mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-26 20:44:32 +08:00
b3583fca5f
If both the tracer and the tracee are compat processes, and gprs[2] is assigned a value by __poke_user_compat, then the higher 32 bits of gprs[2] are cleared, IS_ERR_VALUE() always returns false, and syscall_get_error() always returns 0. Fix the implementation by sign-extending the value for compat processes the same way as x86 implementation does. The bug was exposed to user space by commit201766a20e("ptrace: add PTRACE_GET_SYSCALL_INFO request") and detected by strace test suite. This change fixes strace syscall tampering on s390. Link: https://lkml.kernel.org/r/20200602180051.GA2427@altlinux.org Fixes:753c4dd6a2("[S390] ptrace changes") Cc: Elvira Khabirova <lineprinter@altlinux.org> Cc: stable@vger.kernel.org # v2.6.28+ Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
101 lines
2.2 KiB
C
101 lines
2.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Access to user system call parameters and results
|
|
*
|
|
* Copyright IBM Corp. 2008
|
|
* Author(s): Martin Schwidefsky (schwidefsky@de.ibm.com)
|
|
*/
|
|
|
|
#ifndef _ASM_SYSCALL_H
|
|
#define _ASM_SYSCALL_H 1
|
|
|
|
#include <uapi/linux/audit.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/err.h>
|
|
#include <asm/ptrace.h>
|
|
|
|
extern const unsigned long sys_call_table[];
|
|
extern const unsigned long sys_call_table_emu[];
|
|
|
|
static inline long syscall_get_nr(struct task_struct *task,
|
|
struct pt_regs *regs)
|
|
{
|
|
return test_pt_regs_flag(regs, PIF_SYSCALL) ?
|
|
(regs->int_code & 0xffff) : -1;
|
|
}
|
|
|
|
static inline void syscall_rollback(struct task_struct *task,
|
|
struct pt_regs *regs)
|
|
{
|
|
regs->gprs[2] = regs->orig_gpr2;
|
|
}
|
|
|
|
static inline long syscall_get_error(struct task_struct *task,
|
|
struct pt_regs *regs)
|
|
{
|
|
unsigned long error = regs->gprs[2];
|
|
#ifdef CONFIG_COMPAT
|
|
if (test_tsk_thread_flag(task, TIF_31BIT)) {
|
|
/*
|
|
* Sign-extend the value so (int)-EFOO becomes (long)-EFOO
|
|
* and will match correctly in comparisons.
|
|
*/
|
|
error = (long)(int)error;
|
|
}
|
|
#endif
|
|
return IS_ERR_VALUE(error) ? error : 0;
|
|
}
|
|
|
|
static inline long syscall_get_return_value(struct task_struct *task,
|
|
struct pt_regs *regs)
|
|
{
|
|
return regs->gprs[2];
|
|
}
|
|
|
|
static inline void syscall_set_return_value(struct task_struct *task,
|
|
struct pt_regs *regs,
|
|
int error, long val)
|
|
{
|
|
regs->gprs[2] = error ? error : val;
|
|
}
|
|
|
|
static inline void syscall_get_arguments(struct task_struct *task,
|
|
struct pt_regs *regs,
|
|
unsigned long *args)
|
|
{
|
|
unsigned long mask = -1UL;
|
|
unsigned int n = 6;
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
if (test_tsk_thread_flag(task, TIF_31BIT))
|
|
mask = 0xffffffff;
|
|
#endif
|
|
while (n-- > 0)
|
|
if (n > 0)
|
|
args[n] = regs->gprs[2 + n] & mask;
|
|
|
|
args[0] = regs->orig_gpr2 & mask;
|
|
}
|
|
|
|
static inline void syscall_set_arguments(struct task_struct *task,
|
|
struct pt_regs *regs,
|
|
const unsigned long *args)
|
|
{
|
|
unsigned int n = 6;
|
|
|
|
while (n-- > 0)
|
|
if (n > 0)
|
|
regs->gprs[2 + n] = args[n];
|
|
regs->orig_gpr2 = args[0];
|
|
}
|
|
|
|
static inline int syscall_get_arch(struct task_struct *task)
|
|
{
|
|
#ifdef CONFIG_COMPAT
|
|
if (test_tsk_thread_flag(task, TIF_31BIT))
|
|
return AUDIT_ARCH_S390;
|
|
#endif
|
|
return AUDIT_ARCH_S390X;
|
|
}
|
|
#endif /* _ASM_SYSCALL_H */
|