* [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request
@ 2018-12-13 17:18 Dmitry V. Levin
2018-12-13 17:21 ` [PATCH v6 04/27] Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h Dmitry V. Levin
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Dmitry V. Levin @ 2018-12-13 17:18 UTC (permalink / raw)
To: linux-snps-arc
PTRACE_GET_SYSCALL_INFO is a generic ptrace API that lets ptracer obtain
details of the syscall the tracee is blocked in.
There are two reasons for a special syscall-related ptrace request.
Firstly, with the current ptrace API there are cases when ptracer cannot
retrieve necessary information about syscalls. Some examples include:
* The notorious int-0x80-from-64-bit-task issue. See [1] for details.
In short, if a 64-bit task performs a syscall through int 0x80, its tracer
has no reliable means to find out that the syscall was, in fact,
a compat syscall, and misidentifies it.
* Syscall-enter-stop and syscall-exit-stop look the same for the tracer.
Common practice is to keep track of the sequence of ptrace-stops in order
not to mix the two syscall-stops up. But it is not as simple as it looks;
for example, strace had a (just recently fixed) long-standing bug where
attaching strace to a tracee that is performing the execve system call
led to the tracer identifying the following syscall-exit-stop as
syscall-enter-stop, which messed up all the state tracking.
* Since the introduction of commit 84d77d3f06e7e8dea057d10e8ec77ad71f721be3
("ptrace: Don't allow accessing an undumpable mm"), both PTRACE_PEEKDATA
and process_vm_readv become unavailable when the process dumpable flag
is cleared. On such architectures as ia64 this results in all syscall
arguments being unavailable for the tracer.
Secondly, ptracers also have to support a lot of arch-specific code for
obtaining information about the tracee. For some architectures, this
requires a ptrace(PTRACE_PEEKUSER, ...) invocation for every syscall
argument and return value.
PTRACE_GET_SYSCALL_INFO returns the following structure:
struct ptrace_syscall_info {
__u8 op; /* PTRACE_SYSCALL_INFO_* */
__u32 arch __attribute__((__aligned__(sizeof(__u32))));
__u64 instruction_pointer;
__u64 stack_pointer;
union {
struct {
__u64 nr;
__u64 args[6];
} entry;
struct {
__s64 rval;
__u8 is_error;
} exit;
struct {
__u64 nr;
__u64 args[6];
__u32 ret_data;
} seccomp;
};
};
The structure was chosen according to [2], except for the following
changes:
* seccomp substructure was added as a superset of entry substructure;
* the type of nr field was changed from int to __u64 because syscall
numbers are, as a practical matter, 64 bits;
* stack_pointer field was added along with instruction_pointer field
since it is readily available and can save the tracer from extra
PTRACE_GETREGS/PTRACE_GETREGSET calls;
* arch is always initialized to aid with tracing system calls
* such as execve();
* instruction_pointer and stack_pointer are always initialized
so they could be easily obtained for non-syscall stops;
* a boolean is_error field was added along with rval field, this way
the tracer can more reliably distinguish a return value
from an error value.
strace has been ported to PTRACE_GET_SYSCALL_INFO, you can find it
in [3] and [4].
[1] https://lore.kernel.org/lkml/CA+55aFzcSVmdDj9Lh_gdbz1OzHyEm6ZrGPBDAJnywm2LF_eVyg at mail.gmail.com/
[2] https://lore.kernel.org/lkml/CAObL_7GM0n80N7J_DFw_eQyfLyzq+sf4y2AvsCCV88Tb3AwEHA at mail.gmail.com/
[3] https://github.com/strace/strace/commits/ldv/PTRACE_GET_SYSCALL_INFO
[4] https://gitlab.com/strace/strace/commits/ldv/PTRACE_GET_SYSCALL_INFO
---
Notes:
v6:
* Add syscall_get_arguments and syscall_set_arguments wrappers
to asm-generic/syscall.h, requested by Geert.
* Change PTRACE_GET_SYSCALL_INFO return code: do not take trailing paddings
into account, use the end of the last field of the structure being written.
* Change struct ptrace_syscall_info:
* remove .frame_pointer field, is is not needed and not portable;
* make .arch field explicitly aligned, remove no longer needed
padding before .arch field;
* remove trailing pads, they are no longer needed.
v5:
* Merge separate series and patches into the single series.
* Change PTRACE_EVENTMSG_SYSCALL_{ENTRY,EXIT} values as requested by Oleg.
* Change struct ptrace_syscall_info: generalize instruction_pointer,
stack_pointer, and frame_pointer fields by moving them from
ptrace_syscall_info.{entry,seccomp} substructures to ptrace_syscall_info
and initializing them for all stops.
* Add PTRACE_SYSCALL_INFO_NONE, set it when not in a syscall stop,
so e.g. "strace -i" could use PTRACE_SYSCALL_INFO_SECCOMP to obtain
instruction_pointer when the tracee is in a signal stop.
* Patch all remaining architectures to provide all necessary
syscall_get_* functions.
* Make available for all architectures: do not conditionalize on
CONFIG_HAVE_ARCH_TRACEHOOK since all syscall_get_* functions
are implemented on all architectures.
* Add a test for PTRACE_GET_SYSCALL_INFO to selftests/ptrace.
v4:
* Do not introduce task_struct.ptrace_event,
use child->last_siginfo->si_code instead.
* Implement PTRACE_SYSCALL_INFO_SECCOMP and ptrace_syscall_info.seccomp
support along with PTRACE_SYSCALL_INFO_{ENTRY,EXIT} and
ptrace_syscall_info.{entry,exit}.
v3:
* Change struct ptrace_syscall_info.
* Support PTRACE_EVENT_SECCOMP by adding ptrace_event to task_struct.
* Add proper defines for ptrace_syscall_info.op values.
* Rename PT_SYSCALL_IS_ENTERING and PT_SYSCALL_IS_EXITING to
PTRACE_EVENTMSG_SYSCALL_ENTRY and PTRACE_EVENTMSG_SYSCALL_EXIT
* and move them to uapi.
v2:
* Do not use task->ptrace.
* Replace entry_info.is_compat with entry_info.arch, use syscall_get_arch().
* Use addr argument of sys_ptrace to get expected size of the struct;
return full size of the struct.
Dmitry V. Levin (25):
asm-generic/syscall.h: prepare for inclusion by other files
asm-generic/syscall.h: turn syscall_[gs]et_arguments into wrappers
alpha: define remaining syscall_get_* functions
Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h
arc: define syscall_get_arch()
c6x: define syscall_get_arch()
elf-em.h: add EM_CSKY
csky: define syscall_get_arch()
h8300: define remaining syscall_get_* functions
Move EM_HEXAGON to uapi/linux/elf-em.h
hexagon: define remaining syscall_get_* functions
Move EM_NDS32 to uapi/linux/elf-em.h
nds32: define syscall_get_arch()
nios2: define syscall_get_arch()
m68k: add asm/syscall.h
mips: define syscall_get_error()
parisc: define syscall_get_error()
powerpc: define syscall_get_error()
riscv: define syscall_get_arch()
Move EM_XTENSA to uapi/linux/elf-em.h
xtensa: define syscall_get_* functions
Move EM_UNICORE to uapi/linux/elf-em.h
unicore32: add asm/syscall.h
syscall_get_arch: add "struct task_struct *" argument
selftests/ptrace: add a test case for PTRACE_GET_SYSCALL_INFO
Elvira Khabirova (2):
powerpc/ptrace: replace ptrace_report_syscall() with a tracehook call
ptrace: add PTRACE_GET_SYSCALL_INFO request
arch/alpha/include/asm/syscall.h | 31 +-
arch/arc/include/asm/elf.h | 6 +-
arch/arc/include/asm/syscall.h | 11 +
arch/arm/include/asm/syscall.h | 2 +-
arch/arm64/include/asm/syscall.h | 4 +-
arch/c6x/include/asm/syscall.h | 7 +
arch/csky/include/asm/syscall.h | 7 +
arch/h8300/include/asm/syscall.h | 19 ++
arch/hexagon/include/asm/elf.h | 6 +-
arch/hexagon/include/asm/syscall.h | 22 ++
arch/ia64/include/asm/syscall.h | 2 +-
arch/m68k/include/asm/syscall.h | 42 +++
arch/microblaze/include/asm/syscall.h | 2 +-
arch/mips/include/asm/syscall.h | 12 +-
arch/mips/kernel/ptrace.c | 2 +-
arch/nds32/include/asm/elf.h | 3 +-
arch/nds32/include/asm/syscall.h | 8 +
arch/nios2/include/asm/syscall.h | 6 +
arch/openrisc/include/asm/syscall.h | 2 +-
arch/parisc/include/asm/syscall.h | 11 +-
arch/powerpc/include/asm/syscall.h | 20 +-
arch/powerpc/kernel/ptrace.c | 7 +-
arch/riscv/include/asm/syscall.h | 10 +
arch/s390/include/asm/syscall.h | 4 +-
arch/sh/include/asm/syscall_32.h | 2 +-
arch/sh/include/asm/syscall_64.h | 2 +-
arch/sparc/include/asm/syscall.h | 5 +-
arch/unicore32/include/asm/elf.h | 3 +-
arch/unicore32/include/asm/syscall.h | 46 +++
arch/x86/include/asm/syscall.h | 8 +-
arch/x86/um/asm/syscall.h | 2 +-
arch/xtensa/include/asm/elf.h | 2 +-
arch/xtensa/include/asm/syscall.h | 65 +++++
include/asm-generic/syscall.h | 85 ++++--
include/linux/tracehook.h | 9 +-
include/uapi/linux/audit.h | 16 ++
include/uapi/linux/elf-em.h | 8 +
include/uapi/linux/ptrace.h | 35 +++
kernel/auditsc.c | 4 +-
kernel/ptrace.c | 101 ++++++-
kernel/seccomp.c | 4 +-
tools/testing/selftests/ptrace/.gitignore | 1 +
tools/testing/selftests/ptrace/Makefile | 2 +-
.../selftests/ptrace/get_syscall_info.c | 271 ++++++++++++++++++
44 files changed, 851 insertions(+), 66 deletions(-)
create mode 100644 arch/m68k/include/asm/syscall.h
create mode 100644 arch/unicore32/include/asm/syscall.h
create mode 100644 tools/testing/selftests/ptrace/get_syscall_info.c
--
ldv
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v6 04/27] Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h
2018-12-13 17:18 [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request Dmitry V. Levin
@ 2018-12-13 17:21 ` Dmitry V. Levin
2018-12-21 1:19 ` Dmitry V. Levin
2018-12-13 17:21 ` [PATCH v6 05/27] arc: define syscall_get_arch() Dmitry V. Levin
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Dmitry V. Levin @ 2018-12-13 17:21 UTC (permalink / raw)
To: linux-snps-arc
These should never have been defined in the arch tree to begin with, and
now uapi/linux/audit.h header is going to use EM_ARCOMPACT and EM_ARCV2
in order to define AUDIT_ARCH_ARCOMPACT and AUDIT_ARCH_ARCV2 which are
needed to implement syscall_get_arch() which in turn is required to
extend the generic ptrace API with PTRACE_GET_SYSCALL_INFO request.
Acked-by: Vineet Gupta <vgupta at synopsys.com>
Cc: Elvira Khabirova <lineprinter at altlinux.org>
Cc: Eugene Syromyatnikov <esyr at redhat.com>
Cc: Oleg Nesterov <oleg at redhat.com>
Cc: Andy Lutomirski <luto at kernel.org>
Cc: Alexey Brodkin <alexey.brodkin at synopsys.com>
Cc: linux-snps-arc at lists.infradead.org
Signed-off-by: Dmitry V. Levin <ldv at altlinux.org>
---
Notes:
v6: unchanged
v5: added Cc
v2: added Acked-by
arch/arc/include/asm/elf.h | 6 +-----
include/uapi/linux/elf-em.h | 2 ++
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/arch/arc/include/asm/elf.h b/arch/arc/include/asm/elf.h
index aa2d6da9d187..2b80c184c9c8 100644
--- a/arch/arc/include/asm/elf.h
+++ b/arch/arc/include/asm/elf.h
@@ -10,13 +10,9 @@
#define __ASM_ARC_ELF_H
#include <linux/types.h>
+#include <linux/elf-em.h>
#include <uapi/asm/elf.h>
-/* These ELF defines belong to uapi but libc elf.h already defines them */
-#define EM_ARCOMPACT 93
-
-#define EM_ARCV2 195 /* ARCv2 Cores */
-
#define EM_ARC_INUSE (IS_ENABLED(CONFIG_ISA_ARCOMPACT) ? \
EM_ARCOMPACT : EM_ARCV2)
diff --git a/include/uapi/linux/elf-em.h b/include/uapi/linux/elf-em.h
index 93722e60204c..42b7546352a6 100644
--- a/include/uapi/linux/elf-em.h
+++ b/include/uapi/linux/elf-em.h
@@ -34,6 +34,7 @@
#define EM_M32R 88 /* Renesas M32R */
#define EM_MN10300 89 /* Panasonic/MEI MN10300, AM33 */
#define EM_OPENRISC 92 /* OpenRISC 32-bit embedded processor */
+#define EM_ARCOMPACT 93 /* ARCompact processor */
#define EM_BLACKFIN 106 /* ADI Blackfin Processor */
#define EM_ALTERA_NIOS2 113 /* Altera Nios II soft-core processor */
#define EM_TI_C6000 140 /* TI C6X DSPs */
@@ -41,6 +42,7 @@
#define EM_TILEPRO 188 /* Tilera TILEPro */
#define EM_MICROBLAZE 189 /* Xilinx MicroBlaze */
#define EM_TILEGX 191 /* Tilera TILE-Gx */
+#define EM_ARCV2 195 /* ARCv2 Cores */
#define EM_RISCV 243 /* RISC-V */
#define EM_BPF 247 /* Linux BPF - in-kernel virtual machine */
#define EM_FRV 0x5441 /* Fujitsu FR-V */
--
ldv
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v6 05/27] arc: define syscall_get_arch()
2018-12-13 17:18 [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request Dmitry V. Levin
2018-12-13 17:21 ` [PATCH v6 04/27] Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h Dmitry V. Levin
@ 2018-12-13 17:21 ` Dmitry V. Levin
2018-12-21 1:21 ` Dmitry V. Levin
2018-12-13 17:24 ` [PATCH v6 24/27] syscall_get_arch: add "struct task_struct *" argument Dmitry V. Levin
2018-12-14 20:15 ` [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request Paul Moore
3 siblings, 1 reply; 7+ messages in thread
From: Dmitry V. Levin @ 2018-12-13 17:21 UTC (permalink / raw)
To: linux-snps-arc
syscall_get_arch() is required to be implemented on all architectures
in addition to already implemented syscall_get_nr(),
syscall_get_arguments(), syscall_get_error(), and
syscall_get_return_value() functions in order to extend the generic
ptrace API with PTRACE_GET_SYSCALL_INFO request.
Acked-by: Vineet Gupta <vgupta at synopsys.com>
Cc: Elvira Khabirova <lineprinter at altlinux.org>
Cc: Eugene Syromyatnikov <esyr at redhat.com>
Cc: Oleg Nesterov <oleg at redhat.com>
Cc: Andy Lutomirski <luto at kernel.org>
Cc: Alexey Brodkin <alexey.brodkin at synopsys.com>
Cc: Paul Moore <paul at paul-moore.com>
Cc: Eric Paris <eparis at redhat.com>
Cc: linux-snps-arc at lists.infradead.org
Cc: linux-audit at redhat.com
Signed-off-by: Dmitry V. Levin <ldv at altlinux.org>
---
Notes:
v6: unchanged
v5: added Cc
v2: added Acked-by
arch/arc/include/asm/syscall.h | 11 +++++++++++
include/uapi/linux/audit.h | 4 ++++
2 files changed, 15 insertions(+)
diff --git a/arch/arc/include/asm/syscall.h b/arch/arc/include/asm/syscall.h
index 29de09804306..c7fc4c0c3bcb 100644
--- a/arch/arc/include/asm/syscall.h
+++ b/arch/arc/include/asm/syscall.h
@@ -9,6 +9,7 @@
#ifndef _ASM_ARC_SYSCALL_H
#define _ASM_ARC_SYSCALL_H 1
+#include <uapi/linux/audit.h>
#include <linux/err.h>
#include <linux/sched.h>
#include <asm/unistd.h>
@@ -68,4 +69,14 @@ syscall_get_arguments(struct task_struct *task, struct pt_regs *regs,
}
}
+static inline int
+syscall_get_arch(void)
+{
+ return IS_ENABLED(CONFIG_ISA_ARCOMPACT)
+ ? (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
+ ? AUDIT_ARCH_ARCOMPACTBE : AUDIT_ARCH_ARCOMPACT)
+ : (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
+ ? AUDIT_ARCH_ARCV2BE : AUDIT_ARCH_ARCV2);
+}
+
#endif
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 818ae690ab79..bedf3bf54c3a 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -375,6 +375,10 @@ enum {
#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_ARCOMPACT (EM_ARCOMPACT|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_ARCOMPACTBE (EM_ARCOMPACT)
+#define AUDIT_ARCH_ARCV2 (EM_ARCV2|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_ARCV2BE (EM_ARCV2)
#define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_ARMEB (EM_ARM)
#define AUDIT_ARCH_CRIS (EM_CRIS|__AUDIT_ARCH_LE)
--
ldv
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v6 24/27] syscall_get_arch: add "struct task_struct *" argument
2018-12-13 17:18 [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request Dmitry V. Levin
2018-12-13 17:21 ` [PATCH v6 04/27] Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h Dmitry V. Levin
2018-12-13 17:21 ` [PATCH v6 05/27] arc: define syscall_get_arch() Dmitry V. Levin
@ 2018-12-13 17:24 ` Dmitry V. Levin
2018-12-14 20:15 ` [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request Paul Moore
3 siblings, 0 replies; 7+ messages in thread
From: Dmitry V. Levin @ 2018-12-13 17:24 UTC (permalink / raw)
To: linux-snps-arc
This argument is required to extend the generic ptrace API with
PTRACE_GET_SYSCALL_INFO request: syscall_get_arch() is going
to be called from ptrace_request() along with syscall_get_nr(),
syscall_get_arguments(), syscall_get_error(), and
syscall_get_return_value() functions with a tracee as their argument.
Reverts: 5e937a9ae913 ("syscall_get_arch: remove useless function arguments")
Reverts: 1002d94d3076 ("syscall.h: fix doc text for syscall_get_arch()")
Reviewed-by: Andy Lutomirski <luto at kernel.org> # for x86
Reviewed-by: Palmer Dabbelt <palmer at sifive.com>
Acked-by: Paul Burton <paul.burton at mips.com> # MIPS parts
Acked-by: Michael Ellerman <mpe at ellerman.id.au> (powerpc)
Acked-by: Kees Cook <keescook at chromium.org> # seccomp parts
Acked-by: Mark Salter <msalter at redhat.com> # for the c6x bit
Cc: Eric Paris <eparis at redhat.com>
Cc: Paul Moore <paul at paul-moore.com>
Cc: Richard Henderson <rth at twiddle.net>
Cc: Ivan Kokshaysky <ink at jurassic.park.msu.ru>
Cc: Matt Turner <mattst88 at gmail.com>
Cc: Vineet Gupta <vgupta at synopsys.com>
Cc: Russell King <linux at armlinux.org.uk>
Cc: Catalin Marinas <catalin.marinas at arm.com>
Cc: Will Deacon <will.deacon at arm.com>
Cc: Aurelien Jacquiot <jacquiot.aurelien at gmail.com>
Cc: Yoshinori Sato <ysato at users.sourceforge.jp>
Cc: Richard Kuo <rkuo at codeaurora.org>
Cc: Tony Luck <tony.luck at intel.com>
Cc: Fenghua Yu <fenghua.yu at intel.com>
Cc: Geert Uytterhoeven <geert at linux-m68k.org>
Cc: Michal Simek <monstr at monstr.eu>
Cc: Greentime Hu <green.hu at gmail.com>
Cc: Vincent Chen <deanbo422 at gmail.com>
Cc: Ley Foon Tan <lftan at altera.com>
Cc: Jonas Bonn <jonas at southpole.se>
Cc: Stefan Kristiansson <stefan.kristiansson at saunalahti.fi>
Cc: Stafford Horne <shorne at gmail.com>
Cc: James E.J. Bottomley <jejb at parisc-linux.org>
Cc: Helge Deller <deller at gmx.de>
Cc: Albert Ou <aou at eecs.berkeley.edu>
Cc: Martin Schwidefsky <schwidefsky at de.ibm.com>
Cc: Heiko Carstens <heiko.carstens at de.ibm.com>
Cc: Rich Felker <dalias at libc.org>
Cc: David S. Miller <davem at davemloft.net>
Cc: Guan Xuetao <gxt at pku.edu.cn>
Cc: Jeff Dike <jdike at addtoit.com>
Cc: Richard Weinberger <richard at nod.at>
Cc: Chris Zankel <chris at zankel.net>
Cc: Max Filippov <jcmvbkbc at gmail.com>
Cc: Arnd Bergmann <arnd at arndb.de>
Cc: Will Drewry <wad at chromium.org>
Cc: Oleg Nesterov <oleg at redhat.com>
Cc: Elvira Khabirova <lineprinter at altlinux.org>
Cc: Eugene Syromyatnikov <esyr at redhat.com>
Cc: Ralf Baechle <ralf at linux-mips.org>
Cc: James Hogan <jhogan at kernel.org>
Cc: Benjamin Herrenschmidt <benh at kernel.crashing.org>
Cc: Paul Mackerras <paulus at samba.org>
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: Ingo Molnar <mingo at redhat.com>
Cc: Borislav Petkov <bp at alien8.de>
Cc: H. Peter Anvin <hpa at zytor.com>
Cc: x86 at kernel.org
Cc: linux-alpha at vger.kernel.org
Cc: linux-snps-arc at lists.infradead.org
Cc: linux-arm-kernel at lists.infradead.org
Cc: linux-c6x-dev at linux-c6x.org
Cc: uclinux-h8-devel at lists.sourceforge.jp
Cc: linux-hexagon at vger.kernel.org
Cc: linux-ia64 at vger.kernel.org
Cc: linux-m68k at lists.linux-m68k.org
Cc: linux-mips at vger.kernel.org
Cc: nios2-dev at lists.rocketboards.org
Cc: openrisc at lists.librecores.org
Cc: linux-parisc at vger.kernel.org
Cc: linuxppc-dev at lists.ozlabs.org
Cc: linux-riscv at lists.infradead.org
Cc: linux-s390 at vger.kernel.org
Cc: linux-sh at vger.kernel.org
Cc: sparclinux at vger.kernel.org
Cc: linux-um at lists.infradead.org
Cc: linux-xtensa at linux-xtensa.org
Cc: linux-arch at vger.kernel.org
Cc: linux-audit at redhat.com
Signed-off-by: Dmitry V. Levin <ldv at altlinux.org>
---
Notes:
v6: added more Acked-by
v5: added Cc
v2: cleaned up mips part, added Reviewed-by
arch/alpha/include/asm/syscall.h | 2 +-
arch/arc/include/asm/syscall.h | 2 +-
arch/arm/include/asm/syscall.h | 2 +-
arch/arm64/include/asm/syscall.h | 4 ++--
arch/c6x/include/asm/syscall.h | 2 +-
arch/csky/include/asm/syscall.h | 2 +-
arch/h8300/include/asm/syscall.h | 2 +-
arch/hexagon/include/asm/syscall.h | 2 +-
arch/ia64/include/asm/syscall.h | 2 +-
arch/m68k/include/asm/syscall.h | 2 +-
arch/microblaze/include/asm/syscall.h | 2 +-
arch/mips/include/asm/syscall.h | 6 +++---
arch/mips/kernel/ptrace.c | 2 +-
arch/nds32/include/asm/syscall.h | 2 +-
arch/nios2/include/asm/syscall.h | 2 +-
arch/openrisc/include/asm/syscall.h | 2 +-
arch/parisc/include/asm/syscall.h | 4 ++--
arch/powerpc/include/asm/syscall.h | 10 ++++++++--
arch/riscv/include/asm/syscall.h | 2 +-
arch/s390/include/asm/syscall.h | 4 ++--
arch/sh/include/asm/syscall_32.h | 2 +-
arch/sh/include/asm/syscall_64.h | 2 +-
arch/sparc/include/asm/syscall.h | 5 +++--
arch/unicore32/include/asm/syscall.h | 2 +-
arch/x86/include/asm/syscall.h | 8 +++++---
arch/x86/um/asm/syscall.h | 2 +-
arch/xtensa/include/asm/syscall.h | 2 +-
include/asm-generic/syscall.h | 5 +++--
kernel/auditsc.c | 4 ++--
kernel/seccomp.c | 4 ++--
30 files changed, 52 insertions(+), 42 deletions(-)
diff --git a/arch/alpha/include/asm/syscall.h b/arch/alpha/include/asm/syscall.h
index c67d6a69d7c8..20078aef0922 100644
--- a/arch/alpha/include/asm/syscall.h
+++ b/arch/alpha/include/asm/syscall.h
@@ -33,7 +33,7 @@ syscall_get_return_value(struct task_struct *task, struct pt_regs *regs)
}
static inline int
-syscall_get_arch(void)
+syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_ALPHA;
}
diff --git a/arch/arc/include/asm/syscall.h b/arch/arc/include/asm/syscall.h
index c7fc4c0c3bcb..caf2697ef5b7 100644
--- a/arch/arc/include/asm/syscall.h
+++ b/arch/arc/include/asm/syscall.h
@@ -70,7 +70,7 @@ syscall_get_arguments(struct task_struct *task, struct pt_regs *regs,
}
static inline int
-syscall_get_arch(void)
+syscall_get_arch(struct task_struct *task)
{
return IS_ENABLED(CONFIG_ISA_ARCOMPACT)
? (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
index 06dea6bce293..3940ceac0bdc 100644
--- a/arch/arm/include/asm/syscall.h
+++ b/arch/arm/include/asm/syscall.h
@@ -104,7 +104,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->ARM_r0 + i, args, n * sizeof(args[0]));
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
/* ARM tasks don't change audit architectures on the fly. */
return AUDIT_ARCH_ARM;
diff --git a/arch/arm64/include/asm/syscall.h b/arch/arm64/include/asm/syscall.h
index ad8be16a39c9..1870df03f774 100644
--- a/arch/arm64/include/asm/syscall.h
+++ b/arch/arm64/include/asm/syscall.h
@@ -117,9 +117,9 @@ static inline void syscall_set_arguments(struct task_struct *task,
* We don't care about endianness (__AUDIT_ARCH_LE bit) here because
* AArch64 has the same system calls both on little- and big- endian.
*/
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
- if (is_compat_task())
+ if (is_compat_thread(task_thread_info(task)))
return AUDIT_ARCH_ARM;
return AUDIT_ARCH_AARCH64;
diff --git a/arch/c6x/include/asm/syscall.h b/arch/c6x/include/asm/syscall.h
index 39dbd1ef994c..595057191c9c 100644
--- a/arch/c6x/include/asm/syscall.h
+++ b/arch/c6x/include/asm/syscall.h
@@ -121,7 +121,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
}
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
return IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
? AUDIT_ARCH_C6XBE : AUDIT_ARCH_C6X;
diff --git a/arch/csky/include/asm/syscall.h b/arch/csky/include/asm/syscall.h
index d637445737b7..150ffb894fa2 100644
--- a/arch/csky/include/asm/syscall.h
+++ b/arch/csky/include/asm/syscall.h
@@ -70,7 +70,7 @@ syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
}
static inline int
-syscall_get_arch(void)
+syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_CSKY;
}
diff --git a/arch/h8300/include/asm/syscall.h b/arch/h8300/include/asm/syscall.h
index 0a6565d12836..5c2ab1072700 100644
--- a/arch/h8300/include/asm/syscall.h
+++ b/arch/h8300/include/asm/syscall.h
@@ -62,7 +62,7 @@ syscall_get_return_value(struct task_struct *task, struct pt_regs *regs)
}
static inline int
-syscall_get_arch(void)
+syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_H8300;
}
diff --git a/arch/hexagon/include/asm/syscall.h b/arch/hexagon/include/asm/syscall.h
index c3290c0bc458..94bdfd22f912 100644
--- a/arch/hexagon/include/asm/syscall.h
+++ b/arch/hexagon/include/asm/syscall.h
@@ -60,7 +60,7 @@ static inline long syscall_get_return_value(struct task_struct *task,
return regs->r00;
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_HEXAGON;
}
diff --git a/arch/ia64/include/asm/syscall.h b/arch/ia64/include/asm/syscall.h
index 1d0b875fec44..47ab33f5448a 100644
--- a/arch/ia64/include/asm/syscall.h
+++ b/arch/ia64/include/asm/syscall.h
@@ -81,7 +81,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
ia64_syscall_get_set_arguments(task, regs, i, n, args, 1);
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_IA64;
}
diff --git a/arch/m68k/include/asm/syscall.h b/arch/m68k/include/asm/syscall.h
index c87b14417753..e5ea2e20d3a5 100644
--- a/arch/m68k/include/asm/syscall.h
+++ b/arch/m68k/include/asm/syscall.h
@@ -34,7 +34,7 @@ syscall_get_return_value(struct task_struct *task, struct pt_regs *regs)
}
static inline int
-syscall_get_arch(void)
+syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_M68K;
}
diff --git a/arch/microblaze/include/asm/syscall.h b/arch/microblaze/include/asm/syscall.h
index 220decd605a4..77a86fafa974 100644
--- a/arch/microblaze/include/asm/syscall.h
+++ b/arch/microblaze/include/asm/syscall.h
@@ -101,7 +101,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
asmlinkage unsigned long do_syscall_trace_enter(struct pt_regs *regs);
asmlinkage void do_syscall_trace_leave(struct pt_regs *regs);
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_MICROBLAZE;
}
diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h
index 04ab927ff47d..466957d0474b 100644
--- a/arch/mips/include/asm/syscall.h
+++ b/arch/mips/include/asm/syscall.h
@@ -146,14 +146,14 @@ extern const unsigned long sys_call_table[];
extern const unsigned long sys32_call_table[];
extern const unsigned long sysn32_call_table[];
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
int arch = AUDIT_ARCH_MIPS;
#ifdef CONFIG_64BIT
- if (!test_thread_flag(TIF_32BIT_REGS)) {
+ if (!test_tsk_thread_flag(task, TIF_32BIT_REGS)) {
arch |= __AUDIT_ARCH_64BIT;
/* N32 sets only TIF_32BIT_ADDR */
- if (test_thread_flag(TIF_32BIT_ADDR))
+ if (test_tsk_thread_flag(task, TIF_32BIT_ADDR))
arch |= __AUDIT_ARCH_CONVENTION_MIPS64_N32;
}
#endif
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index e5ba56c01ee0..e112c525c3a7 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -1272,7 +1272,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall)
unsigned long args[6];
sd.nr = syscall;
- sd.arch = syscall_get_arch();
+ sd.arch = syscall_get_arch(current);
syscall_get_arguments(current, regs, 0, 6, args);
for (i = 0; i < 6; i++)
sd.args[i] = args[i];
diff --git a/arch/nds32/include/asm/syscall.h b/arch/nds32/include/asm/syscall.h
index 569149ca25da..e109acd225e6 100644
--- a/arch/nds32/include/asm/syscall.h
+++ b/arch/nds32/include/asm/syscall.h
@@ -187,7 +187,7 @@ void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
memcpy(®s->uregs[0] + i, args, n * sizeof(args[0]));
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
return IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
? AUDIT_ARCH_NDS32BE : AUDIT_ARCH_NDS32;
diff --git a/arch/nios2/include/asm/syscall.h b/arch/nios2/include/asm/syscall.h
index cf35e210fc4d..f0f6ae208e78 100644
--- a/arch/nios2/include/asm/syscall.h
+++ b/arch/nios2/include/asm/syscall.h
@@ -136,7 +136,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
}
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_NIOS2;
}
diff --git a/arch/openrisc/include/asm/syscall.h b/arch/openrisc/include/asm/syscall.h
index 2db9f1cf0694..46b10c674bd2 100644
--- a/arch/openrisc/include/asm/syscall.h
+++ b/arch/openrisc/include/asm/syscall.h
@@ -72,7 +72,7 @@ syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
memcpy(®s->gpr[3 + i], args, n * sizeof(args[0]));
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_OPENRISC;
}
diff --git a/arch/parisc/include/asm/syscall.h b/arch/parisc/include/asm/syscall.h
index 477511ff7546..310016e1925d 100644
--- a/arch/parisc/include/asm/syscall.h
+++ b/arch/parisc/include/asm/syscall.h
@@ -69,11 +69,11 @@ static inline void syscall_rollback(struct task_struct *task,
/* do nothing */
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
int arch = AUDIT_ARCH_PARISC;
#ifdef CONFIG_64BIT
- if (!is_compat_task())
+ if (!__is_compat_task(task))
arch = AUDIT_ARCH_PARISC64;
#endif
return arch;
diff --git a/arch/powerpc/include/asm/syscall.h b/arch/powerpc/include/asm/syscall.h
index 1d03e753391d..70f9e538e1b3 100644
--- a/arch/powerpc/include/asm/syscall.h
+++ b/arch/powerpc/include/asm/syscall.h
@@ -110,9 +110,15 @@ static inline void syscall_set_arguments(struct task_struct *task,
regs->orig_gpr3 = args[0];
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
- int arch = is_32bit_task() ? AUDIT_ARCH_PPC : AUDIT_ARCH_PPC64;
+ int arch;
+
+ if (IS_ENABLED(CONFIG_PPC64) && !test_tsk_thread_flag(task, TIF_32BIT))
+ arch = AUDIT_ARCH_PPC64;
+ else
+ arch = AUDIT_ARCH_PPC;
+
#ifdef __LITTLE_ENDIAN__
arch |= __AUDIT_ARCH_LE;
#endif
diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
index bba3da6ef157..ca120a36a037 100644
--- a/arch/riscv/include/asm/syscall.h
+++ b/arch/riscv/include/asm/syscall.h
@@ -100,7 +100,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->a1 + i * sizeof(regs->a1), args, n * sizeof(regs->a0));
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
#ifdef CONFIG_64BIT
return AUDIT_ARCH_RISCV64;
diff --git a/arch/s390/include/asm/syscall.h b/arch/s390/include/asm/syscall.h
index 96f9a9151fde..5a40ea8b90ea 100644
--- a/arch/s390/include/asm/syscall.h
+++ b/arch/s390/include/asm/syscall.h
@@ -92,10 +92,10 @@ static inline void syscall_set_arguments(struct task_struct *task,
regs->orig_gpr2 = args[0];
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
#ifdef CONFIG_COMPAT
- if (test_tsk_thread_flag(current, TIF_31BIT))
+ if (test_tsk_thread_flag(task, TIF_31BIT))
return AUDIT_ARCH_S390;
#endif
return AUDIT_ARCH_S390X;
diff --git a/arch/sh/include/asm/syscall_32.h b/arch/sh/include/asm/syscall_32.h
index 6e118799831c..08de429eccd4 100644
--- a/arch/sh/include/asm/syscall_32.h
+++ b/arch/sh/include/asm/syscall_32.h
@@ -95,7 +95,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
}
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
int arch = AUDIT_ARCH_SH;
diff --git a/arch/sh/include/asm/syscall_64.h b/arch/sh/include/asm/syscall_64.h
index 43882580c7f9..9b62a2404531 100644
--- a/arch/sh/include/asm/syscall_64.h
+++ b/arch/sh/include/asm/syscall_64.h
@@ -63,7 +63,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->regs[2 + i], args, n * sizeof(args[0]));
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
int arch = AUDIT_ARCH_SH;
diff --git a/arch/sparc/include/asm/syscall.h b/arch/sparc/include/asm/syscall.h
index 053989e3f6a6..9ffb367c17fd 100644
--- a/arch/sparc/include/asm/syscall.h
+++ b/arch/sparc/include/asm/syscall.h
@@ -128,10 +128,11 @@ static inline void syscall_set_arguments(struct task_struct *task,
regs->u_regs[UREG_I0 + i + j] = args[j];
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
#if defined(CONFIG_SPARC64) && defined(CONFIG_COMPAT)
- return in_compat_syscall() ? AUDIT_ARCH_SPARC : AUDIT_ARCH_SPARC64;
+ return test_tsk_thread_flag(task, TIF_32BIT)
+ ? AUDIT_ARCH_SPARC : AUDIT_ARCH_SPARC64;
#elif defined(CONFIG_SPARC64)
return AUDIT_ARCH_SPARC64;
#else
diff --git a/arch/unicore32/include/asm/syscall.h b/arch/unicore32/include/asm/syscall.h
index aeebb343255b..56daf3edb8e8 100644
--- a/arch/unicore32/include/asm/syscall.h
+++ b/arch/unicore32/include/asm/syscall.h
@@ -38,7 +38,7 @@ syscall_get_return_value(struct task_struct *task, struct pt_regs *regs)
}
static inline int
-syscall_get_arch(void)
+syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_UNICORE;
}
diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
index d653139857af..435f3f09279c 100644
--- a/arch/x86/include/asm/syscall.h
+++ b/arch/x86/include/asm/syscall.h
@@ -107,7 +107,7 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy(®s->bx + i, args, n * sizeof(args[0]));
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_I386;
}
@@ -236,10 +236,12 @@ static inline void syscall_set_arguments(struct task_struct *task,
}
}
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
/* x32 tasks should be considered AUDIT_ARCH_X86_64. */
- return in_ia32_syscall() ? AUDIT_ARCH_I386 : AUDIT_ARCH_X86_64;
+ return (IS_ENABLED(CONFIG_IA32_EMULATION) &&
+ task->thread_info.status & TS_COMPAT)
+ ? AUDIT_ARCH_I386 : AUDIT_ARCH_X86_64;
}
#endif /* CONFIG_X86_32 */
diff --git a/arch/x86/um/asm/syscall.h b/arch/x86/um/asm/syscall.h
index ef898af102d1..56a2f0913e3c 100644
--- a/arch/x86/um/asm/syscall.h
+++ b/arch/x86/um/asm/syscall.h
@@ -9,7 +9,7 @@ typedef asmlinkage long (*sys_call_ptr_t)(unsigned long, unsigned long,
unsigned long, unsigned long,
unsigned long, unsigned long);
-static inline int syscall_get_arch(void)
+static inline int syscall_get_arch(struct task_struct *task)
{
#ifdef CONFIG_X86_32
return AUDIT_ARCH_I386;
diff --git a/arch/xtensa/include/asm/syscall.h b/arch/xtensa/include/asm/syscall.h
index 40c6de062ac8..0b4f8cf440d5 100644
--- a/arch/xtensa/include/asm/syscall.h
+++ b/arch/xtensa/include/asm/syscall.h
@@ -68,7 +68,7 @@ syscall_get_return_value(struct task_struct *task, struct pt_regs *regs)
}
static inline int
-syscall_get_arch(void)
+syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_XTENSA;
}
diff --git a/include/asm-generic/syscall.h b/include/asm-generic/syscall.h
index fdefe27fa63f..43216b431770 100644
--- a/include/asm-generic/syscall.h
+++ b/include/asm-generic/syscall.h
@@ -194,16 +194,17 @@ syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
/**
* syscall_get_arch - return the AUDIT_ARCH for the current system call
+ * @task: task of interest, must be blocked
*
* Returns the AUDIT_ARCH_* based on the system call convention in use.
*
- * It's only valid to call this when current is stopped on entry to a system
+ * It's only valid to call this when @task is stopped on entry to a system
* call, due to %TIF_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or %TIF_SECCOMP.
*
* Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must
* provide an implementation of this.
*/
static int
-syscall_get_arch(void);
+syscall_get_arch(struct task_struct *task);
#endif /* _ASM_GENERIC_SYSCALL_H */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b2d1f043f17f..1319e3e7b16c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1537,7 +1537,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2,
return;
}
- context->arch = syscall_get_arch();
+ context->arch = syscall_get_arch(current);
context->major = major;
context->argv[0] = a1;
context->argv[1] = a2;
@@ -2495,7 +2495,7 @@ void audit_seccomp(unsigned long syscall, long signr, int code)
return;
audit_log_task(ab);
audit_log_format(ab, " sig=%ld arch=%x syscall=%ld compat=%d ip=0x%lx code=0x%x",
- signr, syscall_get_arch(), syscall,
+ signr, syscall_get_arch(current), syscall,
in_compat_syscall(), KSTK_EIP(current), code);
audit_log_end(ab);
}
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index f2ae2324c232..77cb87bd2eae 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -82,7 +82,7 @@ static void populate_seccomp_data(struct seccomp_data *sd)
unsigned long args[6];
sd->nr = syscall_get_nr(task, regs);
- sd->arch = syscall_get_arch();
+ sd->arch = syscall_get_arch(task);
syscall_get_arguments(task, regs, 0, 6, args);
sd->args[0] = args[0];
sd->args[1] = args[1];
@@ -529,7 +529,7 @@ static void seccomp_init_siginfo(kernel_siginfo_t *info, int syscall, int reason
info->si_code = SYS_SECCOMP;
info->si_call_addr = (void __user *)KSTK_EIP(current);
info->si_errno = reason;
- info->si_arch = syscall_get_arch();
+ info->si_arch = syscall_get_arch(current);
info->si_syscall = syscall;
}
--
ldv
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request
2018-12-13 17:18 [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request Dmitry V. Levin
` (2 preceding siblings ...)
2018-12-13 17:24 ` [PATCH v6 24/27] syscall_get_arch: add "struct task_struct *" argument Dmitry V. Levin
@ 2018-12-14 20:15 ` Paul Moore
3 siblings, 0 replies; 7+ messages in thread
From: Paul Moore @ 2018-12-14 20:15 UTC (permalink / raw)
To: linux-snps-arc
On Thu, Dec 13, 2018@12:18 PM Dmitry V. Levin <ldv@altlinux.org> wrote:
> PTRACE_GET_SYSCALL_INFO is a generic ptrace API that lets ptracer obtain
> details of the syscall the tracee is blocked in.
>
> There are two reasons for a special syscall-related ptrace request.
>
> Firstly, with the current ptrace API there are cases when ptracer cannot
> retrieve necessary information about syscalls. Some examples include:
> * The notorious int-0x80-from-64-bit-task issue. See [1] for details.
> In short, if a 64-bit task performs a syscall through int 0x80, its tracer
> has no reliable means to find out that the syscall was, in fact,
> a compat syscall, and misidentifies it.
> * Syscall-enter-stop and syscall-exit-stop look the same for the tracer.
> Common practice is to keep track of the sequence of ptrace-stops in order
> not to mix the two syscall-stops up. But it is not as simple as it looks;
> for example, strace had a (just recently fixed) long-standing bug where
> attaching strace to a tracee that is performing the execve system call
> led to the tracer identifying the following syscall-exit-stop as
> syscall-enter-stop, which messed up all the state tracking.
> * Since the introduction of commit 84d77d3f06e7e8dea057d10e8ec77ad71f721be3
> ("ptrace: Don't allow accessing an undumpable mm"), both PTRACE_PEEKDATA
> and process_vm_readv become unavailable when the process dumpable flag
> is cleared. On such architectures as ia64 this results in all syscall
> arguments being unavailable for the tracer.
>
> Secondly, ptracers also have to support a lot of arch-specific code for
> obtaining information about the tracee. For some architectures, this
> requires a ptrace(PTRACE_PEEKUSER, ...) invocation for every syscall
> argument and return value.
>
> PTRACE_GET_SYSCALL_INFO returns the following structure:
>
> struct ptrace_syscall_info {
> __u8 op; /* PTRACE_SYSCALL_INFO_* */
> __u32 arch __attribute__((__aligned__(sizeof(__u32))));
> __u64 instruction_pointer;
> __u64 stack_pointer;
> union {
> struct {
> __u64 nr;
> __u64 args[6];
> } entry;
> struct {
> __s64 rval;
> __u8 is_error;
> } exit;
> struct {
> __u64 nr;
> __u64 args[6];
> __u32 ret_data;
> } seccomp;
> };
> };
>
> The structure was chosen according to [2], except for the following
> changes:
> * seccomp substructure was added as a superset of entry substructure;
> * the type of nr field was changed from int to __u64 because syscall
> numbers are, as a practical matter, 64 bits;
> * stack_pointer field was added along with instruction_pointer field
> since it is readily available and can save the tracer from extra
> PTRACE_GETREGS/PTRACE_GETREGSET calls;
> * arch is always initialized to aid with tracing system calls
> * such as execve();
> * instruction_pointer and stack_pointer are always initialized
> so they could be easily obtained for non-syscall stops;
> * a boolean is_error field was added along with rval field, this way
> the tracer can more reliably distinguish a return value
> from an error value.
>
> strace has been ported to PTRACE_GET_SYSCALL_INFO, you can find it
> in [3] and [4].
>
> [1] https://lore.kernel.org/lkml/CA+55aFzcSVmdDj9Lh_gdbz1OzHyEm6ZrGPBDAJnywm2LF_eVyg at mail.gmail.com/
> [2] https://lore.kernel.org/lkml/CAObL_7GM0n80N7J_DFw_eQyfLyzq+sf4y2AvsCCV88Tb3AwEHA at mail.gmail.com/
> [3] https://github.com/strace/strace/commits/ldv/PTRACE_GET_SYSCALL_INFO
> [4] https://gitlab.com/strace/strace/commits/ldv/PTRACE_GET_SYSCALL_INFO
>
> ---
>
> Notes:
> v6:
> * Add syscall_get_arguments and syscall_set_arguments wrappers
> to asm-generic/syscall.h, requested by Geert.
> * Change PTRACE_GET_SYSCALL_INFO return code: do not take trailing paddings
> into account, use the end of the last field of the structure being written.
> * Change struct ptrace_syscall_info:
> * remove .frame_pointer field, is is not needed and not portable;
> * make .arch field explicitly aligned, remove no longer needed
> padding before .arch field;
> * remove trailing pads, they are no longer needed.
>
> v5:
> * Merge separate series and patches into the single series.
> * Change PTRACE_EVENTMSG_SYSCALL_{ENTRY,EXIT} values as requested by Oleg.
> * Change struct ptrace_syscall_info: generalize instruction_pointer,
> stack_pointer, and frame_pointer fields by moving them from
> ptrace_syscall_info.{entry,seccomp} substructures to ptrace_syscall_info
> and initializing them for all stops.
> * Add PTRACE_SYSCALL_INFO_NONE, set it when not in a syscall stop,
> so e.g. "strace -i" could use PTRACE_SYSCALL_INFO_SECCOMP to obtain
> instruction_pointer when the tracee is in a signal stop.
> * Patch all remaining architectures to provide all necessary
> syscall_get_* functions.
> * Make available for all architectures: do not conditionalize on
> CONFIG_HAVE_ARCH_TRACEHOOK since all syscall_get_* functions
> are implemented on all architectures.
> * Add a test for PTRACE_GET_SYSCALL_INFO to selftests/ptrace.
>
> v4:
> * Do not introduce task_struct.ptrace_event,
> use child->last_siginfo->si_code instead.
> * Implement PTRACE_SYSCALL_INFO_SECCOMP and ptrace_syscall_info.seccomp
> support along with PTRACE_SYSCALL_INFO_{ENTRY,EXIT} and
> ptrace_syscall_info.{entry,exit}.
>
> v3:
> * Change struct ptrace_syscall_info.
> * Support PTRACE_EVENT_SECCOMP by adding ptrace_event to task_struct.
> * Add proper defines for ptrace_syscall_info.op values.
> * Rename PT_SYSCALL_IS_ENTERING and PT_SYSCALL_IS_EXITING to
> PTRACE_EVENTMSG_SYSCALL_ENTRY and PTRACE_EVENTMSG_SYSCALL_EXIT
> * and move them to uapi.
>
> v2:
> * Do not use task->ptrace.
> * Replace entry_info.is_compat with entry_info.arch, use syscall_get_arch().
> * Use addr argument of sys_ptrace to get expected size of the struct;
> return full size of the struct.
>
> Dmitry V. Levin (25):
> asm-generic/syscall.h: prepare for inclusion by other files
> asm-generic/syscall.h: turn syscall_[gs]et_arguments into wrappers
> alpha: define remaining syscall_get_* functions
> Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h
> arc: define syscall_get_arch()
> c6x: define syscall_get_arch()
> elf-em.h: add EM_CSKY
> csky: define syscall_get_arch()
> h8300: define remaining syscall_get_* functions
> Move EM_HEXAGON to uapi/linux/elf-em.h
> hexagon: define remaining syscall_get_* functions
> Move EM_NDS32 to uapi/linux/elf-em.h
> nds32: define syscall_get_arch()
> nios2: define syscall_get_arch()
> m68k: add asm/syscall.h
> mips: define syscall_get_error()
> parisc: define syscall_get_error()
> powerpc: define syscall_get_error()
> riscv: define syscall_get_arch()
> Move EM_XTENSA to uapi/linux/elf-em.h
> xtensa: define syscall_get_* functions
> Move EM_UNICORE to uapi/linux/elf-em.h
> unicore32: add asm/syscall.h
> syscall_get_arch: add "struct task_struct *" argument
> selftests/ptrace: add a test case for PTRACE_GET_SYSCALL_INFO
>
> Elvira Khabirova (2):
> powerpc/ptrace: replace ptrace_report_syscall() with a tracehook call
> ptrace: add PTRACE_GET_SYSCALL_INFO request
As mentioned in the previous patchsets, this all looks fine to me from
an audit perspective (although there is not much audit code to really
comment on). Feel free to add my ACK to the audit related patches.
Acked-by: Paul Moore <paul at paul-moore.com>
> arch/alpha/include/asm/syscall.h | 31 +-
> arch/arc/include/asm/elf.h | 6 +-
> arch/arc/include/asm/syscall.h | 11 +
> arch/arm/include/asm/syscall.h | 2 +-
> arch/arm64/include/asm/syscall.h | 4 +-
> arch/c6x/include/asm/syscall.h | 7 +
> arch/csky/include/asm/syscall.h | 7 +
> arch/h8300/include/asm/syscall.h | 19 ++
> arch/hexagon/include/asm/elf.h | 6 +-
> arch/hexagon/include/asm/syscall.h | 22 ++
> arch/ia64/include/asm/syscall.h | 2 +-
> arch/m68k/include/asm/syscall.h | 42 +++
> arch/microblaze/include/asm/syscall.h | 2 +-
> arch/mips/include/asm/syscall.h | 12 +-
> arch/mips/kernel/ptrace.c | 2 +-
> arch/nds32/include/asm/elf.h | 3 +-
> arch/nds32/include/asm/syscall.h | 8 +
> arch/nios2/include/asm/syscall.h | 6 +
> arch/openrisc/include/asm/syscall.h | 2 +-
> arch/parisc/include/asm/syscall.h | 11 +-
> arch/powerpc/include/asm/syscall.h | 20 +-
> arch/powerpc/kernel/ptrace.c | 7 +-
> arch/riscv/include/asm/syscall.h | 10 +
> arch/s390/include/asm/syscall.h | 4 +-
> arch/sh/include/asm/syscall_32.h | 2 +-
> arch/sh/include/asm/syscall_64.h | 2 +-
> arch/sparc/include/asm/syscall.h | 5 +-
> arch/unicore32/include/asm/elf.h | 3 +-
> arch/unicore32/include/asm/syscall.h | 46 +++
> arch/x86/include/asm/syscall.h | 8 +-
> arch/x86/um/asm/syscall.h | 2 +-
> arch/xtensa/include/asm/elf.h | 2 +-
> arch/xtensa/include/asm/syscall.h | 65 +++++
> include/asm-generic/syscall.h | 85 ++++--
> include/linux/tracehook.h | 9 +-
> include/uapi/linux/audit.h | 16 ++
> include/uapi/linux/elf-em.h | 8 +
> include/uapi/linux/ptrace.h | 35 +++
> kernel/auditsc.c | 4 +-
> kernel/ptrace.c | 101 ++++++-
> kernel/seccomp.c | 4 +-
> tools/testing/selftests/ptrace/.gitignore | 1 +
> tools/testing/selftests/ptrace/Makefile | 2 +-
> .../selftests/ptrace/get_syscall_info.c | 271 ++++++++++++++++++
> 44 files changed, 851 insertions(+), 66 deletions(-)
> create mode 100644 arch/m68k/include/asm/syscall.h
> create mode 100644 arch/unicore32/include/asm/syscall.h
> create mode 100644 tools/testing/selftests/ptrace/get_syscall_info.c
>
> --
> ldv
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v6 04/27] Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h
2018-12-13 17:21 ` [PATCH v6 04/27] Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h Dmitry V. Levin
@ 2018-12-21 1:19 ` Dmitry V. Levin
0 siblings, 0 replies; 7+ messages in thread
From: Dmitry V. Levin @ 2018-12-21 1:19 UTC (permalink / raw)
To: linux-snps-arc
Hi,
On Thu, Dec 13, 2018@08:21:42PM +0300, Dmitry V. Levin wrote:
> These should never have been defined in the arch tree to begin with, and
> now uapi/linux/audit.h header is going to use EM_ARCOMPACT and EM_ARCV2
> in order to define AUDIT_ARCH_ARCOMPACT and AUDIT_ARCH_ARCV2 which are
> needed to implement syscall_get_arch() which in turn is required to
> extend the generic ptrace API with PTRACE_GET_SYSCALL_INFO request.
>
> Acked-by: Vineet Gupta <vgupta at synopsys.com>
> Cc: Elvira Khabirova <lineprinter at altlinux.org>
> Cc: Eugene Syromyatnikov <esyr at redhat.com>
> Cc: Oleg Nesterov <oleg at redhat.com>
> Cc: Andy Lutomirski <luto at kernel.org>
> Cc: Alexey Brodkin <alexey.brodkin at synopsys.com>
> Cc: linux-snps-arc at lists.infradead.org
> Signed-off-by: Dmitry V. Levin <ldv at altlinux.org>
> ---
Looks like the whole series is going to be pinged for quite some time yet,
so would you mind taking this patch into your arc tree, please?
Thanks.
> Notes:
> v6: unchanged
> v5: added Cc
> v2: added Acked-by
>
> arch/arc/include/asm/elf.h | 6 +-----
> include/uapi/linux/elf-em.h | 2 ++
> 2 files changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/arch/arc/include/asm/elf.h b/arch/arc/include/asm/elf.h
> index aa2d6da9d187..2b80c184c9c8 100644
> --- a/arch/arc/include/asm/elf.h
> +++ b/arch/arc/include/asm/elf.h
> @@ -10,13 +10,9 @@
> #define __ASM_ARC_ELF_H
>
> #include <linux/types.h>
> +#include <linux/elf-em.h>
> #include <uapi/asm/elf.h>
>
> -/* These ELF defines belong to uapi but libc elf.h already defines them */
> -#define EM_ARCOMPACT 93
> -
> -#define EM_ARCV2 195 /* ARCv2 Cores */
> -
> #define EM_ARC_INUSE (IS_ENABLED(CONFIG_ISA_ARCOMPACT) ? \
> EM_ARCOMPACT : EM_ARCV2)
>
> diff --git a/include/uapi/linux/elf-em.h b/include/uapi/linux/elf-em.h
> index 93722e60204c..42b7546352a6 100644
> --- a/include/uapi/linux/elf-em.h
> +++ b/include/uapi/linux/elf-em.h
> @@ -34,6 +34,7 @@
> #define EM_M32R 88 /* Renesas M32R */
> #define EM_MN10300 89 /* Panasonic/MEI MN10300, AM33 */
> #define EM_OPENRISC 92 /* OpenRISC 32-bit embedded processor */
> +#define EM_ARCOMPACT 93 /* ARCompact processor */
> #define EM_BLACKFIN 106 /* ADI Blackfin Processor */
> #define EM_ALTERA_NIOS2 113 /* Altera Nios II soft-core processor */
> #define EM_TI_C6000 140 /* TI C6X DSPs */
> @@ -41,6 +42,7 @@
> #define EM_TILEPRO 188 /* Tilera TILEPro */
> #define EM_MICROBLAZE 189 /* Xilinx MicroBlaze */
> #define EM_TILEGX 191 /* Tilera TILE-Gx */
> +#define EM_ARCV2 195 /* ARCv2 Cores */
> #define EM_RISCV 243 /* RISC-V */
> #define EM_BPF 247 /* Linux BPF - in-kernel virtual machine */
> #define EM_FRV 0x5441 /* Fujitsu FR-V */
> --
> ldv
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-snps-arc/attachments/20181221/54a761eb/attachment-0001.sig>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v6 05/27] arc: define syscall_get_arch()
2018-12-13 17:21 ` [PATCH v6 05/27] arc: define syscall_get_arch() Dmitry V. Levin
@ 2018-12-21 1:21 ` Dmitry V. Levin
0 siblings, 0 replies; 7+ messages in thread
From: Dmitry V. Levin @ 2018-12-21 1:21 UTC (permalink / raw)
To: linux-snps-arc
Hi,
On Thu, Dec 13, 2018@08:21:46PM +0300, Dmitry V. Levin wrote:
> syscall_get_arch() is required to be implemented on all architectures
> in addition to already implemented syscall_get_nr(),
> syscall_get_arguments(), syscall_get_error(), and
> syscall_get_return_value() functions in order to extend the generic
> ptrace API with PTRACE_GET_SYSCALL_INFO request.
>
> Acked-by: Vineet Gupta <vgupta at synopsys.com>
> Cc: Elvira Khabirova <lineprinter at altlinux.org>
> Cc: Eugene Syromyatnikov <esyr at redhat.com>
> Cc: Oleg Nesterov <oleg at redhat.com>
> Cc: Andy Lutomirski <luto at kernel.org>
> Cc: Alexey Brodkin <alexey.brodkin at synopsys.com>
> Cc: Paul Moore <paul at paul-moore.com>
> Cc: Eric Paris <eparis at redhat.com>
> Cc: linux-snps-arc at lists.infradead.org
> Cc: linux-audit at redhat.com
> Signed-off-by: Dmitry V. Levin <ldv at altlinux.org>
> ---
Looks like the whole series is going to be pinged for quite some time yet,
so would you mind taking this patch into your arc tree, please?
Thanks.
> Notes:
> v6: unchanged
> v5: added Cc
> v2: added Acked-by
>
> arch/arc/include/asm/syscall.h | 11 +++++++++++
> include/uapi/linux/audit.h | 4 ++++
> 2 files changed, 15 insertions(+)
>
> diff --git a/arch/arc/include/asm/syscall.h b/arch/arc/include/asm/syscall.h
> index 29de09804306..c7fc4c0c3bcb 100644
> --- a/arch/arc/include/asm/syscall.h
> +++ b/arch/arc/include/asm/syscall.h
> @@ -9,6 +9,7 @@
> #ifndef _ASM_ARC_SYSCALL_H
> #define _ASM_ARC_SYSCALL_H 1
>
> +#include <uapi/linux/audit.h>
> #include <linux/err.h>
> #include <linux/sched.h>
> #include <asm/unistd.h>
> @@ -68,4 +69,14 @@ syscall_get_arguments(struct task_struct *task, struct pt_regs *regs,
> }
> }
>
> +static inline int
> +syscall_get_arch(void)
> +{
> + return IS_ENABLED(CONFIG_ISA_ARCOMPACT)
> + ? (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
> + ? AUDIT_ARCH_ARCOMPACTBE : AUDIT_ARCH_ARCOMPACT)
> + : (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
> + ? AUDIT_ARCH_ARCV2BE : AUDIT_ARCH_ARCV2);
> +}
> +
> #endif
> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> index 818ae690ab79..bedf3bf54c3a 100644
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@ -375,6 +375,10 @@ enum {
>
> #define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
> #define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
> +#define AUDIT_ARCH_ARCOMPACT (EM_ARCOMPACT|__AUDIT_ARCH_LE)
> +#define AUDIT_ARCH_ARCOMPACTBE (EM_ARCOMPACT)
> +#define AUDIT_ARCH_ARCV2 (EM_ARCV2|__AUDIT_ARCH_LE)
> +#define AUDIT_ARCH_ARCV2BE (EM_ARCV2)
> #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE)
> #define AUDIT_ARCH_ARMEB (EM_ARM)
> #define AUDIT_ARCH_CRIS (EM_CRIS|__AUDIT_ARCH_LE)
> --
> ldv
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-snps-arc/attachments/20181221/fc930f01/attachment.sig>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-12-21 1:21 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-12-13 17:18 [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request Dmitry V. Levin
2018-12-13 17:21 ` [PATCH v6 04/27] Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h Dmitry V. Levin
2018-12-21 1:19 ` Dmitry V. Levin
2018-12-13 17:21 ` [PATCH v6 05/27] arc: define syscall_get_arch() Dmitry V. Levin
2018-12-21 1:21 ` Dmitry V. Levin
2018-12-13 17:24 ` [PATCH v6 24/27] syscall_get_arch: add "struct task_struct *" argument Dmitry V. Levin
2018-12-14 20:15 ` [PATCH v6 00/27] ptrace: add PTRACE_GET_SYSCALL_INFO request Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox