From nobody Sat May  4 05:02:18 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1509991531106892.1577763882877;
 Mon, 6 Nov 2017 10:05:31 -0800 (PST)
Received: from localhost ([::1]:49531 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1eBllw-0005xV-Az
	for importer@patchew.org; Mon, 06 Nov 2017 13:05:20 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55230)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <James.Cowgill@mips.com>) id 1eBll4-0005fr-Lq
	for qemu-devel@nongnu.org; Mon, 06 Nov 2017 13:04:27 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <James.Cowgill@mips.com>) id 1eBll0-0002k4-OL
	for qemu-devel@nongnu.org; Mon, 06 Nov 2017 13:04:26 -0500
Received: from 19pmail.ess.barracuda.com ([64.235.150.245]:45897)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <James.Cowgill@mips.com>)
	id 1eBll0-0002iY-IZ
	for qemu-devel@nongnu.org; Mon, 06 Nov 2017 13:04:22 -0500
Received: from MIPSMAIL01.mipstec.com (mailrelay.mips.com [12.201.5.28]) by
	mx27.ess.sfj.cudaops.com (version=TLSv1.2
	cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO);
	Mon, 06 Nov 2017 18:04:11 +0000
Received: from LDT-J-COWGILL.mipstec.com (10.150.130.85) by
	MIPSMAIL01.mipstec.com (10.20.43.31) with Microsoft SMTP Server (TLS)
	id 14.3.361.1; Mon, 6 Nov 2017 10:03:13 -0800
From: James Cowgill <james.cowgill@mips.com>
To: Riku Voipio <riku.voipio@iki.fi>
Date: Mon, 6 Nov 2017 18:03:51 +0000
Message-ID: <20171106180351.30749-1-james.cowgill@mips.com>
X-Mailer: git-send-email 2.15.0
In-Reply-To: <20171103120703.15749-1-james.cowgill@mips.com>
References: <20171103120703.15749-1-james.cowgill@mips.com>
MIME-Version: 1.0
X-Originating-IP: [10.150.130.85]
X-BESS-ID: 1509991450-637137-12450-774784-1
X-BESS-VER: 2017.12-r1710252241
X-BESS-Apparent-Source-IP: 12.201.5.28
X-BESS-Outbound-Spam-Score: 0.00
X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.186639
	Rule breakdown below
	pts rule name              description
	---- ---------------------- --------------------------------
	0.00 BSF_BESS_OUTBOUND      META: BESS Outbound
X-BESS-Outbound-Spam-Status: SCORE=0.00 using account:ESS59374 scores of
	KILL_LEVEL=7.0 tests=BSF_BESS_OUTBOUND
X-BESS-BRTS-Status: 1
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 64.235.150.245
Subject: [Qemu-devel] [PATCH v2] linux-user: return EINVAL from
 prctl(PR_*_SECCOMP)
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: James Cowgill <james.cowgill@mips.com>,
 Laurent Vivier <laurent@vivier.eu>,
	qemu-devel@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

If an application tries to install a seccomp filter using
prctl(PR_SET_SECCOMP), the filter is likely for the target instead of the h=
ost
architecture. This will probably cause qemu to be immediately killed when it
executes another syscall.

Prevent this from happening by returning EINVAL from both seccomp prctl
calls. This is the error returned by the kernel when seccomp support is
disabled.

Fixes: https://bugs.launchpad.net/qemu/+bug/1726394
Signed-off-by: James Cowgill <james.cowgill@mips.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
---
Changes from v1:
- add comment

 linux-user/syscall.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index d4497dec5d..419991e834 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -10482,6 +10482,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_lo=
ng arg1,
             break;
         }
 #endif
+        case PR_GET_SECCOMP:
+        case PR_SET_SECCOMP:
+            /* Disable seccomp to prevent the target disabling syscalls we
+             * need. */
+            ret =3D -TARGET_EINVAL;
+            break;
         default:
             /* Most prctl options have no pointer arguments */
             ret =3D get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
--=20
2.15.0