[opensuse-kernel] [Fwd: [fedora-arm] Fwd: [PATCH 1/2] ARM: audit: fix treatment of saved ip register during syscall tracing]
Could we also get this applied to our kernels, please? -------- Forwarded Message -------- From: Jon Masters <jonathan@jonmasters.org> To: arm <arm@lists.fedoraproject.org>, kernel@lists.fedoraproject.org Subject: [fedora-arm] Fwd: [PATCH 1/2] ARM: audit: fix treatment of saved ip register during syscall tracing Date: Fri, 04 May 2012 13:24:04 -0400 Please apply to our Fedora kernels. -------- Original Message -------- Subject: [PATCH 1/2] ARM: audit: fix treatment of saved ip register during syscall tracing Date: Fri, 4 May 2012 17:52:02 +0100 From: Will Deacon <will.deacon@arm.com> To: patches@arm.linux.org.uk CC: stable@vger.kernel.org The ARM audit code incorrectly uses the saved application ip register value to infer syscall entry or exit. Additionally, the saved value will be clobbered if the current task is not being traced, which can lead to libc corruption if ip is live (apparently glibc uses it for the TLS pointer). This patch fixes the syscall tracing code so that the why parameter is used to infer the syscall direction and the saved ip is only updated if we know that we will be signalling a ptrace trap. Cc: stable@vger.kernel.org Cc: Eric Paris <eparis@redhat.com> Reported-and-tested-by: Jon Masters <jcm@jonmasters.org> Signed-off-by: Will Deacon <will.deacon@arm.com> KernelVersion: 3.4-rc5 --- arch/arm/kernel/ptrace.c | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 80abafb..d8dbe9c 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -916,14 +916,7 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno) { unsigned long ip; - /* - * Save IP. IP is used to denote syscall entry/exit: - * IP = 0 -> entry, = 1 -> exit - */ - ip = regs->ARM_ip; - regs->ARM_ip = why; - - if (!ip) + if (why) audit_syscall_exit(regs); else audit_syscall_entry(AUDIT_ARCH_NR, scno, regs->ARM_r0, @@ -936,6 +929,13 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno) current_thread_info()->syscall = scno; + /* + * IP is used to denote syscall entry/exit: + * IP = 0 -> entry, =1 -> exit + */ + ip = regs->ARM_ip; + regs->ARM_ip = why; + /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) -- 1.7.4.1 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html _______________________________________________ arm mailing list arm@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/arm -- Andrew Wafaa IRC: FunkyPenguin GPG: 0x3A36312F
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/04/2012 04:51 PM, Andrew Wafaa wrote:
Could we also get this applied to our kernels, please?
Which kernels? These two patches were pulled into 3.4-rc6 so they're already in the HEAD kernel. - -Jeff
-------- Forwarded Message -------- From: Jon Masters <jonathan@jonmasters.org> To: arm <arm@lists.fedoraproject.org>, kernel@lists.fedoraproject.org Subject: [fedora-arm] Fwd: [PATCH 1/2] ARM: audit: fix treatment of saved ip register during syscall tracing Date: Fri, 04 May 2012 13:24:04 -0400
Please apply to our Fedora kernels.
-------- Original Message -------- Subject: [PATCH 1/2] ARM: audit: fix treatment of saved ip register during syscall tracing Date: Fri, 4 May 2012 17:52:02 +0100 From: Will Deacon <will.deacon@arm.com> To: patches@arm.linux.org.uk CC: stable@vger.kernel.org
The ARM audit code incorrectly uses the saved application ip register value to infer syscall entry or exit. Additionally, the saved value will be clobbered if the current task is not being traced, which can lead to libc corruption if ip is live (apparently glibc uses it for the TLS pointer).
This patch fixes the syscall tracing code so that the why parameter is used to infer the syscall direction and the saved ip is only updated if we know that we will be signalling a ptrace trap.
Cc: stable@vger.kernel.org Cc: Eric Paris <eparis@redhat.com> Reported-and-tested-by: Jon Masters <jcm@jonmasters.org> Signed-off-by: Will Deacon <will.deacon@arm.com>
KernelVersion: 3.4-rc5 --- arch/arm/kernel/ptrace.c | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 80abafb..d8dbe9c 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -916,14 +916,7 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno) { unsigned long ip;
- /* - * Save IP. IP is used to denote syscall entry/exit: - * IP = 0 -> entry, = 1 -> exit - */ - ip = regs->ARM_ip; - regs->ARM_ip = why; - - if (!ip) + if (why) audit_syscall_exit(regs); else audit_syscall_entry(AUDIT_ARCH_NR, scno, regs->ARM_r0, @@ -936,6 +929,13 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
current_thread_info()->syscall = scno;
+ /* + * IP is used to denote syscall entry/exit: + * IP = 0 -> entry, =1 -> exit + */ + ip = regs->ARM_ip; + regs->ARM_ip = why; + /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
- -- Jeff Mahoney SUSE Labs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqoPRAAoJEB57S2MheeWyOAQP/ixqSNDP4q8s5mRmHNO3vNHK LRXNDXxAAbqIVJ5qAFv4KJV1z/B6c6JnePm0zhoqxgQuA0aCmErOXNZZLsySS01E DZ/5xm7yc6qAK9USow4Q0DBpWYHgBpVb/9nQ7UL39hlc4AfQ3cC9+qldRavct/Cu ekRBPtD+hkDV1fpJf2FXGksnSbJ9t62nU4EbSw/nI+lMgzZsbQa7Kb/bf3SZL47t 6VY92tWhK+YrNivScQFM7sTHI8z4WDB6mWJSIXdHQa3PtJZnRoEGvqxlmtyscU/g Q4LNdINJFcH0BAO65Z6DCzKd8+BZKzYYSMcBIx/gla0FKoI18xPV2QmefBwfD+Xv CZ0mS7/AMEWY/ZTMh3d3j8wu8ZB/fBY5Pt8cITRBFVxdaJAmBP5zNOo1OH4rhHpu XrTyWTCxEGYjQ+t8d50K7tWCfNXLoHumV7Y08fAHUFWT/Ym3zeq/DIkPmnY9jESu yGPbbzDEb/A7OugdbQHoxDZafwCGXO87+4drT4MibWOeSSz/8Q9IYiwd2teotKAC /n7qPxjGKeTUh8VQ4uopdl5fhUPrYYHKvQ4ghtSH5lhfBDV+u0nqWm7L6mtHON4G beqzPOrg66VBFLdY+ejHlxe0ZJS7Lp3Ru7idiMI8WRWP6rp0GDw7E/tjWqveXGUL HA+L/7+X9tOOrNm0gyZm =SCck -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
On Wed, 2012-05-09 at 10:48 -0400, Jeff Mahoney wrote:
On 05/04/2012 04:51 PM, Andrew Wafaa wrote:
Could we also get this applied to our kernels, please?
Which kernels? These two patches were pulled into 3.4-rc6 so they're already in the HEAD kernel.
-Jeff
In that case I'll STFU, thanks for checking and "enlightening" me :-)
-------- Forwarded Message -------- From: Jon Masters <jonathan@jonmasters.org> To: arm <arm@lists.fedoraproject.org>, kernel@lists.fedoraproject.org Subject: [fedora-arm] Fwd: [PATCH 1/2] ARM: audit: fix treatment of saved ip register during syscall tracing Date: Fri, 04 May 2012 13:24:04 -0400
Please apply to our Fedora kernels.
-------- Original Message -------- Subject: [PATCH 1/2] ARM: audit: fix treatment of saved ip register during syscall tracing Date: Fri, 4 May 2012 17:52:02 +0100 From: Will Deacon <will.deacon@arm.com> To: patches@arm.linux.org.uk CC: stable@vger.kernel.org
The ARM audit code incorrectly uses the saved application ip register value to infer syscall entry or exit. Additionally, the saved value will be clobbered if the current task is not being traced, which can lead to libc corruption if ip is live (apparently glibc uses it for the TLS pointer).
This patch fixes the syscall tracing code so that the why parameter is used to infer the syscall direction and the saved ip is only updated if we know that we will be signalling a ptrace trap.
Cc: stable@vger.kernel.org Cc: Eric Paris <eparis@redhat.com> Reported-and-tested-by: Jon Masters <jcm@jonmasters.org> Signed-off-by: Will Deacon <will.deacon@arm.com>
KernelVersion: 3.4-rc5 --- arch/arm/kernel/ptrace.c | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 80abafb..d8dbe9c 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -916,14 +916,7 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno) { unsigned long ip;
- /* - * Save IP. IP is used to denote syscall entry/exit: - * IP = 0 -> entry, = 1 -> exit - */ - ip = regs->ARM_ip; - regs->ARM_ip = why; - - if (!ip) + if (why) audit_syscall_exit(regs); else audit_syscall_entry(AUDIT_ARCH_NR, scno, regs->ARM_r0, @@ -936,6 +929,13 @@ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
current_thread_info()->syscall = scno;
+ /* + * IP is used to denote syscall entry/exit: + * IP = 0 -> entry, =1 -> exit + */ + ip = regs->ARM_ip; + regs->ARM_ip = why; + /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
-- Andrew Wafaa IRC: FunkyPenguin GPG: 0x3A36312F -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
participants (2)
-
Andrew Wafaa -
Jeff Mahoney