Public bug reported:
If system call number -1 is called and the process is being traced with
PTRACE_SYSCALL, for example by strace, the seccomp check is skipped and
-ENOSYS is returned unconditionally (unless altered by the tracer),
rather than carrying out action specified in the seccomp filter.
The consequence of this is that it is not possible to reliably strace a
seccomp based implementation of a foreign system call interface in which
r7/x8 is permitted to be -1 on entry to a system call.
I have traced this bug to commit
f086f67485c5c126bcec4b0e96ac7319a2e59ab8 which attempts to implement
PTRACE_SYSEMU.
Contrary to x86-64 and the man ptrace page which states "For
PTRACE_SYSEMU, continue and stop on entry to the next system call, which
will not be executed.", on PTRACE_SYSEMU skips the current system call
and stops on entry to the next system call.
ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: linux-image-5.3.0-1007-aws 5.3.0-1007.8
ProcVersionSignature: User Name 5.3.0-1007.8-aws 5.3.7
Uname: Linux 5.3.0-1007-aws aarch64
ApportVersion: 2.20.11-0ubuntu8.2
Architecture: arm64
Date: Sat Nov 30 13:38:28 2019
Ec2AMI: ami-0e88d70910be26319
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: eu-west-1b
Ec2InstanceType: a1.medium
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-aws
UpgradeStatus: Upgraded to eoan on 2019-11-09 (21 days ago)
** Affects: linux-aws (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug arm64 ec2-images eoan
** Attachment added: "Test case for skipped syscall"
https://bugs.launchpad.net/bugs/1854573/+attachment/5308874/+files/sigsys_skip_test.c
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1854573
Title:
Seccomp check skipped for syscall -1 in straced process and
PTRACE_SYSEMU broken
Status in linux-aws package in Ubuntu:
New
Bug description:
If system call number -1 is called and the process is being traced
with PTRACE_SYSCALL, for example by strace, the seccomp check is
skipped and -ENOSYS is returned unconditionally (unless altered by the
tracer), rather than carrying out action specified in the seccomp
filter.
The consequence of this is that it is not possible to reliably strace
a seccomp based implementation of a foreign system call interface in
which r7/x8 is permitted to be -1 on entry to a system call.
I have traced this bug to commit
f086f67485c5c126bcec4b0e96ac7319a2e59ab8 which attempts to implement
PTRACE_SYSEMU.
Contrary to x86-64 and the man ptrace page which states "For
PTRACE_SYSEMU, continue and stop on entry to the next system call,
which will not be executed.", on PTRACE_SYSEMU skips the current
system call and stops on entry to the next system call.
ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: linux-image-5.3.0-1007-aws 5.3.0-1007.8
ProcVersionSignature: User Name 5.3.0-1007.8-aws 5.3.7
Uname: Linux 5.3.0-1007-aws aarch64
ApportVersion: 2.20.11-0ubuntu8.2
Architecture: arm64
Date: Sat Nov 30 13:38:28 2019
Ec2AMI: ami-0e88d70910be26319
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: eu-west-1b
Ec2InstanceType: a1.medium
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-aws
UpgradeStatus: Upgraded to eoan on 2019-11-09 (21 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1854573/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
