From: Hajime Tazaki <thehajime@gmail.com>
To: johannes@sipsolutions.net
Cc: linux-um@lists.infradead.org, ricarkol@google.com,
Liam.Howlett@oracle.com, kenichi.yasukata@gmail.com
Subject: Re: [PATCH v3 06/13] um: nommu: syscalls handler from userspace by seccomp filter
Date: Thu, 05 Dec 2024 22:51:48 +0900 [thread overview]
Message-ID: <m234j2w83v.wl-thehajime@gmail.com> (raw)
In-Reply-To: <c5c8a72aa008fd23fd1c7f64def54e94253b3016.camel@sipsolutions.net>
On Thu, 05 Dec 2024 01:42:11 +0900,
Johannes Berg wrote:
>
> On Tue, 2024-12-03 at 13:23 +0900, Hajime Tazaki wrote:
> >
> > +#ifndef CONFIG_MMU
> > +extern int um_zpoline_enabled;
> > +#endif
>
> That doesn't make sense, there's no good reason these two mechanisms
> need to be mutually exclusive.
>
> I think you should leave out zpoline initially, get all the other stuff
> sorted out, and then add it later as an optimisation where possible (can
> map at 0, can rewrite the binary, etc.)
okay.
> > +void trap_sigsys(struct uml_pt_regs *regs)
> > +{
> > + struct task_struct *tsk = current;
> > +
> > + pr_info_ratelimited("%s%s[%d]: sigsys ip %p sp %p\n",
> > + task_pid_nr(tsk) > 1 ? KERN_INFO : KERN_EMERG,
> > + tsk->comm, task_pid_nr(tsk),
> > + (void *)UPT_IP(regs), (void *)UPT_SP(regs));
>
> Shouldn't do that, not even rate-limited.
this was actually follow the way how show_segvinfo(), but yes, it
should not. I will use pr_info() instead.
> > + if (err) {
> > + os_warn("SECCOMP_SET_MODE_FILTER (err=%d, ernro=%d)\n",
> > + err, errno);
> > + exit(-1);
>
> exit(-1) probably isn't quite right, it's more like a u8.
will fix it.
> > + os_info("seccomp: filter syscalls in the range: 0x%lx-0x%lx\n",
> > + __userspace_start, __userspace_end);
>
> not sure we need that, but at least it's only once?
this is a message that will report at a startup after filter
installation, so it would be useful if the feature is enabled or not.
# and expected to run this part only once.
(and maybe I can put the following fix)
- int os_setup_seccomp(void)
+ int __init os_setup_seccomp(void)
> > +#ifndef CONFIG_MMU
> > +static void sigsys_handler(int sig, struct siginfo *si, mcontext_t *mc)
> > +{
> > + struct uml_pt_regs r;
> > +
> > + if (!um_zpoline_enabled) {
> > + /* hook syscall via SIGSYS */
> > + mc_set_sigsys_hook(mc);
> > + } else {
> > + /* trap SIGSYS to userspace */
> > + get_regs_from_mc(&r, mc);
> > + trap_sigsys(&r);
> > + /* force handle signals after rt_sigreturn() */
> > + mc_set_regs_ip_relay(mc);
>
> I don't understand why this behaves differently with and without
> zpoline, it seems it shouldn't need to. Anyway, still think zpoline is
> future work.
I will remove the zpoline part.
When zpoline is used, SIGSYS signal is a sign of unexpected syscall
invocation, and raise this signal to userspace (with printing
message).
When it's not used, the handler calls syscall entrypoint instead, so
the code path should be different.
-- Hajime
next prev parent reply other threads:[~2024-12-05 13:51 UTC|newest]
Thread overview: 131+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-24 12:09 [RFC PATCH 00/13] nommu UML Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 01/13] fs: binfmt_elf_efpic: add architecture hook elf_arch_finalize_exec Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 02/13] x86/um: nommu: elf loader for fdpic Hajime Tazaki
2024-10-25 8:56 ` Johannes Berg
2024-10-25 12:54 ` Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 03/13] um: nommu: memory handling Hajime Tazaki
2024-10-25 9:11 ` Johannes Berg
2024-10-25 12:55 ` Hajime Tazaki
2024-10-25 15:15 ` Johannes Berg
2024-10-26 7:24 ` Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 04/13] x86/um: nommu: syscall handling Hajime Tazaki
2024-10-25 9:14 ` Johannes Berg
2024-10-25 12:55 ` Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 05/13] x86/um: nommu: syscall translation by zpoline Hajime Tazaki
2024-10-25 9:19 ` Johannes Berg
2024-10-25 12:58 ` Hajime Tazaki
2024-10-25 15:20 ` Johannes Berg
2024-10-26 7:36 ` Hajime Tazaki
2024-10-27 9:45 ` Johannes Berg
2024-10-28 7:47 ` Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 06/13] x86/um: nommu: process/thread handling Hajime Tazaki
2024-10-25 9:22 ` Johannes Berg
2024-10-25 12:58 ` Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 07/13] um: nommu: configure fs register on host syscall invocation Hajime Tazaki
2024-10-25 9:28 ` Johannes Berg
2024-10-25 13:27 ` Hajime Tazaki
2024-10-25 15:22 ` Johannes Berg
2024-10-26 7:34 ` Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 08/13] x86/um/vdso: nommu: vdso memory update Hajime Tazaki
2024-10-25 9:29 ` Johannes Berg
2024-10-25 13:28 ` Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 09/13] x86/um: nommu: signal handling Hajime Tazaki
2024-10-25 9:30 ` Johannes Berg
2024-10-25 13:04 ` Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 10/13] x86/um: nommu: stack save/restore on vfork Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 11/13] um: change machine name for uname output Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 12/13] um: nommu: add documentation of nommu UML Hajime Tazaki
2024-10-24 12:09 ` [RFC PATCH 13/13] um: nommu: plug nommu code into build system Hajime Tazaki
2024-10-25 9:33 ` Johannes Berg
2024-10-25 13:05 ` Hajime Tazaki
2024-10-25 15:27 ` Johannes Berg
2024-10-26 7:36 ` Hajime Tazaki
2024-10-26 10:19 ` [RFC PATCH 00/13] nommu UML Benjamin Berg
2024-10-27 9:10 ` Hajime Tazaki
2024-10-28 13:32 ` Benjamin Berg
2024-10-30 9:25 ` Hajime Tazaki
2024-11-09 0:52 ` Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 " Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 01/13] fs: binfmt_elf_efpic: add architecture hook elf_arch_finalize_exec Hajime Tazaki
2024-11-11 22:32 ` kernel test robot
2024-11-11 6:27 ` [RFC PATCH v2 02/13] x86/um: nommu: elf loader for fdpic Hajime Tazaki
2024-11-12 12:48 ` Geert Uytterhoeven
2024-11-12 22:07 ` Hajime Tazaki
2024-11-13 8:19 ` Geert Uytterhoeven
2024-11-13 8:36 ` Johannes Berg
2024-11-13 8:36 ` Johannes Berg
2024-11-13 10:27 ` Geert Uytterhoeven
2024-11-13 13:17 ` Hajime Tazaki
2024-11-13 13:55 ` Geert Uytterhoeven
2024-11-13 23:32 ` Hajime Tazaki
2024-11-14 1:40 ` Greg Ungerer
2024-11-14 10:41 ` Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 03/13] um: nommu: memory handling Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 04/13] x86/um: nommu: syscall handling Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 05/13] x86/um: nommu: syscall translation by zpoline Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 06/13] um: nommu: prevent host syscalls from userspace by seccomp filter Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 07/13] x86/um: nommu: process/thread handling Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 08/13] um: nommu: configure fs register on host syscall invocation Hajime Tazaki
2024-11-12 9:36 ` kernel test robot
2024-11-27 10:00 ` Benjamin Berg
2024-11-27 10:26 ` Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 09/13] x86/um/vdso: nommu: vdso memory update Hajime Tazaki
2024-11-27 10:36 ` Benjamin Berg
2024-11-27 23:23 ` Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 10/13] x86/um: nommu: signal handling Hajime Tazaki
2024-11-12 11:00 ` kernel test robot
2024-11-28 10:37 ` Benjamin Berg
2024-12-01 1:38 ` Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 11/13] um: change machine name for uname output Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 12/13] um: nommu: add documentation of nommu UML Hajime Tazaki
2024-11-11 6:27 ` [RFC PATCH v2 13/13] um: nommu: plug nommu code into build system Hajime Tazaki
2024-11-15 10:12 ` [RFC PATCH v2 00/13] nommu UML Johannes Berg
2024-11-15 10:26 ` Anton Ivanov
2024-11-15 14:54 ` Hajime Tazaki
2024-11-15 14:48 ` Hajime Tazaki
2024-11-22 9:33 ` Lorenzo Stoakes
2024-11-22 9:53 ` Johannes Berg
2024-11-22 10:29 ` Lorenzo Stoakes
2024-11-22 12:18 ` Christoph Hellwig
2024-11-22 12:25 ` Lorenzo Stoakes
2024-11-22 12:38 ` Christoph Hellwig
2024-11-22 12:49 ` Damien Le Moal
2024-11-22 12:52 ` Lorenzo Stoakes
2024-11-23 7:27 ` David Gow
2024-11-24 1:25 ` Hajime Tazaki
2024-12-03 4:22 ` [PATCH v3 " Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 01/13] fs: binfmt_elf_efpic: add architecture hook elf_arch_finalize_exec Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 02/13] x86/um: nommu: elf loader for fdpic Hajime Tazaki
2024-12-04 16:20 ` Johannes Berg
2024-12-05 13:41 ` Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 03/13] um: nommu: memory handling Hajime Tazaki
2024-12-04 16:34 ` Johannes Berg
2024-12-05 13:46 ` Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 04/13] x86/um: nommu: syscall handling Hajime Tazaki
2024-12-04 16:37 ` Johannes Berg
2024-12-05 13:47 ` Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 05/13] x86/um: nommu: syscall translation by zpoline Hajime Tazaki
2024-12-04 16:37 ` Johannes Berg
2024-12-05 13:48 ` Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 06/13] um: nommu: syscalls handler from userspace by seccomp filter Hajime Tazaki
2024-12-04 16:42 ` Johannes Berg
2024-12-05 13:51 ` Hajime Tazaki [this message]
2024-12-05 13:54 ` Johannes Berg
2024-12-06 2:51 ` Hajime Tazaki
2024-12-04 17:54 ` kernel test robot
2024-12-03 4:23 ` [PATCH v3 07/13] x86/um: nommu: process/thread handling Hajime Tazaki
2024-12-04 16:50 ` Johannes Berg
2024-12-05 13:56 ` Hajime Tazaki
2024-12-05 13:58 ` Johannes Berg
2024-12-06 2:49 ` Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 08/13] um: nommu: configure fs register on host syscall invocation Hajime Tazaki
2024-12-04 16:52 ` Johannes Berg
2024-12-04 19:31 ` Geert Uytterhoeven
2024-12-05 13:58 ` Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 09/13] x86/um/vdso: nommu: vdso memory update Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 10/13] x86/um: nommu: signal handling Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 11/13] um: change machine name for uname output Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 12/13] um: nommu: add documentation of nommu UML Hajime Tazaki
2024-12-03 4:23 ` [PATCH v3 13/13] um: nommu: plug nommu code into build system Hajime Tazaki
2024-12-04 16:20 ` [PATCH v3 00/13] nommu UML Johannes Berg
2024-12-05 13:41 ` Hajime Tazaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m234j2w83v.wl-thehajime@gmail.com \
--to=thehajime@gmail.com \
--cc=Liam.Howlett@oracle.com \
--cc=johannes@sipsolutions.net \
--cc=kenichi.yasukata@gmail.com \
--cc=linux-um@lists.infradead.org \
--cc=ricarkol@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.