On Wed, May 10, 2023 at 1:29 PM Alexander Bluhm <alexander.bl...@gmx.net> wrote:
> We use Perl syscall(2) function to implement sysctl(2) system calls. > This is broken since OpenBSD 7.3. A sample program looks like this: > ... > kdump shows two problems: > 1. The mib is not printed correctly. > 2. The final argument newlen should be 0x10, but is 0x8891aa893c5. > > 30762 perl CALL (via syscall) > sysctl(538970683.538976288.538976288.1718165536,0,0,0x8891d2e1de0,0x8891aa893c5) > 30762 perl RET sysctl -1 errno 22 Invalid argument > > 1. The syscall code now contains the KTRC_CODE_SYSCALL flag, but > the kernel checks code == SYS_sysctl. So the mib is not added to > ktrace output. Fix is easy by using KTRC_CODE_MASK. > ok guenther@ on the first chunk, the ktrsyscall() change. The flag is only passed to ktrsyscall(), not ktrsysret(), so the second chunk of your diff is unnecessary. > 2. Was introdced by this commit in libc. > ---------------------------- > revision 1.21 > date: 2023/01/11 01:55:17; author: mortimer; state: Exp; lines: +24 > -13; commitid: 72pYktDvmJhq7OyF; > Add retguard to amd64 syscalls. > > Since we got rid of padded syscalls we have enough registers to do this. > > ok deraadt@ ok kettenis@ > ---------------------------- > It assumes that syscalls only have 6 parameters, which is not true > if syscall(2) adds the syscall number. Now the final argument > contains retguard values from the stack. > This is why we can't have nice things. > The easies way to fix this without reverting retguard for all > syscalls, is to use revision 1.20 of SYS.h in libc for syscall.S. > Just manually include the old code instead of current SYS.h. > > I am aware that syscall(2) should go way, but currently I need it. > > ok? > Ick. How about this instead, which preserves retguard protection for syscall(2) and doesn't copy all of SYS.h? Index: lib/libc/arch/amd64/sys/syscall.S =================================================================== retrieving revision 1.8 diff -u -p -r1.8 syscall.S --- lib/libc/arch/amd64/sys/syscall.S 7 May 2016 19:05:21 -0000 1.8 +++ lib/libc/arch/amd64/sys/syscall.S 11 May 2023 02:13:20 -0000 @@ -39,4 +39,18 @@ #include "SYS.h" -RSYSCALL(syscall) +SYSENTRY(syscall) + RETGUARD_SETUP(_thread_sys_syscall, r11) +#ifdef _RET_PROTECTOR + pushq 8(%rsp) /* repush 6th argument */ +#endif + RETGUARD_PUSH(r11) + SYSTRAP(syscall) + HANDLE_ERRNO; + RETGUARD_POP(r11) +#ifdef _RET_PROTECTOR + addq $8,%rsp /* pop 6th argument */ +#endif + RETGUARD_CHECK(_thread_sys_syscall, r11) + ret +SYSCALL_END(syscall)
