From: Paul Moore <pmoore@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org,
Eric Paris <eparis@redhat.com>, Al Viro <aviro@redhat.com>,
Will Drewry <wad@chromium.org>, "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH 2/3] [RFC] seccomp: give BPF x32 bit when restoring x32 filter
Date: Fri, 11 Jul 2014 12:36:23 -0400 [thread overview]
Message-ID: <8897229.50V8e7SIxg@sifl> (raw)
In-Reply-To: <6a69eb94b4cfac5f94b229c2eb2ebc402aac722a.1405023592.git.rgb@redhat.com>
On Thursday, July 10, 2014 11:38:13 PM Richard Guy Briggs wrote:
> Commit
> fca460f hpa@zytor.com 2012-02-19 07:56:26 -0800
> x32: Handle the x32 system call flag
>
> provided a method to multiplex architecture with the syscall number for X32
> calls.
>
> Commit
> 8b4b9f2 pmoore@redhat.com 2013-02-15 12:21:43 -0500
> x86: remove the x32 syscall bitmask from syscall_get_nr()
>
> broke audit and potentially other users of syscall_get_nr() which depend on
> that call as named.
Arguably audit is broken anyway by not correctly treating syscall numbers as
32 bit integers like everyone else.
The commit above, 8b4b9f2, changed syscall_get_nr() so that it returned the
same syscall number that is used by the architecture's ABI; just like every*
other architecture in the kernel.
* Admittedly I didn't check every architecture's implementation, but after a
half dozen I stopped checking as there was a definite trend.
{snip}
> diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
> index d6a756a..d58b6be 100644
> --- a/arch/x86/include/asm/syscall.h
> +++ b/arch/x86/include/asm/syscall.h
> @@ -236,6 +236,10 @@ static inline int syscall_get_arch(void)
> return AUDIT_ARCH_I386;
> #endif
> /* Both x32 and x86_64 are considered "64-bit". */
> +#ifdef CONFIG_X86_X32_ABI
> + if (task_pt_regs(current)->orig_ax & __X32_SYSCALL_BIT)
> + return AUDIT_ARCH_X86_X32;
> +#endif
No. See my comments above and in other parts of this thread.
> return AUDIT_ARCH_X86_64;
> }
> #endif /* CONFIG_X86_32 */
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index b35c215..bc18214 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -73,6 +73,12 @@ static void populate_seccomp_data(struct seccomp_data
> *sd)
>
> sd->nr = syscall_get_nr(task, regs);
> sd->arch = syscall_get_arch();
> +#ifdef CONFIG_X86_X32_ABI
> + if (sd->arch == AUDIT_ARCH_X86_X32) {
> + sd->arch = AUDIT_ARCH_X86_64;
> + sd->nr |= __X32_SYSCALL_BIT;
> + }
> +#endif
Once again, I'm not really sure I need to comment further here, but don't
change syscall_get_nr(), it should return the same syscall number as was used
by userspace to initiate the syscall. If you really want to use the new
AUDIT_ARCH_X86_X32 macro/define, go ahead, but make sure you rewrite it to the
x86-64 value here so as to not break compatibility with existing seccomp
filter users.
--
paul moore
security and virtualization @ redhat
next prev parent reply other threads:[~2014-07-11 16:36 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-11 3:38 [PATCH 0/3] [RFC] X32: fix syscall_get_nr while not breaking seccomp BPF Richard Guy Briggs
2014-07-11 3:38 ` Richard Guy Briggs
2014-07-11 3:38 ` [PATCH 1/3] [RFC] audit: add AUDIT_ARCH_X86_X32 arch definition Richard Guy Briggs
2014-07-11 16:15 ` Paul Moore
2014-07-11 3:38 ` [PATCH 2/3] [RFC] seccomp: give BPF x32 bit when restoring x32 filter Richard Guy Briggs
2014-07-11 3:38 ` Richard Guy Briggs
2014-07-11 4:06 ` H. Peter Anvin
2014-07-11 16:11 ` Paul Moore
2014-07-11 16:13 ` H. Peter Anvin
2014-07-11 16:16 ` Eric Paris
2014-07-11 16:21 ` Paul Moore
2014-07-11 16:23 ` Eric Paris
2014-07-11 16:30 ` H. Peter Anvin
2014-07-11 16:32 ` Paul Moore
2014-07-11 18:31 ` Eric Paris
2014-07-11 19:36 ` Paul Moore
2014-07-11 22:48 ` Kees Cook
2014-07-11 22:52 ` Kees Cook
2014-07-11 22:55 ` H. Peter Anvin
2014-07-11 23:02 ` Kees Cook
2014-07-11 23:12 ` Andy Lutomirski
2014-07-11 16:36 ` Paul Moore [this message]
2014-07-11 16:44 ` H. Peter Anvin
2014-07-11 3:38 ` [PATCH 3/3] [RFC] Revert "x86: remove the x32 syscall bitmask from syscall_get_nr()" Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8897229.50V8e7SIxg@sifl \
--to=pmoore@redhat.com \
--cc=aviro@redhat.com \
--cc=eparis@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rgb@redhat.com \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.