Re: Seccomp support for linux-m68k

public inbox for linux-m68k@lists.linux-m68k.org
 help / color / mirror / Atom feed

From: Michael Schmitz <schmitzmic@gmail.com>
To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
	linux-m68k <linux-m68k@lists.linux-m68k.org>
Cc: Debian m68k <debian-68k@lists.debian.org>, Helge Deller <deller@gmx.de>
Subject: Re: Seccomp support for linux-m68k
Date: Sat, 25 Jul 2020 21:29:33 +1200	[thread overview]
Message-ID: <06f3ccd0-3567-5905-eea0-80fb18206648@gmail.com> (raw)
In-Reply-To: <5642df4a-be8f-01eb-63c1-b5b4d75fa9d0@physik.fu-berlin.de>

Hi Adrian,

Am 22.07.2020 um 03:13 schrieb John Paul Adrian Glaubitz:
> Hello!
>
> On 3/20/20 9:46 AM, John Paul Adrian Glaubitz wrote:
>> Would it be possible to add seccomp support for m68k in the kernel?
>>
>> There are some packages like kscreensaver in Debian that require
>> libseccomp-dev and it would therefore be desirable if we could
>> that library on Linux/m68k as well.
>>
>> >From what I have learned from Helge Deller who added seccomp for
>> hppa, it doesn't seem much that is necessary to get seccomp working
>> on an architecture.
>>
>> So, if anyone could work on the kernel part, I could do the work on
>> libseccomp.
> I just had another look at the topic and it seems with just need a minimal
> patch to add SECCOMP and SECCOMP_FILTER support when looking at the changes
> for riscv64 [1].
>
> The most complex change seem to be the changes in entry.S to add some additional
> checks for syscall numbers. I think we could just do this for m68k (and SH) as
> well.

Looking at your SH patch, I see no changes to check for syscall numbers, 
just a check of the syscall_trace_enter() return code added? Is that all 
that's needed for m68k as well?

What return code would we need to set on returning from an aborted 
syscall? (Without setting a specific one, -ENOSYS will be used by default.)

> The userland land part is trivial as well, I actually added SuperH support to
> libseccomp today which was rather easy but my pull request was rejected for the
> time being due to SuperH not supporting SECCOMP_FILTER yet (only basic SECCOMP).
>
> So, if someone could do the kernel pieces for m68k, I would work on the userspace
> changes in libsseccomp.

My earlier patch switching m68k to use syscall_trace_enter() is 
incomplete, please add the return call check

--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -167,6 +167,8 @@ do_trace_entry:
         jbsr    syscall_trace_enter
         RESTORE_SWITCH_STACK
         addql   #4,%sp
+       tstb    %d0
+       jne     ret_from_syscall
         movel   %sp@(PT_OFF_ORIG_D0),%d0
         cmpl    #NR_syscalls,%d0
         jcs     syscall

and add the same seccomp check you used in the SH syscall_trace_enter() 
patch, if returning -ENOSYS on filtered syscalls is appropriate.

Cheers,

	Michael


>
> Adrian
>
>> [1] https://github.com/torvalds/linux/commit/5340627e3fe08030988bdda46dd86cd5d5fb7517
>> [2] https://github.com/seccomp/libseccomp/pull/271
>

next prev parent reply	other threads:[~2020-07-25  9:29 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-20  8:46 Seccomp support for linux-m68k John Paul Adrian Glaubitz
2020-03-20 22:49 ` Finn Thain
2020-03-20 22:59   ` John Paul Adrian Glaubitz
2020-03-20 23:08     ` Finn Thain
2020-03-21 22:18     ` Michael Schmitz
2020-03-21 22:48       ` John Paul Adrian Glaubitz
2020-03-21 23:01         ` John Paul Adrian Glaubitz
2020-07-21 15:13 ` John Paul Adrian Glaubitz
2020-07-25  9:29   ` Michael Schmitz [this message]
2020-07-25 11:55     ` Andreas Schwab
2020-07-26  1:23       ` Michael Schmitz
2020-07-26 11:03         ` Andreas Schwab
2020-07-26 21:02           ` Michael Schmitz
2020-07-26 21:08             ` Andreas Schwab
2020-07-26 21:39               ` Michael Schmitz
2020-07-27  6:35                 ` Andreas Schwab
2020-07-25 18:54     ` John Paul Adrian Glaubitz
2020-07-26  1:34       ` Michael Schmitz
2020-07-26  7:13         ` Michael Schmitz
2020-07-26 11:05         ` Andreas Schwab
2020-07-26 20:46           ` Michael Schmitz
2020-07-26 21:10             ` Andreas Schwab
2020-07-26 22:40               ` Michael Schmitz
2020-07-25 22:48     ` John Paul Adrian Glaubitz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=06f3ccd0-3567-5905-eea0-80fb18206648@gmail.com \
    --to=schmitzmic@gmail.com \
    --cc=debian-68k@lists.debian.org \
    --cc=deller@gmx.de \
    --cc=glaubitz@physik.fu-berlin.de \
    --cc=linux-m68k@lists.linux-m68k.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox