On Tue, Sep 02, 2014 at 10:16:22AM +0100, Russell King - ARM Linux wrote:
On Tue, Sep 02, 2014 at 05:47:29PM +0900, AKASHI Takahiro wrote:
On 09/01/2014 08:47 PM, Russell King - ARM Linux wrote:
On Wed, Aug 27, 2014 at 02:55:46PM +0900, AKASHI Takahiro wrote:
setting x0 to -ENOSYS is necessary because, otherwise, user-issued syscall(-1) will return a bogus value when audit tracing is on.
Please note that, on arm, not traced traced ------ ------ syscall(-1) aborted OOPs(BUG_ON) syscall(-3000) aborted aborted syscall(1000) ENOSYS ENOSYS
Two points here:
- You've found a case which causes a BUG_ON(). Where is the bug report for this, so the problem can be investigated and resolved?
I think that I mentioned it could also happen on arm somewhere in a talk with Will, but don't remember exactly when.
Sorry, not good enough. Please report this bug so it can be investigated and fixed.
I'm going to go further than this, and tell you that you have been downright irresponsible here, and I'm disgusted by your behaviour over this.
You have revealed a potential security problem publically, effectively giving details about how to cause it, but without having first reported it to people who can fix it, nor providing a fix for it.
Why is it a security problem? Although it can't be used to gain information, it can be used potentially to deny service. Any user can trace a task which they own, and then set the task's syscall to -1, which according to you results in a kernel oops.
If the kernel oops happens while holding any locks, that part of the system becomes non-functional and can result in all userland stopping dead.