Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
Package: src:linux
Version: 3.2.51-1
Severity: normal
Under MIPS the system call prctl(PR_SET_SECCOMP, 1, ...) does not behave as expected.
According to the manual page, after calling it with 1 as a second argument, any consecutive system calls other than read(), write(), _exit() and sigreturn() should result in the delivery of SIGKILL. However, under MIPS any consecutive system call behaves as if prctl(PR_SET_SECCOMP, 1, ...) was never called.
Here is a simple example that can be used to reproduce the bug:
plamen@debian-mips:/tmp$ id
uid=1000(plamen) gid=1000(user) groups=1000(user)
plamen@debian-mips:/tmp$ cat prctl.c
#include <unistd.h>
#include <sys/prctl.h>
#include <stdio.h>
int main(void)
{
if (prctl(PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
return 0;
uid_t uid = getuid();
printf("%u\n", (unsigned)uid);
return 0;
}
plamen@debian-mips:/tmp$ gcc prctl.c -o prctl
plamen@debian-mips:/tmp$ ./prctl
1000
There is no change if I replace
if (prctl(PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
with
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT, 0, 0, 0) != 0)
and I add #include <linux/seccomp.h>
-- Package-specific info:
** Version:
Linux version 3.2.0-4-5kc-malta (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 Debian 3.2.51-1
** Command line:
root=/dev/sda1 console=ttyS0 mem=256m@0x0 mem=768m@0x90000000
** Not tainted
** Kernel log:
[ 0.588000] scsi0 : ata_piix
[ 0.588000] scsi1 : ata_piix
[ 0.592000] ata1: PATA max UDMA/33 cmd 0x1f0 ctl 0x3f6 bmdma 0x1040 irq 14
[ 0.592000] ata2: PATA max UDMA/33 cmd 0x170 ctl 0x376 bmdma 0x1048 irq 15
[ 0.600000] pcnet32: pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de
[ 0.600000] PCI: Enabling device 0000:00:0b.0 (0000 -> 0003)
[ 0.600000] PCI: Setting latency timer of device 0000:00:0b.0 to 64
[ 0.604000] pcnet32: PCnet/PCI II 79C970A at 0x1020, 52:54:00:12:34:56 assigned IRQ 10
[ 0.608000] pcnet32: eth0: registered as PCnet/PCI II 79C970A
[ 0.608000] pcnet32: 1 cards_found
[ 0.608000] serio: i8042 KBD port at 0x60,0x64 irq 1
[ 0.612000] serio: i8042 AUX port at 0x60,0x64 irq 12
[ 0.612000] mousedev: PS/2 mouse device common for all mice
[ 0.620000] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
[ 0.620000] rtc0: alarms up to one day, 242 bytes nvram
[ 0.620000] TCP cubic registered
[ 0.620000] NET: Registered protocol family 17
[ 0.624000] Registering the dns_resolver key type
[ 0.624000] PM: Hibernation image not present or could not be loaded.
[ 0.624000] registered taskstats version 1
[ 0.628000] rtc_cmos rtc_cmos: setting system clock to 2014-06-09 17:52:47 UTC (1402336367)
[ 0.628000] Initializing network drop monitor service
[ 0.716000] input: AT Raw Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
[ 0.752000] ata1.01: NODEV after polling detection
[ 0.756000] ata2.01: NODEV after polling detection
[ 0.756000] ata2.00: ATAPI: QEMU DVD-ROM, 2.0.0, max UDMA/100
[ 0.760000] ata1.00: ATA-7: QEMU HARDDISK, 2.0.0, max UDMA/100
[ 0.760000] ata1.00: 52428800 sectors, multi 16: LBA48
[ 0.760000] ata2.00: configured for UDMA/33
[ 0.764000] ata1.00: configured for UDMA/33
[ 0.776000] scsi 0:0:0:0: Direct-Access ATA QEMU HARDDISK 2.0. PQ: 0 ANSI: 5
[ 0.784000] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.0. PQ: 0 ANSI: 5
[ 0.788000] sd 0:0:0:0: [sda] 52428800 512-byte logical blocks: (26.8 GB/25.0 GiB)
[ 0.788000] sd 0:0:0:0: [sda] Write Protect is off
[ 0.788000] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
[ 0.792000] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 0.804000] sda: sda1 sda2 < sda5 >
[ 0.816000] sd 0:0:0:0: [sda] Attached SCSI disk
[ 0.820000] EXT4-fs (sda1): couldn't mount as ext3 due to feature incompatibilities
[ 0.824000] EXT4-fs (sda1): couldn't mount as ext2 due to feature incompatibilities
[ 0.832000] EXT4-fs (sda1): INFO: recovery required on readonly filesystem
[ 0.832000] EXT4-fs (sda1): write access will be enabled during recovery
[ 4.948000] EXT4-fs (sda1): orphan cleanup on readonly fs
[ 4.988000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 262260
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 272468
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787635
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787637
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787638
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787642
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787647
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787650
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787651
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787653
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787654
[ 5.012000] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 787656
[ 5.012000] EXT4-fs (sda1): 12 orphan inodes deleted
[ 5.012000] EXT4-fs (sda1): recovery complete
[ 6.012000] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null)
[ 6.012000] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 6.028000] Freeing unused kernel memory: 244k freed
[ 11.544000] systemd-udevd[140]: starting version 204
[ 13.840000] piix4_smbus 0000:00:0a.3: SMBus Host Controller at 0x1100, revision 0
[ 13.924000] usbcore: registered new interface driver usbfs
[ 13.972000] usbcore: registered new interface driver hub
[ 14.000000] usbcore: registered new device driver usb
[ 14.076000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 14.164000] uhci_hcd: USB Universal Host Controller Interface driver
[ 14.192000] physmap platform flash device: 00400000 at 1e000000
[ 14.216000] PCI: Setting latency timer of device 0000:00:0a.2 to 64
[ 14.216000] uhci_hcd 0000:00:0a.2: UHCI Host Controller
[ 14.288000] sr0: scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
[ 14.292000] cdrom: Uniform CD-ROM driver Revision: 3.20
[ 14.312000] uhci_hcd 0000:00:0a.2: new USB bus registered, assigned bus number 1
[ 14.312000] uhci_hcd 0000:00:0a.2: irq 11, io base 0x00001000
[ 14.336000] sr 1:0:0:0: Attached scsi CD-ROM sr0
[ 14.388000] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001
[ 14.388000] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 14.388000] usb usb1: Product: UHCI Host Controller
[ 14.388000] usb usb1: Manufacturer: Linux 3.2.0-4-5kc-malta uhci_hcd
[ 14.388000] usb usb1: SerialNumber: 0000:00:0a.2
[ 14.412000] hub 1-0:1.0: USB hub found
[ 14.436000] hub 1-0:1.0: 2 ports detected
[ 15.052000] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input1
[ 15.432000] physmap-flash.0: Found 1 x32 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000
[ 16.584000] Intel/Sharp Extended Query Table at 0x0031
[ 16.592000] Using buffer write method
[ 16.596000] erase region 0: offset=0x0,size=0x10000,blocks=64
[ 17.464000] Searching for RedBoot partition table in physmap-flash.0 at offset 0x1003f0000
[ 17.808000] Creating 3 MTD partitions on "physmap-flash.0":
[ 17.808000] 0x000000000000-0x000000100000 : "YAMON"
[ 17.816000] 0x000000100000-0x0000003e0000 : "User FS"
[ 17.832000] 0x0000003e0000-0x000000400000 : "Board Config"
[ 34.808000] Adding 492540k swap on /dev/sda5. Priority:-1 extents:1 across:492540k
[ 36.092000] EXT4-fs (sda1): re-mounted. Opts: (null)
[ 37.976000] EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
[ 58.648000] loop: module loaded
[ 82.728000] NET: Registered protocol family 10
[ 84.424000] pcnet32 0000:00:0b.0: eth0: link up
[ 92.904000] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
[ 95.344000] eth0: no IPv6 routers present
** Model information
system type : MIPS Malta
cpu model : MIPS 20Kc V10.0 FPU V0.0
** Loaded modules:
nfsd
ipv6
loop
mtdchar
redboot
cfi_cmdset_0001
cfi_probe
cfi_util
gen_probe
psmouse
sr_mod
serio_raw
cdrom
physmap
map_funcs
evdev
uhci_hcd
chipreg
ehci_hcd
mtd
usbcore
i2c_piix4
i2c_core
usb_common
** Network interface configuration:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
** Network status:
*** IP interfaces and addresses:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
inet6 fe80::5054:ff:fe12:3456/64 scope link
valid_lft forever preferred_lft forever
*** Device statistics:
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
eth0: 81619102 109489 0 0 0 0 0 0 7874926 59787 0 0 0 0 0 0
*** Protocol statistics:
Ip:
109261 total packets received
0 forwarded
0 incoming packets discarded
109261 incoming packets delivered
59551 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
0 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
Tcp:
37 active connections openings
15 passive connection openings
0 failed connection attempts
0 connection resets received
2 connections established
108993 segments received
59271 segments send out
0 segments retransmited
0 bad segments received.
0 resets sent
Udp:
268 packets received
0 packets to unknown port received.
0 packet receive errors
280 packets sent
UdpLite:
TcpExt:
16 TCP sockets finished time wait in fast timer
1234 delayed acks sent
85 delayed acks further delayed because of locked socket
65 packets directly queued to recvmsg prequeue.
948 bytes directly received in process context from prequeue
54544 packet headers predicted
21 packets header predicted and directly queued to user
100 acknowledgments not containing data payload received
37482 predicted acknowledgments
IpExt:
InBcastPkts: 7
InOctets: 80074856
OutOctets: 7030716
InBcastOctets: 4032
** PCI devices:
00:00.0 Host bridge [0600]: Marvell Technology Group Ltd. GT-64120/64120A/64121A System Controller [11ab:4620] (rev 10)
Subsystem: Red Hat, Inc Device [1af4:1100]
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 0
Region 0: Memory at <unassigned> (32-bit, prefetchable) [disabled]
Region 1: Memory at 01000000 (32-bit, prefetchable) [disabled] [size=16M]
Region 2: Memory at <ignored> (32-bit, non-prefetchable) [disabled]
Region 3: Memory at <ignored> (32-bit, non-prefetchable) [disabled]
Region 4: Memory at <ignored> (32-bit, non-prefetchable) [disabled]
Region 5: I/O ports at <ignored> [disabled]
00:0a.0 ISA bridge [0601]: Intel Corporation 82371AB/EB/MB PIIX4 ISA [8086:7110]
Subsystem: Red Hat, Inc Device [1af4:1100]
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
00:0a.1 IDE interface [0101]: Intel Corporation 82371AB/EB/MB PIIX4 IDE [8086:7111] (prog-if 80 [Master])
Subsystem: Red Hat, Inc Device [1af4:1100]
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Region 0: [virtual] Memory at 000001f0 (32-bit, non-prefetchable) [size=8]
Region 1: [virtual] Memory at 000003f0 (type 3, non-prefetchable)
Region 2: [virtual] Memory at 00000170 (32-bit, non-prefetchable) [size=8]
Region 3: [virtual] Memory at 00000370 (type 3, non-prefetchable)
Region 4: I/O ports at 1040 [size=16]
Kernel driver in use: ata_piix
00:0a.2 USB controller [0c03]: Intel Corporation 82371AB/EB/MB PIIX4 USB [8086:7112] (rev 01) (prog-if 00 [UHCI])
Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100]
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin D routed to IRQ 11
Region 4: I/O ports at 1000 [size=32]
Kernel driver in use: uhci_hcd
00:0a.3 Bridge [0680]: Intel Corporation 82371AB/EB/MB PIIX4 ACPI [8086:7113] (rev 03)
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 0
Kernel driver in use: piix4_smbus
00:0b.0 Ethernet controller [0200]: Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE] [1022:2000] (rev 10)
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0 (1500ns min, 63750ns max)
Interrupt: pin A routed to IRQ 10
Region 0: I/O ports at 1020 [size=32]
Region 1: Memory at 12041000 (32-bit, non-prefetchable) [size=32]
[virtual] Expansion ROM at 12000000 [disabled] [size=256K]
Kernel driver in use: pcnet32
00:12.0 VGA compatible controller [0300]: Cirrus Logic GD 5446 [1013:00b8] (prog-if 00 [VGA controller])
Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100]
Control: I/O- Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Region 0: Memory at 10000000 (32-bit, prefetchable) [size=32M]
Region 1: Memory at 12040000 (32-bit, non-prefetchable) [size=4K]
Kernel driver in use: cirrusfb
** USB devices:
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: mips (mips64)
Kernel: Linux 3.2.0-4-5kc-malta
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages linux-image-3.2.0-4-5kc-malta depends on:
ii debconf [debconf-2.0] 1.5.53
ii kmod 17-2
ii linux-base 3.5
Versions of packages linux-image-3.2.0-4-5kc-malta recommends:
ii firmware-linux-free 3.3
Versions of packages linux-image-3.2.0-4-5kc-malta suggests:
pn debian-kernel-handbook <none>
pn linux-doc-3.2 <none>
Versions of packages linux-image-3.2.0-4-5kc-malta is related to:
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
pn firmware-brcm80211 <none>
pn firmware-intelwimax <none>
pn firmware-ipw2x00 <none>
pn firmware-ivtv <none>
pn firmware-iwlwifi <none>
pn firmware-libertas <none>
pn firmware-linux <none>
pn firmware-linux-nonfree <none>
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
pn firmware-ralink <none>
pn firmware-realtek <none>
pn xen-hypervisor <none>
-- debconf information:
linux-image-3.2.0-4-5kc-malta/prerm/removing-running-kernel-3.2.0-4-5kc-malta: true
linux-image-3.2.0-4-5kc-malta/postinst/ignoring-ramdisk:
linux-image-3.2.0-4-5kc-malta/postinst/depmod-error-initrd-3.2.0-4-5kc-malta: false
linux-image-3.2.0-4-5kc-malta/postinst/missing-firmware-3.2.0-4-5kc-malta:
Reply to:
- Follow-Ups:
- Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
- From: Ben Hutchings <ben@decadent.org.uk>
- Processed: Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
- From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
- From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#751417: marked as done (linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS)
- From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#751417: marked as done (linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS (CVE-2014-4157))
- From: owner@bugs.debian.org (Debian Bug Tracking System)