From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
To: Rich Felker <dalias@libc.org>
Cc: Michael Karcher <kernel@mkarcher.dialup.fu-berlin.de>,
linux-sh@vger.kernel.org, linux-kernel@vger.kernel.org,
Yoshinori Sato <ysato@users.sourceforge.jp>
Subject: Re: [PATCH 3/4] sh: Add SECCOMP_FILTER
Date: Thu, 3 Sep 2020 08:04:44 +0200 [thread overview]
Message-ID: <c871e590-7027-0470-b112-667ec8437a25@physik.fu-berlin.de> (raw)
In-Reply-To: <20200903054617.GW3265@brightrain.aerifal.cx>
On 9/3/20 7:46 AM, Rich Felker wrote:
>
> OK, I think I have an explanation for the mechanism of the bug, and it
> really is a combination of the 2008 bug (confusion of r0 vs r3) and
> the SECCOMP_FILTER commit. When the syscall_trace_entry code path is
> in use, a syscall with argument 5 having value -1 causes
> do_syscall_trace_enter to return -1 (because it returns regs[0], which
> contains argument 5), which the change in entry-common.S interprets as
> a sign to skip the syscall and jump to syscall_exit, and things blow
> up from there. In particular, SYS_mmap2 is almost always called with
> -1 as the 5th argument (fd), and this is even more common on nommu
> where SYS_brk does not work.
>
> I'll follow up with a new proposed patch.
I'm not sure whether we need another revision of your first patch. Your
previous analysis was at least right regarding the tests 51 and 58
but those have been fixed now.
But there were two other tests failing, weren't there?
I have to recheck later, I just got up (it's 8 AM CEST).
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
next prev parent reply other threads:[~2020-09-03 6:04 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-22 23:13 [PATCH 1/4] sh: Fix validation of system call number Michael Karcher
2020-07-22 23:13 ` [PATCH 2/4] sh: Rearrange blocks in entry-common.S Michael Karcher
2020-07-22 23:20 ` John Paul Adrian Glaubitz
2020-07-22 23:13 ` [PATCH 3/4] sh: Add SECCOMP_FILTER Michael Karcher
2020-07-22 23:20 ` John Paul Adrian Glaubitz
2020-08-28 15:50 ` Rich Felker
2020-08-28 16:21 ` John Paul Adrian Glaubitz
2020-08-28 16:30 ` Rich Felker
2020-08-28 16:38 ` John Paul Adrian Glaubitz
2020-08-28 17:03 ` Rich Felker
2020-08-29 0:49 ` Rich Felker
2020-08-29 11:09 ` John Paul Adrian Glaubitz
2020-09-03 3:56 ` Rich Felker
2020-09-03 5:46 ` Rich Felker
2020-09-03 6:04 ` John Paul Adrian Glaubitz [this message]
2020-09-03 6:17 ` Rich Felker
2020-09-03 6:03 ` John Paul Adrian Glaubitz
2020-07-22 23:13 ` [PATCH 4/4] sh: bring syscall_set_return_value in line with other architectures Michael Karcher
2020-07-22 23:20 ` John Paul Adrian Glaubitz
2020-07-22 23:19 ` [PATCH 1/4] sh: Fix validation of system call number John Paul Adrian Glaubitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c871e590-7027-0470-b112-667ec8437a25@physik.fu-berlin.de \
--to=glaubitz@physik.fu-berlin.de \
--cc=dalias@libc.org \
--cc=kernel@mkarcher.dialup.fu-berlin.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).