Re: [Question] About SECCOMP issue for ILP32

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 2020/9/1 2:15, Yury Norov wrote:
> On Mon, Aug 31, 2020 at 5:48 AM Xiongfeng Wang
> <wangxiongfeng2@xxxxxxxxxx> wrote:
>>
>> Hi Yury,
>>
> 
> Hi Xiongfeng,
> 
> [restore CC list]
> 
> Haven't seen this before. What kernel / glibc / ltp do you use?

The kernel version is 4.19. I applied the ILP32 patches from
https://github.com/norov/linux.git. The glibc version is 2.28 and I applyed the
ILP32 patches.
The ltp testsuite is from https://github.com/linux-test-project/ltp. I build it
with '-mabi=ilp32'.

> 
>> We were testing the ILP32 feature and came accross a problem. Very apperaciate
>> it if you could give us some help !
>>
>> We compile the LTP testsuite with '-mabi=ilp32' and run it on a machine with
>> kernel and glibc applied with ILP32 patches. But we failed on one testcase,
>> prctl04. It print the following error info.
>> 'prctl04.c:199: FAIL: SECCOMP_MODE_STRICT doesn't permit read(2) write(2) and
>> _exit(2)'
>>
>> The testcase is like below, syscall 'prctl' followed by a syscall 'write'.
>> prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);
>> SAFE_WRITE(1, fd, "a", 1);
>>
>> When we execute syscall 'write', we receive a SIGKILL. It's not as expected.
>> We track the kernel and found out it is because we failed the syscall_whitelist
>> check in '__secure_computing_strict'. Because flag 'TIF_32BIT_AARCH64' is set,
>> we falls into the 'in_compat_syscall()' branch. We compare the parameter
>> 'this_syscall' with return value of 'get_compat_model_syscalls()'
>> The syscall number of '__NR_write' for ilp32 application is 64, but it is 4 for
>> 'model_syscalls_32' returned from 'get_compat_model_syscalls()'
>> So '__secure_computing_strict' retuned with 'do_exit(SIGKILL)'. We have a
>> modification like below, but I am not sure if it correct or not.
>>
>> --- a/kernel/seccomp.c
>> +++ b/kernel/seccomp.c
>> @@ -618,7 +618,7 @@ static void __secure_computing_strict(int this_syscall)
>>  {
>>         const int *syscall_whitelist = mode1_syscalls;
>>  #ifdef CONFIG_COMPAT
>> -       if (in_compat_syscall())
>> +       if (is_a32_compat_task())
>>                 syscall_whitelist = get_compat_mode1_syscalls();
> 
> It calls the arch function from generic code. It may break build for
> other arches.
> This also looks dangerous because it treats ILP32 execution as non-compat.
> 
> The right approach would be implementing arch-specific
> get_compat_mode1_syscalls()
> in arch/arm64/include/asm/seccomp.h that returns an appropriate table.
> Refer MIPS
> code for this: arch/mips/include/asm/seccomp.h

Thanks for your advice. Thanks a lot.
I have written another version according to your advice.

--- a/arch/arm64/include/asm/seccomp.h
+++ b/arch/arm64/include/asm/seccomp.h
@@ -20,6 +20,36 @@
 #define __NR_seccomp_sigreturn_32      __NR_compat_rt_sigreturn
 #endif /* CONFIG_COMPAT */

+#ifdef CONFIG_COMPAT
+#ifndef __COMPAT_SYSCALL_NR
+
+static inline const int *get_compat_mode1_syscalls(void)
+{
+#ifdef CONFIG_AARCH32_EL0
+       static const int mode1_syscalls_a32[] = {
+               __NR_compat_read, __NR_compat_write,
+               __NR_compat_read, __NR_compat_sigreturn,
+               0, /* null terminated */
+       };
+#endif
+       static const int mode1_syscalls_ilp32[] = {
+               __NR_read, __NR_write,
+               __NR_exit, __NR_rt_sigreturn,
+               0, /* null terminated */
+       };
+
+       if (is_ilp32_compat_task())
+               return mode1_syscalls_ilp32;
+#ifdef CONFIG_AARCH32_EL0
+       return mode1_syscalls_a32;
+#endif
+}
+
+#define get_compat_mode1_syscalls get_compat_mode1_syscalls
+
+#endif
+#endif
+
 #include <asm-generic/seccomp.h>

 #endif /* _ASM_SECCOMP_H */


Thanks,
Xiongfeng

> 
> Thanks,
> Yury
> 
>>  #endif
>>         do {
>>
>>
>> Thanks,
>> Xiongfeng
>>
> 
> .
> 




[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux