From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDD15ECDE44 for ; Wed, 24 Oct 2018 21:48:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A72DC20838 for ; Wed, 24 Oct 2018 21:48:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="oCBsGSPv" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A72DC20838 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727000AbeJYGRx (ORCPT ); Thu, 25 Oct 2018 02:17:53 -0400 Received: from mail-yb1-f193.google.com ([209.85.219.193]:34066 "EHLO mail-yb1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726365AbeJYGRw (ORCPT ); Thu, 25 Oct 2018 02:17:52 -0400 Received: by mail-yb1-f193.google.com with SMTP id n140-v6so2806940yba.1 for ; Wed, 24 Oct 2018 14:48:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SpR5PQEROeAv83K8afXyXqw/J6C4jmUgmC8hplFSm64=; b=oCBsGSPvBXL9EdKvmdPAdDzC7A9Qss8d1x8bQ/yaE6M3uDeDhAAvtguMgfVypcGsiO /+jdM/3i/GmYoSHC3u1q61BcgiwQkl4nPwCVqmcxJlUl5lrx2OfUcDtPYzUU0e5TkFqI 86g4SpeZkJr47G5yf6Y4PY5xW7HlrHr5Vn9Qo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SpR5PQEROeAv83K8afXyXqw/J6C4jmUgmC8hplFSm64=; b=LwQjw/L3Jz2npa9yTzH/ODGjsvxEEkNDYhlcaQhQtAOBmhtgF0bRROUhudfPX0piv4 gzUNY3FYbT0C0ba69ECFD4wJr/TKTL+rRhTW68YCIH7cIM9Dz92ntcQX6MtNU2CIskX8 aUMbKjqDertO8I9te2vX6nFEklUeTCKwPJA/P0Wm+g6zBMGODp+H4iXR2K9r89w8BmwX 245pDiN7HtR91sCREgVmuTKs6yRnFUumlnKPqk6+E8zdQzGA5qhU6xkraeGEogi33tyR EbjBRfeayFlWpT1pgQzOwLbhO4CxY6iBSyPVTJ2RgWqDb05S9gjj8gVm8geU146fEboP FQCA== X-Gm-Message-State: AGRZ1gInFz0QyF1RiMdBDf9vJiFk6Eqna2IP1fnMTUxRp/JZ8tGo89ap eVXpKK5/FglYyk9I0WszlDgZ0BPOCxY= X-Google-Smtp-Source: AJdET5fmVGZ+NYS05/ubOEO6yNcPNuT8BoxlUaboyaWLyGi569yw0OpgP3tLt1T4wXahc4E2br91bA== X-Received: by 2002:a25:4c02:: with SMTP id z2-v6mr4181236yba.68.1540417685197; Wed, 24 Oct 2018 14:48:05 -0700 (PDT) Received: from mail-yw1-f50.google.com (mail-yw1-f50.google.com. [209.85.161.50]) by smtp.gmail.com with ESMTPSA id v5-v6sm1424660ywc.96.2018.10.24.14.48.04 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Oct 2018 14:48:04 -0700 (PDT) Received: by mail-yw1-f50.google.com with SMTP id v199-v6so2746075ywg.1 for ; Wed, 24 Oct 2018 14:48:04 -0700 (PDT) X-Received: by 2002:a0d:fec6:: with SMTP id o189-v6mr4082861ywf.237.1540417324661; Wed, 24 Oct 2018 14:42:04 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:3990:0:0:0:0:0 with HTTP; Wed, 24 Oct 2018 14:42:03 -0700 (PDT) In-Reply-To: <20181024204036.8799-3-palmer@sifive.com> References: <20181024204036.8799-1-palmer@sifive.com> <20181024204036.8799-3-palmer@sifive.com> From: Kees Cook Date: Wed, 24 Oct 2018 14:42:03 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] RISC-V: Add support for SECCOMP To: Palmer Dabbelt Cc: linux-riscv@lists.infradead.org, Albert Ou , Paul Moore , Eric Paris , Andy Lutomirski , Will Drewry , Wesley Terpstra , David Howells , Thomas Gleixner , Philippe Ombredanne , Greg KH , Kate Stewart , LKML , Linux Audit , david.abdurachmanov@gmail.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 24, 2018 at 1:40 PM, Palmer Dabbelt wrote: > From: "Wesley W. Terpstra" > > This is a fairly straight-forward implementation of seccomp for RISC-V > systems. > > Signed-off-by: Wesley W. Terpstra > Signed-off-by: Palmer Dabbelt > --- > arch/riscv/Kconfig | 18 ++++++++++++++++++ > arch/riscv/include/asm/seccomp.h | 10 ++++++++++ > arch/riscv/include/asm/syscall.h | 6 ++++++ > arch/riscv/include/asm/thread_info.h | 1 + > include/uapi/linux/audit.h | 1 + > 5 files changed, 36 insertions(+) > create mode 100644 arch/riscv/include/asm/seccomp.h > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index a344980287a5..28abe47602a1 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -28,6 +28,7 @@ config RISCV > select GENERIC_STRNLEN_USER > select GENERIC_SMP_IDLE_THREAD > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A > + select HAVE_ARCH_SECCOMP_FILTER I think this patch is missing most of the actual seccomp glue? config HAVE_ARCH_SECCOMP_FILTER bool help An arch should select this symbol if it provides all of these things: - syscall_get_arch() - syscall_get_arguments() - syscall_rollback() - syscall_set_return_value() - SIGSYS siginfo_t support - secure_computing is called from a ptrace_event()-safe context - secure_computing return value is checked and a return value of -1 results in the system call being skipped immediately. - seccomp syscall wired up I only see syscall_get_arch(). Nothing is using TIF_SECCOMP (I'd expect a masked check in entry.S -- it seems like tracepoints are getting missed too? I see it handled in ptrace.c but not checked in entry.S?) There's no checking for seccomp in ptrace.c, etc. At the very least, I think the Kconfigs should not be included in this patch. The other things are needed, but without everything else, seccomp isn't actually available. :) Reading the per-arch Kconfigs, I am reminded I still need to move CONFIG_SECCOMP up into arch/Kconfig. :P -Kees -- Kees Cook From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kees Cook Subject: Re: [PATCH 2/2] RISC-V: Add support for SECCOMP Date: Wed, 24 Oct 2018 14:42:03 -0700 Message-ID: References: <20181024204036.8799-1-palmer@sifive.com> <20181024204036.8799-3-palmer@sifive.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20181024204036.8799-3-palmer@sifive.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+glpr-linux-riscv=m.gmane.org@lists.infradead.org To: Palmer Dabbelt Cc: Kate Stewart , Albert Ou , Will Drewry , Paul Moore , Greg KH , Wesley Terpstra , david.abdurachmanov@gmail.com, LKML , Eric Paris , Andy Lutomirski , David Howells , Linux Audit , Philippe Ombredanne , linux-riscv@lists.infradead.org, Thomas Gleixner List-Id: linux-audit@redhat.com On Wed, Oct 24, 2018 at 1:40 PM, Palmer Dabbelt wrote: > From: "Wesley W. Terpstra" > > This is a fairly straight-forward implementation of seccomp for RISC-V > systems. > > Signed-off-by: Wesley W. Terpstra > Signed-off-by: Palmer Dabbelt > --- > arch/riscv/Kconfig | 18 ++++++++++++++++++ > arch/riscv/include/asm/seccomp.h | 10 ++++++++++ > arch/riscv/include/asm/syscall.h | 6 ++++++ > arch/riscv/include/asm/thread_info.h | 1 + > include/uapi/linux/audit.h | 1 + > 5 files changed, 36 insertions(+) > create mode 100644 arch/riscv/include/asm/seccomp.h > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index a344980287a5..28abe47602a1 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -28,6 +28,7 @@ config RISCV > select GENERIC_STRNLEN_USER > select GENERIC_SMP_IDLE_THREAD > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A > + select HAVE_ARCH_SECCOMP_FILTER I think this patch is missing most of the actual seccomp glue? config HAVE_ARCH_SECCOMP_FILTER bool help An arch should select this symbol if it provides all of these things: - syscall_get_arch() - syscall_get_arguments() - syscall_rollback() - syscall_set_return_value() - SIGSYS siginfo_t support - secure_computing is called from a ptrace_event()-safe context - secure_computing return value is checked and a return value of -1 results in the system call being skipped immediately. - seccomp syscall wired up I only see syscall_get_arch(). Nothing is using TIF_SECCOMP (I'd expect a masked check in entry.S -- it seems like tracepoints are getting missed too? I see it handled in ptrace.c but not checked in entry.S?) There's no checking for seccomp in ptrace.c, etc. At the very least, I think the Kconfigs should not be included in this patch. The other things are needed, but without everything else, seccomp isn't actually available. :) Reading the per-arch Kconfigs, I am reminded I still need to move CONFIG_SECCOMP up into arch/Kconfig. :P -Kees -- Kees Cook From mboxrd@z Thu Jan 1 00:00:00 1970 From: keescook@chromium.org (Kees Cook) Date: Wed, 24 Oct 2018 14:42:03 -0700 Subject: [PATCH 2/2] RISC-V: Add support for SECCOMP In-Reply-To: <20181024204036.8799-3-palmer@sifive.com> References: <20181024204036.8799-1-palmer@sifive.com> <20181024204036.8799-3-palmer@sifive.com> Message-ID: To: linux-riscv@lists.infradead.org List-Id: linux-riscv.lists.infradead.org On Wed, Oct 24, 2018 at 1:40 PM, Palmer Dabbelt wrote: > From: "Wesley W. Terpstra" > > This is a fairly straight-forward implementation of seccomp for RISC-V > systems. > > Signed-off-by: Wesley W. Terpstra > Signed-off-by: Palmer Dabbelt > --- > arch/riscv/Kconfig | 18 ++++++++++++++++++ > arch/riscv/include/asm/seccomp.h | 10 ++++++++++ > arch/riscv/include/asm/syscall.h | 6 ++++++ > arch/riscv/include/asm/thread_info.h | 1 + > include/uapi/linux/audit.h | 1 + > 5 files changed, 36 insertions(+) > create mode 100644 arch/riscv/include/asm/seccomp.h > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index a344980287a5..28abe47602a1 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -28,6 +28,7 @@ config RISCV > select GENERIC_STRNLEN_USER > select GENERIC_SMP_IDLE_THREAD > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A > + select HAVE_ARCH_SECCOMP_FILTER I think this patch is missing most of the actual seccomp glue? config HAVE_ARCH_SECCOMP_FILTER bool help An arch should select this symbol if it provides all of these things: - syscall_get_arch() - syscall_get_arguments() - syscall_rollback() - syscall_set_return_value() - SIGSYS siginfo_t support - secure_computing is called from a ptrace_event()-safe context - secure_computing return value is checked and a return value of -1 results in the system call being skipped immediately. - seccomp syscall wired up I only see syscall_get_arch(). Nothing is using TIF_SECCOMP (I'd expect a masked check in entry.S -- it seems like tracepoints are getting missed too? I see it handled in ptrace.c but not checked in entry.S?) There's no checking for seccomp in ptrace.c, etc. At the very least, I think the Kconfigs should not be included in this patch. The other things are needed, but without everything else, seccomp isn't actually available. :) Reading the per-arch Kconfigs, I am reminded I still need to move CONFIG_SECCOMP up into arch/Kconfig. :P -Kees -- Kees Cook From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FD12ECDE46 for ; Wed, 24 Oct 2018 21:47:28 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4F3F020652 for ; Wed, 24 Oct 2018 21:47:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="EiSLbJ8d"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="oCBsGSPv" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4F3F020652 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-riscv-bounces+infradead-linux-riscv=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From: References:In-Reply-To:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Z8AcqA0rb6M8TtWWinmWi8obki58rKkCVxFzBSiIjLM=; b=EiSLbJ8dYuGvpT HKdSAAu7DsPbK45lHjsh6BsSB/WGZ6KPicYShuIbI2jn4VbmegQ/JiS4I1tPGYL9EHo7+PAa0TNdx 9q1dYyT1ixXuJTqwqqiY3u2/bkBaTnTo2lQ3+LwHppnyxyH0qt5XvotYL99kMPNKiGUWFa2tLkzbO 2LVbIjyeVqm9At33oYAT6/PkLySUTYy2UHq5L838I4Ku85fQ/dTlxmquAlTddzWBU747niYuWVwK2 HBDCl6uwN2CFBisvKeLPT4WYqA0yF7uPTY61ftJnkkV30xY20YZgEYC3R7W9/ihUENHt7FRsH1n7p ONgJpgGQgUMJc/sYwiUA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gFQzu-0001rj-Dx; Wed, 24 Oct 2018 21:47:26 +0000 Received: from mail-yb1-xb44.google.com ([2607:f8b0:4864:20::b44]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gFQzr-0001rN-Uk for linux-riscv@lists.infradead.org; Wed, 24 Oct 2018 21:47:25 +0000 Received: by mail-yb1-xb44.google.com with SMTP id e16-v6so2795095ybk.8 for ; Wed, 24 Oct 2018 14:47:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SpR5PQEROeAv83K8afXyXqw/J6C4jmUgmC8hplFSm64=; b=oCBsGSPvBXL9EdKvmdPAdDzC7A9Qss8d1x8bQ/yaE6M3uDeDhAAvtguMgfVypcGsiO /+jdM/3i/GmYoSHC3u1q61BcgiwQkl4nPwCVqmcxJlUl5lrx2OfUcDtPYzUU0e5TkFqI 86g4SpeZkJr47G5yf6Y4PY5xW7HlrHr5Vn9Qo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SpR5PQEROeAv83K8afXyXqw/J6C4jmUgmC8hplFSm64=; b=Dkc7N0f8yYoEVWqN/8s1Uu6ydkjzhwNyhDSVQI5+mKw8BfKvtf9UKQ+DcGQvT6GJlp ikSwI8ZGGBe5omEoRCoH1v12w/KtLeKWQXMtN4qq9TACcINkQfdVng9wj0scc8A1hyNm 8NosVhxNcdEWi5qwraCoGGDDnktAFx5BmJR6RQ/xtt1fyddIfXagsAzA0DXC9SE6JC83 8X+149K47tYGsKn/mHd1g5rUZIpn3cjX/JYPgy7OQxOcJixOsEkp9PxFg5AhWdkJgF24 mfN30ADuFey6mHzay2tbrDdcfEU50fbzeHT8mGo4Wpi8NeX0/xNqFWPJTVyH1aTmzPDv DlYA== X-Gm-Message-State: AGRZ1gLbtEc/5a5j88yHfazwmK9HBZCh6OpKxfc9up9txVn2kdAg5zKA oHawpAO3x3aTs85XZG+9WXkTLvSKwck= X-Google-Smtp-Source: AJdET5c3WIuzLqv8/U1HUQY7fUdJ3dA2yt95gszoYXQ68WT0weWcWd9fN+d8qy+GFkVIRmC2xO4PxQ== X-Received: by 2002:a25:bdcd:: with SMTP id g13-v6mr4079667ybk.253.1540417631932; Wed, 24 Oct 2018 14:47:11 -0700 (PDT) Received: from mail-yw1-f54.google.com (mail-yw1-f54.google.com. [209.85.161.54]) by smtp.gmail.com with ESMTPSA id a189-v6sm2588159ywg.65.2018.10.24.14.47.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Oct 2018 14:47:11 -0700 (PDT) Received: by mail-yw1-f54.google.com with SMTP id v199-v6so2745270ywg.1 for ; Wed, 24 Oct 2018 14:47:11 -0700 (PDT) X-Received: by 2002:a0d:fec6:: with SMTP id o189-v6mr4082861ywf.237.1540417324661; Wed, 24 Oct 2018 14:42:04 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:3990:0:0:0:0:0 with HTTP; Wed, 24 Oct 2018 14:42:03 -0700 (PDT) In-Reply-To: <20181024204036.8799-3-palmer@sifive.com> References: <20181024204036.8799-1-palmer@sifive.com> <20181024204036.8799-3-palmer@sifive.com> From: Kees Cook Date: Wed, 24 Oct 2018 14:42:03 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] RISC-V: Add support for SECCOMP To: Palmer Dabbelt X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181024_144724_033629_C1CFC2C4 X-CRM114-Status: GOOD ( 19.87 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kate Stewart , Albert Ou , Will Drewry , Paul Moore , Greg KH , Wesley Terpstra , david.abdurachmanov@gmail.com, LKML , Eric Paris , Andy Lutomirski , David Howells , Linux Audit , Philippe Ombredanne , linux-riscv@lists.infradead.org, Thomas Gleixner Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-riscv" Errors-To: linux-riscv-bounces+infradead-linux-riscv=archiver.kernel.org@lists.infradead.org Message-ID: <20181024214203.--r16WEJ637kvwHCuQ8-w-wJuiN-6AIfyyu-JvJpuy0@z> On Wed, Oct 24, 2018 at 1:40 PM, Palmer Dabbelt wrote: > From: "Wesley W. Terpstra" > > This is a fairly straight-forward implementation of seccomp for RISC-V > systems. > > Signed-off-by: Wesley W. Terpstra > Signed-off-by: Palmer Dabbelt > --- > arch/riscv/Kconfig | 18 ++++++++++++++++++ > arch/riscv/include/asm/seccomp.h | 10 ++++++++++ > arch/riscv/include/asm/syscall.h | 6 ++++++ > arch/riscv/include/asm/thread_info.h | 1 + > include/uapi/linux/audit.h | 1 + > 5 files changed, 36 insertions(+) > create mode 100644 arch/riscv/include/asm/seccomp.h > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index a344980287a5..28abe47602a1 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -28,6 +28,7 @@ config RISCV > select GENERIC_STRNLEN_USER > select GENERIC_SMP_IDLE_THREAD > select GENERIC_ATOMIC64 if !64BIT || !RISCV_ISA_A > + select HAVE_ARCH_SECCOMP_FILTER I think this patch is missing most of the actual seccomp glue? config HAVE_ARCH_SECCOMP_FILTER bool help An arch should select this symbol if it provides all of these things: - syscall_get_arch() - syscall_get_arguments() - syscall_rollback() - syscall_set_return_value() - SIGSYS siginfo_t support - secure_computing is called from a ptrace_event()-safe context - secure_computing return value is checked and a return value of -1 results in the system call being skipped immediately. - seccomp syscall wired up I only see syscall_get_arch(). Nothing is using TIF_SECCOMP (I'd expect a masked check in entry.S -- it seems like tracepoints are getting missed too? I see it handled in ptrace.c but not checked in entry.S?) There's no checking for seccomp in ptrace.c, etc. At the very least, I think the Kconfigs should not be included in this patch. The other things are needed, but without everything else, seccomp isn't actually available. :) Reading the per-arch Kconfigs, I am reminded I still need to move CONFIG_SECCOMP up into arch/Kconfig. :P -Kees -- Kees Cook _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv