* [PATCH v4 0/4] arch/arm: support seccomp
@ 2012-11-08 20:59 Kees Cook
2012-11-08 20:59 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
` (4 more replies)
0 siblings, 5 replies; 13+ messages in thread
From: Kees Cook @ 2012-11-08 20:59 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Geremy Condra, Catalin Marinas,
Al Viro, Kees Cook, Will Drewry
This adds support for seccomp BPF to ARM. When built with the seccomp
improvement patch waiting in linux-next ("seccomp: Make syscall skipping
and nr changes more consistent"), this passes the seccomp regression
test suite: https://github.com/redpig/seccomp
Thanks,
-Kees
---
v4:
- fixed syscall_get_arch, thanks to Will Deacon.
v3:
- updates suggested by Russell King:
- reduced scope of expansion
- leveraged TIF_SYSCALL_WORK bit mask
- fixed syscall==-1 short-circuit logic
v2:
- expanded ptrace_syscall_trace() into both callers and do
secure_computing() hookup there, as requested by Al Viro.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/4] arch/arm: add syscall_get_arch
2012-11-08 20:59 [PATCH v4 0/4] arch/arm: support seccomp Kees Cook
@ 2012-11-08 20:59 ` Kees Cook
2012-11-08 20:59 ` [PATCH 2/4] arch/arm: move secure_computing into trace Kees Cook
` (3 subsequent siblings)
4 siblings, 0 replies; 13+ messages in thread
From: Kees Cook @ 2012-11-08 20:59 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Geremy Condra, Catalin Marinas,
Al Viro, Kees Cook, Will Drewry
From: Will Drewry <wad@chromium.org>
Provide an ARM implementation of syscall_get_arch. This is a pre-requisite
for CONFIG_HAVE_ARCH_SECCOMP_FILTER.
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/include/asm/syscall.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
index 9fdded6..f1d96d4 100644
--- a/arch/arm/include/asm/syscall.h
+++ b/arch/arm/include/asm/syscall.h
@@ -7,6 +7,8 @@
#ifndef _ASM_ARM_SYSCALL_H
#define _ASM_ARM_SYSCALL_H
+#include <linux/audit.h> /* for AUDIT_ARCH_* */
+#include <linux/elf.h> /* for ELF_EM */
#include <linux/err.h>
#include <linux/sched.h>
@@ -95,4 +97,11 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0]));
}
+static inline int syscall_get_arch(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ /* ARM tasks don't change audit architectures on the fly. */
+ return AUDIT_ARCH_ARM;
+}
+
#endif /* _ASM_ARM_SYSCALL_H */
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/4] arch/arm: move secure_computing into trace
2012-11-08 20:59 [PATCH v4 0/4] arch/arm: support seccomp Kees Cook
2012-11-08 20:59 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
@ 2012-11-08 20:59 ` Kees Cook
2012-11-09 11:56 ` Will Deacon
2012-11-08 20:59 ` [PATCH 3/4] arch/arm: allow a scno of -1 to not cause a SIGILL Kees Cook
` (2 subsequent siblings)
4 siblings, 1 reply; 13+ messages in thread
From: Kees Cook @ 2012-11-08 20:59 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Geremy Condra, Catalin Marinas,
Al Viro, Kees Cook, Will Drewry
There is very little difference in the TIF_SECCOMP and TIF_SYSCALL_WORK
path in entry-common.S, so merge TIF_SECCOMP into TIF_SYSCALL_WORK and
move seccomp into the syscall_trace_enter() handler.
Expanded some of the tracehook logic into the callers to make this code
more readable. Since tracehook needs to do register changing, this portion
is best left in its own function instead of copy/pasting into the callers.
Additionally, the return value for secure_computing() is now checked
and a -1 value will result in the system call being skipped.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/include/asm/thread_info.h | 7 ++++---
arch/arm/kernel/entry-common.S | 10 ----------
arch/arm/kernel/ptrace.c | 33 ++++++++++++++++++++++++---------
3 files changed, 28 insertions(+), 22 deletions(-)
diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
index 8477b4c..cddda1f 100644
--- a/arch/arm/include/asm/thread_info.h
+++ b/arch/arm/include/asm/thread_info.h
@@ -151,10 +151,10 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
#define TIF_SYSCALL_TRACE 8
#define TIF_SYSCALL_AUDIT 9
#define TIF_SYSCALL_TRACEPOINT 10
+#define TIF_SECCOMP 11 /* seccomp syscall filtering active */
#define TIF_USING_IWMMXT 17
#define TIF_MEMDIE 18 /* is terminating due to OOM killer */
#define TIF_RESTORE_SIGMASK 20
-#define TIF_SECCOMP 21
#define TIF_SWITCH_MM 22 /* deferred switch_mm */
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
@@ -163,11 +163,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT)
-#define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
+#define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
/* Checks for any syscall work in entry-common.S */
-#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT)
+#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
+ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP)
/*
* Change these and you break ASM code in entry-common.S
diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index 3471175..8355d4b 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -417,16 +417,6 @@ local_restart:
ldr r10, [tsk, #TI_FLAGS] @ check for syscall tracing
stmdb sp!, {r4, r5} @ push fifth and sixth args
-#ifdef CONFIG_SECCOMP
- tst r10, #_TIF_SECCOMP
- beq 1f
- mov r0, scno
- bl __secure_computing
- add r0, sp, #S_R0 + S_OFF @ pointer to regs
- ldmia r0, {r0 - r3} @ have to reload r0 - r3
-1:
-#endif
-
tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls?
bne __sys_trace
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 739db3a..2aecf8f 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -916,16 +916,11 @@ enum ptrace_syscall_dir {
PTRACE_SYSCALL_EXIT,
};
-static int ptrace_syscall_trace(struct pt_regs *regs, int scno,
- enum ptrace_syscall_dir dir)
+static int tracehook_report_syscall(struct pt_regs *regs,
+ enum ptrace_syscall_dir dir)
{
unsigned long ip;
- current_thread_info()->syscall = scno;
-
- if (!test_thread_flag(TIF_SYSCALL_TRACE))
- return scno;
-
/*
* IP is used to denote syscall entry/exit:
* IP = 0 -> entry, =1 -> exit
@@ -944,19 +939,39 @@ static int ptrace_syscall_trace(struct pt_regs *regs, int scno,
asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno)
{
- scno = ptrace_syscall_trace(regs, scno, PTRACE_SYSCALL_ENTER);
+ current_thread_info()->syscall = scno;
+
+ /* do the secure computing check first */
+ if (secure_computing(scno) == -1) {
+ /* seccomp failures shouldn't expose any additional code. */
+ scno = -1;
+ goto out;
+ }
+
+ if (test_thread_flag(TIF_SYSCALL_TRACE))
+ scno = tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
+
if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
trace_sys_enter(regs, scno);
+
audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0, regs->ARM_r1,
regs->ARM_r2, regs->ARM_r3);
+
+out:
return scno;
}
asmlinkage int syscall_trace_exit(struct pt_regs *regs, int scno)
{
- scno = ptrace_syscall_trace(regs, scno, PTRACE_SYSCALL_EXIT);
+ current_thread_info()->syscall = scno;
+
+ if (test_thread_flag(TIF_SYSCALL_TRACE))
+ scno = tracehook_report_syscall(regs, PTRACE_SYSCALL_EXIT);
+
if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
trace_sys_exit(regs, scno);
+
audit_syscall_exit(regs);
+
return scno;
}
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 2/4] arch/arm: move secure_computing into trace
2012-11-08 20:59 ` [PATCH 2/4] arch/arm: move secure_computing into trace Kees Cook
@ 2012-11-09 11:56 ` Will Deacon
0 siblings, 0 replies; 13+ messages in thread
From: Will Deacon @ 2012-11-09 11:56 UTC (permalink / raw)
To: Kees Cook
Cc: linux-kernel, Russell King, Geremy Condra, Catalin Marinas,
Al Viro, Will Drewry
One really minor nit...
On Thu, Nov 08, 2012 at 08:59:31PM +0000, Kees Cook wrote:
> There is very little difference in the TIF_SECCOMP and TIF_SYSCALL_WORK
> path in entry-common.S, so merge TIF_SECCOMP into TIF_SYSCALL_WORK and
> move seccomp into the syscall_trace_enter() handler.
>
> Expanded some of the tracehook logic into the callers to make this code
> more readable. Since tracehook needs to do register changing, this portion
> is best left in its own function instead of copy/pasting into the callers.
>
> Additionally, the return value for secure_computing() is now checked
> and a -1 value will result in the system call being skipped.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
[...]
> @@ -944,19 +939,39 @@ static int ptrace_syscall_trace(struct pt_regs *regs, int scno,
>
> asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno)
> {
> - scno = ptrace_syscall_trace(regs, scno, PTRACE_SYSCALL_ENTER);
> + current_thread_info()->syscall = scno;
> +
> + /* do the secure computing check first */
> + if (secure_computing(scno) == -1) {
> + /* seccomp failures shouldn't expose any additional code. */
> + scno = -1;
> + goto out;
> + }
Can we just return -1 here instead please? The whole jump label code makes
this code messier than it needs to be and there's no cleanup to be done.
> + if (test_thread_flag(TIF_SYSCALL_TRACE))
> + scno = tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
> +
> if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
> trace_sys_enter(regs, scno);
> +
> audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0, regs->ARM_r1,
> regs->ARM_r2, regs->ARM_r3);
> +
> +out:
> return scno;
> }
Cheers,
Will
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 3/4] arch/arm: allow a scno of -1 to not cause a SIGILL
2012-11-08 20:59 [PATCH v4 0/4] arch/arm: support seccomp Kees Cook
2012-11-08 20:59 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
2012-11-08 20:59 ` [PATCH 2/4] arch/arm: move secure_computing into trace Kees Cook
@ 2012-11-08 20:59 ` Kees Cook
2012-11-08 20:59 ` [PATCH 4/4] arch/arm: select HAVE_ARCH_SECCOMP_FILTER Kees Cook
2012-11-08 21:22 ` [PATCH v4 0/4] arch/arm: support seccomp Nicolas Pitre
4 siblings, 0 replies; 13+ messages in thread
From: Kees Cook @ 2012-11-08 20:59 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Geremy Condra, Catalin Marinas,
Al Viro, Kees Cook, Will Drewry
On tracehook-friendly platforms, a system call number of -1 falls
through without running much code or taking much action.
ARM is different. This adds a short-circuit check in the trace path to
avoid any additional work, as suggested by Russell King, to make sure
that ARM behaves the same way as other platforms.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/kernel/entry-common.S | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index 8355d4b..0bef977 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -448,7 +448,10 @@ __sys_trace:
ldmccia r1, {r0 - r6} @ have to reload r0 - r6
stmccia sp, {r4, r5} @ and update the stack args
ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine
- b 2b
+ cmp scno, #-1 @ skip the syscall?
+ bne 2b
+ add sp, sp, #S_OFF @ restore stack
+ b ret_slow_syscall
__sys_trace_return:
str r0, [sp, #S_R0 + S_OFF]! @ save returned r0
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 4/4] arch/arm: select HAVE_ARCH_SECCOMP_FILTER
2012-11-08 20:59 [PATCH v4 0/4] arch/arm: support seccomp Kees Cook
` (2 preceding siblings ...)
2012-11-08 20:59 ` [PATCH 3/4] arch/arm: allow a scno of -1 to not cause a SIGILL Kees Cook
@ 2012-11-08 20:59 ` Kees Cook
2012-11-08 21:22 ` [PATCH v4 0/4] arch/arm: support seccomp Nicolas Pitre
4 siblings, 0 replies; 13+ messages in thread
From: Kees Cook @ 2012-11-08 20:59 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Geremy Condra, Catalin Marinas,
Al Viro, Kees Cook, Will Drewry
From: Will Drewry <wad@chromium.org>
Reflect architectural support for seccomp filter.
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index ade7e92..0e8d490 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -21,6 +21,7 @@ config ARM
select HAVE_AOUT
select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL
select HAVE_ARCH_KGDB
+ select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ARCH_TRACEHOOK
select HAVE_BPF_JIT
select HAVE_C_RECORDMCOUNT
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH v4 0/4] arch/arm: support seccomp
2012-11-08 20:59 [PATCH v4 0/4] arch/arm: support seccomp Kees Cook
` (3 preceding siblings ...)
2012-11-08 20:59 ` [PATCH 4/4] arch/arm: select HAVE_ARCH_SECCOMP_FILTER Kees Cook
@ 2012-11-08 21:22 ` Nicolas Pitre
4 siblings, 0 replies; 13+ messages in thread
From: Nicolas Pitre @ 2012-11-08 21:22 UTC (permalink / raw)
To: Kees Cook
Cc: linux-kernel, Russell King, Will Deacon, Geremy Condra,
Catalin Marinas, Al Viro, Will Drewry
On Thu, 8 Nov 2012, Kees Cook wrote:
> This adds support for seccomp BPF to ARM. When built with the seccomp
> improvement patch waiting in linux-next ("seccomp: Make syscall skipping
> and nr changes more consistent"), this passes the seccomp regression
> test suite: https://github.com/redpig/seccomp
You should consider posting ARM specific patches to the ARM mailing list
instead, where most people with an interest in reviewing those patches
are listening: linux-arm-kernel@lists.infradead.org.
Nicolas
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v5 0/4] arch/arm: support seccomp
@ 2012-11-10 22:44 Kees Cook
2012-11-10 22:44 ` Kees Cook
0 siblings, 1 reply; 13+ messages in thread
From: Kees Cook @ 2012-11-10 22:44 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-kernel, Russell King, Will Deacon, Geremy Condra,
Catalin Marinas, Al Viro, Kees Cook, Will Drewry
This adds support for seccomp BPF to ARM. When built with the seccomp
improvement patch waiting in linux-next ("seccomp: Make syscall skipping
and nr changes more consistent"), this passes the seccomp regression
test suite: https://github.com/redpig/seccomp
Thanks,
-Kees
---
v5:
- clean up seccomp failure path, as requested by Will Deacon.
v4:
- fixed syscall_get_arch, thanks to Will Deacon.
v3:
- updates suggested by Russell King:
- reduced scope of expansion
- leveraged TIF_SYSCALL_WORK bit mask
- fixed syscall==-1 short-circuit logic
v2:
- expanded ptrace_syscall_trace() into both callers and do
secure_computing() hookup there, as requested by Al Viro.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/4] arch/arm: add syscall_get_arch
2012-11-10 22:44 [PATCH v5 " Kees Cook
@ 2012-11-10 22:44 ` Kees Cook
0 siblings, 0 replies; 13+ messages in thread
From: Kees Cook @ 2012-11-10 22:44 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-kernel, Russell King, Will Deacon, Geremy Condra,
Catalin Marinas, Al Viro, Kees Cook, Will Drewry
From: Will Drewry <wad@chromium.org>
Provide an ARM implementation of syscall_get_arch. This is a pre-requisite
for CONFIG_HAVE_ARCH_SECCOMP_FILTER.
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/include/asm/syscall.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
index 9fdded6..f1d96d4 100644
--- a/arch/arm/include/asm/syscall.h
+++ b/arch/arm/include/asm/syscall.h
@@ -7,6 +7,8 @@
#ifndef _ASM_ARM_SYSCALL_H
#define _ASM_ARM_SYSCALL_H
+#include <linux/audit.h> /* for AUDIT_ARCH_* */
+#include <linux/elf.h> /* for ELF_EM */
#include <linux/err.h>
#include <linux/sched.h>
@@ -95,4 +97,11 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0]));
}
+static inline int syscall_get_arch(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ /* ARM tasks don't change audit architectures on the fly. */
+ return AUDIT_ARCH_ARM;
+}
+
#endif /* _ASM_ARM_SYSCALL_H */
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 1/4] arch/arm: add syscall_get_arch
@ 2012-11-10 22:44 ` Kees Cook
0 siblings, 0 replies; 13+ messages in thread
From: Kees Cook @ 2012-11-10 22:44 UTC (permalink / raw)
To: linux-arm-kernel
From: Will Drewry <wad@chromium.org>
Provide an ARM implementation of syscall_get_arch. This is a pre-requisite
for CONFIG_HAVE_ARCH_SECCOMP_FILTER.
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/include/asm/syscall.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
index 9fdded6..f1d96d4 100644
--- a/arch/arm/include/asm/syscall.h
+++ b/arch/arm/include/asm/syscall.h
@@ -7,6 +7,8 @@
#ifndef _ASM_ARM_SYSCALL_H
#define _ASM_ARM_SYSCALL_H
+#include <linux/audit.h> /* for AUDIT_ARCH_* */
+#include <linux/elf.h> /* for ELF_EM */
#include <linux/err.h>
#include <linux/sched.h>
@@ -95,4 +97,11 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0]));
}
+static inline int syscall_get_arch(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ /* ARM tasks don't change audit architectures on the fly. */
+ return AUDIT_ARCH_ARM;
+}
+
#endif /* _ASM_ARM_SYSCALL_H */
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 0/4] arch/arm: support seccomp
@ 2012-11-02 0:14 Kees Cook
2012-11-02 0:14 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
0 siblings, 1 reply; 13+ messages in thread
From: Kees Cook @ 2012-11-02 0:14 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Will Drewry, Geremy Condra, Al Viro,
Catalin Marinas
This adds support for seccomp BPF to ARM. When built with the seccomp
improvement patch waiting in linux-next ("seccomp: Make syscall skipping
and nr changes more consistent"), this passes the seccomp regression
test suite: https://github.com/redpig/seccomp
Thanks,
-Kees
---
v3:
- updates suggested by Russell King:
- reduced scope of expansion
- leveraged TIF_SYSCALL_WORK bit mask
- fixed syscall==-1 short-circuit logic
v2:
- expanded ptrace_syscall_trace() into both callers and do
secure_computing() hookup there, as requested by Al Viro.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/4] arch/arm: add syscall_get_arch
2012-11-02 0:14 [PATCH v3 0/4] arch/arm: support seccomp Kees Cook
@ 2012-11-02 0:14 ` Kees Cook
2012-11-05 13:29 ` Will Deacon
0 siblings, 1 reply; 13+ messages in thread
From: Kees Cook @ 2012-11-02 0:14 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Will Drewry, Geremy Condra, Al Viro,
Catalin Marinas, Kees Cook
From: Will Drewry <wad@chromium.org>
Provide an ARM implementation of syscall_get_arch. This is a pre-requisite
for CONFIG_HAVE_ARCH_SECCOMP_FILTER.
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/include/asm/syscall.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
index 9fdded6..803f433 100644
--- a/arch/arm/include/asm/syscall.h
+++ b/arch/arm/include/asm/syscall.h
@@ -7,6 +7,8 @@
#ifndef _ASM_ARM_SYSCALL_H
#define _ASM_ARM_SYSCALL_H
+#include <linux/audit.h> /* for AUDIT_ARCH_* */
+#include <linux/elf.h> /* for ELF_EM */
#include <linux/err.h>
#include <linux/sched.h>
@@ -95,4 +97,15 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0]));
}
+static inline int syscall_get_arch(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ /* ARM tasks don't change audit architectures on the fly. */
+#ifdef __ARMEB__
+ return AUDIT_ARCH_ARMEB;
+#else
+ return AUDIT_ARCH_ARM;
+#endif
+}
+
#endif /* _ASM_ARM_SYSCALL_H */
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 1/4] arch/arm: add syscall_get_arch
2012-11-02 0:14 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
@ 2012-11-05 13:29 ` Will Deacon
0 siblings, 0 replies; 13+ messages in thread
From: Will Deacon @ 2012-11-05 13:29 UTC (permalink / raw)
To: Kees Cook
Cc: linux-kernel, Russell King, Will Drewry, Geremy Condra, Al Viro,
Catalin Marinas
On Fri, Nov 02, 2012 at 12:14:57AM +0000, Kees Cook wrote:
> From: Will Drewry <wad@chromium.org>
>
> Provide an ARM implementation of syscall_get_arch. This is a pre-requisite
> for CONFIG_HAVE_ARCH_SECCOMP_FILTER.
>
> Signed-off-by: Will Drewry <wad@chromium.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> arch/arm/include/asm/syscall.h | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
> index 9fdded6..803f433 100644
> --- a/arch/arm/include/asm/syscall.h
> +++ b/arch/arm/include/asm/syscall.h
> @@ -7,6 +7,8 @@
> #ifndef _ASM_ARM_SYSCALL_H
> #define _ASM_ARM_SYSCALL_H
>
> +#include <linux/audit.h> /* for AUDIT_ARCH_* */
> +#include <linux/elf.h> /* for ELF_EM */
> #include <linux/err.h>
> #include <linux/sched.h>
>
> @@ -95,4 +97,15 @@ static inline void syscall_set_arguments(struct task_struct *task,
> memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0]));
> }
>
> +static inline int syscall_get_arch(struct task_struct *task,
> + struct pt_regs *regs)
> +{
> + /* ARM tasks don't change audit architectures on the fly. */
> +#ifdef __ARMEB__
> + return AUDIT_ARCH_ARMEB;
> +#else
> + return AUDIT_ARCH_ARM;
> +#endif
> +}
I think you can just use AUDIT_ARCH_ARM unconditionally here as the syscall
ABI is not related to the endianness of the CPU. I believe AUDIT_ARCH_ARMEB
was added accidentally because somebody incorrectly thought the -EB suffix
signified EABI.
If it wasn't in a user-header I'd be all for deleting the old definition...
Will
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v2 0/4] arch/arm: support seccomp
@ 2012-11-01 19:46 Kees Cook
2012-11-01 19:46 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
0 siblings, 1 reply; 13+ messages in thread
From: Kees Cook @ 2012-11-01 19:46 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Will Drewry, Geremy Condra, Al Viro,
Catalin Marinas
This adds support for seccomp BPF to ARM. When built with the seccomp
improvement patch waiting in linux-next ("seccomp: Make syscall skipping
and nr changes more consistent"), this passes the seccomp regression
test suite: https://github.com/redpig/seccomp
Thanks,
-Kees
---
v2:
- expanded ptrace_syscall_trace() into both callers and do
secure_computing() hookup there, as requested by Al Viro.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/4] arch/arm: add syscall_get_arch
2012-11-01 19:46 [PATCH v2 0/4] arch/arm: support seccomp Kees Cook
@ 2012-11-01 19:46 ` Kees Cook
0 siblings, 0 replies; 13+ messages in thread
From: Kees Cook @ 2012-11-01 19:46 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Will Drewry, Geremy Condra, Al Viro,
Catalin Marinas, Kees Cook
From: Will Drewry <wad@chromium.org>
Provide an ARM implementation of syscall_get_arch. This is a pre-requisite
for CONFIG_HAVE_ARCH_SECCOMP_FILTER.
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/include/asm/syscall.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
index 9fdded6..803f433 100644
--- a/arch/arm/include/asm/syscall.h
+++ b/arch/arm/include/asm/syscall.h
@@ -7,6 +7,8 @@
#ifndef _ASM_ARM_SYSCALL_H
#define _ASM_ARM_SYSCALL_H
+#include <linux/audit.h> /* for AUDIT_ARCH_* */
+#include <linux/elf.h> /* for ELF_EM */
#include <linux/err.h>
#include <linux/sched.h>
@@ -95,4 +97,15 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0]));
}
+static inline int syscall_get_arch(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ /* ARM tasks don't change audit architectures on the fly. */
+#ifdef __ARMEB__
+ return AUDIT_ARCH_ARMEB;
+#else
+ return AUDIT_ARCH_ARM;
+#endif
+}
+
#endif /* _ASM_ARM_SYSCALL_H */
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 0/4] arch/arm: support seccomp
@ 2012-10-30 0:41 Kees Cook
2012-10-30 0:41 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
0 siblings, 1 reply; 13+ messages in thread
From: Kees Cook @ 2012-10-30 0:41 UTC (permalink / raw)
To: linux-kernel; +Cc: Russell King, Will Deacon, Will Drewry, Geremy Condra
This adds support for seccomp BPF to ARM. When built with the seccomp
improvement patch waiting in linux-next ("seccomp: Make syscall skipping
and nr changes more consistent"), this passes the seccomp regression
test suite: https://github.com/redpig/seccomp
Thanks,
-Kees
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/4] arch/arm: add syscall_get_arch
2012-10-30 0:41 [PATCH 0/4] arch/arm: support seccomp Kees Cook
@ 2012-10-30 0:41 ` Kees Cook
0 siblings, 0 replies; 13+ messages in thread
From: Kees Cook @ 2012-10-30 0:41 UTC (permalink / raw)
To: linux-kernel
Cc: Russell King, Will Deacon, Will Drewry, Geremy Condra, Kees Cook
From: Will Drewry <wad@chromium.org>
Provide an ARM implementation of syscall_get_arch. This is a pre-requisite
for CONFIG_HAVE_ARCH_SECCOMP_FILTER.
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/include/asm/syscall.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
index 9fdded6..803f433 100644
--- a/arch/arm/include/asm/syscall.h
+++ b/arch/arm/include/asm/syscall.h
@@ -7,6 +7,8 @@
#ifndef _ASM_ARM_SYSCALL_H
#define _ASM_ARM_SYSCALL_H
+#include <linux/audit.h> /* for AUDIT_ARCH_* */
+#include <linux/elf.h> /* for ELF_EM */
#include <linux/err.h>
#include <linux/sched.h>
@@ -95,4 +97,15 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0]));
}
+static inline int syscall_get_arch(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ /* ARM tasks don't change audit architectures on the fly. */
+#ifdef __ARMEB__
+ return AUDIT_ARCH_ARMEB;
+#else
+ return AUDIT_ARCH_ARM;
+#endif
+}
+
#endif /* _ASM_ARM_SYSCALL_H */
--
1.7.9.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2012-11-10 22:46 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-08 20:59 [PATCH v4 0/4] arch/arm: support seccomp Kees Cook
2012-11-08 20:59 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
2012-11-08 20:59 ` [PATCH 2/4] arch/arm: move secure_computing into trace Kees Cook
2012-11-09 11:56 ` Will Deacon
2012-11-08 20:59 ` [PATCH 3/4] arch/arm: allow a scno of -1 to not cause a SIGILL Kees Cook
2012-11-08 20:59 ` [PATCH 4/4] arch/arm: select HAVE_ARCH_SECCOMP_FILTER Kees Cook
2012-11-08 21:22 ` [PATCH v4 0/4] arch/arm: support seccomp Nicolas Pitre
-- strict thread matches above, loose matches on Subject: below --
2012-11-10 22:44 [PATCH v5 " Kees Cook
2012-11-10 22:44 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
2012-11-10 22:44 ` Kees Cook
2012-11-02 0:14 [PATCH v3 0/4] arch/arm: support seccomp Kees Cook
2012-11-02 0:14 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
2012-11-05 13:29 ` Will Deacon
2012-11-01 19:46 [PATCH v2 0/4] arch/arm: support seccomp Kees Cook
2012-11-01 19:46 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
2012-10-30 0:41 [PATCH 0/4] arch/arm: support seccomp Kees Cook
2012-10-30 0:41 ` [PATCH 1/4] arch/arm: add syscall_get_arch Kees Cook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.