[PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
@ 2021-11-11 18:57 Jan Kiszka
  2021-11-12  1:45 ` Ando Yuta
  2021-11-12  8:29 ` Bezdeka, Florian
  0 siblings, 2 replies; 4+ messages in thread
From: Jan Kiszka @ 2021-11-11 18:57 UTC (permalink / raw)
  To: Philippe Gerum; +Cc: Xenomai, Ando Yuta

From: Jan Kiszka <jan.kiszka@siemens.com>

__secure_computing, called by syscall_trace_enter, returns -1 when a
call should be skipped. We must avoid that this is interpreted as
EXIT_SYSCALL_OOB in the dovetail case.

Fixes, e.g., crashes of Chrome in sandbox mode.

Reported-by: Ando Yuta <andouyuuta@yamaha-motor.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

"Fixes" is my observation - Yuta-san, please confirm also for your setup.

 include/linux/entry-common.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h
index 2a08b00632b9..43cf846111d9 100644
--- a/include/linux/entry-common.h
+++ b/include/linux/entry-common.h
@@ -66,8 +66,8 @@
  * Status codes of syscall entry when Dovetail is enabled. Must not
  * conflict with valid syscall numbers.
  */
-#define EXIT_SYSCALL_OOB	(-1)
-#define EXIT_SYSCALL_TAIL	(-2)
+#define EXIT_SYSCALL_OOB	(-2)
+#define EXIT_SYSCALL_TAIL	(-3)
 
 /**
  * arch_check_user_regs - Architecture specific sanity check for user mode regs
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* RE: [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
  2021-11-11 18:57 [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp Jan Kiszka
@ 2021-11-12  1:45 ` Ando Yuta
  2021-11-12  8:29 ` Bezdeka, Florian
  1 sibling, 0 replies; 4+ messages in thread
From: Ando Yuta @ 2021-11-12  1:45 UTC (permalink / raw)
  To: Jan Kiszka, Philippe Gerum; +Cc: Xenomai

Hi Jan-san

Thanks for the fix.
I checked, and the browser now works fine with xenomai3.2 dovetail.

Thank you for your quick response.
It was very helpful.

Yuta Ando

-----Original Message-----
From: Jan Kiszka <jan.kiszka@siemens.com> 
Sent: Friday, November 12, 2021 3:57 AM
To: Philippe Gerum <rpm@xenomai.org>
Cc: Xenomai <xenomai@xenomai.org>; Ando Yuta <andouyuuta@yamaha-motor.co.jp>
Subject: [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp

From: Jan Kiszka <jan.kiszka@siemens.com>

__secure_computing, called by syscall_trace_enter, returns -1 when a call should be skipped. We must avoid that this is interpreted as EXIT_SYSCALL_OOB in the dovetail case.

Fixes, e.g., crashes of Chrome in sandbox mode.

Reported-by: Ando Yuta <andouyuuta@yamaha-motor.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

"Fixes" is my observation - Yuta-san, please confirm also for your setup.

 include/linux/entry-common.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h index 2a08b00632b9..43cf846111d9 100644
--- a/include/linux/entry-common.h
+++ b/include/linux/entry-common.h
@@ -66,8 +66,8 @@
  * Status codes of syscall entry when Dovetail is enabled. Must not
  * conflict with valid syscall numbers.
  */
-#define EXIT_SYSCALL_OOB	(-1)
-#define EXIT_SYSCALL_TAIL	(-2)
+#define EXIT_SYSCALL_OOB	(-2)
+#define EXIT_SYSCALL_TAIL	(-3)
 
 /**
  * arch_check_user_regs - Architecture specific sanity check for user mode regs
--
2.31.1

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
  2021-11-11 18:57 [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp Jan Kiszka
  2021-11-12  1:45 ` Ando Yuta
@ 2021-11-12  8:29 ` Bezdeka, Florian
  2021-11-12  8:32   ` Jan Kiszka
  1 sibling, 1 reply; 4+ messages in thread
From: Bezdeka, Florian @ 2021-11-12  8:29 UTC (permalink / raw)
  To: rpm, jan.kiszka; +Cc: xenomai, andouyuuta

On Thu, 2021-11-11 at 19:57 +0100, Jan Kiszka via Xenomai wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> __secure_computing, called by syscall_trace_enter, returns -1 when a
> call should be skipped. We must avoid that this is interpreted as
> EXIT_SYSCALL_OOB in the dovetail case.
> 
> Fixes, e.g., crashes of Chrome in sandbox mode.
> 
> Reported-by: Ando Yuta <andouyuuta@yamaha-motor.co.jp>
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> 
> "Fixes" is my observation - Yuta-san, please confirm also for your setup.
> 
>  include/linux/entry-common.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h
> index 2a08b00632b9..43cf846111d9 100644
> --- a/include/linux/entry-common.h
> +++ b/include/linux/entry-common.h
> @@ -66,8 +66,8 @@
>   * Status codes of syscall entry when Dovetail is enabled. Must not
>   * conflict with valid syscall numbers.

Maybe extend this comment why -1 can not be used here?

>   */
> -#define EXIT_SYSCALL_OOB	(-1)
> -#define EXIT_SYSCALL_TAIL	(-2)
> +#define EXIT_SYSCALL_OOB	(-2)
> +#define EXIT_SYSCALL_TAIL	(-3)
>  
>  /**
>   * arch_check_user_regs - Architecture specific sanity check for user mode regs


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
  2021-11-12  8:29 ` Bezdeka, Florian
@ 2021-11-12  8:32   ` Jan Kiszka
  0 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2021-11-12  8:32 UTC (permalink / raw)
  To: Bezdeka, Florian (T RDA IOT SES-DE), rpm; +Cc: xenomai, andouyuuta

On 12.11.21 09:29, Bezdeka, Florian (T RDA IOT SES-DE) wrote:
> On Thu, 2021-11-11 at 19:57 +0100, Jan Kiszka via Xenomai wrote:
>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>
>> __secure_computing, called by syscall_trace_enter, returns -1 when a
>> call should be skipped. We must avoid that this is interpreted as
>> EXIT_SYSCALL_OOB in the dovetail case.
>>
>> Fixes, e.g., crashes of Chrome in sandbox mode.
>>
>> Reported-by: Ando Yuta <andouyuuta@yamaha-motor.co.jp>
>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
>> ---
>>
>> "Fixes" is my observation - Yuta-san, please confirm also for your setup.
>>
>>  include/linux/entry-common.h | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h
>> index 2a08b00632b9..43cf846111d9 100644
>> --- a/include/linux/entry-common.h
>> +++ b/include/linux/entry-common.h
>> @@ -66,8 +66,8 @@
>>   * Status codes of syscall entry when Dovetail is enabled. Must not
>>   * conflict with valid syscall numbers.
> 
> Maybe extend this comment why -1 can not be used here?
> 

Good point.

Jan

>>   */
>> -#define EXIT_SYSCALL_OOB     (-1)
>> -#define EXIT_SYSCALL_TAIL    (-2)
>> +#define EXIT_SYSCALL_OOB     (-2)
>> +#define EXIT_SYSCALL_TAIL    (-3)
>>
>>  /**
>>   * arch_check_user_regs - Architecture specific sanity check for user mode regs
> 

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-11-12  8:32 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-11 18:57 [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp Jan Kiszka
2021-11-12  1:45 ` Ando Yuta
2021-11-12  8:29 ` Bezdeka, Florian
2021-11-12  8:32   ` Jan Kiszka

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.