Hello,
This is the same issue as ppc64 before, when returning to userland we
shouldn't re-compute the seccomp check or the task could be killed
during sigreturn when orig_eax is overwritten by the sigreturn syscall.
This was found by Roland.
This was harmless from a security standpoint, but some i686 users
reported failures with auditing enabled system wide (some distro
surprisingly makes it the default) and I reproduced it too by keeping
the whole workload under strace -f.
Patch is tested and works for me under strace -f.
[EMAIL PROTECTED]:~/cpushare> strace -o /tmp/o -f python seccomp_test.py
make: Nothing to be done for `seccomp_test'.
Starting computing some malicious bytecode
init
load
start
stop
receive_data failure
kill
exit_code 0 signal 9
The malicious bytecode has been killed successfully by seccomp
Starting computing some safe bytecode
init
load
start
stop
174 counts
kill
exit_code 0 signal 0
The seccomp_test.py completed successfully, thank you for testing.
Thanks.
Signed-off-by: Andrea Arcangeli <[EMAIL PROTECTED]>
diff -r 1df7bfbb783f arch/i386/kernel/ptrace.c
--- a/arch/i386/kernel/ptrace.c Fri Sep 2 09:01:35 2005
+++ b/arch/i386/kernel/ptrace.c Mon Sep 5 05:30:49 2005
@@ -680,8 +680,9 @@
__attribute__((regparm(3)))
void do_syscall_trace(struct pt_regs *regs, int entryexit)
{
- /* do the secure computing check first */
- secure_computing(regs->orig_eax);
+ if (!entryexit)
+ /* do the secure computing check first */
+ secure_computing(regs->orig_eax);
if (unlikely(current->audit_context) && entryexit)
audit_syscall_exit(current, AUDITSC_RESULT(regs->eax),
regs->eax);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
