Linux-m68k Archive on lore.kernel.org
 help / color / Atom feed
From: Geert Uytterhoeven <geert@linux-m68k.org>
To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>,
	Michael Schmitz <schmitzmic@gmail.com>,
	Linux/m68k <linux-m68k@vger.kernel.org>,
	Andreas Schwab <schwab@linux-m68k.org>
Subject: Re: [PATCH] m68k/kernel - wire up syscall_trace_enter/leave for m68k
Date: Wed, 26 Aug 2020 14:32:12 +0200 (CEST)
Message-ID: <alpine.DEB.2.21.2008261430460.30022@ramsan.of.borg> (raw)
In-Reply-To: <01c270ec-cd73-1d7e-0d1a-4ccde66e9d1b@physik.fu-berlin.de>

 	Hi Adrian,

On Wed, 26 Aug 2020, John Paul Adrian Glaubitz wrote:
> On 8/26/20 1:23 PM, Geert Uytterhoeven wrote:
>>> Changes from RFC v1:
>>>
>>> - add return code check in do_trace_entry branch to enable syscall
>>>   filtering (will return -EPERM)
>>> - change to use testl for return code check (suggested by Andreas Schwab)
>>>
>>> Changes from RFC v2:
>>>
>>> - don't set return code of filtered syscall - seccomp may want to set
>>>   that for use by calling process.
>>
>> As your email subject didn't contain "v3", b4[*] insists on picking up
>> RFC v2, and refuses to pick up the latest version, even when forced
>> (msgid not present)...
>>
>> The patch itself looks good to me. Does it make sense to apply it before
>> we have real seccomp support?
>
> Adding SECCOMP support itself doesn't take much:
>
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/sh?id=c4637d475170ca0d99973efd07df727012db6cd1
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/sh?id=0bb605c2c7f2b4b314b91510810b226de7f34fa1
>
> Once syscall_trace_entry/leave have been made available, we just need to
> add some Kconfig bits and the part which checks the return code of
> syscall_trace_enter.
>
> The rest is done by arch-agnostic code.

I came up with the following (basic seccomp, no seccomp filter), but
the seccomp_bpf selftest still fails all over the place...

From 231c23d07200cdd338dcf8d2adae8322ecef18f4 Mon Sep 17 00:00:00 2001
From: Geert Uytterhoeven <geert@linux-m68k.org>
Date: Wed, 26 Aug 2020 14:24:58 +0200
Subject: [PATCH] [WIP] seccomp support

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
---
  arch/m68k/Kconfig                   | 14 ++++++++++++++
  arch/m68k/include/asm/Kbuild        |  1 +
  arch/m68k/include/asm/thread_info.h |  2 ++
  arch/m68k/kernel/ptrace.c           |  4 ++++
  4 files changed, 21 insertions(+)

diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
index 93bbb74ea876d6f2..29ab228a9a721939 100644
--- a/arch/m68k/Kconfig
+++ b/arch/m68k/Kconfig
@@ -127,6 +127,20 @@ endmenu

  menu "Kernel Features"

+config SECCOMP
+	bool
+	prompt "Enable seccomp to safely compute untrusted bytecode"
+	help
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
  endmenu

  if !MMU
diff --git a/arch/m68k/include/asm/Kbuild b/arch/m68k/include/asm/Kbuild
index 1bff55aa2d54e2ce..d9f0f283707ff352 100644
--- a/arch/m68k/include/asm/Kbuild
+++ b/arch/m68k/include/asm/Kbuild
@@ -4,4 +4,5 @@ generic-y += extable.h
  generic-y += kvm_para.h
  generic-y += local64.h
  generic-y += mcs_spinlock.h
+generic-y += seccomp.h
  generic-y += spinlock.h
diff --git a/arch/m68k/include/asm/thread_info.h b/arch/m68k/include/asm/thread_info.h
index 3689c6718c883d23..388c5c0f2cc905c4 100644
--- a/arch/m68k/include/asm/thread_info.h
+++ b/arch/m68k/include/asm/thread_info.h
@@ -63,6 +63,7 @@ static inline struct thread_info *current_thread_info(void)
  #define TIF_NOTIFY_RESUME	5	/* callback before returning to user */
  #define TIF_SIGPENDING		6	/* signal pending */
  #define TIF_NEED_RESCHED	7	/* rescheduling necessary */
+#define TIF_SECCOMP		8	/* secure computing */
  #define TIF_DELAYED_TRACE	14	/* single step a syscall */
  #define TIF_SYSCALL_TRACE	15	/* syscall trace active */
  #define TIF_MEMDIE		16	/* is terminating due to OOM killer */
@@ -71,6 +72,7 @@ static inline struct thread_info *current_thread_info(void)
  #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
  #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
  #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
+#define _TIF_SECCOMP		(1 << TIF_SECCOMP)
  #define _TIF_DELAYED_TRACE	(1 << TIF_DELAYED_TRACE)
  #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
  #define _TIF_MEMDIE		(1 << TIF_MEMDIE)
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index 74d58a82a1353180..ec5653b85dcdb4f9 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -20,6 +20,7 @@
  #include <linux/user.h>
  #include <linux/signal.h>
  #include <linux/tracehook.h>
+#include <linux/seccomp.h>

  #include <linux/uaccess.h>
  #include <asm/page.h>
@@ -277,6 +278,9 @@ asmlinkage int syscall_trace_enter(void)

  	if (test_thread_flag(TIF_SYSCALL_TRACE))
  		ret = tracehook_report_syscall_entry(task_pt_regs(current));
+
+	secure_computing_strict(task_pt_regs(current)->orig_d0);
+
  	return ret;
  }

-- 
2.17.1

Gr{oetje,eeting}s,

 						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
 							    -- Linus Torvalds

  reply index

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-23 10:03 syscall_trace_enter and syscall_trace_leave for m68k w/MMU John Paul Adrian Glaubitz
2020-07-23 22:56 ` Michael Schmitz
2020-07-25  1:48 ` [PATCH RFC] m68k/kernel - wire up syscall_trace_enter/leave for m68k Michael Schmitz
2020-07-26  1:28 ` [PATCH RFC v2] " Michael Schmitz
2020-07-27  4:19 ` [PATCH] " Michael Schmitz
2020-07-27 10:03   ` John Paul Adrian Glaubitz
2020-07-27 20:48     ` Michael Schmitz
2020-07-27 21:09       ` John Paul Adrian Glaubitz
2020-08-26 11:18         ` Geert Uytterhoeven
2020-08-26 11:50           ` John Paul Adrian Glaubitz
2020-08-26 11:23   ` Geert Uytterhoeven
2020-08-26 11:27     ` John Paul Adrian Glaubitz
2020-08-26 12:32       ` Geert Uytterhoeven [this message]
2020-08-26 12:35         ` John Paul Adrian Glaubitz
2020-08-26 12:38           ` Geert Uytterhoeven
2020-08-26 12:42             ` John Paul Adrian Glaubitz
2020-08-26 14:22               ` Geert Uytterhoeven
2020-08-27  0:08     ` Michael Schmitz
2020-08-27  9:19       ` Geert Uytterhoeven
2020-08-27 19:29         ` Michael Schmitz
2020-08-28  8:58           ` Geert Uytterhoeven
2020-08-05 12:23 ` syscall_trace_enter and syscall_trace_leave for m68k w/MMU Greg Ungerer
2020-08-05 12:36   ` John Paul Adrian Glaubitz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.21.2008261430460.30022@ramsan.of.borg \
    --to=geert@linux-m68k.org \
    --cc=glaubitz@physik.fu-berlin.de \
    --cc=linux-m68k@vger.kernel.org \
    --cc=schmitzmic@gmail.com \
    --cc=schwab@linux-m68k.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-m68k Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-m68k/0 linux-m68k/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-m68k linux-m68k/ https://lore.kernel.org/linux-m68k \
		linux-m68k@vger.kernel.org linux-m68k@lists.linux-m68k.org
	public-inbox-index linux-m68k

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-m68k


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git