From nobody Wed Feb 11 03:07:49 2026 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 15112135318021002.080099398461; Mon, 20 Nov 2017 13:32:11 -0800 (PST) Received: from localhost ([::1]:59848 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eGtfJ-0004Nk-8N for importer@patchew.org; Mon, 20 Nov 2017 16:31:41 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58235) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eGtVz-0004g1-1N for qemu-devel@nongnu.org; Mon, 20 Nov 2017 16:22:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eGtVy-0007xd-1i for qemu-devel@nongnu.org; Mon, 20 Nov 2017 16:22:03 -0500 Received: from mail-lf0-x241.google.com ([2a00:1450:4010:c07::241]:42559) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eGtVx-0007wv-QM for qemu-devel@nongnu.org; Mon, 20 Nov 2017 16:22:01 -0500 Received: by mail-lf0-x241.google.com with SMTP id m1so11692554lfj.9 for ; Mon, 20 Nov 2017 13:22:01 -0800 (PST) Received: from beaming.home (91-157-170-157.elisa-laajakaista.fi. [91.157.170.157]) by smtp.gmail.com with ESMTPSA id v63sm1645409lje.39.2017.11.20.13.21.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Nov 2017 13:21:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=hhsx5CA6sbOw77fMKH++zZhcMEV1dHmJ6/2FsTPNMOo=; b=HsGCLG26V4lacFignAeS9UipmoSEkOgOYcjY/HAsgoiQDvBn2TB3DkIhkolqmnccEj Fkp/ob3WiSl4CbDn6h0fuqxwpvEHA/0MTJEPdDMOdRtxDAEc29Bg7OYkbHWFc52dTh4b KgBsfY08y3lWHqc/8IRspZo+jwIP1WZSSpTAY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=hhsx5CA6sbOw77fMKH++zZhcMEV1dHmJ6/2FsTPNMOo=; b=o+3h0ddAyI7g+eNljvfuaJnqWdJYWhoImJoQU0CqVjSBmyaGflEMtc66H9IxZNNdG5 GHJfEkopB8TnV3Ulyn6sNmuCAi4r8j81YleSNSkHXohwgBZjW2the16DxFgg5Zul58jC sG/ReD/f4H8NN9b7tCAQhG8fJ7V7NoMvCDsexO/DUzbvSh5El9U8cf6TibKNfWawgJcv wwRga77jy6Qp8sS68dn4o0FOWTCbvJoGu0zmLhLKK5b5chIT5KyUZu9JhNx0ii9GA/lG djvUNmjYmaIF8aGFhiXG7ZaeIvOhuKHWWxdRGNou+ASlMIjXUJtXjy3ZIDJGlNCvKOv4 iLrg== X-Gm-Message-State: AJaThX6aYWOIdtvVCw89+vmjjfXRgTKKhgdjyvW0L5p5zygR/G3CVEui 23a0gufX+3gQ/KFskXifbZkMC3fyOHg= X-Google-Smtp-Source: AGs4zMZCfiL3Pw9eJysOwlfagTD19pkWFIwqV/wMQR+zsLIwLNt4Rf7GPzs29gICJEfyZAHPDI6inw== X-Received: by 10.25.18.146 with SMTP id 18mr3265678lfs.160.1511212920350; Mon, 20 Nov 2017 13:22:00 -0800 (PST) From: riku.voipio@linaro.org To: qemu-devel@nongnu.org Date: Mon, 20 Nov 2017 23:21:38 +0200 Message-Id: X-Mailer: git-send-email 2.14.2 In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4010:c07::241 Subject: [Qemu-devel] [PULL 10/15] linux-user: return EINVAL from prctl(PR_*_SECCOMP) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: James Cowgill Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: James Cowgill If an application tries to install a seccomp filter using prctl(PR_SET_SECCOMP), the filter is likely for the target instead of the h= ost architecture. This will probably cause qemu to be immediately killed when it executes another syscall. Prevent this from happening by returning EINVAL from both seccomp prctl calls. This is the error returned by the kernel when seccomp support is disabled. Fixes: https://bugs.launchpad.net/qemu/+bug/1726394 Reviewed-by: Laurent Vivier Signed-off-by: James Cowgill Signed-off-by: Riku Voipio --- linux-user/syscall.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 84e123b67b..f31b853bb7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -10505,6 +10505,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_lo= ng arg1, break; } #endif + case PR_GET_SECCOMP: + case PR_SET_SECCOMP: + /* Disable seccomp to prevent the target disabling syscalls we + * need. */ + ret =3D -TARGET_EINVAL; + break; default: /* Most prctl options have no pointer arguments */ ret =3D get_errno(prctl(arg1, arg2, arg3, arg4, arg5)); --=20 2.14.2