linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: "linuxppc-dev@ozlabs.org" <linuxppc-dev@ozlabs.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	strosake@linux.vnet.ibm.com, bogdan.purcareata@freescale.com
Subject: Re: [PATCH 01/11] powerpc/kernel: Switch to using MAX_ERRNO
Date: Mon, 27 Jul 2015 11:45:15 -0700	[thread overview]
Message-ID: <CAGXu5jJqW0KK4QkMArH8Rmbax7EDfy1jE_8MSQ5VsUjAWgoU9g@mail.gmail.com> (raw)
In-Reply-To: <1437646871-3195-1-git-send-email-mpe@ellerman.id.au>

On Thu, Jul 23, 2015 at 3:21 AM, Michael Ellerman <mpe@ellerman.id.au> wrote:
> Currently on powerpc we have our own #define for the highest (negative)
> errno value, called _LAST_ERRNO. This is defined to be 516, for reasons
> which are not clear.
>
> The generic code, and x86, use MAX_ERRNO, which is defined to be 4095.
>
> In particular seccomp uses MAX_ERRNO to restrict the value that a
> seccomp filter can return.
>
> Currently with the mismatch between _LAST_ERRNO and MAX_ERRNO, a seccomp
> tracer wanting to return 600, expecting it to be seen as an error, would
> instead find on powerpc that userspace sees a successful syscall with a
> return value of 600.
>
> To avoid this inconsistency, switch powerpc to use MAX_ERRNO.
>
> We are somewhat confident that generic syscalls that can return a
> non-error value above negative MAX_ERRNO have already been updated to
> use force_successful_syscall_return().
>
> I have also checked all the powerpc specific syscalls, and believe that
> none of them expect to return a non-error value between -MAX_ERRNO and
> -516. So this change should be safe ...
>
> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  arch/powerpc/include/uapi/asm/errno.h | 2 --
>  arch/powerpc/kernel/entry_32.S        | 3 ++-
>  arch/powerpc/kernel/entry_64.S        | 5 +++--
>  3 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/arch/powerpc/include/uapi/asm/errno.h b/arch/powerpc/include/uapi/asm/errno.h
> index 8c145fd17d86..e8b6b5f7de7c 100644
> --- a/arch/powerpc/include/uapi/asm/errno.h
> +++ b/arch/powerpc/include/uapi/asm/errno.h
> @@ -6,6 +6,4 @@
>  #undef EDEADLOCK
>  #define        EDEADLOCK       58      /* File locking deadlock error */
>
> -#define _LAST_ERRNO    516
> -
>  #endif /* _ASM_POWERPC_ERRNO_H */
> diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
> index 46fc0f4d8982..67ecdf61f4e3 100644
> --- a/arch/powerpc/kernel/entry_32.S
> +++ b/arch/powerpc/kernel/entry_32.S
> @@ -20,6 +20,7 @@
>   */
>
>  #include <linux/errno.h>
> +#include <linux/err.h>
>  #include <linux/sys.h>
>  #include <linux/threads.h>
>  #include <asm/reg.h>
> @@ -354,7 +355,7 @@ ret_from_syscall:
>         SYNC
>         MTMSRD(r10)
>         lwz     r9,TI_FLAGS(r12)
> -       li      r8,-_LAST_ERRNO
> +       li      r8,-MAX_ERRNO
>         andi.   r0,r9,(_TIF_SYSCALL_DOTRACE|_TIF_SINGLESTEP|_TIF_USER_WORK_MASK|_TIF_PERSYSCALL_MASK)
>         bne-    syscall_exit_work
>         cmplw   0,r3,r8
> diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
> index 579e0f9a2d57..ee15d3c62e26 100644
> --- a/arch/powerpc/kernel/entry_64.S
> +++ b/arch/powerpc/kernel/entry_64.S
> @@ -19,6 +19,7 @@
>   */
>
>  #include <linux/errno.h>
> +#include <linux/err.h>
>  #include <asm/unistd.h>
>  #include <asm/processor.h>
>  #include <asm/page.h>
> @@ -207,7 +208,7 @@ system_call:                        /* label this so stack traces look sane */
>  #endif /* CONFIG_PPC_BOOK3E */
>
>         ld      r9,TI_FLAGS(r12)
> -       li      r11,-_LAST_ERRNO
> +       li      r11,-MAX_ERRNO
>         andi.   r0,r9,(_TIF_SYSCALL_DOTRACE|_TIF_SINGLESTEP|_TIF_USER_WORK_MASK|_TIF_PERSYSCALL_MASK)
>         bne-    syscall_exit_work
>         cmpld   r3,r11
> @@ -277,7 +278,7 @@ syscall_exit_work:
>         beq+    0f
>         REST_NVGPRS(r1)
>         b       2f
> -0:     cmpld   r3,r11          /* r10 is -LAST_ERRNO */
> +0:     cmpld   r3,r11          /* r11 is -MAX_ERRNO */
>         blt+    1f
>         andi.   r0,r9,_TIF_NOERROR
>         bne-    1f
> --
> 2.1.0
>



-- 
Kees Cook
Chrome OS Security

      parent reply	other threads:[~2015-07-27 18:45 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-23 10:21 [PATCH 01/11] powerpc/kernel: Switch to using MAX_ERRNO Michael Ellerman
2015-07-23 10:21 ` [PATCH 02/11] powerpc/kernel: Change the do_syscall_trace_enter() API Michael Ellerman
2015-07-27 18:48   ` Kees Cook
2015-07-23 10:21 ` [PATCH 03/11] powerpc: Drop unused syscall_get_error() Michael Ellerman
2015-07-27 18:48   ` Kees Cook
2015-07-23 10:21 ` [PATCH 04/11] powerpc: Don't negate error in syscall_set_return_value() Michael Ellerman
2015-07-27 18:49   ` Kees Cook
2015-07-23 10:21 ` [PATCH 05/11] powerpc: Rework syscall_get_arguments() so there is only one loop Michael Ellerman
2015-07-27 18:50   ` Kees Cook
2015-07-23 10:21 ` [PATCH 06/11] powerpc: Use orig_gpr3 in syscall_get_arguments() Michael Ellerman
2015-07-27 18:52   ` Kees Cook
2015-07-23 10:21 ` [PATCH 07/11] powerpc: Change syscall_get_nr() to return int Michael Ellerman
2015-07-27 18:53   ` Kees Cook
2015-07-23 10:21 ` [PATCH 08/11] powerpc/kernel: Add SIG_SYS support for compat tasks Michael Ellerman
2015-07-27 18:54   ` Kees Cook
2015-07-23 10:21 ` [PATCH 09/11] powerpc/kernel: Enable seccomp filter Michael Ellerman
2015-07-27 18:56   ` Kees Cook
2015-07-30  5:56   ` [PATCH v2] " Michael Ellerman
2015-07-30 16:39     ` Kees Cook
2015-07-23 10:21 ` [PATCH 10/11] selftests/seccomp: Make seccomp tests work on big endian Michael Ellerman
2015-07-27 18:57   ` Kees Cook
2015-07-23 10:21 ` [PATCH 11/11] selftests/seccomp: Add powerpc support Michael Ellerman
2015-07-27 18:59   ` Kees Cook
2015-07-28 12:18     ` Michael Ellerman
2015-07-27 18:45 ` Kees Cook [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGXu5jJqW0KK4QkMArH8Rmbax7EDfy1jE_8MSQ5VsUjAWgoU9g@mail.gmail.com \
    --to=keescook@chromium.org \
    --cc=bogdan.purcareata@freescale.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@ozlabs.org \
    --cc=luto@amacapital.net \
    --cc=mpe@ellerman.id.au \
    --cc=strosake@linux.vnet.ibm.com \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).