- Subject: Fwd: [PATCH 1/2] ARM: audit: fix treatment of saved ip register during syscall tracing
- From: Jon Masters <jonathan@xxxxxxxxxxxxxx>
- Date: Fri, 04 May 2012 13:24:04 -0400
- Delivered-to: arm@xxxxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <1336150322-11392-1-git-send-email-will.deacon@arm.com>
- Organization: World Organi{s,z}ation of Broken Dreams
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120216 Thunderbird/10.0.1
Please apply to our Fedora kernels.
-------- Original Message --------
Subject: [PATCH 1/2] ARM: audit: fix treatment of saved ip register
during syscall tracing
Date: Fri, 4 May 2012 17:52:02 +0100
From: Will Deacon <will.deacon@xxxxxxx>
To: patches@xxxxxxxxxxxxxxxx
CC: stable@xxxxxxxxxxxxxxx
The ARM audit code incorrectly uses the saved application ip register
value to infer syscall entry or exit. Additionally, the saved value will
be clobbered if the current task is not being traced, which can lead to
libc corruption if ip is live (apparently glibc uses it for the TLS
pointer).
This patch fixes the syscall tracing code so that the why parameter is
used to infer the syscall direction and the saved ip is only updated if
we know that we will be signalling a ptrace trap.
Cc: stable@xxxxxxxxxxxxxxx
Cc: Eric Paris <eparis@xxxxxxxxxx>
Reported-and-tested-by: Jon Masters <jcm@xxxxxxxxxxxxxx>
Signed-off-by: Will Deacon <will.deacon@xxxxxxx>
KernelVersion: 3.4-rc5
---
arch/arm/kernel/ptrace.c | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 80abafb..d8dbe9c 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -916,14 +916,7 @@ asmlinkage int syscall_trace(int why, struct
pt_regs *regs, int scno)
{
unsigned long ip;
- /*
- * Save IP. IP is used to denote syscall entry/exit:
- * IP = 0 -> entry, = 1 -> exit
- */
- ip = regs->ARM_ip;
- regs->ARM_ip = why;
-
- if (!ip)
+ if (why)
audit_syscall_exit(regs);
else
audit_syscall_entry(AUDIT_ARCH_NR, scno, regs->ARM_r0,
@@ -936,6 +929,13 @@ asmlinkage int syscall_trace(int why, struct
pt_regs *regs, int scno)
current_thread_info()->syscall = scno;
+ /*
+ * IP is used to denote syscall entry/exit:
+ * IP = 0 -> entry, =1 -> exit
+ */
+ ip = regs->ARM_ip;
+ regs->ARM_ip = why;
+
/* the 0x80 provides a way for the tracing parent to distinguish
between a syscall stop and SIGTRAP delivery */
ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
--
1.7.4.1
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
_______________________________________________
arm mailing list
arm@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/arm
[Linux ARM (Vger)]
[Linux ARM]
[ARM Kernel]
[Fedora User Discussion]
[Older Fedora Users Discussion]
[Fedora Advisory Board]
[Fedora Security]
[Fedora Maintainers]
[Fedora Devel Java]
[Fedora Legacy]
[Fedora Desktop]
[ATA RAID]
[Fedora Marketing]
[Fedora Mentors]
[Fedora Package Announce]
[Fedora Package Review]
[Fedora Music]
[Fedora Packaging]
[Centos]
[Fedora SELinux]
[Fedora Triage]
[Deep Creek Hot Springs]
[Coolkey]
[Yum Users]
[Tux]
[Big List of Linux Books]
[Yosemite News]
[Yosemite Photos]
[Linux Apps]
[KDE Users]
[Fedora Tools]
[Fedora Art]
[Fedora Docs]
[Asterisk PBX]
