From patchwork Mon Nov 20 21:21:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Riku Voipio X-Patchwork-Id: 10067337 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D58F660597 for ; Mon, 20 Nov 2017 21:31:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C8BFE2929C for ; Mon, 20 Nov 2017 21:31:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BD748292E1; Mon, 20 Nov 2017 21:31:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 2F2AA2929C for ; Mon, 20 Nov 2017 21:31:16 +0000 (UTC) Received: from localhost ([::1]:59835 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eGtet-0003Mv-2y for patchwork-qemu-devel@patchwork.kernel.org; Mon, 20 Nov 2017 16:31:15 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58235) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eGtVz-0004g1-1N for qemu-devel@nongnu.org; Mon, 20 Nov 2017 16:22:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eGtVy-0007xd-1i for qemu-devel@nongnu.org; Mon, 20 Nov 2017 16:22:03 -0500 Received: from mail-lf0-x241.google.com ([2a00:1450:4010:c07::241]:42559) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eGtVx-0007wv-QM for qemu-devel@nongnu.org; Mon, 20 Nov 2017 16:22:01 -0500 Received: by mail-lf0-x241.google.com with SMTP id m1so11692554lfj.9 for ; Mon, 20 Nov 2017 13:22:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=hhsx5CA6sbOw77fMKH++zZhcMEV1dHmJ6/2FsTPNMOo=; b=HsGCLG26V4lacFignAeS9UipmoSEkOgOYcjY/HAsgoiQDvBn2TB3DkIhkolqmnccEj Fkp/ob3WiSl4CbDn6h0fuqxwpvEHA/0MTJEPdDMOdRtxDAEc29Bg7OYkbHWFc52dTh4b KgBsfY08y3lWHqc/8IRspZo+jwIP1WZSSpTAY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=hhsx5CA6sbOw77fMKH++zZhcMEV1dHmJ6/2FsTPNMOo=; b=o+3h0ddAyI7g+eNljvfuaJnqWdJYWhoImJoQU0CqVjSBmyaGflEMtc66H9IxZNNdG5 GHJfEkopB8TnV3Ulyn6sNmuCAi4r8j81YleSNSkHXohwgBZjW2the16DxFgg5Zul58jC sG/ReD/f4H8NN9b7tCAQhG8fJ7V7NoMvCDsexO/DUzbvSh5El9U8cf6TibKNfWawgJcv wwRga77jy6Qp8sS68dn4o0FOWTCbvJoGu0zmLhLKK5b5chIT5KyUZu9JhNx0ii9GA/lG djvUNmjYmaIF8aGFhiXG7ZaeIvOhuKHWWxdRGNou+ASlMIjXUJtXjy3ZIDJGlNCvKOv4 iLrg== X-Gm-Message-State: AJaThX6aYWOIdtvVCw89+vmjjfXRgTKKhgdjyvW0L5p5zygR/G3CVEui 23a0gufX+3gQ/KFskXifbZkMC3fyOHg= X-Google-Smtp-Source: AGs4zMZCfiL3Pw9eJysOwlfagTD19pkWFIwqV/wMQR+zsLIwLNt4Rf7GPzs29gICJEfyZAHPDI6inw== X-Received: by 10.25.18.146 with SMTP id 18mr3265678lfs.160.1511212920350; Mon, 20 Nov 2017 13:22:00 -0800 (PST) Received: from beaming.home (91-157-170-157.elisa-laajakaista.fi. [91.157.170.157]) by smtp.gmail.com with ESMTPSA id v63sm1645409lje.39.2017.11.20.13.21.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Nov 2017 13:21:59 -0800 (PST) From: riku.voipio@linaro.org To: qemu-devel@nongnu.org Date: Mon, 20 Nov 2017 23:21:38 +0200 Message-Id: X-Mailer: git-send-email 2.14.2 In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4010:c07::241 Subject: [Qemu-devel] [PULL 10/15] linux-user: return EINVAL from prctl(PR_*_SECCOMP) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: James Cowgill Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: James Cowgill If an application tries to install a seccomp filter using prctl(PR_SET_SECCOMP), the filter is likely for the target instead of the host architecture. This will probably cause qemu to be immediately killed when it executes another syscall. Prevent this from happening by returning EINVAL from both seccomp prctl calls. This is the error returned by the kernel when seccomp support is disabled. Fixes: https://bugs.launchpad.net/qemu/+bug/1726394 Reviewed-by: Laurent Vivier Signed-off-by: James Cowgill Signed-off-by: Riku Voipio --- linux-user/syscall.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 84e123b67b..f31b853bb7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -10505,6 +10505,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, break; } #endif + case PR_GET_SECCOMP: + case PR_SET_SECCOMP: + /* Disable seccomp to prevent the target disabling syscalls we + * need. */ + ret = -TARGET_EINVAL; + break; default: /* Most prctl options have no pointer arguments */ ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));