diff mbox

arm syscall fast path can miss a ptrace syscall-exit

Message ID 5564F5E0.7080108@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Josh Stone May 26, 2015, 10:38 p.m. UTC 
Hi Russell,

Do you plan to commit this check for syscall flags?

On 05/14/2015 02:08 PM, Josh Stone wrote:
> On 05/14/2015 12:35 PM, Russell King - ARM Linux wrote:
>> On Thu, May 14, 2015 at 12:13:40PM -0700, Josh Stone wrote:
>>> I've discovered a case where both arm and arm64 will miss a ptrace
>>> syscall-exit that they should report.  If the syscall is entered without
>>> TIF_SYSCALL_TRACE set, then it goes on the fast path.  It's then
>>> possible to have TIF_SYSCALL_TRACE added in the middle of the syscall,
>>> but ret_fast_syscall doesn't check this flag again.
>>
>> Yes, we assume that if TIF_SYSCALL_TRACE was not set before the call, it
>> isn't set after.  That appears to be an invalid assumption.
>>
>> Here's a patch for ARM - untested atm.
> 
> Thanks!  The system I have at hand is arm64, so I made the similar
> change in arch/arm64/kernel/entry.S, and this passes my test.

FWIW, here's the arm64 change I tested following your example:



>> There's still a possible hole - if we exit the syscall, then do "work"
>> before returning (such as reschedling to another process), and _then_
>> have syscall tracing enabled, we won't trace the exit.  I think that's
>> acceptable as I see no difference between that and having restored
>> state for userspace, and then immediately processing an interrupt and
>> scheduling on the IRQ exit path.
> 
> Yeah, I think that's fine.  I don't think that hole is visible to
> ptrace, at least, and other tracers already have to accept this
> possibility anyway.
> 
>>
>>  arch/arm/kernel/entry-common.S | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
>> index f8ccc21fa032..4e7f40c577e6 100644
>> --- a/arch/arm/kernel/entry-common.S
>> +++ b/arch/arm/kernel/entry-common.S
>> @@ -33,7 +33,9 @@ ret_fast_syscall:
>>   UNWIND(.fnstart	)
>>   UNWIND(.cantunwind	)
>>  	disable_irq				@ disable interrupts
>> -	ldr	r1, [tsk, #TI_FLAGS]
>> +	ldr	r1, [tsk, #TI_FLAGS]		@ re-check for syscall tracing
>> +	tst	r1, #_TIF_SYSCALL_WORK
>> +	bne	__sys_trace_return
>>  	tst	r1, #_TIF_WORK_MASK
>>  	bne	fast_work_pending
>>  	asm_trace_hardirqs_on
>>
>>
>

Comments

Russell King - ARM Linux May 28, 2015, 10:37 a.m. UTC | #1 
On Tue, May 26, 2015 at 03:38:24PM -0700, Josh Stone wrote:
> Hi Russell,
> 
> Do you plan to commit this check for syscall flags?

It's been committed since 15th May, but as it's the only fix I have
queued up (and my focus has been elsewhere) it hasn't been sent yet.
It's been in linux-next for a while now.
Josh Stone May 29, 2015, 8:13 p.m. UTC | #2 
On 05/28/2015 03:37 AM, Russell King - ARM Linux wrote:
> On Tue, May 26, 2015 at 03:38:24PM -0700, Josh Stone wrote:
>> Hi Russell,
>>
>> Do you plan to commit this check for syscall flags?
> 
> It's been committed since 15th May, but as it's the only fix I have
> queued up (and my focus has been elsewhere) it hasn't been sent yet.
> It's been in linux-next for a while now.

Ok, thanks, I see it there.

How about the same fix for arm64?  I see you don't work much on that, so
should I post that patch myself?
Will Deacon June 1, 2015, 10:24 a.m. UTC | #3 
On Fri, May 29, 2015 at 09:13:18PM +0100, Josh Stone wrote:
> On 05/28/2015 03:37 AM, Russell King - ARM Linux wrote:
> > On Tue, May 26, 2015 at 03:38:24PM -0700, Josh Stone wrote:
> >> Do you plan to commit this check for syscall flags?
> > 
> > It's been committed since 15th May, but as it's the only fix I have
> > queued up (and my focus has been elsewhere) it hasn't been sent yet.
> > It's been in linux-next for a while now.
> 
> Ok, thanks, I see it there.
> 
> How about the same fix for arm64?  I see you don't work much on that, so
> should I post that patch myself?

Yes, please. If you post your arm64 patch with me and Catalin on Cc, then
we'll make sure it gets queued up.

Thanks,

Will
diff mbox

Patch

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 959fe8733560..a547a3e8a198 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -608,7 +608,9 @@  ENDPROC(cpu_switch_to)
  */
 ret_fast_syscall:
 	disable_irq				// disable interrupts
-	ldr	x1, [tsk, #TI_FLAGS]
+	ldr	x1, [tsk, #TI_FLAGS]		// re-check for syscall tracing
+	and	x2, x1, #_TIF_SYSCALL_WORK
+	cbnz	x2, __sys_trace_return
 	and	x2, x1, #_TIF_WORK_MASK
 	cbnz	x2, fast_work_pending
 	enable_step_tsk x1, x2