Re: [PATCH 3.15] MIPS: Add new AUDIT_ARCH token for the N32 ABI on MIPS64

[James Hogan <james.hogan@imgtec.com>]

[-- Attachment #1: Type: text/plain, Size: 3182 bytes --]

On Wednesday 21 May 2014 16:59:22 Paul Moore wrote:
> On Monday, May 12, 2014 02:53:05 PM Paul Moore wrote:
> > On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote:
> > > A MIPS64 kernel may support ELF files for all 3 MIPS ABIs
> > > (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token
> > > does not provide enough information about the ABI for the 64-bit
> > > process. As a result of which, userland needs to use complex
> > > seccomp filters to decide whether a syscall belongs to the o32 or n32
> > > or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it
> > > can be used by seccomp to explicitely set syscall filters for this ABI.
> > > 
> > > Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/
> > > Cc: Andy Lutomirski <luto@amacapital.net>
> > > Cc: Eric Paris <eparis@redhat.com>
> > > Cc: Paul Moore <pmoore@redhat.com>
> > > Cc: Ralf Baechle <ralf@linux-mips.org>
> > > Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
> > > ---
> > > Ralf, can we please have this in 3.15 (Assuming it's ACK'd)?
> > > 
> > > Thanks a lot!
> > > ---
> > > 
> > >  arch/mips/include/asm/syscall.h |  2 ++
> > >  include/uapi/linux/audit.h      | 12 ++++++++++++
> > >  2 files changed, 14 insertions(+)
> > 
> > [NOTE: Adding lkml to the To line to hopefully spur discussion/acceptance
> > as this *really* should be in 3.15]
> > 
> > I'm re-replying to this patch and adding lkml to the To line because I
> > believe it is very important we get this patch into 3.15.  For those who
> > don't follow the MIPS architecture very closely, the upcoming 3.15 is the
> > first release to include support for seccomp filters, the latest
> > generation
> > of syscall filtering which used a BPF based filter language.  For reason
> > that are easy to understand, the syscall filters are ABI specific (e.g.
> > syscall tables, word length, endianness) and those generating syscall
> > filters in userspace (e.g. libseccomp) need to take great care to ensure
> > that the generated filters take the ABI into account and fail safely in
> > the
> > case where a different ABI is used (e.g. x86, x86_64, x32).
> > 
> > The patch below corrects, what is IMHO, an omission in the original MIPS
> > seccomp filter patch, allowing userspace to easily separate MIPS and
> > MIPS64. Without this patch we will be forced to handle MIPS/MIPS64 like
> > we handle x86_64/x32 which is a royal pain and not something I want to
> > have deal with again.
> > 
> > Further, while I don't want to speak for the audit folks, it is my
> > understanding that they want this patch for similar reasons.
> > 
> > Please merge this patch for 3.15 or at least provide some feedback as to
> > why this isn't a viable solution for upstream.  Once 3.15 ships, fixing
> > this will require breaking the MIPS ABI which isn't something any of us
> > want.
> > 
> > Thanks,
> > -Paul
> 
> *Bump*
> 
> I don't know what else needs to be done to get some action on this and we're
> running out of time for 3.15.

It was merged yesterday:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c7d6891a770aa97dd36c2df3545031e64c6a0ef3

Cheers
James

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]