* [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
@ 2021-11-11 18:57 Jan Kiszka
2021-11-12 1:45 ` Ando Yuta
2021-11-12 8:29 ` Bezdeka, Florian
0 siblings, 2 replies; 4+ messages in thread
From: Jan Kiszka @ 2021-11-11 18:57 UTC (permalink / raw)
To: Philippe Gerum; +Cc: Xenomai, Ando Yuta
From: Jan Kiszka <jan.kiszka@siemens.com>
__secure_computing, called by syscall_trace_enter, returns -1 when a
call should be skipped. We must avoid that this is interpreted as
EXIT_SYSCALL_OOB in the dovetail case.
Fixes, e.g., crashes of Chrome in sandbox mode.
Reported-by: Ando Yuta <andouyuuta@yamaha-motor.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
"Fixes" is my observation - Yuta-san, please confirm also for your setup.
include/linux/entry-common.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h
index 2a08b00632b9..43cf846111d9 100644
--- a/include/linux/entry-common.h
+++ b/include/linux/entry-common.h
@@ -66,8 +66,8 @@
* Status codes of syscall entry when Dovetail is enabled. Must not
* conflict with valid syscall numbers.
*/
-#define EXIT_SYSCALL_OOB (-1)
-#define EXIT_SYSCALL_TAIL (-2)
+#define EXIT_SYSCALL_OOB (-2)
+#define EXIT_SYSCALL_TAIL (-3)
/**
* arch_check_user_regs - Architecture specific sanity check for user mode regs
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
2021-11-11 18:57 [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp Jan Kiszka
@ 2021-11-12 1:45 ` Ando Yuta
2021-11-12 8:29 ` Bezdeka, Florian
1 sibling, 0 replies; 4+ messages in thread
From: Ando Yuta @ 2021-11-12 1:45 UTC (permalink / raw)
To: Jan Kiszka, Philippe Gerum; +Cc: Xenomai
Hi Jan-san
Thanks for the fix.
I checked, and the browser now works fine with xenomai3.2 dovetail.
Thank you for your quick response.
It was very helpful.
Yuta Ando
-----Original Message-----
From: Jan Kiszka <jan.kiszka@siemens.com>
Sent: Friday, November 12, 2021 3:57 AM
To: Philippe Gerum <rpm@xenomai.org>
Cc: Xenomai <xenomai@xenomai.org>; Ando Yuta <andouyuuta@yamaha-motor.co.jp>
Subject: [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
From: Jan Kiszka <jan.kiszka@siemens.com>
__secure_computing, called by syscall_trace_enter, returns -1 when a call should be skipped. We must avoid that this is interpreted as EXIT_SYSCALL_OOB in the dovetail case.
Fixes, e.g., crashes of Chrome in sandbox mode.
Reported-by: Ando Yuta <andouyuuta@yamaha-motor.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
"Fixes" is my observation - Yuta-san, please confirm also for your setup.
include/linux/entry-common.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h index 2a08b00632b9..43cf846111d9 100644
--- a/include/linux/entry-common.h
+++ b/include/linux/entry-common.h
@@ -66,8 +66,8 @@
* Status codes of syscall entry when Dovetail is enabled. Must not
* conflict with valid syscall numbers.
*/
-#define EXIT_SYSCALL_OOB (-1)
-#define EXIT_SYSCALL_TAIL (-2)
+#define EXIT_SYSCALL_OOB (-2)
+#define EXIT_SYSCALL_TAIL (-3)
/**
* arch_check_user_regs - Architecture specific sanity check for user mode regs
--
2.31.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
2021-11-11 18:57 [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp Jan Kiszka
2021-11-12 1:45 ` Ando Yuta
@ 2021-11-12 8:29 ` Bezdeka, Florian
2021-11-12 8:32 ` Jan Kiszka
1 sibling, 1 reply; 4+ messages in thread
From: Bezdeka, Florian @ 2021-11-12 8:29 UTC (permalink / raw)
To: rpm, jan.kiszka; +Cc: xenomai, andouyuuta
On Thu, 2021-11-11 at 19:57 +0100, Jan Kiszka via Xenomai wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
>
> __secure_computing, called by syscall_trace_enter, returns -1 when a
> call should be skipped. We must avoid that this is interpreted as
> EXIT_SYSCALL_OOB in the dovetail case.
>
> Fixes, e.g., crashes of Chrome in sandbox mode.
>
> Reported-by: Ando Yuta <andouyuuta@yamaha-motor.co.jp>
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
>
> "Fixes" is my observation - Yuta-san, please confirm also for your setup.
>
> include/linux/entry-common.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h
> index 2a08b00632b9..43cf846111d9 100644
> --- a/include/linux/entry-common.h
> +++ b/include/linux/entry-common.h
> @@ -66,8 +66,8 @@
> * Status codes of syscall entry when Dovetail is enabled. Must not
> * conflict with valid syscall numbers.
Maybe extend this comment why -1 can not be used here?
> */
> -#define EXIT_SYSCALL_OOB (-1)
> -#define EXIT_SYSCALL_TAIL (-2)
> +#define EXIT_SYSCALL_OOB (-2)
> +#define EXIT_SYSCALL_TAIL (-3)
>
> /**
> * arch_check_user_regs - Architecture specific sanity check for user mode regs
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp
2021-11-12 8:29 ` Bezdeka, Florian
@ 2021-11-12 8:32 ` Jan Kiszka
0 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2021-11-12 8:32 UTC (permalink / raw)
To: Bezdeka, Florian (T RDA IOT SES-DE), rpm; +Cc: xenomai, andouyuuta
On 12.11.21 09:29, Bezdeka, Florian (T RDA IOT SES-DE) wrote:
> On Thu, 2021-11-11 at 19:57 +0100, Jan Kiszka via Xenomai wrote:
>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>
>> __secure_computing, called by syscall_trace_enter, returns -1 when a
>> call should be skipped. We must avoid that this is interpreted as
>> EXIT_SYSCALL_OOB in the dovetail case.
>>
>> Fixes, e.g., crashes of Chrome in sandbox mode.
>>
>> Reported-by: Ando Yuta <andouyuuta@yamaha-motor.co.jp>
>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
>> ---
>>
>> "Fixes" is my observation - Yuta-san, please confirm also for your setup.
>>
>> include/linux/entry-common.h | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h
>> index 2a08b00632b9..43cf846111d9 100644
>> --- a/include/linux/entry-common.h
>> +++ b/include/linux/entry-common.h
>> @@ -66,8 +66,8 @@
>> * Status codes of syscall entry when Dovetail is enabled. Must not
>> * conflict with valid syscall numbers.
>
> Maybe extend this comment why -1 can not be used here?
>
Good point.
Jan
>> */
>> -#define EXIT_SYSCALL_OOB (-1)
>> -#define EXIT_SYSCALL_TAIL (-2)
>> +#define EXIT_SYSCALL_OOB (-2)
>> +#define EXIT_SYSCALL_TAIL (-3)
>>
>> /**
>> * arch_check_user_regs - Architecture specific sanity check for user mode regs
>
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-12 8:32 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-11 18:57 [PATCH] dovetail: Adjust EXIT_SYSCALL_* values to avoid clash with seccomp Jan Kiszka
2021-11-12 1:45 ` Ando Yuta
2021-11-12 8:29 ` Bezdeka, Florian
2021-11-12 8:32 ` Jan Kiszka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.