riscv: reject invalid syscalls below -1

Message ID	20191218084757.904971-1-david.abdurachmanov@sifive.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=GtYG=2I=lists.infradead.org=linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 55ABE21582 From: David Abdurachmanov <david.abdurachmanov@gmail.com> To: Paul Walmsley <paul.walmsley@sifive.com>, Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>, David Abdurachmanov <david.abdurachmanov@sifive.com>, Kees Cook <keescook@chromium.org>, Anup Patel <Anup.Patel@wdc.com>, Vincent Chen <vincent.chen@sifive.com>, Valentin Schneider <valentin.schneider@arm.com>, Thomas Gleixner <tglx@linutronix.de>, Bin Meng <bmeng.cn@gmail.com>, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH] riscv: reject invalid syscalls below -1 Date: Wed, 18 Dec 2019 10:47:56 +0200 Message-Id: <20191218084757.904971-1-david.abdurachmanov@sifive.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:444 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (david.abdurachmanov[at]gmail.com) 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain Precedence: list Cc: david.abdurachmanov@gmail.com Sender: "linux-riscv" <linux-riscv-bounces@lists.infradead.org> Errors-To: linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@lists.infradead.org
Series	riscv: reject invalid syscalls below -1 \| expand riscv: reject invalid syscalls below -1

Message ID

20191218084757.904971-1-david.abdurachmanov@sifive.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 55ABE21582
From: David Abdurachmanov <david.abdurachmanov@gmail.com>
To: Paul Walmsley <paul.walmsley@sifive.com>,
 Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>,
 David Abdurachmanov <david.abdurachmanov@sifive.com>,
 Kees Cook <keescook@chromium.org>, Anup Patel <Anup.Patel@wdc.com>,
 Vincent Chen <vincent.chen@sifive.com>,
 Valentin Schneider <valentin.schneider@arm.com>,
 Thomas Gleixner <tglx@linutronix.de>, Bin Meng <bmeng.cn@gmail.com>,
 linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH] riscv: reject invalid syscalls below -1
Date: Wed, 18 Dec 2019 10:47:56 +0200
Message-Id: <20191218084757.904971-1-david.abdurachmanov@sifive.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Cc: david.abdurachmanov@gmail.com
Sender: "linux-riscv" <linux-riscv-bounces@lists.infradead.org>
Errors-To: 
 linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@lists.infradead.org

Series

riscv: reject invalid syscalls below -1 | expand

Commit Message

David Abdurachmanov Dec. 18, 2019, 8:47 a.m. UTC

Running "stress-ng --enosys 4 -t 20 -v" showed a large number of kernel oops
with "Unable to handle kernel paging request at virtual address" message. This
happens when enosys stressor starts testing random non-valid syscalls.

I forgot to redirect any syscall below -1 to sys_ni_syscall.

With the patch kernel oops messages are gone while running stress-ng enosys
stressor.

Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
Fixes: 5340627e3fe0 ("riscv: add support for SECCOMP and SECCOMP_FILTER")
---
 arch/riscv/kernel/entry.S | 1 +
 1 file changed, 1 insertion(+)

Comments

Andreas Schwab Dec. 18, 2019, 9:46 a.m. UTC | #1

On Dez 18 2019, David Abdurachmanov wrote:

> diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> index a1349ca64669..e163b7b64c86 100644
> --- a/arch/riscv/kernel/entry.S
> +++ b/arch/riscv/kernel/entry.S
> @@ -246,6 +246,7 @@ check_syscall_nr:
>  	 */
>  	li t1, -1
>  	beq a7, t1, ret_from_syscall_rejected
> +	blt a7, t1, 1f

How about using bgeu instead in the preceding check?

	/*
	 * Syscall number held in a7.
	 * If syscall number is above allowed value, redirect to ni_syscall.
	 */
	bge a7, t0, 1f

Andreas.

David Abdurachmanov Dec. 18, 2019, 10:06 a.m. UTC | #2

On Wed, Dec 18, 2019 at 11:46 AM Andreas Schwab <schwab@suse.de> wrote:
>
> On Dez 18 2019, David Abdurachmanov wrote:
>
> > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> > index a1349ca64669..e163b7b64c86 100644
> > --- a/arch/riscv/kernel/entry.S
> > +++ b/arch/riscv/kernel/entry.S
> > @@ -246,6 +246,7 @@ check_syscall_nr:
> >        */
> >       li t1, -1
> >       beq a7, t1, ret_from_syscall_rejected
> > +     blt a7, t1, 1f
>
> How about using bgeu instead in the preceding check?

The syscall number could be -1 if tracer rejected it.

We could do:

li t0, __NR_syscalls
[..]
// first check if syscall was rejected
li t1, -1
beq a7, t1, ret_from_syscall_rejected
// then check the bounds
bgeu a7, t0, 1f

>
>         /*
>          * Syscall number held in a7.
>          * If syscall number is above allowed value, redirect to ni_syscall.
>          */
>         bge a7, t0, 1f
>
> Andreas.
>
> --
> Andreas Schwab, SUSE Labs, schwab@suse.de
> GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
> "And now for something completely different."

Andreas Schwab Dec. 18, 2019, 10:35 a.m. UTC | #3

On Dez 18 2019, David Abdurachmanov wrote:

> On Wed, Dec 18, 2019 at 11:46 AM Andreas Schwab <schwab@suse.de> wrote:
>>
>> On Dez 18 2019, David Abdurachmanov wrote:
>>
>> > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
>> > index a1349ca64669..e163b7b64c86 100644
>> > --- a/arch/riscv/kernel/entry.S
>> > +++ b/arch/riscv/kernel/entry.S
>> > @@ -246,6 +246,7 @@ check_syscall_nr:
>> >        */
>> >       li t1, -1
>> >       beq a7, t1, ret_from_syscall_rejected
>> > +     blt a7, t1, 1f
>>
>> How about using bgeu instead in the preceding check?
>
> The syscall number could be -1 if tracer rejected it.

So check for -1 first, then for out-of-range?

Andreas.

Paul Walmsley Dec. 28, 2019, 6:02 a.m. UTC | #4

On Wed, 18 Dec 2019, David Abdurachmanov wrote:

> Running "stress-ng --enosys 4 -t 20 -v" showed a large number of kernel oops
> with "Unable to handle kernel paging request at virtual address" message. This
> happens when enosys stressor starts testing random non-valid syscalls.
> 
> I forgot to redirect any syscall below -1 to sys_ni_syscall.
> 
> With the patch kernel oops messages are gone while running stress-ng enosys
> stressor.
> 
> Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
> Fixes: 5340627e3fe0 ("riscv: add support for SECCOMP and SECCOMP_FILTER")

From the thread, I couldn't tell whether you were happy with this patch as 
it stands or not; the thread seems to have petered out.  So this one has 
been queued for v5.5-rc; let me know if you didn't intend for that to 
happen.

- Paul

diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
index a1349ca64669..e163b7b64c86 100644
--- a/arch/riscv/kernel/entry.S
+++ b/arch/riscv/kernel/entry.S
@@ -246,6 +246,7 @@  check_syscall_nr:
 	 */
 	li t1, -1
 	beq a7, t1, ret_from_syscall_rejected
+	blt a7, t1, 1f
 	/* Call syscall */
 	la s0, sys_call_table
 	slli t0, a7, RISCV_LGPTR

riscv: reject invalid syscalls below -1

Commit Message

Comments

Patch