On 2020/9/1 2:15, Yury Norov wrote: > On Mon, Aug 31, 2020 at 5:48 AM Xiongfeng Wang > <wangxiongfeng2@xxxxxxxxxx> wrote: >> >> Hi Yury, >> > > Hi Xiongfeng, > > [restore CC list] > > Haven't seen this before. What kernel / glibc / ltp do you use? The kernel version is 4.19. I applied the ILP32 patches from https://github.com/norov/linux.git. The glibc version is 2.28 and I applyed the ILP32 patches. The ltp testsuite is from https://github.com/linux-test-project/ltp. I build it with '-mabi=ilp32'. > >> We were testing the ILP32 feature and came accross a problem. Very apperaciate >> it if you could give us some help ! >> >> We compile the LTP testsuite with '-mabi=ilp32' and run it on a machine with >> kernel and glibc applied with ILP32 patches. But we failed on one testcase, >> prctl04. It print the following error info. >> 'prctl04.c:199: FAIL: SECCOMP_MODE_STRICT doesn't permit read(2) write(2) and >> _exit(2)' >> >> The testcase is like below, syscall 'prctl' followed by a syscall 'write'. >> prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT); >> SAFE_WRITE(1, fd, "a", 1); >> >> When we execute syscall 'write', we receive a SIGKILL. It's not as expected. >> We track the kernel and found out it is because we failed the syscall_whitelist >> check in '__secure_computing_strict'. Because flag 'TIF_32BIT_AARCH64' is set, >> we falls into the 'in_compat_syscall()' branch. We compare the parameter >> 'this_syscall' with return value of 'get_compat_model_syscalls()' >> The syscall number of '__NR_write' for ilp32 application is 64, but it is 4 for >> 'model_syscalls_32' returned from 'get_compat_model_syscalls()' >> So '__secure_computing_strict' retuned with 'do_exit(SIGKILL)'. We have a >> modification like below, but I am not sure if it correct or not. >> >> --- a/kernel/seccomp.c >> +++ b/kernel/seccomp.c >> @@ -618,7 +618,7 @@ static void __secure_computing_strict(int this_syscall) >> { >> const int *syscall_whitelist = mode1_syscalls; >> #ifdef CONFIG_COMPAT >> - if (in_compat_syscall()) >> + if (is_a32_compat_task()) >> syscall_whitelist = get_compat_mode1_syscalls(); > > It calls the arch function from generic code. It may break build for > other arches. > This also looks dangerous because it treats ILP32 execution as non-compat. > > The right approach would be implementing arch-specific > get_compat_mode1_syscalls() > in arch/arm64/include/asm/seccomp.h that returns an appropriate table. > Refer MIPS > code for this: arch/mips/include/asm/seccomp.h Thanks for your advice. Thanks a lot. I have written another version according to your advice. --- a/arch/arm64/include/asm/seccomp.h +++ b/arch/arm64/include/asm/seccomp.h @@ -20,6 +20,36 @@ #define __NR_seccomp_sigreturn_32 __NR_compat_rt_sigreturn #endif /* CONFIG_COMPAT */ +#ifdef CONFIG_COMPAT +#ifndef __COMPAT_SYSCALL_NR + +static inline const int *get_compat_mode1_syscalls(void) +{ +#ifdef CONFIG_AARCH32_EL0 + static const int mode1_syscalls_a32[] = { + __NR_compat_read, __NR_compat_write, + __NR_compat_read, __NR_compat_sigreturn, + 0, /* null terminated */ + }; +#endif + static const int mode1_syscalls_ilp32[] = { + __NR_read, __NR_write, + __NR_exit, __NR_rt_sigreturn, + 0, /* null terminated */ + }; + + if (is_ilp32_compat_task()) + return mode1_syscalls_ilp32; +#ifdef CONFIG_AARCH32_EL0 + return mode1_syscalls_a32; +#endif +} + +#define get_compat_mode1_syscalls get_compat_mode1_syscalls + +#endif +#endif + #include <asm-generic/seccomp.h> #endif /* _ASM_SECCOMP_H */ Thanks, Xiongfeng > > Thanks, > Yury > >> #endif >> do { >> >> >> Thanks, >> Xiongfeng >> > > . >
