 && nr_syscalls_emulated == 1;
> > +}
> > +
> > +TEST(dispatch_range)
> > +{
> > + ASSERT_EQ(0, setup_sigsys_handler());
> > + ASSERT_EQ(0, prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, 0, 0, &glob_sel));
> > + SYSCALL_DISPATCH_ON(glob_sel);
> > + ASSERT_EQ(MAGIC_SYSCALL_1, syscall(MAGIC_SYSCALL_1));
> > + TH_LOG("syscall_addr=0x%lx", syscall_addr);
> > + EXPECT_FALSE(test_range(syscall_addr, 1));
> > + EXPECT_FALSE(test_range(syscall_addr-100, 200));
> > + EXPECT_TRUE(test_range(syscall_addr+1, 100));
> > + EXPECT_TRUE(test_range(syscall_addr-100, 100));
> > + /* Wrap-around tests for everything except for a single PC. */
> > + EXPECT_TRUE(test_range(syscall_addr+1, -1));
> > + EXPECT_FALSE(test_range(syscall_addr, -1));
> > + EXPECT_FALSE(test_range(syscall_addr+2, -1));
>
> If you are planning to include 0 as an allowed length, you need to
> demonstrate what it does.
Done in v2.
> > + SYSCALL_DISPATCH_OFF(glob_sel);
> > +}
> > +
> > TEST_HARNESS_MAIN
> > --
> > 2.48.1.601.g30ceb7b040-goog
> >
Powered by blists - more mailing lists