linux-user: return EINVAL from prctl(PR_*_SECCOMP)

If an application tries to install a seccomp filter using prctl(PR_SET_SECCOMP), the filter is likely for the target instead of the host architecture. This will probably cause qemu to be immediately killed when it executes another syscall. Prevent this from happening by returning EINVAL from both seccomp prctl calls. This is the error returned by the kernel when seccomp support is disabled. Fixes: https://bugs.launchpad.net/qemu/+bug/1726394 Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: James Cowgill <james.cowgill@mips.com> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-06 18:03:51 +00:00 · 2017-11-06 18:03:51 +00:00 · a8b154a637
parent a4dd3d5172
commit a8b154a637
1 changed files with 6 additions and 0 deletions
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@ -10505,6 +10505,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
            break;
        }
 #endif
+        case PR_GET_SECCOMP:
+        case PR_SET_SECCOMP:
+            /* Disable seccomp to prevent the target disabling syscalls we
+             * need. */
+            ret = -TARGET_EINVAL;
+            break;
        default:
            /* Most prctl options have no pointer arguments */
            ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));