From: Kees Cook <keescook@chromium.org>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: "linuxppc-dev@ozlabs.org" <linuxppc-dev@ozlabs.org>,
LKML <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Will Drewry <wad@chromium.org>,
strosake@linux.vnet.ibm.com, bogdan.purcareata@freescale.com
Subject: Re: [PATCH 01/11] powerpc/kernel: Switch to using MAX_ERRNO
Date: Mon, 27 Jul 2015 11:45:15 -0700 [thread overview]
Message-ID: <CAGXu5jJqW0KK4QkMArH8Rmbax7EDfy1jE_8MSQ5VsUjAWgoU9g@mail.gmail.com> (raw)
In-Reply-To: <1437646871-3195-1-git-send-email-mpe@ellerman.id.au>
On Thu, Jul 23, 2015 at 3:21 AM, Michael Ellerman <mpe@ellerman.id.au> wrote:
> Currently on powerpc we have our own #define for the highest (negative)
> errno value, called _LAST_ERRNO. This is defined to be 516, for reasons
> which are not clear.
>
> The generic code, and x86, use MAX_ERRNO, which is defined to be 4095.
>
> In particular seccomp uses MAX_ERRNO to restrict the value that a
> seccomp filter can return.
>
> Currently with the mismatch between _LAST_ERRNO and MAX_ERRNO, a seccomp
> tracer wanting to return 600, expecting it to be seen as an error, would
> instead find on powerpc that userspace sees a successful syscall with a
> return value of 600.
>
> To avoid this inconsistency, switch powerpc to use MAX_ERRNO.
>
> We are somewhat confident that generic syscalls that can return a
> non-error value above negative MAX_ERRNO have already been updated to
> use force_successful_syscall_return().
>
> I have also checked all the powerpc specific syscalls, and believe that
> none of them expect to return a non-error value between -MAX_ERRNO and
> -516. So this change should be safe ...
>
> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> arch/powerpc/include/uapi/asm/errno.h | 2 --
> arch/powerpc/kernel/entry_32.S | 3 ++-
> arch/powerpc/kernel/entry_64.S | 5 +++--
> 3 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/arch/powerpc/include/uapi/asm/errno.h b/arch/powerpc/include/uapi/asm/errno.h
> index 8c145fd17d86..e8b6b5f7de7c 100644
> --- a/arch/powerpc/include/uapi/asm/errno.h
> +++ b/arch/powerpc/include/uapi/asm/errno.h
> @@ -6,6 +6,4 @@
> #undef EDEADLOCK
> #define EDEADLOCK 58 /* File locking deadlock error */
>
> -#define _LAST_ERRNO 516
> -
> #endif /* _ASM_POWERPC_ERRNO_H */
> diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
> index 46fc0f4d8982..67ecdf61f4e3 100644
> --- a/arch/powerpc/kernel/entry_32.S
> +++ b/arch/powerpc/kernel/entry_32.S
> @@ -20,6 +20,7 @@
> */
>
> #include <linux/errno.h>
> +#include <linux/err.h>
> #include <linux/sys.h>
> #include <linux/threads.h>
> #include <asm/reg.h>
> @@ -354,7 +355,7 @@ ret_from_syscall:
> SYNC
> MTMSRD(r10)
> lwz r9,TI_FLAGS(r12)
> - li r8,-_LAST_ERRNO
> + li r8,-MAX_ERRNO
> andi. r0,r9,(_TIF_SYSCALL_DOTRACE|_TIF_SINGLESTEP|_TIF_USER_WORK_MASK|_TIF_PERSYSCALL_MASK)
> bne- syscall_exit_work
> cmplw 0,r3,r8
> diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
> index 579e0f9a2d57..ee15d3c62e26 100644
> --- a/arch/powerpc/kernel/entry_64.S
> +++ b/arch/powerpc/kernel/entry_64.S
> @@ -19,6 +19,7 @@
> */
>
> #include <linux/errno.h>
> +#include <linux/err.h>
> #include <asm/unistd.h>
> #include <asm/processor.h>
> #include <asm/page.h>
> @@ -207,7 +208,7 @@ system_call: /* label this so stack traces look sane */
> #endif /* CONFIG_PPC_BOOK3E */
>
> ld r9,TI_FLAGS(r12)
> - li r11,-_LAST_ERRNO
> + li r11,-MAX_ERRNO
> andi. r0,r9,(_TIF_SYSCALL_DOTRACE|_TIF_SINGLESTEP|_TIF_USER_WORK_MASK|_TIF_PERSYSCALL_MASK)
> bne- syscall_exit_work
> cmpld r3,r11
> @@ -277,7 +278,7 @@ syscall_exit_work:
> beq+ 0f
> REST_NVGPRS(r1)
> b 2f
> -0: cmpld r3,r11 /* r10 is -LAST_ERRNO */
> +0: cmpld r3,r11 /* r11 is -MAX_ERRNO */
> blt+ 1f
> andi. r0,r9,_TIF_NOERROR
> bne- 1f
> --
> 2.1.0
>
--
Kees Cook
Chrome OS Security
prev parent reply other threads:[~2015-07-27 18:45 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-23 10:21 [PATCH 01/11] powerpc/kernel: Switch to using MAX_ERRNO Michael Ellerman
2015-07-23 10:21 ` [PATCH 02/11] powerpc/kernel: Change the do_syscall_trace_enter() API Michael Ellerman
2015-07-27 18:48 ` Kees Cook
2015-07-23 10:21 ` [PATCH 03/11] powerpc: Drop unused syscall_get_error() Michael Ellerman
2015-07-27 18:48 ` Kees Cook
2015-07-23 10:21 ` [PATCH 04/11] powerpc: Don't negate error in syscall_set_return_value() Michael Ellerman
2015-07-27 18:49 ` Kees Cook
2015-07-23 10:21 ` [PATCH 05/11] powerpc: Rework syscall_get_arguments() so there is only one loop Michael Ellerman
2015-07-27 18:50 ` Kees Cook
2015-07-23 10:21 ` [PATCH 06/11] powerpc: Use orig_gpr3 in syscall_get_arguments() Michael Ellerman
2015-07-27 18:52 ` Kees Cook
2015-07-23 10:21 ` [PATCH 07/11] powerpc: Change syscall_get_nr() to return int Michael Ellerman
2015-07-27 18:53 ` Kees Cook
2015-07-23 10:21 ` [PATCH 08/11] powerpc/kernel: Add SIG_SYS support for compat tasks Michael Ellerman
2015-07-27 18:54 ` Kees Cook
2015-07-23 10:21 ` [PATCH 09/11] powerpc/kernel: Enable seccomp filter Michael Ellerman
2015-07-27 18:56 ` Kees Cook
2015-07-30 5:56 ` [PATCH v2] " Michael Ellerman
2015-07-30 16:39 ` Kees Cook
2015-07-23 10:21 ` [PATCH 10/11] selftests/seccomp: Make seccomp tests work on big endian Michael Ellerman
2015-07-27 18:57 ` Kees Cook
2015-07-23 10:21 ` [PATCH 11/11] selftests/seccomp: Add powerpc support Michael Ellerman
2015-07-27 18:59 ` Kees Cook
2015-07-28 12:18 ` Michael Ellerman
2015-07-27 18:45 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5jJqW0KK4QkMArH8Rmbax7EDfy1jE_8MSQ5VsUjAWgoU9g@mail.gmail.com \
--to=keescook@chromium.org \
--cc=bogdan.purcareata@freescale.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=luto@amacapital.net \
--cc=mpe@ellerman.id.au \
--cc=strosake@linux.vnet.ibm.com \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).