* [PATCH v10 0/3] Add kernel seccomp support for m68k
@ 2022-01-27 7:41 Michael Schmitz
2022-01-27 7:41 ` [PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave " Michael Schmitz
` (4 more replies)
0 siblings, 5 replies; 10+ messages in thread
From: Michael Schmitz @ 2022-01-27 7:41 UTC (permalink / raw)
To: linux-m68k, geert; +Cc: ebiederm, viro, glaubitz
Patch 3 adds the test for TIF_SECCOMP thread info flag to call
into syscall_trace_enter() when seccomp syscall filtering
is active, which was missing from earlier versions (classic
MMU m68k only - need some help with the test for 68000 and
coldfire).
The previous version required the TIF_SYSCALL_TRACE
flag to be set for syscall filtering to work
The rest of the series remains unchanged from v9.
Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
(33 with the old version).
I hope you didn't waste too much effort on testing v8/v9, Adrian.
Should have a suitably large brown paper bag somewhere yet :-(
Cheers,
Michael
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave for m68k
2022-01-27 7:41 [PATCH v10 0/3] Add kernel seccomp support for m68k Michael Schmitz
@ 2022-01-27 7:41 ` Michael Schmitz
2022-05-09 11:06 ` Geert Uytterhoeven
2022-01-27 7:41 ` [PATCH v10 2/3] m68k/kernel - check syscall_trace_enter() return code on m68k Michael Schmitz
` (3 subsequent siblings)
4 siblings, 1 reply; 10+ messages in thread
From: Michael Schmitz @ 2022-01-27 7:41 UTC (permalink / raw)
To: linux-m68k, geert; +Cc: ebiederm, viro, glaubitz, Michael Schmitz
m68k (other than Coldfire) uses syscall_trace for both trace entry
and trace exit. Seccomp support requires separate entry points for
trace entry and exit which are already provided for Coldfire.
Replace syscall_trace by syscall_trace_enter and syscall_trace_leave
in preparation for seccomp support.
No regression seen in testing with strace on ARAnyM.
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
--
Changes from v8:
- adapt ptrace.c patch to recent changes by Eric Biederman
Changes from v7:
Al Viro:
- split first patch to separate the switch to
syscall_trace_enter/leave() from return code checks
Changes from v6:
Geert Uytterhoeven:
- add syscall_trace_enter() return code check for 68000
and coldfire
Changes from v5:
- add comment to explain optimization
Changes from v4:
Andreas Schwab:
- optimize return code test (addql #1,%d0 for cmpil #-1,%d0)
- spelling fix in commit message
Changes from v3:
- change syscall_trace_enter return code test from !=0 to ==-1
revert syscall trace return code checks
---
arch/m68k/kernel/entry.S | 4 ++--
arch/m68k/kernel/ptrace.c | 7 -------
2 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 9434fca68de5..18f278bdbd21 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -181,7 +181,7 @@ do_trace_entry:
movel #-ENOSYS,%sp@(PT_OFF_D0)| needed for strace
subql #4,%sp
SAVE_SWITCH_STACK
- jbsr syscall_trace
+ jbsr syscall_trace_enter
RESTORE_SWITCH_STACK
addql #4,%sp
movel %sp@(PT_OFF_ORIG_D0),%d0
@@ -194,7 +194,7 @@ badsys:
do_trace_exit:
subql #4,%sp
SAVE_SWITCH_STACK
- jbsr syscall_trace
+ jbsr syscall_trace_leave
RESTORE_SWITCH_STACK
addql #4,%sp
jra .Lret_from_exception
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index aa3a0b8d07e9..74d58a82a135 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -271,12 +271,6 @@ long arch_ptrace(struct task_struct *child, long request,
return -EIO;
}
-asmlinkage void syscall_trace(void)
-{
- ptrace_report_syscall(0);
-}
-
-#if defined(CONFIG_COLDFIRE) || !defined(CONFIG_MMU)
asmlinkage int syscall_trace_enter(void)
{
int ret = 0;
@@ -291,4 +285,3 @@ asmlinkage void syscall_trace_leave(void)
if (test_thread_flag(TIF_SYSCALL_TRACE))
tracehook_report_syscall_exit(task_pt_regs(current), 0);
}
-#endif /* CONFIG_COLDFIRE */
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v10 2/3] m68k/kernel - check syscall_trace_enter() return code on m68k
2022-01-27 7:41 [PATCH v10 0/3] Add kernel seccomp support for m68k Michael Schmitz
2022-01-27 7:41 ` [PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave " Michael Schmitz
@ 2022-01-27 7:41 ` Michael Schmitz
2022-01-27 7:41 ` [PATCH v10 3/3] m68k: add kernel seccomp support Michael Schmitz
` (2 subsequent siblings)
4 siblings, 0 replies; 10+ messages in thread
From: Michael Schmitz @ 2022-01-27 7:41 UTC (permalink / raw)
To: linux-m68k, geert; +Cc: ebiederm, viro, glaubitz, Michael Schmitz
Check return code of syscall_trace_enter(), and skip syscall
if -1. Return code will be left at what had been set by
ptrace or seccomp (in regs->d0).
No regression seen in testing with strace on ARAnyM.
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
--
Changes from v7:
Al Viro:
- split return code checks from switch to syscall_trace_enter()
Changes from v6:
Geert Uytterhoeven:
- add syscall_trace_enter() return code check for 68000
and coldfire
Changes from v5:
- add comment to explain optimization
Changes from v4:
Andreas Schwab:
- optimize return code test (addql #1,%d0 for cmpil #-1,%d0)
- spelling fix in commit message
Changes from v3:
- change syscall_trace_enter return code test from !=0 to ==-1
---
arch/m68k/68000/entry.S | 2 ++
arch/m68k/coldfire/entry.S | 2 ++
arch/m68k/kernel/entry.S | 2 ++
3 files changed, 6 insertions(+)
diff --git a/arch/m68k/68000/entry.S b/arch/m68k/68000/entry.S
index 997b54933015..7d63e2f1555a 100644
--- a/arch/m68k/68000/entry.S
+++ b/arch/m68k/68000/entry.S
@@ -45,6 +45,8 @@ do_trace:
jbsr syscall_trace_enter
RESTORE_SWITCH_STACK
addql #4,%sp
+ addql #1,%d0
+ jeq ret_from_exception
movel %sp@(PT_OFF_ORIG_D0),%d1
movel #-ENOSYS,%d0
cmpl #NR_syscalls,%d1
diff --git a/arch/m68k/coldfire/entry.S b/arch/m68k/coldfire/entry.S
index 9f337c70243a..35104c5417ff 100644
--- a/arch/m68k/coldfire/entry.S
+++ b/arch/m68k/coldfire/entry.S
@@ -90,6 +90,8 @@ ENTRY(system_call)
jbsr syscall_trace_enter
RESTORE_SWITCH_STACK
addql #4,%sp
+ addql #1,%d0
+ jeq ret_from_exception
movel %d3,%a0
jbsr %a0@
movel %d0,%sp@(PT_OFF_D0) /* save the return value */
diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 18f278bdbd21..0d5b7085d76f 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -184,6 +184,8 @@ do_trace_entry:
jbsr syscall_trace_enter
RESTORE_SWITCH_STACK
addql #4,%sp
+ addql #1,%d0 | optimization for cmpil #-1,%d0
+ jeq ret_from_syscall
movel %sp@(PT_OFF_ORIG_D0),%d0
cmpl #NR_syscalls,%d0
jcs syscall
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v10 3/3] m68k: add kernel seccomp support
2022-01-27 7:41 [PATCH v10 0/3] Add kernel seccomp support for m68k Michael Schmitz
2022-01-27 7:41 ` [PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave " Michael Schmitz
2022-01-27 7:41 ` [PATCH v10 2/3] m68k/kernel - check syscall_trace_enter() return code on m68k Michael Schmitz
@ 2022-01-27 7:41 ` Michael Schmitz
2022-01-27 9:09 ` [PATCH v10 0/3] Add kernel seccomp support for m68k John Paul Adrian Glaubitz
2022-05-03 21:53 ` Eric W. Biederman
4 siblings, 0 replies; 10+ messages in thread
From: Michael Schmitz @ 2022-01-27 7:41 UTC (permalink / raw)
To: linux-m68k, geert; +Cc: ebiederm, viro, glaubitz, Michael Schmitz
Add secure_computing() call to syscall_trace_enter to actually
filter system calls.
Add necessary arch Kconfig options, define TIF_SECCOMP trace
flag and provide basic seccomp filter support in asm/syscall.h
syscall_get_nr currently uses the syscall nr stored in orig_d0
because we change d0 to a default return code before starting a
syscall trace. This may be inconsistent with syscall_rollback
copying orig_d0 to d0 (which we never check upon return from
trace). We use d0 for the return code from syscall_trace_enter
in entry.S currently, and could perhaps expand that to store
a new syscall number returned by the seccomp filter before
executing the syscall. This clearly needs some discussion.
seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
--
Changes from v9:
- add test for TIF_SECCOMP bit to call syscall_trace_enter()
if seccomp syscall filtering is active
Changes from v6:
Geert Uytterhoeven:
- add syscall_get_error(), syscall_get_return_value(), and
syscall_set_arguments() (not needed to compile!)
Changes from v5:
Geert Uytterhoeven:
- correct wrong offset for d1-d5 register copy
- update Documentation/features/seccomp/seccomp-filter/arch-support.txt
add syscall_get_error(), syscall_get_return_value(), syscall_set_arguments()
---
.../seccomp/seccomp-filter/arch-support.txt | 2 +-
arch/m68k/Kconfig | 2 +
arch/m68k/include/asm/seccomp.h | 11 ++++
arch/m68k/include/asm/syscall.h | 56 +++++++++++++++++++
arch/m68k/include/asm/thread_info.h | 2 +
arch/m68k/kernel/entry.S | 3 +
arch/m68k/kernel/ptrace.c | 5 ++
7 files changed, 80 insertions(+), 1 deletion(-)
create mode 100644 arch/m68k/include/asm/seccomp.h
diff --git a/Documentation/features/seccomp/seccomp-filter/arch-support.txt b/Documentation/features/seccomp/seccomp-filter/arch-support.txt
index 26eec58ab819..be71f2066981 100644
--- a/Documentation/features/seccomp/seccomp-filter/arch-support.txt
+++ b/Documentation/features/seccomp/seccomp-filter/arch-support.txt
@@ -14,7 +14,7 @@
| h8300: | TODO |
| hexagon: | TODO |
| ia64: | TODO |
- | m68k: | TODO |
+ | m68k: | ok |
| microblaze: | TODO |
| mips: | ok |
| nds32: | TODO |
diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
index 936e1803c7c7..c0ef187fb3ed 100644
--- a/arch/m68k/Kconfig
+++ b/arch/m68k/Kconfig
@@ -18,6 +18,8 @@ config M68K
select GENERIC_IOMAP
select GENERIC_IRQ_SHOW
select HAVE_AOUT if MMU
+ select HAVE_ARCH_SECCOMP
+ select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ASM_MODVERSIONS
select HAVE_DEBUG_BUGVERBOSE
select HAVE_EFFICIENT_UNALIGNED_ACCESS if !CPU_HAS_NO_UNALIGNED
diff --git a/arch/m68k/include/asm/seccomp.h b/arch/m68k/include/asm/seccomp.h
new file mode 100644
index 000000000000..de8a94e1fb3f
--- /dev/null
+++ b/arch/m68k/include/asm/seccomp.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef _ASM_SECCOMP_H
+#define _ASM_SECCOMP_H
+
+#include <asm-generic/seccomp.h>
+
+#define SECCOMP_ARCH_NATIVE AUDIT_ARCH_M68K
+#define SECCOMP_ARCH_NATIVE_NR NR_syscalls
+#define SECCOMP_ARCH_NATIVE_NAME "m68k"
+
+#endif /* _ASM_SECCOMP_H */
diff --git a/arch/m68k/include/asm/syscall.h b/arch/m68k/include/asm/syscall.h
index 465ac039be09..2b49ad725655 100644
--- a/arch/m68k/include/asm/syscall.h
+++ b/arch/m68k/include/asm/syscall.h
@@ -4,6 +4,62 @@
#include <uapi/linux/audit.h>
+#include <asm/unistd.h>
+
+extern const unsigned long sys_call_table[];
+
+static inline int syscall_get_nr(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ return regs->orig_d0;
+}
+
+static inline void syscall_rollback(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ regs->d0 = regs->orig_d0;
+}
+
+static inline long syscall_get_error(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ unsigned long error = regs->d0;
+ return IS_ERR_VALUE(error) ? error : 0;
+}
+
+static inline long syscall_get_return_value(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ return regs->d0;
+}
+
+static inline void syscall_set_return_value(struct task_struct *task,
+ struct pt_regs *regs,
+ int error, long val)
+{
+ regs->d0 = (long) error ? error : val;
+}
+
+static inline void syscall_get_arguments(struct task_struct *task,
+ struct pt_regs *regs,
+ unsigned long *args)
+{
+ args[0] = regs->orig_d0;
+ args++;
+
+ memcpy(args, ®s->d1, 5 * sizeof(args[0]));
+}
+
+static inline void syscall_set_arguments(struct task_struct *task,
+ struct pt_regs *regs,
+ unsigned long *args)
+{
+ regs->orig_d0 = args[0];
+ args++;
+
+ memcpy(®s->d1, args, 5 * sizeof(args[0]));
+}
+
static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_M68K;
diff --git a/arch/m68k/include/asm/thread_info.h b/arch/m68k/include/asm/thread_info.h
index c952658ba792..31be2ad999ca 100644
--- a/arch/m68k/include/asm/thread_info.h
+++ b/arch/m68k/include/asm/thread_info.h
@@ -61,6 +61,7 @@ static inline struct thread_info *current_thread_info(void)
#define TIF_NOTIFY_RESUME 5 /* callback before returning to user */
#define TIF_SIGPENDING 6 /* signal pending */
#define TIF_NEED_RESCHED 7 /* rescheduling necessary */
+#define TIF_SECCOMP 13 /* seccomp syscall filtering active */
#define TIF_DELAYED_TRACE 14 /* single step a syscall */
#define TIF_SYSCALL_TRACE 15 /* syscall trace active */
#define TIF_MEMDIE 16 /* is terminating due to OOM killer */
@@ -69,6 +70,7 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
+#define _TIF_SECCOMP (1 << TIF_SECCOMP)
#define _TIF_DELAYED_TRACE (1 << TIF_DELAYED_TRACE)
#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
#define _TIF_MEMDIE (1 << TIF_MEMDIE)
diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 0d5b7085d76f..ee0a905b5f74 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -213,6 +213,9 @@ ENTRY(system_call)
| syscall trace?
tstb %a1@(TINFO_FLAGS+2)
jmi do_trace_entry
+ | seccomp filter active?
+ btst #5,%a1@(TINFO_FLAGS+2)
+ bnes do_trace_entry
cmpl #NR_syscalls,%d0
jcc badsys
syscall:
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index 74d58a82a135..bc2490c3fb52 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -19,6 +19,7 @@
#include <linux/ptrace.h>
#include <linux/user.h>
#include <linux/signal.h>
+#include <linux/seccomp.h>
#include <linux/tracehook.h>
#include <linux/uaccess.h>
@@ -277,6 +278,10 @@ asmlinkage int syscall_trace_enter(void)
if (test_thread_flag(TIF_SYSCALL_TRACE))
ret = tracehook_report_syscall_entry(task_pt_regs(current));
+
+ if (secure_computing() == -1)
+ return -1;
+
return ret;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v10 0/3] Add kernel seccomp support for m68k
2022-01-27 7:41 [PATCH v10 0/3] Add kernel seccomp support for m68k Michael Schmitz
` (2 preceding siblings ...)
2022-01-27 7:41 ` [PATCH v10 3/3] m68k: add kernel seccomp support Michael Schmitz
@ 2022-01-27 9:09 ` John Paul Adrian Glaubitz
2022-01-28 6:51 ` Michael Schmitz
2022-05-03 21:53 ` Eric W. Biederman
4 siblings, 1 reply; 10+ messages in thread
From: John Paul Adrian Glaubitz @ 2022-01-27 9:09 UTC (permalink / raw)
To: Michael Schmitz, linux-m68k, geert; +Cc: ebiederm, viro
Hi Michael!
On 1/27/22 08:41, Michael Schmitz wrote:
> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
> into syscall_trace_enter() when seccomp syscall filtering
> is active, which was missing from earlier versions (classic
> MMU m68k only - need some help with the test for 68000 and
> coldfire).
>
> The previous version required the TIF_SYSCALL_TRACE
> flag to be set for syscall filtering to work
>
> The rest of the series remains unchanged from v9.
>
> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
> (33 with the old version).
>
> I hope you didn't waste too much effort on testing v8/v9, Adrian.
> Should have a suitably large brown paper bag somewhere yet :-(
Sorry, I haven't found the time for the tests yet, I'm really busy at the
moment. If you want to test libsecomp, you can check it out from my Github,
then build it and run the testsuite.
See: https://github.com/glaubitz/libseccomp/tree/m68k
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v10 0/3] Add kernel seccomp support for m68k
2022-01-27 9:09 ` [PATCH v10 0/3] Add kernel seccomp support for m68k John Paul Adrian Glaubitz
@ 2022-01-28 6:51 ` Michael Schmitz
0 siblings, 0 replies; 10+ messages in thread
From: Michael Schmitz @ 2022-01-28 6:51 UTC (permalink / raw)
To: John Paul Adrian Glaubitz, linux-m68k, geert
Hi Adrian,
not to worry - there is no rush on this. I may have to debug this a
little more at the kernel level anyway (things like syscall redirection
does not work yet, and neither does setting a particular errno when
skipping a syscall). Plain syscall filtering does appear to work
however, and AFAIR that would be enough for your purpose.
None of my test systems are recent enough to allow compiling current
user space code, unfortunately.
Outdated user space might conntribute to some of the selftests failing,
so I could use a little help with that perhaps. I know Geert tried the
selftests independently some time ago, so I'll post my changes to the
selftest code and we'll see whether that improves the score.
Cheers,
Michael
Am 27.01.2022 um 22:09 schrieb John Paul Adrian Glaubitz:
> Hi Michael!
>
> On 1/27/22 08:41, Michael Schmitz wrote:
>> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
>> into syscall_trace_enter() when seccomp syscall filtering
>> is active, which was missing from earlier versions (classic
>> MMU m68k only - need some help with the test for 68000 and
>> coldfire).
>>
>> The previous version required the TIF_SYSCALL_TRACE
>> flag to be set for syscall filtering to work
>>
>> The rest of the series remains unchanged from v9.
>>
>> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
>> (33 with the old version).
>>
>> I hope you didn't waste too much effort on testing v8/v9, Adrian.
>> Should have a suitably large brown paper bag somewhere yet :-(
>
> Sorry, I haven't found the time for the tests yet, I'm really busy at the
> moment. If you want to test libsecomp, you can check it out from my Github,
> then build it and run the testsuite.
>
> See: https://github.com/glaubitz/libseccomp/tree/m68k
>
> Adrian
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v10 0/3] Add kernel seccomp support for m68k
2022-01-27 7:41 [PATCH v10 0/3] Add kernel seccomp support for m68k Michael Schmitz
` (3 preceding siblings ...)
2022-01-27 9:09 ` [PATCH v10 0/3] Add kernel seccomp support for m68k John Paul Adrian Glaubitz
@ 2022-05-03 21:53 ` Eric W. Biederman
2022-05-06 8:37 ` Michael Schmitz
4 siblings, 1 reply; 10+ messages in thread
From: Eric W. Biederman @ 2022-05-03 21:53 UTC (permalink / raw)
To: Michael Schmitz; +Cc: linux-m68k, geert, viro, glaubitz
Michael Schmitz <schmitzmic@gmail.com> writes:
> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
> into syscall_trace_enter() when seccomp syscall filtering
> is active, which was missing from earlier versions (classic
> MMU m68k only - need some help with the test for 68000 and
> coldfire).
>
> The previous version required the TIF_SYSCALL_TRACE
> flag to be set for syscall filtering to work
>
> The rest of the series remains unchanged from v9.
>
> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
> (33 with the old version).
>
> I hope you didn't waste too much effort on testing v8/v9, Adrian.
> Should have a suitably large brown paper bag somewhere yet :-(
Has any progress been made on testing or merging this patch series?
I was just thinking it might be nice if the only callers of
ptrace_report_syscall were ptrace_report_syscall_entry and
ptrace_report_syscall_exit.
Eric
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v10 0/3] Add kernel seccomp support for m68k
2022-05-03 21:53 ` Eric W. Biederman
@ 2022-05-06 8:37 ` Michael Schmitz
2022-05-09 11:16 ` Geert Uytterhoeven
0 siblings, 1 reply; 10+ messages in thread
From: Michael Schmitz @ 2022-05-06 8:37 UTC (permalink / raw)
To: Eric W. Biederman; +Cc: linux-m68k, geert, viro, glaubitz
Hi Eric,
Am 04.05.2022 um 09:53 schrieb Eric W. Biederman:
> Michael Schmitz <schmitzmic@gmail.com> writes:
>
>> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
>> into syscall_trace_enter() when seccomp syscall filtering
>> is active, which was missing from earlier versions (classic
>> MMU m68k only - need some help with the test for 68000 and
>> coldfire).
>>
>> The previous version required the TIF_SYSCALL_TRACE
>> flag to be set for syscall filtering to work
>>
>> The rest of the series remains unchanged from v9.
>>
>> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
>> (33 with the old version).
>>
>> I hope you didn't waste too much effort on testing v8/v9, Adrian.
>> Should have a suitably large brown paper bag somewhere yet :-(
>
> Has any progress been made on testing or merging this patch series?
This series totally dropped off my radar, sorry. I had run out of
options to test, and have been too busy to do much about that.
> I was just thinking it might be nice if the only callers of
> ptrace_report_syscall were ptrace_report_syscall_entry and
> ptrace_report_syscall_exit.
Just merging patch 1 would be enough there AFAICS. Any reason not to do
that, Geert?
Cheers,
Michael
>
>
> Eric
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave for m68k
2022-01-27 7:41 ` [PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave " Michael Schmitz
@ 2022-05-09 11:06 ` Geert Uytterhoeven
0 siblings, 0 replies; 10+ messages in thread
From: Geert Uytterhoeven @ 2022-05-09 11:06 UTC (permalink / raw)
To: Michael Schmitz
Cc: Linux/m68k, Eric W. Biederman, Al Viro, John Paul Adrian Glaubitz
On Thu, Jan 27, 2022 at 8:42 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> m68k (other than Coldfire) uses syscall_trace for both trace entry
> and trace exit. Seccomp support requires separate entry points for
> trace entry and exit which are already provided for Coldfire.
>
> Replace syscall_trace by syscall_trace_enter and syscall_trace_leave
> in preparation for seccomp support.
>
> No regression seen in testing with strace on ARAnyM.
>
> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
i.e. will queue in the m68k for-v5.19 branch.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v10 0/3] Add kernel seccomp support for m68k
2022-05-06 8:37 ` Michael Schmitz
@ 2022-05-09 11:16 ` Geert Uytterhoeven
0 siblings, 0 replies; 10+ messages in thread
From: Geert Uytterhoeven @ 2022-05-09 11:16 UTC (permalink / raw)
To: Michael Schmitz
Cc: Eric W. Biederman, Linux/m68k, Al Viro, John Paul Adrian Glaubitz
Hi Michael,
On Fri, May 6, 2022 at 10:37 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Am 04.05.2022 um 09:53 schrieb Eric W. Biederman:
> > Michael Schmitz <schmitzmic@gmail.com> writes:
> >> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
> >> into syscall_trace_enter() when seccomp syscall filtering
> >> is active, which was missing from earlier versions (classic
> >> MMU m68k only - need some help with the test for 68000 and
> >> coldfire).
> >>
> >> The previous version required the TIF_SYSCALL_TRACE
> >> flag to be set for syscall filtering to work
> >>
> >> The rest of the series remains unchanged from v9.
> >>
> >> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
> >> (33 with the old version).
> >>
> >> I hope you didn't waste too much effort on testing v8/v9, Adrian.
> >> Should have a suitably large brown paper bag somewhere yet :-(
> >
> > Has any progress been made on testing or merging this patch series?
>
> This series totally dropped off my radar, sorry. I had run out of
> options to test, and have been too busy to do much about that.
>
> > I was just thinking it might be nice if the only callers of
> > ptrace_report_syscall were ptrace_report_syscall_entry and
> > ptrace_report_syscall_exit.
>
> Just merging patch 1 would be enough there AFAICS. Any reason not to do
> that, Geert?
Indeed no reason. Applied and queued for v5.19.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2022-05-09 11:16 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-27 7:41 [PATCH v10 0/3] Add kernel seccomp support for m68k Michael Schmitz
2022-01-27 7:41 ` [PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave " Michael Schmitz
2022-05-09 11:06 ` Geert Uytterhoeven
2022-01-27 7:41 ` [PATCH v10 2/3] m68k/kernel - check syscall_trace_enter() return code on m68k Michael Schmitz
2022-01-27 7:41 ` [PATCH v10 3/3] m68k: add kernel seccomp support Michael Schmitz
2022-01-27 9:09 ` [PATCH v10 0/3] Add kernel seccomp support for m68k John Paul Adrian Glaubitz
2022-01-28 6:51 ` Michael Schmitz
2022-05-03 21:53 ` Eric W. Biederman
2022-05-06 8:37 ` Michael Schmitz
2022-05-09 11:16 ` Geert Uytterhoeven
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.