From 21a01b13e259b9a43f10f0046b2b3f409c11ea75 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Mon, 30 Jul 2018 12:20:16 +0200 Subject: [PATCH] Bug 396887 - arch_prctl should return EINVAL on unknown option. Currently arch_prctl calls VG_(core_panic) when it sees an unknown arch_prctl option which kills the process. glibc uses arch_prctl with an (as yet) unknown option to see if the kernel supports CET. This breaks any application running under valgrind on x86_64 with: valgrind: the 'impossible' happened: Unsupported arch_prctl option Thread 1: status = VgTs_Runnable (lwpid 19934) ==19934== at 0x121A15: get_cet_status (cpu-features.c:28) ==19934== by 0x121A15: init_cpu_features (cpu-features.c:474) ==19934== by 0x121A15: dl_platform_init (dl-machine.h:228) ==19934== by 0x121A15: _dl_sysdep_start (dl-sysdep.c:231) ==19934== by 0x10A1D7: _dl_start_final (rtld.c:413) ==19934== by 0x10A1D7: _dl_start (rtld.c:520) We already handle all known options. It would be better to do as the kernel does and just return failure with EINVAL instead. --- NEWS | 1 + coregrind/m_syswrap/syswrap-amd64-linux.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 8f0db3e670..03c1f825ad 100644 --- a/NEWS +++ b/NEWS @@ -132,6 +132,7 @@ where XXXXXX is the bug number as listed below. 395709 PPC64 is missing support for the xvnegsp instruction 395682 Accept read-only PT_LOAD segments and .rodata by ld -z separate-code == 384727 +396887 arch_prctl should return EINVAL on unknown option n-i-bz Fix missing workq_ops operations (macOS) n-i-bz fix bug in strspn replacement diff --git a/coregrind/m_syswrap/syswrap-amd64-linux.c b/coregrind/m_syswrap/syswrap-amd64-linux.c index 0f2ad8c510..407af7f76d 100644 --- a/coregrind/m_syswrap/syswrap-amd64-linux.c +++ b/coregrind/m_syswrap/syswrap-amd64-linux.c @@ -249,6 +249,7 @@ PRE(sys_rt_sigreturn) PRE(sys_arch_prctl) { ThreadState* tst; + Bool known_option = True; PRINT( "arch_prctl ( %ld, %lx )", SARG1, ARG2 ); vg_assert(VG_(is_valid_tid)(tid)); @@ -283,13 +284,16 @@ PRE(sys_arch_prctl) POST_MEM_WRITE(ARG2, sizeof(unsigned long)); } else { - VG_(core_panic)("Unsupported arch_prctl option"); + known_option = False; } /* Note; the Status writeback to guest state that happens after this wrapper returns does not change guest_FS_CONST or guest_GS_CONST; hence that direct assignment to the guest state is safe here. */ - SET_STATUS_Success( 0 ); + if (known_option) + SET_STATUS_Success( 0 ); + else + SET_STATUS_Failure( VKI_EINVAL ); } // Parts of this are amd64-specific, but the *PEEK* cases are generic. -- 2.47.2