From patchwork Sat Feb 16 02:46:23 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Dmitry V. Levin" <ldv@altlinux.org>
X-Patchwork-Id: 10816121
Return-Path: <linux-parisc-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EAC601399
	for <patchwork-linux-parisc@patchwork.kernel.org>;
 Sat, 16 Feb 2019 02:46:28 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D5E882FF6F
	for <patchwork-linux-parisc@patchwork.kernel.org>;
 Sat, 16 Feb 2019 02:46:28 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C8E642FF72; Sat, 16 Feb 2019 02:46:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4054F2FF6F
	for <patchwork-linux-parisc@patchwork.kernel.org>;
 Sat, 16 Feb 2019 02:46:28 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2390786AbfBPCq1 (ORCPT
        <rfc822;patchwork-linux-parisc@patchwork.kernel.org>);
        Fri, 15 Feb 2019 21:46:27 -0500
Received: from vmicros1.altlinux.org ([194.107.17.57]:55600 "EHLO
        vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1730404AbfBPCq1 (ORCPT
        <rfc822;linux-parisc@vger.kernel.org>);
        Fri, 15 Feb 2019 21:46:27 -0500
Received: from mua.local.altlinux.org (mua.local.altlinux.org [192.168.1.14])
        by vmicros1.altlinux.org (Postfix) with ESMTP id 14FB272CCAE;
        Sat, 16 Feb 2019 05:46:24 +0300 (MSK)
Received: by mua.local.altlinux.org (Postfix, from userid 508)
        id F18EE7CC774; Sat, 16 Feb 2019 05:46:23 +0300 (MSK)
Date: Sat, 16 Feb 2019 05:46:23 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: Helge Deller <deller@gmx.de>
Cc: Oleg Nesterov <oleg@redhat.com>,
        "James E.J. Bottomley" <jejb@parisc-linux.org>,
        linux-parisc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] parisc: Fix ptrace syscall number modification
Message-ID: <20190216024623.GA11910@altlinux.org>
MIME-Version: 1.0
Content-Disposition: inline
Sender: linux-parisc-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-parisc.vger.kernel.org>
X-Mailing-List: linux-parisc@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Commit 910cd32e552e ("parisc: Fix and enable seccomp filter support")
introduced a regression in ptrace-based syscall tampering: when tracer
changes syscall number to -1, the kernel fails to initialize %r28 with
-ENOSYS and subsequently fails to return the error code of the failed
syscall to userspace.

This erroneous behaviour could be observed with a simple strace syscall
fault injection command which is expected to print something like this:

$ strace -a0 -ewrite -einject=write:error=enospc echo hello
write(1, "hello\n", 6) = -1 ENOSPC (No space left on device) (INJECTED)
write(2, "echo: ", 6) = -1 ENOSPC (No space left on device) (INJECTED)
write(2, "write error", 11) = -1 ENOSPC (No space left on device) (INJECTED)
write(2, "\n", 1) = -1 ENOSPC (No space left on device) (INJECTED)
+++ exited with 1 +++

After commit 910cd32e552ea09caa89cdbe328e468979b030dd it loops printing
something like this instead:

write(1, "hello\n", 6../strace: Failed to tamper with process 12345: unexpectedly got no error (return value 0, error 0)
) = 0 (INJECTED)

This bug was found by strace test suite.

Fixes: 910cd32e552e ("parisc: Fix and enable seccomp filter support")
Cc: stable@vger.kernel.org # v4.5+
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
---

 N.B. I have no parisc box to test the patch.

 arch/parisc/kernel/ptrace.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c
index 2582df1c529b..9177f3e68b93 100644
--- a/arch/parisc/kernel/ptrace.c
+++ b/arch/parisc/kernel/ptrace.c
@@ -308,15 +308,17 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
 
 long do_syscall_trace_enter(struct pt_regs *regs)
 {
-	if (test_thread_flag(TIF_SYSCALL_TRACE) &&
-	    tracehook_report_syscall_entry(regs)) {
-		/*
-		 * Tracing decided this syscall should not happen or the
-		 * debugger stored an invalid system call number. Skip
-		 * the system call and the system call restart handling.
-		 */
-		regs->gr[20] = -1UL;
-		goto out;
+	if (test_thread_flag(TIF_SYSCALL_TRACE)) {
+		regs->gr[28] = -ENOSYS;
+		if (tracehook_report_syscall_entry(regs)) {
+			/*
+			 * Tracing decided this syscall should not happen or the
+			 * debugger stored an invalid system call number. Skip
+			 * the system call and the system call restart handling.
+			 */
+			regs->gr[20] = -1UL;
+			return -1;
+		}
 	}
 
 	/* Do the secure computing check after ptrace. */