Re: Kernel stack read with PTRACE_EVENT_EXIT and io_uring threads

From: Michael Schmitz
Date: Wed Jun 23 2021 - 01:26:36 EST

Next message: Steffen Klassert: "Re: [PATCH] xfrm: policy: Restructure RCU-read locking in xfrm_sk_policy_lookup"
Previous message: Christophe Leroy: "[PATCH v2] powerpc/kprobes: Fix Oops by passing ppc_inst as a pointer to emulate_step() on ppc32"
In reply to: Michael Schmitz: "Re: Kernel stack read with PTRACE_EVENT_EXIT and io_uring threads"
Next in thread: Eric W. Biederman: "Re: Kernel stack read with PTRACE_EVENT_EXIT and io_uring threads"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Eric,

Am 23.06.2021 um 09:48 schrieb Michael Schmitz:

The challenging ones are /proc/pid/syscall and seccomp which want to see
all of the system call arguments. I think every architecture always
saves the system call arguments unconditionally, so those cases are
probably not as interesting. But they certain look like they could be
trouble.

Seccomp hasn't yet been implemented on m68k, though I'm working on that
with Adrian. The sole secure_computing() call will happen in
syscall_trace_enter(), so all system call arguments have been saved on
the stack.

Haven't looked at /proc/pid/syscall yet ...

Not supported at present (no HAVE_ARCH_TRACEHOOK for m68k). And the syscall_get_arguments I wrote for seccomp support only copies the first five data registers, which are always saved.

Cheers,

Michael

Next message: Steffen Klassert: "Re: [PATCH] xfrm: policy: Restructure RCU-read locking in xfrm_sk_policy_lookup"
Previous message: Christophe Leroy: "[PATCH v2] powerpc/kprobes: Fix Oops by passing ppc_inst as a pointer to emulate_step() on ppc32"
In reply to: Michael Schmitz: "Re: Kernel stack read with PTRACE_EVENT_EXIT and io_uring threads"
Next in thread: Eric W. Biederman: "Re: Kernel stack read with PTRACE_EVENT_EXIT and io_uring threads"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]