Re: [Question] About SECCOMP issue for ILP32

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Aug 31, 2020 at 11:15 AM Yury Norov <yury.norov@xxxxxxxxx> wrote:
>
> On Mon, Aug 31, 2020 at 5:48 AM Xiongfeng Wang
> <wangxiongfeng2@xxxxxxxxxx> wrote:
> >
> > Hi Yury,
> >
>
> Hi Xiongfeng,
>
> [restore CC list]
>
> Haven't seen this before. What kernel / glibc / ltp do you use?
>
> > We were testing the ILP32 feature and came accross a problem. Very apperaciate
> > it if you could give us some help !
> >
> > We compile the LTP testsuite with '-mabi=ilp32' and run it on a machine with
> > kernel and glibc applied with ILP32 patches. But we failed on one testcase,
> > prctl04. It print the following error info.
> > 'prctl04.c:199: FAIL: SECCOMP_MODE_STRICT doesn't permit read(2) write(2) and
> > _exit(2)'
> >
> > The testcase is like below, syscall 'prctl' followed by a syscall 'write'.
> > prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);
> > SAFE_WRITE(1, fd, "a", 1);
> >
> > When we execute syscall 'write', we receive a SIGKILL. It's not as expected.
> > We track the kernel and found out it is because we failed the syscall_whitelist
> > check in '__secure_computing_strict'. Because flag 'TIF_32BIT_AARCH64' is set,
> > we falls into the 'in_compat_syscall()' branch. We compare the parameter
> > 'this_syscall' with return value of 'get_compat_model_syscalls()'
> > The syscall number of '__NR_write' for ilp32 application is 64, but it is 4 for
> > 'model_syscalls_32' returned from 'get_compat_model_syscalls()'
> > So '__secure_computing_strict' retuned with 'do_exit(SIGKILL)'. We have a
> > modification like below, but I am not sure if it correct or not.
> >
> > --- a/kernel/seccomp.c
> > +++ b/kernel/seccomp.c
> > @@ -618,7 +618,7 @@ static void __secure_computing_strict(int this_syscall)
> >  {
> >         const int *syscall_whitelist = mode1_syscalls;
> >  #ifdef CONFIG_COMPAT
> > -       if (in_compat_syscall())
> > +       if (is_a32_compat_task())
> >                 syscall_whitelist = get_compat_mode1_syscalls();
>
> It calls the arch function from generic code. It may break build for
> other arches.
> This also looks dangerous because it treats ILP32 execution as non-compat.
>
> The right approach would be implementing arch-specific
> get_compat_mode1_syscalls()
> in arch/arm64/include/asm/seccomp.h that returns an appropriate table.
> Refer MIPS
> code for this: arch/mips/include/asm/seccomp.h
>
> Thanks,
> Yury
>
> >  #endif
> >         do {
> >
> >
> > Thanks,
> > Xiongfeng
> >

The fix is on my repo; versions 5.2 and 4.19 are updated:

https://github.com/norov/linux/commits/ilp32-4.19
https://github.com/norov/linux/commits/ilp32-5.2
[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]
  Powered by Linux