From patchwork Tue Aug 1 14:15:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Celeste Liu X-Patchwork-Id: 13336762 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A3256C00528 for ; Tue, 1 Aug 2023 14:16:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=C+2bFglHi8/QuNwuQV/aFWd/I9VVE+wqGhD1cTHN5Y0=; b=aru7WcTIwTsik2 vv3tlDoYhyybYXfii+wa40Psr7nelgwV0QziaErV3UwDGoAfaljMkroJcaqe5Fv6+8RLP2ZFQTbH9 EX4Mc4JPdDTNBmCbfOHxV/XnjPUyt/2WT/F3GCVIgq1HSmy0KszOtqR6gJ45XYTmAMM/OZaJMO3dU CRjtqk9vVTdj4L3/N/yh9XlPtXCbXiC7b74Lh42lz0PPG3mOZyMV23UKtexMjaiE8+YFUTSKD3wuo zABELV/eOP7xOn4TbZNYhF+hIHkJdRhl+5DYoW+CXRjVe+q1ODzNSO0o3WJQTbaIx2xgVnBPAumqm 1f1hn0lxzO6k3yP+EFEA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qQqAc-002YBI-03; Tue, 01 Aug 2023 14:16:18 +0000 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qQqAY-002YAC-1u for linux-riscv@lists.infradead.org; Tue, 01 Aug 2023 14:16:15 +0000 Received: by mail-pl1-x644.google.com with SMTP id d9443c01a7336-1bb775625e2so37433905ad.1 for ; Tue, 01 Aug 2023 07:16:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690899373; x=1691504173; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=3jFV9XAxcsKZ1IZ7FbIlGmL+fRJueIamD5rnI3l/9I4=; b=BU/pqNAyFkP3cndzLQYB/KyOxc68v55NJDx0inLLo//mG7WvlqrCpmiJ7xQ15WJu6e qxOGCnlzPYCrrKaGqu15t4FfPRNdT4xgHqvlsWsdFmIsxN7Efxt8lOk2iKE7tgREKYP8 vEqaDoJEMWDgLcyKMhoMfwUZ+2BfD2Yw7XMxVvzuaQZrgt/AysZiirIRHF6DWIn/fhR8 9VsRSBYPzI3YZsKo29TQc3WwMfWxjojPAPVFv8CUhL23DIredqJxr7RjSUnFGYRkEHPL tjBvqXjBu/3uAXVShAOLH6IZlYzO41Hnj0cXQQdL+GlMB+wFg/XJa/u2lgZS78z7tsPA 1J0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690899373; x=1691504173; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3jFV9XAxcsKZ1IZ7FbIlGmL+fRJueIamD5rnI3l/9I4=; b=T8QrgcTmSiTK8wzn9MiqFZk+WepYlKSCG/F+PS5P+3xEQz7YKyONY9pgtpfVmZ32tl CBftFaAyYrMzv9/ANzFfzfcVMUO7b/6AyAf8czuvg29ZXtLe8GnmKJHsfJp5wImUk4o2 H0cxhIoCh7rzKpcvL7NW8AVJzgCvSHgbkHcAlHZEQshkDkN/57ifRFQmGvH4/s50S5gQ Wv7dh+P4tyv3U8qOS3PSKvefq3vGXSfP3C2MuN3rgH1TRPLw7xXHWZdYpaAfnlZ1T7H2 Q/c+BcOKQfykG1MrPpuUZMoMEiqoKHCgpDe+7SgHaYi6RJJ53/Zw9eJK9xUR/oMbiWwU gdUg== X-Gm-Message-State: ABy/qLbI3lugI7RnXGhT8spcNq4Ca5YcY7YEBCk4g15sIBKkDYkxiwNa lWWJW/lRRW+jyREeFuf2s8c= X-Google-Smtp-Source: APBJJlExiPxDP932JGscZIrLZalViGmQU7KrT7LdWCbl80hR5iI6lu7lJ6rBiYh9VtxYXBOMai260A== X-Received: by 2002:a17:902:dacf:b0:1bb:c9e3:6d4f with SMTP id q15-20020a170902dacf00b001bbc9e36d4fmr17790506plx.10.1690899373147; Tue, 01 Aug 2023 07:16:13 -0700 (PDT) Received: from localhost ([212.107.28.51]) by smtp.gmail.com with ESMTPSA id h7-20020a170902f7c700b001b8c689060dsm10583434plw.28.2023.08.01.07.16.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Aug 2023 07:16:12 -0700 (PDT) From: Celeste Liu X-Google-Original-From: Celeste Liu To: Palmer Dabbelt , Paul Walmsley , Albert Ou , Guo Ren , =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , Conor Dooley , linux-riscv@lists.infradead.org Cc: linux-kernel@vger.kernel.org, Andreas Schwab , David Laight , Celeste Liu , Felix Yan , Ruizhe Pan , Shiqi Zhang , Emil Renner Berthing Subject: [PATCH v5] riscv: entry: set a0 = -ENOSYS only when syscall != -1 Date: Tue, 1 Aug 2023 22:15:16 +0800 Message-ID: <20230801141607.435192-1-CoelacanthusHex@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230801_071614_653225_6819FAE2 X-CRM114-Status: GOOD ( 13.63 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org When we test seccomp with 6.4 kernel, we found errno has wrong value. If we deny NETLINK_AUDIT with EAFNOSUPPORT, after f0bddf50586d, we will get ENOSYS instead. We got same result with commit 9c2598d43510 ("riscv: entry: Save a0 prior syscall_enter_from_user_mode()"). After analysing code, we think that regs->a0 = -ENOSYS should only be executed when syscall != -1. In __seccomp_filter, when seccomp rejected this syscall with specified errno, they will set a0 to return number as syscall ABI, and then return -1. This return number is finally pass as return number of syscall_enter_from_user_mode, and then is compared with NR_syscalls after converted to ulong (so it will be ULONG_MAX). The condition syscall < NR_syscalls will always be false, so regs->a0 = -ENOSYS is always executed. It covered a0 set by seccomp, so we always get ENOSYS when match seccomp RET_ERRNO rule. Fixes: f0bddf50586d ("riscv: entry: Convert to generic entry") Reported-by: Felix Yan Co-developed-by: Ruizhe Pan Signed-off-by: Ruizhe Pan Co-developed-by: Shiqi Zhang Signed-off-by: Shiqi Zhang Signed-off-by: Celeste Liu Tested-by: Felix Yan Tested-by: Emil Renner Berthing Reviewed-by: Björn Töpel Reviewed-by: Guo Ren --- v4 -> v5: add Tested-by Emil Renner Berthing v3 -> v4: use long instead of ulong to reduce type cast and avoid implementation-defined behavior, and make the judgment of syscall invalid more explicit v2 -> v3: use if-statement instead of set default value, clarify the type of syscall v1 -> v2: added explanation on why always got ENOSYS arch/riscv/kernel/traps.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index f910dfccbf5d2..729f79c97e2bf 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -297,7 +297,7 @@ asmlinkage __visible __trap_section void do_trap_break(struct pt_regs *regs) asmlinkage __visible __trap_section void do_trap_ecall_u(struct pt_regs *regs) { if (user_mode(regs)) { - ulong syscall = regs->a7; + long syscall = regs->a7; regs->epc += 4; regs->orig_a0 = regs->a0; @@ -306,9 +306,9 @@ asmlinkage __visible __trap_section void do_trap_ecall_u(struct pt_regs *regs) syscall = syscall_enter_from_user_mode(regs, syscall); - if (syscall < NR_syscalls) + if (syscall >= 0 && syscall < NR_syscalls) syscall_handler(regs, syscall); - else + else if (syscall != -1) regs->a0 = -ENOSYS; syscall_exit_to_user_mode(regs);