All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH v2 0/2] Enable seccomp on MIPS
@ 2016-04-08 13:16 James Hogan
  2016-04-08 13:16 ` [Qemu-devel] [PATCH v2 1/2] seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3 James Hogan
  2016-04-08 13:16 ` [Qemu-devel] [PATCH v2 2/2] configure: Enable seccomp sandbox for MIPS James Hogan
  0 siblings, 2 replies; 5+ messages in thread
From: James Hogan @ 2016-04-08 13:16 UTC (permalink / raw)
  To: qemu-devel; +Cc: Andrew Jones, Eduardo Otubo, Aurelien Jarno, James Hogan

These patches enable seccomp sandboxing on MIPS.

libseccomp has supported MIPS since 2.2.0, but cacheflush isn't included
in the whitelist until libseccomp 2.2.3 since thats when it was enabled
for ARM. The first patch fixes that so that it will work with MIPS right
back to 2.2.0.

Finally the second patch enables seccomp in the configure script for
MIPS since libseccomp 2.2.0.

Incidentally, when cacheflush(2) was being used prior to it appearing in
the whitelist, I noticed that only a single thread was being killed by
SCMP_ACT_KILL (which the man page also confirms) rather than the whole
process, simply resulting in a lockup, and making it tricky to debug
since it wasn't immediately obvious what had happened (same thing can be
made to happen on x86 if e.g. read syscall is disallowed).

Should we be using the apparently more helpful SCMP_ACT_TRAP instead of
SCMP_ACT_KILL, or is that considered less secure? It would seem
preferable if we could kill the whole process in a recognisable way
instead of hanging it.

Changes in v2:
- Added Peter's comment in patch 1.

James Hogan (2):
  seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
  configure: Enable seccomp sandbox for MIPS

 configure      | 3 +++
 qemu-seccomp.c | 8 +++++---
 2 files changed, 8 insertions(+), 3 deletions(-)
-- 
2.4.10

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH v2 1/2] seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
  2016-04-08 13:16 [Qemu-devel] [PATCH v2 0/2] Enable seccomp on MIPS James Hogan
@ 2016-04-08 13:16 ` James Hogan
  2016-04-12 11:52   ` Eduardo Otubo
  2016-04-08 13:16 ` [Qemu-devel] [PATCH v2 2/2] configure: Enable seccomp sandbox for MIPS James Hogan
  1 sibling, 1 reply; 5+ messages in thread
From: James Hogan @ 2016-04-08 13:16 UTC (permalink / raw)
  To: qemu-devel; +Cc: Andrew Jones, Eduardo Otubo, Aurelien Jarno, James Hogan

The cacheflush system call (found on MIPS and ARM) has been included in
the libseccomp header since 2.2.0, so include it back to that version.
Previously it was only enabled since 2.2.3 since that is when it was
enabled properly for ARM.

This will allow seccomp support to be enabled for MIPS back to
libseccomp 2.2.0.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-By: Andrew Jones <drjones@redhat.com>
Cc: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
---
Changes in v2:
- Added Peter's comment
---
 qemu-seccomp.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 2866e3c2a660..138ee022a8fe 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -16,11 +16,13 @@
 #include <seccomp.h>
 #include "sysemu/seccomp.h"
 
+/* For some architectures (notably ARM) cacheflush is not supported until
+ * libseccomp 2.2.3, but configure enforces that we are using a more recent
+ * version on those hosts, so it is OK for this check to be less strict.
+ */
 #if SCMP_VER_MAJOR >= 3
   #define HAVE_CACHEFLUSH
-#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3
-  #define HAVE_CACHEFLUSH
-#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3
+#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
   #define HAVE_CACHEFLUSH
 #endif
 
-- 
2.4.10

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH v2 2/2] configure: Enable seccomp sandbox for MIPS
  2016-04-08 13:16 [Qemu-devel] [PATCH v2 0/2] Enable seccomp on MIPS James Hogan
  2016-04-08 13:16 ` [Qemu-devel] [PATCH v2 1/2] seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3 James Hogan
@ 2016-04-08 13:16 ` James Hogan
  2016-04-12 11:50   ` Eduardo Otubo
  1 sibling, 1 reply; 5+ messages in thread
From: James Hogan @ 2016-04-08 13:16 UTC (permalink / raw)
  To: qemu-devel; +Cc: Andrew Jones, Eduardo Otubo, Aurelien Jarno, James Hogan

Enable seccomp on MIPS since libseccomp version 2.2.0 when MIPS support
was first added.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Cc: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
---
 configure | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/configure b/configure
index 5db29f0245ae..f1c307bfc69c 100755
--- a/configure
+++ b/configure
@@ -1872,6 +1872,9 @@ if test "$seccomp" != "no" ; then
     i386|x86_64)
         libseccomp_minver="2.1.0"
         ;;
+    mips)
+        libseccomp_minver="2.2.0"
+        ;;
     arm|aarch64)
         libseccomp_minver="2.2.3"
         ;;
-- 
2.4.10

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH v2 2/2] configure: Enable seccomp sandbox for MIPS
  2016-04-08 13:16 ` [Qemu-devel] [PATCH v2 2/2] configure: Enable seccomp sandbox for MIPS James Hogan
@ 2016-04-12 11:50   ` Eduardo Otubo
  0 siblings, 0 replies; 5+ messages in thread
From: Eduardo Otubo @ 2016-04-12 11:50 UTC (permalink / raw)
  To: James Hogan; +Cc: qemu-devel, Andrew Jones, Aurelien Jarno

[-- Attachment #1: Type: text/plain, Size: 949 bytes --]

On Fri, Apr 08, 2016 at 02=16=34PM +0100, James Hogan wrote:
> Enable seccomp on MIPS since libseccomp version 2.2.0 when MIPS support
> was first added.
> 
> Signed-off-by: James Hogan <james.hogan@imgtec.com>
> Reviewed-by: Andrew Jones <drjones@redhat.com>
> Cc: Eduardo Otubo <eduardo.otubo@profitbricks.com>
> Cc: Aurelien Jarno <aurelien@aurel32.net>
> ---
>  configure | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/configure b/configure
> index 5db29f0245ae..f1c307bfc69c 100755
> --- a/configure
> +++ b/configure
> @@ -1872,6 +1872,9 @@ if test "$seccomp" != "no" ; then
>      i386|x86_64)
>          libseccomp_minver="2.1.0"
>          ;;
> +    mips)
> +        libseccomp_minver="2.2.0"
> +        ;;
>      arm|aarch64)
>          libseccomp_minver="2.2.3"
>          ;;
> -- 
> 2.4.10
> 

Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>

-- 
Eduardo Otubo
ProfitBricks GmbH

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH v2 1/2] seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
  2016-04-08 13:16 ` [Qemu-devel] [PATCH v2 1/2] seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3 James Hogan
@ 2016-04-12 11:52   ` Eduardo Otubo
  0 siblings, 0 replies; 5+ messages in thread
From: Eduardo Otubo @ 2016-04-12 11:52 UTC (permalink / raw)
  To: James Hogan; +Cc: qemu-devel, Andrew Jones, Aurelien Jarno

[-- Attachment #1: Type: text/plain, Size: 1794 bytes --]

On Fri, Apr 08, 2016 at 02=16=33PM +0100, James Hogan wrote:
> The cacheflush system call (found on MIPS and ARM) has been included in
> the libseccomp header since 2.2.0, so include it back to that version.
> Previously it was only enabled since 2.2.3 since that is when it was
> enabled properly for ARM.
> 
> This will allow seccomp support to be enabled for MIPS back to
> libseccomp 2.2.0.
> 
> Signed-off-by: James Hogan <james.hogan@imgtec.com>
> Reviewed-By: Andrew Jones <drjones@redhat.com>
> Cc: Eduardo Otubo <eduardo.otubo@profitbricks.com>
> Cc: Aurelien Jarno <aurelien@aurel32.net>
> ---
> Changes in v2:
> - Added Peter's comment
> ---
>  qemu-seccomp.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index 2866e3c2a660..138ee022a8fe 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -16,11 +16,13 @@
>  #include <seccomp.h>
>  #include "sysemu/seccomp.h"
>  
> +/* For some architectures (notably ARM) cacheflush is not supported until
> + * libseccomp 2.2.3, but configure enforces that we are using a more recent
> + * version on those hosts, so it is OK for this check to be less strict.
> + */
>  #if SCMP_VER_MAJOR >= 3
>    #define HAVE_CACHEFLUSH
> -#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3
> -  #define HAVE_CACHEFLUSH
> -#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3
> +#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
>    #define HAVE_CACHEFLUSH
>  #endif
>  
> -- 
> 2.4.10
> 

Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>

(if nothing else comes up for the seccomp queue this week, I'll prepare
a pull request by Friday. Thanks for the contribution)

-- 
Eduardo Otubo
ProfitBricks GmbH

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-04-12 11:52 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-08 13:16 [Qemu-devel] [PATCH v2 0/2] Enable seccomp on MIPS James Hogan
2016-04-08 13:16 ` [Qemu-devel] [PATCH v2 1/2] seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3 James Hogan
2016-04-12 11:52   ` Eduardo Otubo
2016-04-08 13:16 ` [Qemu-devel] [PATCH v2 2/2] configure: Enable seccomp sandbox for MIPS James Hogan
2016-04-12 11:50   ` Eduardo Otubo

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.