From: Geert Uytterhoeven <geert@linux-m68k.org>
To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Cc: Michael Schmitz <schmitzmic@gmail.com>,
Linux/m68k <linux-m68k@vger.kernel.org>,
Andreas Schwab <schwab@linux-m68k.org>,
Michael Karcher <kernel@mkarcher.dialup.fu-berlin.de>
Subject: Re: [PATCH] m68k/kernel - wire up syscall_trace_enter/leave for m68k
Date: Wed, 26 Aug 2020 16:22:16 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg> (raw)
In-Reply-To: <266db1b5-c470-4f94-264a-577673dd902f@physik.fu-berlin.de>
Hi Adrian,
On Wed, 26 Aug 2020, John Paul Adrian Glaubitz wrote:
> On 8/26/20 2:38 PM, Geert Uytterhoeven wrote:
>>> That part is outdated. It was removed in the second commit I posted, see:
>>>
>>>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/sh?id=0bb605c2c7f2b4b314b91510810b226de7f34fa1
>>
>> That's the part which adds seccomp filter support.
>>
>>> Do you have the check of the return value already in syscall_trace_entry?
>>>
>>> It should check for "-1" and jump to syscall_exit if true.
>>
>> No, as that's needed only for seccomp filter support, AFAIU.
>>
>> Have a look at arm, where seccomp filter support is optional, depending on ABI.
>
> As far as I know, filter support is mandatory these days. At least for SH, libseccomp
> sent me away with my PR and told me to come back until the kernel has filter support.
OK.
> Maybe I'm missing something but let's put Michael Karcher in the loop, he knows better
> as he helped me with the kernel parts of SECCOMP on SH.
More work on top of the previous patch. It starts to look better:
-FAILED: 13 / 86 tests passed.
+FAILED: 35 / 86 tests passed.
But there are still fishy failures. Most popular one is:
Test exited normally instead of by signal (code: 0)
And things like:
Expected 0 (0) == syscall(__NR_getpid) (705)
Expected 0 (-270272472) == ptrace(PTRACE_GETREGS, tracee, 0, ®s) (0)
From 1ae515061575024081af930f4e5f9283910648de Mon Sep 17 00:00:00 2001
From: Geert Uytterhoeven <geert@linux-m68k.org>
Date: Wed, 26 Aug 2020 16:11:35 +0200
Subject: [PATCH] [WIP] seccomp filter support
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
---
arch/m68k/68000/entry.S | 2 ++
arch/m68k/Kconfig | 1 +
arch/m68k/coldfire/entry.S | 2 ++
arch/m68k/include/asm/syscall.h | 41 +++++++++++++++++++++++++++++++++
arch/m68k/kernel/ptrace.c | 3 ++-
5 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/arch/m68k/68000/entry.S b/arch/m68k/68000/entry.S
index 259b3661b614168f..3526970e3c10535f 100644
--- a/arch/m68k/68000/entry.S
+++ b/arch/m68k/68000/entry.S
@@ -47,6 +47,8 @@ do_trace:
jbsr syscall_trace_enter
RESTORE_SWITCH_STACK
addql #4,%sp
+ tstl %d0
+ jne ret_from_exception
movel %sp@(PT_OFF_ORIG_D0),%d1
movel #-ENOSYS,%d0
cmpl #NR_syscalls,%d1
diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
index 29ab228a9a721939..2166c9d84794a969 100644
--- a/arch/m68k/Kconfig
+++ b/arch/m68k/Kconfig
@@ -19,6 +19,7 @@ config M68K
select GENERIC_STRNCPY_FROM_USER if MMU
select GENERIC_STRNLEN_USER if MMU
select HAVE_AOUT if MMU
+ select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ASM_MODVERSIONS
select HAVE_DEBUG_BUGVERBOSE
select HAVE_FUTEX_CMPXCHG if MMU && FUTEX
diff --git a/arch/m68k/coldfire/entry.S b/arch/m68k/coldfire/entry.S
index d43a02795a4a445e..13bf787968273165 100644
--- a/arch/m68k/coldfire/entry.S
+++ b/arch/m68k/coldfire/entry.S
@@ -92,6 +92,8 @@ ENTRY(system_call)
jbsr syscall_trace_enter
RESTORE_SWITCH_STACK
addql #4,%sp
+ tstl %d0
+ jne ret_from_exception
movel %d3,%a0
jbsr %a0@
movel %d0,%sp@(PT_OFF_D0) /* save the return value */
diff --git a/arch/m68k/include/asm/syscall.h b/arch/m68k/include/asm/syscall.h
index 465ac039be09a1b8..ac0f5d997be63b07 100644
--- a/arch/m68k/include/asm/syscall.h
+++ b/arch/m68k/include/asm/syscall.h
@@ -4,6 +4,47 @@
#include <uapi/linux/audit.h>
+static inline long syscall_get_nr(struct task_struct *tsk,
+ struct pt_regs *regs)
+{
+ return regs->orig_d0;
+}
+
+static inline void syscall_rollback(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ regs->d0 = regs->orig_d0;
+}
+
+static inline long syscall_get_return_value(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ return regs->d0;
+}
+
+static inline void syscall_set_return_value(struct task_struct *task,
+ struct pt_regs *regs,
+ int error, long val)
+{
+ regs->d0 = error ?: val;
+}
+
+static inline void syscall_get_arguments(struct task_struct *tsk,
+ struct pt_regs *regs,
+ unsigned long *args)
+{
+ memcpy(args, ®s->d1, 6 * sizeof(args[0]));
+}
+
+static inline void syscall_set_arguments(struct task_struct *task,
+ struct pt_regs *regs,
+ unsigned int i, unsigned int n,
+ const unsigned long *args)
+{
+ BUG_ON(i + n > 6);
+ memcpy(®s->d1 + i, args, n * sizeof(args[0]));
+}
+
static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_M68K;
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index ec5653b85dcdb4f9..a3a0a230dcdfc953 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -279,7 +279,8 @@ asmlinkage int syscall_trace_enter(void)
if (test_thread_flag(TIF_SYSCALL_TRACE))
ret = tracehook_report_syscall_entry(task_pt_regs(current));
- secure_computing_strict(task_pt_regs(current)->orig_d0);
+ if (secure_computing())
+ return -1;
return ret;
}
--
2.17.1
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
next prev parent reply other threads:[~2020-08-26 14:22 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-23 10:03 syscall_trace_enter and syscall_trace_leave for m68k w/MMU John Paul Adrian Glaubitz
2020-07-23 22:56 ` Michael Schmitz
2020-07-25 1:48 ` [PATCH RFC] m68k/kernel - wire up syscall_trace_enter/leave for m68k Michael Schmitz
2020-07-26 1:28 ` [PATCH RFC v2] " Michael Schmitz
2020-07-27 4:19 ` [PATCH] " Michael Schmitz
2020-07-27 10:03 ` John Paul Adrian Glaubitz
2020-07-27 20:48 ` Michael Schmitz
2020-07-27 21:09 ` John Paul Adrian Glaubitz
2020-08-26 11:18 ` Geert Uytterhoeven
2020-08-26 11:50 ` John Paul Adrian Glaubitz
2020-08-26 11:23 ` Geert Uytterhoeven
2020-08-26 11:27 ` John Paul Adrian Glaubitz
2020-08-26 12:32 ` Geert Uytterhoeven
2020-08-26 12:35 ` John Paul Adrian Glaubitz
2020-08-26 12:38 ` Geert Uytterhoeven
2020-08-26 12:42 ` John Paul Adrian Glaubitz
2020-08-26 14:22 ` Geert Uytterhoeven [this message]
2020-08-27 0:08 ` Michael Schmitz
2020-08-27 9:19 ` Geert Uytterhoeven
2020-08-27 19:29 ` Michael Schmitz
2020-08-28 8:58 ` Geert Uytterhoeven
2021-06-14 22:11 ` Michael Schmitz
2021-06-14 23:04 ` John Paul Adrian Glaubitz
2021-06-14 23:14 ` Michael Schmitz
2021-06-15 7:51 ` Geert Uytterhoeven
2021-06-15 20:32 ` Michael Schmitz
2021-06-16 0:27 ` Michael Schmitz
2020-08-05 12:23 ` syscall_trace_enter and syscall_trace_leave for m68k w/MMU Greg Ungerer
2020-08-05 12:36 ` John Paul Adrian Glaubitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg \
--to=geert@linux-m68k.org \
--cc=glaubitz@physik.fu-berlin.de \
--cc=kernel@mkarcher.dialup.fu-berlin.de \
--cc=linux-m68k@vger.kernel.org \
--cc=schmitzmic@gmail.com \
--cc=schwab@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).