From: Kees Cook <keescook@chromium.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
x86@kernel.org, linux-arch@vger.kernel.org,
Will Deacon <will@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Mark Rutland <mark.rutland@arm.com>,
Keno Fischer <keno@juliacomputing.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org
Subject: Re: [patch V3 08/13] x86/entry: Use generic syscall entry function
Date: Thu, 16 Jul 2020 14:13:58 -0700 [thread overview]
Message-ID: <202007161359.AB211685@keescook> (raw)
In-Reply-To: <20200716185424.765294277@linutronix.de>
On Thu, Jul 16, 2020 at 08:22:16PM +0200, Thomas Gleixner wrote:
> From: Thomas Gleixner <tglx@linutronix.de>
>
> Replace the syscall entry work handling with the generic version. Provide
> the necessary helper inlines to handle the real architecture specific
> parts, e.g. audit and seccomp invocations.
>
> Use a temporary define for idtentry_enter_user which will be cleaned up
> seperately.
>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> [...]
> --- /dev/null
> +++ b/arch/x86/include/asm/entry-common.h
> @@ -0,0 +1,86 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +#ifndef _ASM_X86_ENTRY_COMMON_H
> +#define _ASM_X86_ENTRY_COMMON_H
> +
> +#include <linux/seccomp.h>
> +#include <linux/audit.h>
> +
> +/* Check that the stack and regs on entry from user mode are sane. */
> +static __always_inline void arch_check_user_regs(struct pt_regs *regs)
> +{
> + if (IS_ENABLED(CONFIG_DEBUG_ENTRY)) {
> + /*
> + * Make sure that the entry code gave us a sensible EFLAGS
> + * register. Native because we want to check the actual CPU
> + * state, not the interrupt state as imagined by Xen.
> + */
> + unsigned long flags = native_save_fl();
> + WARN_ON_ONCE(flags & (X86_EFLAGS_AC | X86_EFLAGS_DF |
> + X86_EFLAGS_NT));
> +
> + /* We think we came from user mode. Make sure pt_regs agrees. */
> + WARN_ON_ONCE(!user_mode(regs));
> +
> + /*
> + * All entries from user mode (except #DF) should be on the
> + * normal thread stack and should have user pt_regs in the
> + * correct location.
> + */
> + WARN_ON_ONCE(!on_thread_stack());
> + WARN_ON_ONCE(regs != task_pt_regs(current));
> + }
> +}
> +#define arch_check_user_regs arch_check_user_regs
Will architectures implement subsets of these functions? (i.e. instead
of each of the defines, is CONFIG_ENTRY_GENERIC sufficient for the
no-op inlines?)
> +
> +static inline long arch_syscall_enter_seccomp(struct pt_regs *regs)
> +{
> +#ifdef CONFIG_SECCOMP
> + u32 arch = in_ia32_syscall() ? AUDIT_ARCH_I386 : AUDIT_ARCH_X86_64;
> + struct seccomp_data sd;
> +
> + sd.arch = arch;
> + sd.nr = regs->orig_ax;
> + sd.instruction_pointer = regs->ip;
> +
> +#ifdef CONFIG_X86_64
> + if (arch == AUDIT_ARCH_X86_64) {
> + sd.args[0] = regs->di;
> + sd.args[1] = regs->si;
> + sd.args[2] = regs->dx;
> + sd.args[3] = regs->r10;
> + sd.args[4] = regs->r8;
> + sd.args[5] = regs->r9;
> + } else
> +#endif
> + {
> + sd.args[0] = regs->bx;
> + sd.args[1] = regs->cx;
> + sd.args[2] = regs->dx;
> + sd.args[3] = regs->si;
> + sd.args[4] = regs->di;
> + sd.args[5] = regs->bp;
> + }
> +
> + return __secure_computing(&sd);
> +#else
> + return 0;
> +#endif
> +}
> +#define arch_syscall_enter_seccomp arch_syscall_enter_seccomp
Actually, I've been meaning to clean this up. It's not needed at all.
This was left over from the seccomp fast-path code that got ripped out a
while ago. seccomp already has everything it needs to do this work, so
just:
__secure_computing(NULL);
is sufficient for every architecture that supports seccomp. (See kernel/seccomp.c
populate_seccomp_data().)
And if you want more generalization work, note that the secure_computing()
macro performs a TIF test before calling __secure_computing(NULL). But
my point is, I think arch_syscall_enter_seccomp() is not needed.
> +static inline void arch_syscall_enter_audit(struct pt_regs *regs)
> +{
> +#ifdef CONFIG_X86_64
> + if (in_ia32_syscall()) {
> + audit_syscall_entry(regs->orig_ax, regs->di,
> + regs->si, regs->dx, regs->r10);
> + } else
> +#endif
> + {
> + audit_syscall_entry(regs->orig_ax, regs->bx,
> + regs->cx, regs->dx, regs->si);
> + }
> +}
> +#define arch_syscall_enter_audit arch_syscall_enter_audit
Similarly, I think these can be redefined in the generic case
using the existing accessors for syscall arguments, etc. e.g.
arch_syscall_enter_audit() is not needed for any architecture, and the
generic is:
unsigned long args[6];
syscall_get_arguments(task, regs, args);
audit_syscall_entry(syscall_get_nr(current, regs),
args[0], args[1], args[2], args[3]);
--
Kees Cook
next prev parent reply other threads:[~2020-07-16 21:14 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-16 18:22 [patch V3 00/13] entry, x86, kvm: Generic entry/exit functionality for host and guest Thomas Gleixner
2020-07-16 18:22 ` [patch V3 01/13] entry: Provide generic syscall entry functionality Thomas Gleixner
2020-07-16 20:52 ` Kees Cook
2020-07-16 21:55 ` Thomas Gleixner
2020-07-17 17:49 ` Kees Cook
2020-07-17 19:29 ` Thomas Gleixner
2020-07-17 21:56 ` Andy Lutomirski
2020-07-18 14:16 ` Thomas Gleixner
2020-07-18 14:41 ` Andy Lutomirski
2020-07-19 10:17 ` Thomas Gleixner
2020-07-19 10:17 ` Thomas Gleixner
2020-07-19 10:17 ` Thomas Gleixner
2020-07-19 15:25 ` Andy Lutomirski
2020-07-20 6:50 ` Thomas Gleixner
2020-07-27 22:28 ` Andy Lutomirski
2020-07-16 18:22 ` [patch V3 02/13] entry: Provide generic syscall exit function Thomas Gleixner
2020-07-16 20:55 ` Kees Cook
2020-07-16 21:28 ` Thomas Gleixner
2020-07-16 18:22 ` [patch V3 03/13] entry: Provide generic interrupt entry/exit code Thomas Gleixner
2020-07-16 18:22 ` [patch V3 04/13] entry: Provide infrastructure for work before exiting to guest mode Thomas Gleixner
2020-07-16 18:22 ` [patch V3 05/13] x86/entry: Consolidate check_user_regs() Thomas Gleixner
2020-07-16 20:56 ` Kees Cook
2020-07-16 18:22 ` [patch V3 06/13] x86/entry: Consolidate 32/64 bit syscall entry Thomas Gleixner
2020-07-16 18:22 ` [patch V3 07/13] x86/ptrace: Provide pt_regs helpers for entry/exit Thomas Gleixner
2020-07-16 20:57 ` Kees Cook
2020-07-16 18:22 ` [patch V3 08/13] x86/entry: Use generic syscall entry function Thomas Gleixner
2020-07-16 21:13 ` Kees Cook [this message]
2020-07-16 21:33 ` Thomas Gleixner
2020-07-16 18:22 ` [patch V3 09/13] x86/entry: Use generic syscall exit functionality Thomas Gleixner
2020-07-16 18:22 ` [patch V3 10/13] x86/entry: Cleanup idtentry_entry/exit_user Thomas Gleixner
2020-07-16 18:22 ` [patch V3 11/13] x86/entry: Use generic interrupt entry/exit code Thomas Gleixner
2020-07-16 18:22 ` [patch V3 12/13] x86/entry: Cleanup idtentry_enter/exit Thomas Gleixner
2020-07-16 18:22 ` [patch V3 13/13] x86/kvm: Use generic exit to guest work function Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202007161359.AB211685@keescook \
--to=keescook@chromium.org \
--cc=arnd@arndb.de \
--cc=keno@juliacomputing.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.