Commit a8b154a6 authored by James Cowgill's avatar James Cowgill Committed by Riku Voipio
Browse files

linux-user: return EINVAL from prctl(PR_*_SECCOMP) 

If an application tries to install a seccomp filter using
prctl(PR_SET_SECCOMP), the filter is likely for the target instead of the host
architecture. This will probably cause qemu to be immediately killed when it
executes another syscall.

Prevent this from happening by returning EINVAL from both seccomp prctl
calls. This is the error returned by the kernel when seccomp support is
disabled.

Fixes: https://bugs.launchpad.net/qemu/+bug/1726394


Reviewed-by: default avatarLaurent Vivier <laurent@vivier.eu>
Signed-off-by: default avatarJames Cowgill <james.cowgill@mips.com>
Signed-off-by: default avatarRiku Voipio <riku.voipio@linaro.org>
parent a4dd3d51

linux-user/syscall.c

+6 −0
Original line number Diff line number Diff line
@@ -10505,6 +10505,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, 
            break;

        }

#endif

        case PR_GET_SECCOMP:

        case PR_SET_SECCOMP:

            /* Disable seccomp to prevent the target disabling syscalls we

             * need. */

            ret = -TARGET_EINVAL;

            break;

        default:

            /* Most prctl options have no pointer arguments */

            ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));