[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] linux-user: return EINVAL from prctl(PR_*_SECCO
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH] linux-user: return EINVAL from prctl(PR_*_SECCOMP) |
Date: |
Fri, 3 Nov 2017 14:30:53 +0000 |
On 3 November 2017 at 12:07, James Cowgill <address@hidden> wrote:
> If an application tries to install a seccomp filter using
> prctl(PR_SET_SECCOMP), the filter is likely for the target instead of the host
> architecture. This will probably cause qemu to be immediately killed when it
> executes another syscall.
>
> Prevent this from happening by returning EINVAL from both seccomp prctl
> calls. This is the error returned by the kernel when seccomp support is
> disabled.
>
> Fixes: https://bugs.launchpad.net/qemu/+bug/1726394
> Signed-off-by: James Cowgill <address@hidden>
> ---
> linux-user/syscall.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index d4497dec5d..43cd5fb2bb 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -10482,6 +10482,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long
> arg1,
> break;
> }
> #endif
> + case PR_GET_SECCOMP:
> + case PR_SET_SECCOMP:
> + ret = -TARGET_EINVAL;
> + break;
> default:
> /* Most prctl options have no pointer arguments */
> ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
>
Seems like a good idea -- can we have the "why are we failing this"
in a comment as well as in the commit message, please?
thanks
-- PMM