Re: [PATCH 2/4] MIPS/ptrace: Pick up ptrace/seccomp changed syscalls

Kees Cook <keescook@xxxxxxxxxxxx> · Fri, 11 Aug 2017 15:18:04 -0700



On Fri, Aug 11, 2017 at 1:56 PM, James Hogan <james.hogan@xxxxxxxxxx> wrote:
> The MIPS syscall_trace_enter() allows the system call number to be
> altered or cancelled by a ptrace tracer, via the normal ptrace hook
> (PTRACE_SYSCALL) and changing the system call number register on entry,
> and similarly via seccomp (PTRACE_EVENT_SECCOMP when a seccomp filter
> returns SECCOMP_RET_TRACE).
>
> Be sure to update the syscall local variable if this happens, so that
> seccomp will filter the correct system call number if the normal ptrace
> hook changes it first, and so that if either the normal ptrace hook or
> seccomp change it the correct system call number is passed to the trace
> event.
>
> This won't have any effect until the next commit, which fixes ptrace to
> update thread_info::syscall.
>
> Fixes: c2d9f1775731 ("MIPS: Fix syscall_get_nr for the syscall exit tracing.")
> Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
> Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx>
> Cc: Lars Persson <lars.persson@xxxxxxxx>
> Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> Cc: Will Drewry <wad@xxxxxxxxxxxx>
> Cc: linux-mips@xxxxxxxxxxxxxx

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

> ---
>  arch/mips/kernel/ptrace.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
> index 1395654cfc8d..be5d5fefcc7c 100644
> --- a/arch/mips/kernel/ptrace.c
> +++ b/arch/mips/kernel/ptrace.c
> @@ -864,9 +864,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall)
>
>         current_thread_info()->syscall = syscall;
>
> -       if (test_thread_flag(TIF_SYSCALL_TRACE) &&
> -           tracehook_report_syscall_entry(regs))
> -               return -1;
> +       if (test_thread_flag(TIF_SYSCALL_TRACE)) {
> +               if (tracehook_report_syscall_entry(regs))
> +                       return -1;
> +               syscall = current_thread_info()->syscall;
> +       }
>
>  #ifdef CONFIG_SECCOMP
>         if (unlikely(test_thread_flag(TIF_SECCOMP))) {
> @@ -884,6 +886,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall)
>                 ret = __secure_computing(&sd);
>                 if (ret == -1)
>                         return ret;
> +               syscall = current_thread_info()->syscall;
>         }
>  #endif
>
> --
> 2.13.2
>


-- 
Kees Cook
Pixel Security