korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-21 12:11:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
linux-6.10.y
linux/arch
History
Huacai Chen 268a625399 LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h 
commit 7697a0fe01 upstream.

Chromium sandbox apparently wants to deny statx [1] so it could properly
inspect arguments after the sandboxed process later falls back to fstat.
Because there's currently not a "fd-only" version of statx, so that the
sandbox has no way to ensure the path argument is empty without being
able to peek into the sandboxed process's memory. For architectures able
to do newfstatat though, glibc falls back to newfstatat after getting
-ENOSYS for statx, then the respective SIGSYS handler [2] takes care of
inspecting the path argument, transforming allowed newfstatat's into
fstat instead which is allowed and has the same type of return value.

But, as LoongArch is the first architecture to not have fstat nor
newfstatat, the LoongArch glibc does not attempt falling back at all
when it gets -ENOSYS for statx -- and you see the problem there!

Actually, back when the LoongArch port was under review, people were
aware of the same problem with sandboxing clone3 [3], so clone was
eventually kept. Unfortunately it seemed at that time no one had noticed
statx, so besides restoring fstat/newfstatat to LoongArch uapi (and
postponing the problem further), it seems inevitable that we would need
to tackle seccomp deep argument inspection.

However, this is obviously a decision that shouldn't be taken lightly,
so we just restore fstat/newfstatat by defining __ARCH_WANT_NEW_STAT
in unistd.h. This is the simplest solution for now, and so we hope the
community will tackle the long-standing problem of seccomp deep argument
inspection in the future [4][5].

Also add "newstat" to syscall_abis_64 in Makefile.syscalls due to
upstream asm-generic changes.

More infomation please reading this thread [6].

[1] https://chromium-review.googlesource.com/c/chromium/src/+/2823150
[2] https://chromium.googlesource.com/chromium/src/sandbox/+/c085b51940bd/linux/seccomp-bpf-helpers/sigsys_handlers.cc#355
[3] https://lore.kernel.org/linux-arch/20220511211231.GG7074@brightrain.aerifal.cx/
[4] https://lwn.net/Articles/799557/
[5] https://lpc.events/event/4/contributions/560/attachments/397/640/deep-arg-inspection.pdf
[6] https://lore.kernel.org/loongarch/20240226-granit-seilschaft-eccc2433014d@brauner/T/#t

Cc: stable@vger.kernel.org
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-19 06:05:37 +02:00
..
alpha mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
arc bpf-for-netdev 2024-05-27 16:26:30 -07:00
arm ARM: 9408/1: mm: CFI: Fix some erroneous reset prototypes 2024-08-11 12:57:48 +02:00
arm64 arm64: dts: ti: k3-am62-verdin-dahlia: Keep CTRL_SLEEP_MOCI# regulator on 2024-08-14 15:34:29 +02:00
csky syscalls: mmap(): use unsigned offset type consistently 2024-06-25 15:57:38 +02:00
hexagon hexagon: fix fadvise64_64 calling conventions 2024-06-25 15:57:37 +02:00
loongarch LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h 2024-08-19 06:05:37 +02:00
m68k m68k: amiga: Turn off Warp1260 interrupts during boot 2024-08-03 09:00:36 +02:00
microblaze syscalls: mmap(): use unsigned offset type consistently 2024-06-25 15:57:38 +02:00
mips MIPS: dts: loongson: Fix ls2k1000-rtc interrupt 2024-08-11 12:57:48 +02:00
nios2 Kbuild updates for v6.10 2024-05-18 12:39:20 -07:00
openrisc openrisc: Move FPU state out of pt_regs 2024-04-15 15:20:39 +01:00
parisc parisc: fix a possible DMA corruption 2024-08-14 15:34:31 +02:00
powerpc powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC 2024-08-03 09:01:09 +02:00
riscv riscv: Fix linear mapping checks for non-contiguous memory regions 2024-08-11 12:57:56 +02:00
s390 s390/fpu: Re-add exception handling in load_fpu_state() 2024-08-11 12:57:57 +02:00
sh sh: rework sync_file_range ABI 2024-06-25 15:57:26 +02:00
sparc sparc64: Fix incorrect function signature and add prototype for prom_cif_init 2024-08-03 09:00:04 +02:00
um um: time-travel: fix signal blocking race/hang 2024-08-03 09:01:00 +02:00
x86 x86/mtrr: Check if fixed MTRRs exist before saving them 2024-08-14 15:34:34 +02:00
xtensa arch/xtensa: always_inline get_current() and current_thread_info() 2024-07-09 15:41:10 -07:00
.gitignore
Kconfig Revert "mm: mmap: allow for the maximum number of bits for randomizing mmap_base by default" 2024-06-17 12:57:03 -07:00