[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] linux-user: return EINVAL from prctl(PR_*_SECCO
From: |
James Cowgill |
Subject: |
Re: [Qemu-devel] [PATCH] linux-user: return EINVAL from prctl(PR_*_SECCOMP) |
Date: |
Fri, 3 Nov 2017 15:52:08 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 |
Hi,
On 03/11/17 14:29, Laurent Vivier wrote:
> Le 03/11/2017 à 13:07, James Cowgill a écrit :
>> If an application tries to install a seccomp filter using
>> prctl(PR_SET_SECCOMP), the filter is likely for the target instead of the
>> host
>> architecture. This will probably cause qemu to be immediately killed when it
>> executes another syscall.
>>
>> Prevent this from happening by returning EINVAL from both seccomp prctl
>> calls. This is the error returned by the kernel when seccomp support is
>> disabled.
>>
>> Fixes: https://bugs.launchpad.net/qemu/+bug/1726394
>> Signed-off-by: James Cowgill <address@hidden>
>> ---
>> linux-user/syscall.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
>> index d4497dec5d..43cd5fb2bb 100644
>> --- a/linux-user/syscall.c
>> +++ b/linux-user/syscall.c
>> @@ -10482,6 +10482,10 @@ abi_long do_syscall(void *cpu_env, int num,
>> abi_long arg1,
>> break;
>> }
>> #endif
>> + case PR_GET_SECCOMP:
>> + case PR_SET_SECCOMP:
>> + ret = -TARGET_EINVAL;
>> + break;
>> default:
>> /* Most prctl options have no pointer arguments */
>> ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
>>
>
> I think we should allow PR_GET_SECCOMP, and at least all the modes
> except SECCOMP_MODE_FILTER for PR_SET_SECCOMP.
I tried allowing SECCOMP_MODE_STRICT and made a small test program. It
seems that qemu is SIGKILLed when _exit is used because qemu itself
tries to call rt_sigprocmask which is not an allowed syscall.
PR_GET_SECCOMP can probably be allowed. My reasoning for disabling it
was to match the kernel behavior for when seccomp is disabled by the
Kconfig option.
Thanks,
James