From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754217AbcKUP50 (ORCPT <rfc822;w@1wt.eu>);
        Mon, 21 Nov 2016 10:57:26 -0500
Received: from mail-wm0-f51.google.com ([74.125.82.51]:36364 "EHLO
        mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753933AbcKUP5Y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Nov 2016 10:57:24 -0500
MIME-Version: 1.0
In-Reply-To: <20161121105443.249ddff8@gandalf.local.home>
References: <1479317803-17220-1-git-send-email-alexander.levin@verizon.com>
 <1479317803-17220-3-git-send-email-alexander.levin@verizon.com> <20161121105443.249ddff8@gandalf.local.home>
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 21 Nov 2016 16:57:02 +0100
Message-ID: <CACT4Y+YVqFv6hkr+rdoJarS0mx=_eLGaCP1WjgyPH+rpL69yMw@mail.gmail.com>
Subject: Re: [RFC 2/3] abi_spec: hooks into syscall to allow pre and post checking
To: Steven Rostedt <rostedt@goodmis.org>
Cc: "Levin, Alexander" <alexander.levin@verizon.com>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "scientist@fb.com" <scientist@fb.com>,
        "glider@google.com" <glider@google.com>,
        "andreyknvl@google.com" <andreyknvl@google.com>,
        "arnd@arndb.de" <arnd@arndb.de>,
        "mathieu.desnoyers@efficios.com" <mathieu.desnoyers@efficios.com>,
        "daniel.vetter@ffwll.ch" <daniel.vetter@ffwll.ch>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Nov 21, 2016 at 4:54 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
> On Wed, 16 Nov 2016 17:37:01 +0000
> alexander.levin@verizon.com wrote:
>
>> This is a simple way to be able to verify syscall parameters before the
>> call to the actual syscall, and also verify the return value after the
>> call.
>>
>> Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
>> ---
>>  include/linux/syscalls.h |  7 ++++++-
>>  kernel/Makefile          |  2 ++
>>  kernel/abi_spec.c        | 15 +++++++++++++++
>>  3 files changed, 23 insertions(+), 1 deletion(-)
>>  create mode 100644 kernel/abi_spec.c
>>
>> diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
>> index 91a740f..6aa3228 100644
>> --- a/include/linux/syscalls.h
>> +++ b/include/linux/syscalls.h
>> @@ -79,6 +79,7 @@ union bpf_attr;
>>  #include <linux/quota.h>
>>  #include <linux/key.h>
>>  #include <trace/syscall.h>
>> +#include <linux/abi_spec.h>
>>
>>  /*
>>   * __MAP - apply a macro to syscall arguments
>> @@ -192,13 +193,17 @@ extern struct trace_event_functions exit_syscall_print_funcs;
>>
>>  #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__)
>>  #define __SYSCALL_DEFINEx(x, name, ...)                                      \
>> +     extern const struct syscall_spec syscall_spec##name;            \
>>       asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))       \
>>               __attribute__((alias(__stringify(SyS##name))));         \
>>       static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));  \
>>       asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));      \
>>       asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))       \
>>       {                                                               \
>> -             long ret = SYSC##name(__MAP(x,__SC_CAST,__VA_ARGS__));  \
>> +             long ret;                                               \
>> +             abispec_check_pre(&syscall_spec##name, __MAP(x,__SC_CAST,__VA_ARGS__)); \
>> +             ret = SYSC##name(__MAP(x,__SC_CAST,__VA_ARGS__));       \
>> +             abispec_check_post(&syscall_spec##name, ret, __MAP(x,__SC_CAST,__VA_ARGS__)); \
>
> Do you want this for DEFINE0() too? Or does this not care about system
> calls with no arguments?

This should care about syscalls without args:
 - we still may want to check return values
 - something like debug tracing would like to print them
 - there may also be some side effects (or absence of side effects)
that we may want to check



>>               __MAP(x,__SC_TEST,__VA_ARGS__);                         \
>>               __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__));       \
>>               return ret;                                             \
>