From dbaff1e3cf82776f08099c6572dc2d79f82e87f0 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 4 Jul 2019 18:25:49 +0000 Subject: [PATCH] powerpc: fix syscall tampering when PTRACE_GET_SYSCALL_INFO is in use When PTRACE_GET_SYSCALL_INFO is in use, CCR is not loaded, so it has to be loaded explicitly before tampering. * linux/powerpc/set_error.c (arch_set_error, arch_set_success): Explicitly load CCR before changing it when PTRACE_GET_SYSCALL_INFO is in use. * NEWS: Mention this fix. --- NEWS | 4 ++++ linux/powerpc/set_error.c | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/NEWS b/NEWS index 10612448..84ad39a3 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ Noteworthy changes in release ?.? (????-??-??) ============================================== +* Bug fixes + * Fixed syscall tampering on powerpc and powerpc64 when + PTRACE_GET_SYSCALL_INFO is in use. + * Improvements * Implemented decoding of open_tree, move_mount, fsopen, fsconfig, fsmount, and fspick syscalls. diff --git a/linux/powerpc/set_error.c b/linux/powerpc/set_error.c index 9b8a6f2f..068d6b74 100644 --- a/linux/powerpc/set_error.c +++ b/linux/powerpc/set_error.c @@ -8,6 +8,9 @@ static int arch_set_error(struct tcb *tcp) { + if (ptrace_syscall_info_is_valid() && + upeek(tcp, sizeof(long) * PT_CCR, &ppc_regs.ccr)) + return -1; ppc_regs.gpr[3] = tcp->u_error; ppc_regs.ccr |= 0x10000000; return upoke(tcp, sizeof(long) * PT_CCR, ppc_regs.ccr) || @@ -17,6 +20,9 @@ arch_set_error(struct tcb *tcp) static int arch_set_success(struct tcb *tcp) { + if (ptrace_syscall_info_is_valid() && + upeek(tcp, sizeof(long) * PT_CCR, &ppc_regs.ccr)) + return -1; ppc_regs.gpr[3] = tcp->u_rval; ppc_regs.ccr &= ~0x10000000; return upoke(tcp, sizeof(long) * PT_CCR, ppc_regs.ccr) || -- 2.40.0