Re: [PATCH v5 2/2] m68k: add kernel seccomp support

From: Michael Schmitz <schmitzmic@gmail.com>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Linux/m68k <linux-m68k@vger.kernel.org>,
	John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
	Andreas Schwab <schwab@linux-m68k.org>
Subject: Re: [PATCH v5 2/2] m68k: add kernel seccomp support
Date: Wed, 23 Jun 2021 20:33:53 +1200	[thread overview]
Message-ID: <4d470df2-b84f-7b32-ecfe-f4628092caed@gmail.com> (raw)
In-Reply-To: <CAMuHMdV+CCcUWYTOs3J+wKsgXD=G0u3_5aP1RcPz1p2tviKreA@mail.gmail.com>

Hi Geert,

thanks for reviewing this!

Am 23.06.2021 um 19:26 schrieb Geert Uytterhoeven:
> Hi Michael,
>
> On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> Compiles (for Atari) and boots on ARAnyM, otherwise untested.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>
> Thanks for your patch!
>
>> --- a/arch/m68k/include/asm/syscall.h
>> +++ b/arch/m68k/include/asm/syscall.h
>> @@ -4,6 +4,39 @@
>>
>>  #include <uapi/linux/audit.h>
>>
>> +#include <asm/unistd.h>
>> +
>> +extern const unsigned long sys_call_table[];
>> +
>> +static inline int syscall_get_nr(struct task_struct *task,
>> +                                struct pt_regs *regs)
>> +{
>> +       return regs->orig_d0;
>> +}
>> +
>> +static inline void syscall_rollback(struct task_struct *task,
>> +                                   struct pt_regs *regs)
>> +{
>> +       regs->d0 = regs->orig_d0;
>> +}
>> +
>> +static inline void syscall_set_return_value(struct task_struct *task,
>> +                                           struct pt_regs *regs,
>> +                                           int error, long val)
>> +{
>> +       regs->d0 = (long) error ? error : val;
>> +}
>> +
>> +static inline void syscall_get_arguments(struct task_struct *task,
>> +                                        struct pt_regs *regs,
>> +                                        unsigned long *args)
>> +{
>> +       args[0] = regs->orig_d0;
>> +       args++;
>> +
>> +       memcpy(args, &regs->d0 + 1, 5 * sizeof(args[0]));
>
> This doesn't look right to me: "&regs->d0 + 1" is "&regs->orig_d0"
> again, and there are no registers after that.
> Perhaps you meant "&regs->d1"?

Well spotted - that's a copy&paste error I didn't catch.

I'll look at the patch you referenced in the other mail later - Adrian 
was going to test my patch with his libseccomp version. If I can build a 
simple test case myself, all the better.

Cheers,

	Michael

>
> Gr{oetje,eeting}s,
>
>                         Geert
>