headers
Will Drewry | 14 Jul 2012 17:32

[PATCH 1/3] vsyscall_64: add missing ifdef CONFIG_SECCOMP

vsyscall_seccomp introduced a dependency on __secure_computing.  On
configurations with CONFIG_SECCOMP disabled, compilation will fail.

Reported-by: feng xiangjun <fengxj325 <at> gmail.com>
Signed-off-by: Will Drewry <wad <at> chromium.org>
---
 arch/x86/kernel/vsyscall_64.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 08a18d0..5db36ca 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
 <at>  <at>  -139,6 +139,7  <at>  <at>  static int addr_to_vsyscall_nr(unsigned long addr)
 	return nr;
 }

+#ifdef CONFIG_SECCOMP
 static int vsyscall_seccomp(struct task_struct *tsk, int syscall_nr)
 {
 	if (!seccomp_mode(&tsk->seccomp))
 <at>  <at>  -147,6 +148,9  <at>  <at>  static int vsyscall_seccomp(struct task_struct *tsk, int syscall_nr)
 	task_pt_regs(tsk)->ax = syscall_nr;
 	return __secure_computing(syscall_nr);
 }
+#else
+#define vsyscall_seccomp(_tsk, _nr) 0
+#endif

 static bool write_ok_or_segv(unsigned long ptr, size_t size)
(Continue reading)

Permalink | Reply |
headers
Will Drewry | 14 Jul 2012 17:32

[PATCH 3/3] Documentation: add a caveat for seccomp filter and vsyscall emulation

With the addition of seccomp support to vsyscall emulation:
  http://permalink.gmane.org/gmane.linux.kernel/1327732
and the prior patch in this series.

Update the documentation to indicate quirky behaviors when the 'ip' is
in the vsyscall page and vsyscall emulation is in effect.

Signed-off-by: Will Drewry <wad <at> chromium.org>
---
 Documentation/prctl/seccomp_filter.txt |   22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/Documentation/prctl/seccomp_filter.txt b/Documentation/prctl/seccomp_filter.txt
index 597c3c5..67ed88b 100644
--- a/Documentation/prctl/seccomp_filter.txt
+++ b/Documentation/prctl/seccomp_filter.txt
 <at>  <at>  -161,3 +161,25  <at>  <at>  architecture supports both ptrace_event and seccomp, it will be able to
 support seccomp filter with minor fixup: SIGSYS support and seccomp return
 value checking.  Then it must just add CONFIG_HAVE_ARCH_SECCOMP_FILTER
 to its arch-specific Kconfig.
+
+
+Caveats
+-------
+
+On x86-64 with vsyscall emulation enabled and while servicing a
+vsyscall-emulated system call:
+- A return value of SECCOMP_RET_TRAP will set a si_call_addr pointing to
+  the vsyscall entry for the given call and not the address after the
+  'syscall' instruction.  Any code which wants to restart the call
(Continue reading)

Permalink | Reply |
headers
Will Drewry | 14 Jul 2012 17:32

[PATCH 2/3] vsyscall_64: allow SECCOMP_RET_TRACErs to skip

Current quirky ptrace behavior with vsyscall and seccomp
does not allow tracers to bypass the call.  This change
provides that ability by checking if orig_ax changed.

Signed-off-by: Will Drewry <wad <at> chromium.org>
---
 arch/x86/kernel/vsyscall_64.c |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 5db36ca..5f9640c 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
 <at>  <at>  -142,11 +142,15  <at>  <at>  static int addr_to_vsyscall_nr(unsigned long addr)
 #ifdef CONFIG_SECCOMP
 static int vsyscall_seccomp(struct task_struct *tsk, int syscall_nr)
 {
+	int ret;
 	if (!seccomp_mode(&tsk->seccomp))
 		return 0;
 	task_pt_regs(tsk)->orig_ax = syscall_nr;
 	task_pt_regs(tsk)->ax = syscall_nr;
-	return __secure_computing(syscall_nr);
+	ret = __secure_computing(syscall_nr);
+	if (task_pt_regs(tsk)->orig_ax != syscall_nr)
+		return 1; /* ptrace syscall skip */
+	return ret;
 }
 #else
 #define vsyscall_seccomp(_tsk, _nr) 0
(Continue reading)

Permalink | Reply |

Gmane