Re: [PATCH v13 2/3] m68k: add kernel seccomp support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael Schmitz <schmitzmic@gmail.com>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: linux-m68k@vger.kernel.org, glaubitz@physik.fu-berlin.de
Subject: Re: [PATCH v13 2/3] m68k: add kernel seccomp support
Date: Mon, 23 Jan 2023 07:11:59 +1300	[thread overview]
Message-ID: <27f3da39-ed14-33ac-ebba-4e8291b23d7e@gmail.com> (raw)
In-Reply-To: <CAMuHMdUfBkvwME1wNnaMscXA0k9qBrHVi7M8ppkyaJLSiU8S7Q@mail.gmail.com>

Thanks Geert,

On 23/01/23 05:37, Geert Uytterhoeven wrote:
> On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
> Thanks for your patch!
>
> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
> i.e. will queue in the m68k for-v6.3 branch.
>
>> --- a/arch/m68k/include/asm/syscall.h
>> +++ b/arch/m68k/include/asm/syscall.h
>> +static inline void syscall_set_return_value(struct task_struct *task,
>> +                                           struct pt_regs *regs,
>> +                                           int error, long val)
>> +{
>> +       regs->d0 = (long) error ? error : val;
> I'll change this to "(long)error ?: val" while applying.

Sure - could you also update the commit message that I forgot to change? 
It's 81 out of 94 tests now.

Many thanks also to Adrian for his libseccomp port work!

Cheers,

     Michael


>> +}
>> +
> Gr{oetje,eeting}s,
>
>                          Geert
>
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
>
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                  -- Linus Torvalds

next prev parent reply	other threads:[~2023-01-22 18:12 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-12  3:55 [PATCH v13 0/3] Add kernel seccomp support for m68k Michael Schmitz
2023-01-12  3:55 ` [PATCH v13 1/3] m68k/kernel - check syscall_trace_enter() return code on m68k Michael Schmitz
2023-01-22 16:35   ` Geert Uytterhoeven
2023-01-22 16:35     ` Geert Uytterhoeven
2023-01-12  3:55 ` [PATCH v13 2/3] m68k: add kernel seccomp support Michael Schmitz
2023-01-22 16:37   ` Geert Uytterhoeven
2023-01-22 16:40     ` John Paul Adrian Glaubitz
2023-01-22 18:11     ` Michael Schmitz [this message]
2023-01-22 18:49       ` Geert Uytterhoeven
2023-01-12  3:55 ` [PATCH v13 3/3] tools/testing - seccomp test fixes for m68k Michael Schmitz
2023-01-22 16:40   ` Geert Uytterhoeven
2023-01-12  6:42 ` [PATCH v13 0/3] Add kernel seccomp support " Michael Schmitz
2023-01-13 17:29 ` John Paul Adrian Glaubitz
2023-01-14  0:00   ` Michael Schmitz
2023-01-16  9:12     ` John Paul Adrian Glaubitz
2023-01-17  2:15       ` Michael Schmitz
2023-01-17  8:08         ` John Paul Adrian Glaubitz
2023-01-17 23:25           ` Michael Schmitz
2023-01-18  8:30             ` John Paul Adrian Glaubitz
2023-01-18  9:43               ` John Paul Adrian Glaubitz
2023-01-18 22:21                 ` Michael Schmitz
2023-01-19  9:18                   ` John Paul Adrian Glaubitz
2023-01-20 10:45                     ` John Paul Adrian Glaubitz
2023-02-27 20:45 ` Kees Cook
2023-03-07  2:57   ` Michael Schmitz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=27f3da39-ed14-33ac-ebba-4e8291b23d7e@gmail.com \
    --to=schmitzmic@gmail.com \
    --cc=geert@linux-m68k.org \
    --cc=glaubitz@physik.fu-berlin.de \
    --cc=linux-m68k@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.