From: Mike Rapoport <rppt@linux.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: Alexandre Chartre <alexandre.chartre@oracle.com>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Jonathan Adams <jwadams@google.com>,
Kees Cook <keescook@chromium.org>, Paul Turner <pjt@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
linux-mm@kvack.org, linux-security-module@vger.kernel.org,
x86@kernel.org, Mike Rapoport <rppt@linux.ibm.com>
Subject: [RFC PATCH 7/7] sci: add example system calls to exercse SCI
Date: Fri, 26 Apr 2019 00:45:54 +0300 [thread overview]
Message-ID: <1556228754-12996-8-git-send-email-rppt@linux.ibm.com> (raw)
In-Reply-To: <1556228754-12996-1-git-send-email-rppt@linux.ibm.com>
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
---
arch/x86/entry/common.c | 6 +++-
arch/x86/entry/syscalls/syscall_64.tbl | 3 ++
kernel/Makefile | 2 +-
kernel/sci-examples.c | 52 ++++++++++++++++++++++++++++++++++
4 files changed, 61 insertions(+), 2 deletions(-)
create mode 100644 kernel/sci-examples.c
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index 8f2a6fd..be0e1a7 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -275,7 +275,11 @@ __visible inline void syscall_return_slowpath(struct pt_regs *regs)
#ifdef CONFIG_SYSCALL_ISOLATION
static inline bool sci_required(unsigned long nr)
{
- return false;
+ if (!static_cpu_has(X86_FEATURE_SCI))
+ return false;
+ if (nr < __NR_get_answer)
+ return false;
+ return true;
}
static inline unsigned long sci_syscall_enter(unsigned long nr)
diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
index f0b1709..a25e838 100644
--- a/arch/x86/entry/syscalls/syscall_64.tbl
+++ b/arch/x86/entry/syscalls/syscall_64.tbl
@@ -343,6 +343,9 @@
332 common statx __x64_sys_statx
333 common io_pgetevents __x64_sys_io_pgetevents
334 common rseq __x64_sys_rseq
+335 64 get_answer __x64_sys_get_answer
+336 64 sci_write_dmesg __x64_sys_sci_write_dmesg
+337 64 sci_write_dmesg_bad __x64_sys_sci_write_dmesg_bad
#
# x32-specific system call numbers start at 512 to avoid cache impact
diff --git a/kernel/Makefile b/kernel/Makefile
index 6aa7543..d6441d0 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -10,7 +10,7 @@ obj-y = fork.o exec_domain.o panic.o \
extable.o params.o \
kthread.o sys_ni.o nsproxy.o \
notifier.o ksysfs.o cred.o reboot.o \
- async.o range.o smpboot.o ucount.o
+ async.o range.o smpboot.o ucount.o sci-examples.o
obj-$(CONFIG_MODULES) += kmod.o
obj-$(CONFIG_MULTIUSER) += groups.o
diff --git a/kernel/sci-examples.c b/kernel/sci-examples.c
new file mode 100644
index 0000000..9bfaad0
--- /dev/null
+++ b/kernel/sci-examples.c
@@ -0,0 +1,52 @@
+#include <linux/kernel.h>
+#include <linux/pid.h>
+#include <linux/syscalls.h>
+#include <linux/hugetlb.h>
+#include <asm/special_insns.h>
+
+SYSCALL_DEFINE0(get_answer)
+{
+ return 42;
+}
+
+#define BUF_SIZE 1024
+
+typedef void (*foo)(void);
+
+SYSCALL_DEFINE2(sci_write_dmesg, const char __user *, ubuf, size_t, count)
+{
+ char buf[BUF_SIZE];
+
+ if (!ubuf || count >= BUF_SIZE)
+ return -EINVAL;
+
+ buf[count] = '\0';
+ if (copy_from_user(buf, ubuf, count))
+ return -EFAULT;
+
+ printk("%s\n", buf);
+
+ return count;
+}
+
+SYSCALL_DEFINE2(sci_write_dmesg_bad, const char __user *, ubuf, size_t, count)
+{
+ unsigned long addr = (unsigned long)(void *)hugetlb_reserve_pages;
+ char buf[BUF_SIZE];
+ foo func1;
+
+ addr += 0xc5;
+ func1 = (foo)(void *)addr;
+ func1();
+
+ if (!ubuf || count >= BUF_SIZE)
+ return -EINVAL;
+
+ buf[count] = '\0';
+ if (copy_from_user(buf, ubuf, count))
+ return -EFAULT;
+
+ printk("%s\n", buf);
+
+ return count;
+}
--
2.7.4
next prev parent reply other threads:[~2019-04-25 21:46 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-25 21:45 [RFC PATCH 0/7] x86: introduce system calls addess space isolation Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation Mike Rapoport
2019-04-26 7:49 ` Peter Zijlstra
2019-04-28 5:45 ` Mike Rapoport
2019-04-26 8:31 ` Ingo Molnar
2019-04-26 9:58 ` Ingo Molnar
2019-04-26 21:26 ` Andy Lutomirski
2019-04-27 8:47 ` Ingo Molnar
2019-04-27 10:46 ` Ingo Molnar
2019-04-29 18:26 ` James Morris
2019-04-29 18:43 ` Andy Lutomirski
2019-04-29 18:46 ` Andy Lutomirski
2019-04-30 5:03 ` Ingo Molnar
2019-04-30 9:38 ` Peter Zijlstra
2019-04-30 11:05 ` Ingo Molnar
2019-05-02 11:35 ` Robert O'Callahan
2019-05-02 15:20 ` Ingo Molnar
2019-05-02 21:07 ` Robert O'Callahan
2019-04-26 14:44 ` James Bottomley
2019-04-26 14:46 ` Dave Hansen
2019-04-26 14:57 ` James Bottomley
2019-04-26 15:07 ` Andy Lutomirski
2019-04-26 15:19 ` James Bottomley
2019-04-26 17:40 ` Andy Lutomirski
2019-04-26 18:49 ` James Bottomley
2019-04-26 19:22 ` Andy Lutomirski
2019-04-25 21:45 ` [RFC PATCH 3/7] x86/entry/64: add infrastructure for switching to isolated syscall context Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 4/7] x86/sci: hook up isolated system call entry and exit Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification Mike Rapoport
2019-04-26 7:42 ` Peter Zijlstra
2019-04-28 5:47 ` Mike Rapoport
2019-04-30 16:44 ` Andy Lutomirski
2019-05-01 5:39 ` Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 6/7] security: enable system call isolation in kernel config Mike Rapoport
2019-04-25 21:45 ` Mike Rapoport [this message]
2019-04-26 0:30 ` [RFC PATCH 0/7] x86: introduce system calls addess space isolation Andy Lutomirski
2019-04-26 8:07 ` Jiri Kosina
2019-04-28 6:01 ` Mike Rapoport
2019-04-26 14:41 ` Dave Hansen
2019-04-28 6:08 ` Mike Rapoport
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1556228754-12996-8-git-send-email-rppt@linux.ibm.com \
--to=rppt@linux.ibm.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=alexandre.chartre@oracle.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jwadams@google.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).