From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: keescook@chromium.org, catalin.marinas@arm.com, will.deacon@arm.com
Cc: dsaxena@linaro.org, arndb@arndb.de,
linux-arm-kernel@lists.infradead.org,
linaro-kernel@lists.linaro.org, linux-kernel@vger.kernel.org,
AKASHI Takahiro <takahiro.akashi@linaro.org>
Subject: [PATCH v6 2/6] arm64: ptrace: allow tracer to skip a system call
Date: Thu, 21 Aug 2014 17:56:41 +0900 [thread overview]
Message-ID: <1408611405-8943-3-git-send-email-takahiro.akashi@linaro.org> (raw)
In-Reply-To: <1408611405-8943-1-git-send-email-takahiro.akashi@linaro.org>
If tracer specifies -1 as a syscall number, this traced system call should
be skipped with a value in x0 used as a return value.
This patch enables this semantics, but there is a restriction here:
when syscall(-1) is issued by user, tracer cannot skip this system call
and modify a return value at syscall entry.
In order to ease this flavor, we need to treat whatever value in x0 as
a return value, but this might result in a bogus value being returned,
especially when tracer doesn't do anything at this syscall.
So we always return ENOSYS instead, while we have another chance to change
a return value at syscall exit.
Please also note:
* syscall entry tracing and syscall exit tracing (ftrace tracepoint and
audit) are always executed, if enabled, even when skipping a system call
(that is, -1).
In this way, we can avoid a potential bug where audit_syscall_entry()
might be called without audit_syscall_exit() at the previous system call
being called, that would cause OOPs in audit_syscall_entry().
* syscallno may also be set to -1 if a fatal signal (SIGKILL) is detected
in tracehook_report_syscall_entry(), but since a value set to x0 (ENOSYS)
is not used in this case, we may neglect the case.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
arch/arm64/include/asm/ptrace.h | 8 ++++++++
arch/arm64/kernel/entry.S | 4 ++++
arch/arm64/kernel/ptrace.c | 20 ++++++++++++++++++++
3 files changed, 32 insertions(+)
diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h
index 501000f..a58cf62 100644
--- a/arch/arm64/include/asm/ptrace.h
+++ b/arch/arm64/include/asm/ptrace.h
@@ -65,6 +65,14 @@
#define COMPAT_PT_TEXT_ADDR 0x10000
#define COMPAT_PT_DATA_ADDR 0x10004
#define COMPAT_PT_TEXT_END_ADDR 0x10008
+
+/*
+ * used to skip a system call when tracer changes its number to -1
+ * with ptrace(PTRACE_SET_SYSCALL)
+ */
+#define RET_SKIP_SYSCALL -1
+#define IS_SKIP_SYSCALL(no) ((int)(no & 0xffffffff) == -1)
+
#ifndef __ASSEMBLY__
/* sizeof(struct user) for AArch32 */
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index f0b5e51..fdd6eae 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -25,6 +25,7 @@
#include <asm/asm-offsets.h>
#include <asm/errno.h>
#include <asm/esr.h>
+#include <asm/ptrace.h>
#include <asm/thread_info.h>
#include <asm/unistd.h>
@@ -671,6 +672,8 @@ ENDPROC(el0_svc)
__sys_trace:
mov x0, sp
bl syscall_trace_enter
+ cmp w0, #RET_SKIP_SYSCALL // skip syscall?
+ b.eq __sys_trace_return_skipped
adr lr, __sys_trace_return // return address
uxtw scno, w0 // syscall number (possibly new)
mov x1, sp // pointer to regs
@@ -685,6 +688,7 @@ __sys_trace:
__sys_trace_return:
str x0, [sp] // save returned x0
+__sys_trace_return_skipped: // x0 already in regs[0]
mov x0, sp
bl syscall_trace_exit
b ret_to_user
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 8876049..c54dbcc 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -1121,9 +1121,29 @@ static void tracehook_report_syscall(struct pt_regs *regs,
asmlinkage int syscall_trace_enter(struct pt_regs *regs)
{
+ unsigned int saved_syscallno = regs->syscallno;
+
if (test_thread_flag(TIF_SYSCALL_TRACE))
tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
+ if (IS_SKIP_SYSCALL(regs->syscallno)) {
+ /*
+ * RESTRICTION: we can't modify a return value of user
+ * issued syscall(-1) here. In order to ease this flavor,
+ * we need to treat whatever value in x0 as a return value,
+ * but this might result in a bogus value being returned.
+ */
+ /*
+ * NOTE: syscallno may also be set to -1 if fatal signal is
+ * detected in tracehook_report_syscall_entry(), but since
+ * a value set to x0 here is not used in this case, we may
+ * neglect the case.
+ */
+ if (!test_thread_flag(TIF_SYSCALL_TRACE) ||
+ (IS_SKIP_SYSCALL(saved_syscallno)))
+ regs->regs[0] = -ENOSYS;
+ }
+
if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
trace_sys_enter(regs, regs->syscallno);
--
1.7.9.5
WARNING: multiple messages have this Message-ID (diff)
From: takahiro.akashi@linaro.org (AKASHI Takahiro)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v6 2/6] arm64: ptrace: allow tracer to skip a system call
Date: Thu, 21 Aug 2014 17:56:41 +0900 [thread overview]
Message-ID: <1408611405-8943-3-git-send-email-takahiro.akashi@linaro.org> (raw)
In-Reply-To: <1408611405-8943-1-git-send-email-takahiro.akashi@linaro.org>
If tracer specifies -1 as a syscall number, this traced system call should
be skipped with a value in x0 used as a return value.
This patch enables this semantics, but there is a restriction here:
when syscall(-1) is issued by user, tracer cannot skip this system call
and modify a return value at syscall entry.
In order to ease this flavor, we need to treat whatever value in x0 as
a return value, but this might result in a bogus value being returned,
especially when tracer doesn't do anything at this syscall.
So we always return ENOSYS instead, while we have another chance to change
a return value at syscall exit.
Please also note:
* syscall entry tracing and syscall exit tracing (ftrace tracepoint and
audit) are always executed, if enabled, even when skipping a system call
(that is, -1).
In this way, we can avoid a potential bug where audit_syscall_entry()
might be called without audit_syscall_exit() at the previous system call
being called, that would cause OOPs in audit_syscall_entry().
* syscallno may also be set to -1 if a fatal signal (SIGKILL) is detected
in tracehook_report_syscall_entry(), but since a value set to x0 (ENOSYS)
is not used in this case, we may neglect the case.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
arch/arm64/include/asm/ptrace.h | 8 ++++++++
arch/arm64/kernel/entry.S | 4 ++++
arch/arm64/kernel/ptrace.c | 20 ++++++++++++++++++++
3 files changed, 32 insertions(+)
diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h
index 501000f..a58cf62 100644
--- a/arch/arm64/include/asm/ptrace.h
+++ b/arch/arm64/include/asm/ptrace.h
@@ -65,6 +65,14 @@
#define COMPAT_PT_TEXT_ADDR 0x10000
#define COMPAT_PT_DATA_ADDR 0x10004
#define COMPAT_PT_TEXT_END_ADDR 0x10008
+
+/*
+ * used to skip a system call when tracer changes its number to -1
+ * with ptrace(PTRACE_SET_SYSCALL)
+ */
+#define RET_SKIP_SYSCALL -1
+#define IS_SKIP_SYSCALL(no) ((int)(no & 0xffffffff) == -1)
+
#ifndef __ASSEMBLY__
/* sizeof(struct user) for AArch32 */
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index f0b5e51..fdd6eae 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -25,6 +25,7 @@
#include <asm/asm-offsets.h>
#include <asm/errno.h>
#include <asm/esr.h>
+#include <asm/ptrace.h>
#include <asm/thread_info.h>
#include <asm/unistd.h>
@@ -671,6 +672,8 @@ ENDPROC(el0_svc)
__sys_trace:
mov x0, sp
bl syscall_trace_enter
+ cmp w0, #RET_SKIP_SYSCALL // skip syscall?
+ b.eq __sys_trace_return_skipped
adr lr, __sys_trace_return // return address
uxtw scno, w0 // syscall number (possibly new)
mov x1, sp // pointer to regs
@@ -685,6 +688,7 @@ __sys_trace:
__sys_trace_return:
str x0, [sp] // save returned x0
+__sys_trace_return_skipped: // x0 already in regs[0]
mov x0, sp
bl syscall_trace_exit
b ret_to_user
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 8876049..c54dbcc 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -1121,9 +1121,29 @@ static void tracehook_report_syscall(struct pt_regs *regs,
asmlinkage int syscall_trace_enter(struct pt_regs *regs)
{
+ unsigned int saved_syscallno = regs->syscallno;
+
if (test_thread_flag(TIF_SYSCALL_TRACE))
tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
+ if (IS_SKIP_SYSCALL(regs->syscallno)) {
+ /*
+ * RESTRICTION: we can't modify a return value of user
+ * issued syscall(-1) here. In order to ease this flavor,
+ * we need to treat whatever value in x0 as a return value,
+ * but this might result in a bogus value being returned.
+ */
+ /*
+ * NOTE: syscallno may also be set to -1 if fatal signal is
+ * detected in tracehook_report_syscall_entry(), but since
+ * a value set to x0 here is not used in this case, we may
+ * neglect the case.
+ */
+ if (!test_thread_flag(TIF_SYSCALL_TRACE) ||
+ (IS_SKIP_SYSCALL(saved_syscallno)))
+ regs->regs[0] = -ENOSYS;
+ }
+
if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
trace_sys_enter(regs, regs->syscallno);
--
1.7.9.5
next prev parent reply other threads:[~2014-08-21 8:58 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-21 8:56 [PATCH v6 0/6] arm64: add seccomp support AKASHI Takahiro
2014-08-21 8:56 ` AKASHI Takahiro
2014-08-21 8:56 ` [PATCH v6 1/6] arm64: ptrace: add PTRACE_SET_SYSCALL AKASHI Takahiro
2014-08-21 8:56 ` AKASHI Takahiro
2014-08-21 16:47 ` Kees Cook
2014-08-21 16:47 ` Kees Cook
2014-08-22 0:19 ` AKASHI Takahiro
2014-08-22 0:19 ` AKASHI Takahiro
2014-08-26 17:46 ` Will Deacon
2014-08-26 17:46 ` Will Deacon
2014-08-27 5:32 ` AKASHI Takahiro
2014-08-27 5:32 ` AKASHI Takahiro
2014-09-03 18:34 ` Kees Cook
2014-09-03 18:34 ` Kees Cook
2014-08-21 8:56 ` AKASHI Takahiro [this message]
2014-08-21 8:56 ` [PATCH v6 2/6] arm64: ptrace: allow tracer to skip a system call AKASHI Takahiro
2014-08-21 17:08 ` Kees Cook
2014-08-21 17:08 ` Kees Cook
2014-08-22 0:35 ` AKASHI Takahiro
2014-08-22 0:35 ` AKASHI Takahiro
2014-08-26 17:51 ` Will Deacon
2014-08-26 17:51 ` Will Deacon
2014-08-27 5:55 ` AKASHI Takahiro
2014-08-27 5:55 ` AKASHI Takahiro
2014-09-01 11:37 ` Will Deacon
2014-09-01 11:37 ` Will Deacon
2014-09-02 7:58 ` AKASHI Takahiro
2014-09-02 7:58 ` AKASHI Takahiro
2014-09-01 11:47 ` Russell King - ARM Linux
2014-09-01 11:47 ` Russell King - ARM Linux
2014-09-02 8:47 ` AKASHI Takahiro
2014-09-02 8:47 ` AKASHI Takahiro
2014-09-02 9:16 ` Russell King - ARM Linux
2014-09-02 9:16 ` Russell King - ARM Linux
2014-09-02 9:31 ` Russell King - ARM Linux
2014-09-02 9:31 ` Russell King - ARM Linux
2014-09-05 10:08 ` AKASHI Takahiro
2014-09-05 10:08 ` AKASHI Takahiro
2014-10-01 11:08 ` AKASHI Takahiro
2014-10-01 11:08 ` AKASHI Takahiro
2014-10-03 15:23 ` Will Deacon
2014-10-03 15:23 ` Will Deacon
2014-10-06 8:04 ` AKASHI Takahiro
2014-10-06 8:04 ` AKASHI Takahiro
2014-08-21 8:56 ` [PATCH v6 3/6] asm-generic: add generic seccomp.h for secure computing mode 1 AKASHI Takahiro
2014-08-21 8:56 ` AKASHI Takahiro
2014-08-21 17:51 ` Kees Cook
2014-08-21 17:51 ` Kees Cook
2014-08-22 0:38 ` AKASHI Takahiro
2014-08-22 0:38 ` AKASHI Takahiro
2014-08-21 8:56 ` [PATCH v6 4/6] arm64: add seccomp syscall for compat task AKASHI Takahiro
2014-08-21 8:56 ` AKASHI Takahiro
2014-08-21 17:52 ` Kees Cook
2014-08-21 17:52 ` Kees Cook
2014-08-22 0:39 ` AKASHI Takahiro
2014-08-22 0:39 ` AKASHI Takahiro
2014-08-26 17:53 ` Will Deacon
2014-08-26 17:53 ` Will Deacon
2014-08-27 5:57 ` AKASHI Takahiro
2014-08-27 5:57 ` AKASHI Takahiro
2014-08-21 8:56 ` [PATCH v6 5/6] arm64: add SIGSYS siginfo " AKASHI Takahiro
2014-08-21 8:56 ` AKASHI Takahiro
2014-08-21 17:54 ` Kees Cook
2014-08-21 17:54 ` Kees Cook
2014-08-22 0:44 ` AKASHI Takahiro
2014-08-22 0:44 ` AKASHI Takahiro
2014-08-26 17:55 ` Will Deacon
2014-08-26 17:55 ` Will Deacon
2014-08-27 5:58 ` AKASHI Takahiro
2014-08-27 5:58 ` AKASHI Takahiro
2014-08-21 8:56 ` [PATCH v6 6/6] arm64: add seccomp support AKASHI Takahiro
2014-08-21 8:56 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1408611405-8943-3-git-send-email-takahiro.akashi@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=arndb@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=dsaxena@linaro.org \
--cc=keescook@chromium.org \
--cc=linaro-kernel@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.