* [PATCH v3 0/3] powerpc: Enable seccomp filter support
@ 2015-02-13 8:22 Bogdan Purcareata
2015-02-13 8:22 ` [PATCH v3 1/3] powerpc: Don't force ENOSYS as error on syscall fail Bogdan Purcareata
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Bogdan Purcareata @ 2015-02-13 8:22 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: pmoore, linux-kernel, Bogdan Purcareata, strosake
Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
architectures, and enable this support.
Testing has been pursued using libseccomp with the latest ppc support patches
[1][2], on Freescale platforms for both ppc and ppc64. ppc64le support is
untested.
[1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
[2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
v3:
- keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
v2:
- move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
Bogdan Purcareata (3):
powerpc: Don't force ENOSYS as error on syscall fail
powerpc: Relax secure computing on syscall entry trace
powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
arch/powerpc/Kconfig | 1 +
arch/powerpc/kernel/entry_32.S | 7 ++++++-
arch/powerpc/kernel/entry_64.S | 5 +++--
arch/powerpc/kernel/ptrace.c | 8 ++++++--
4 files changed, 16 insertions(+), 5 deletions(-)
--
2.1.4
^ permalink raw reply [flat|nested] 6+ messages in thread* [PATCH v3 1/3] powerpc: Don't force ENOSYS as error on syscall fail 2015-02-13 8:22 [PATCH v3 0/3] powerpc: Enable seccomp filter support Bogdan Purcareata @ 2015-02-13 8:22 ` Bogdan Purcareata 2015-02-18 3:01 ` Mike Strosaker 2015-02-13 8:22 ` [PATCH v3 2/3] powerpc: Relax secure computing on syscall entry trace Bogdan Purcareata 2015-02-13 8:22 ` [PATCH v3 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER Bogdan Purcareata 2 siblings, 1 reply; 6+ messages in thread From: Bogdan Purcareata @ 2015-02-13 8:22 UTC (permalink / raw) To: benh, paulus, linuxppc-dev, mpe Cc: pmoore, linux-kernel, Bogdan Purcareata, strosake In certain scenarios - e.g. seccomp filtering with ERRNO as default action - the system call fails for other reasons than the syscall not being available. The seccomp filter can be configured to store a user-defined error code on return from a blacklisted syscall. Don't always set ENOSYS on do_syscall_trace_enter failure. Delegate setting ENOSYS in case of failure, where appropriate, to do_syscall_trace_enter. v3: - keep setting ENOSYS in the syscall entry assembly for scenarios without syscall tracing v2: - move setting ENOSYS as errno from the syscall entry assembly to do_syscall_trace_enter, only in the specific case Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> --- arch/powerpc/kernel/entry_32.S | 7 ++++++- arch/powerpc/kernel/entry_64.S | 5 +++-- arch/powerpc/kernel/ptrace.c | 4 +++- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S index 46fc0f4..b2f88cd 100644 --- a/arch/powerpc/kernel/entry_32.S +++ b/arch/powerpc/kernel/entry_32.S @@ -333,12 +333,12 @@ _GLOBAL(DoSyscall) lwz r11,TI_FLAGS(r10) andi. r11,r11,_TIF_SYSCALL_DOTRACE bne- syscall_dotrace -syscall_dotrace_cont: cmplwi 0,r0,NR_syscalls lis r10,sys_call_table@h ori r10,r10,sys_call_table@l slwi r0,r0,2 bge- 66f +syscall_dotrace_cont: lwzx r10,r10,r0 /* Fetch system call handler [ptr] */ mtlr r10 addi r9,r1,STACK_FRAME_OVERHEAD @@ -457,6 +457,11 @@ syscall_dotrace: lwz r7,GPR7(r1) lwz r8,GPR8(r1) REST_NVGPRS(r1) + cmplwi 0,r0,NR_syscalls + lis r10,sys_call_table@h + ori r10,r10,sys_call_table@l + slwi r0,r0,2 + bge- ret_from_syscall b syscall_dotrace_cont syscall_exit_work: diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S index d180caf2..0d22fa8 100644 --- a/arch/powerpc/kernel/entry_64.S +++ b/arch/powerpc/kernel/entry_64.S @@ -144,7 +144,6 @@ END_FW_FTR_SECTION_IFSET(FW_FEATURE_SPLPAR) ld r10,TI_FLAGS(r11) andi. r11,r10,_TIF_SYSCALL_DOTRACE bne syscall_dotrace -.Lsyscall_dotrace_cont: cmpldi 0,r0,NR_syscalls bge- syscall_enosys @@ -253,7 +252,9 @@ syscall_dotrace: addi r9,r1,STACK_FRAME_OVERHEAD CURRENT_THREAD_INFO(r10, r1) ld r10,TI_FLAGS(r10) - b .Lsyscall_dotrace_cont + cmpldi 0,r0,NR_syscalls + bge- syscall_exit + b system_call syscall_enosys: li r3,-ENOSYS diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c index f21897b..2edae06 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c @@ -1775,13 +1775,15 @@ long do_syscall_trace_enter(struct pt_regs *regs) secure_computing_strict(regs->gpr[0]); if (test_thread_flag(TIF_SYSCALL_TRACE) && - tracehook_report_syscall_entry(regs)) + tracehook_report_syscall_entry(regs)) { /* * Tracing decided this syscall should not happen. * We'll return a bogus call number to get an ENOSYS * error, but leave the original number in regs->gpr[0]. */ ret = -1L; + syscall_set_return_value(current, regs, ENOSYS, 0); + } if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->gpr[0]); -- 2.1.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3 1/3] powerpc: Don't force ENOSYS as error on syscall fail 2015-02-13 8:22 ` [PATCH v3 1/3] powerpc: Don't force ENOSYS as error on syscall fail Bogdan Purcareata @ 2015-02-18 3:01 ` Mike Strosaker 2015-02-18 6:50 ` Purcareata Bogdan 0 siblings, 1 reply; 6+ messages in thread From: Mike Strosaker @ 2015-02-18 3:01 UTC (permalink / raw) To: Bogdan Purcareata, benh, paulus, linuxppc-dev, mpe; +Cc: pmoore, linux-kernel This patch failed to build using pseries_le_defconfig. With the change noted below in entry_64.S, the build succeeded and seccomp mode 2 worked correctly. Best, Mike Strosaker On 02/13/2015 02:22 AM, Bogdan Purcareata wrote: > In certain scenarios - e.g. seccomp filtering with ERRNO as default action - > the system call fails for other reasons than the syscall not being available. > The seccomp filter can be configured to store a user-defined error code on > return from a blacklisted syscall. Don't always set ENOSYS on > do_syscall_trace_enter failure. > > Delegate setting ENOSYS in case of failure, where appropriate, to > do_syscall_trace_enter. > > v3: > - keep setting ENOSYS in the syscall entry assembly for scenarios without > syscall tracing > > v2: > - move setting ENOSYS as errno from the syscall entry assembly to > do_syscall_trace_enter, only in the specific case > > Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> > --- > arch/powerpc/kernel/entry_32.S | 7 ++++++- > arch/powerpc/kernel/entry_64.S | 5 +++-- > arch/powerpc/kernel/ptrace.c | 4 +++- > 3 files changed, 12 insertions(+), 4 deletions(-) > > diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S > index 46fc0f4..b2f88cd 100644 > --- a/arch/powerpc/kernel/entry_32.S > +++ b/arch/powerpc/kernel/entry_32.S > @@ -333,12 +333,12 @@ _GLOBAL(DoSyscall) > lwz r11,TI_FLAGS(r10) > andi. r11,r11,_TIF_SYSCALL_DOTRACE > bne- syscall_dotrace > -syscall_dotrace_cont: > cmplwi 0,r0,NR_syscalls > lis r10,sys_call_table@h > ori r10,r10,sys_call_table@l > slwi r0,r0,2 > bge- 66f > +syscall_dotrace_cont: > lwzx r10,r10,r0 /* Fetch system call handler [ptr] */ > mtlr r10 > addi r9,r1,STACK_FRAME_OVERHEAD > @@ -457,6 +457,11 @@ syscall_dotrace: > lwz r7,GPR7(r1) > lwz r8,GPR8(r1) > REST_NVGPRS(r1) > + cmplwi 0,r0,NR_syscalls > + lis r10,sys_call_table@h > + ori r10,r10,sys_call_table@l > + slwi r0,r0,2 > + bge- ret_from_syscall > b syscall_dotrace_cont > > syscall_exit_work: > diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S > index d180caf2..0d22fa8 100644 > --- a/arch/powerpc/kernel/entry_64.S > +++ b/arch/powerpc/kernel/entry_64.S > @@ -144,7 +144,6 @@ END_FW_FTR_SECTION_IFSET(FW_FEATURE_SPLPAR) > ld r10,TI_FLAGS(r11) > andi. r11,r10,_TIF_SYSCALL_DOTRACE > bne syscall_dotrace > -.Lsyscall_dotrace_cont: > cmpldi 0,r0,NR_syscalls > bge- syscall_enosys > > @@ -253,7 +252,9 @@ syscall_dotrace: > addi r9,r1,STACK_FRAME_OVERHEAD > CURRENT_THREAD_INFO(r10, r1) > ld r10,TI_FLAGS(r10) > - b .Lsyscall_dotrace_cont > + cmpldi 0,r0,NR_syscalls > + bge- syscall_exit Shouldn't this be .Lsyscall_exit? > + b system_call > > syscall_enosys: > li r3,-ENOSYS > diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c > index f21897b..2edae06 100644 > --- a/arch/powerpc/kernel/ptrace.c > +++ b/arch/powerpc/kernel/ptrace.c > @@ -1775,13 +1775,15 @@ long do_syscall_trace_enter(struct pt_regs *regs) > secure_computing_strict(regs->gpr[0]); > > if (test_thread_flag(TIF_SYSCALL_TRACE) && > - tracehook_report_syscall_entry(regs)) > + tracehook_report_syscall_entry(regs)) { > /* > * Tracing decided this syscall should not happen. > * We'll return a bogus call number to get an ENOSYS > * error, but leave the original number in regs->gpr[0]. > */ > ret = -1L; > + syscall_set_return_value(current, regs, ENOSYS, 0); > + } > > if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) > trace_sys_enter(regs, regs->gpr[0]); > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3 1/3] powerpc: Don't force ENOSYS as error on syscall fail 2015-02-18 3:01 ` Mike Strosaker @ 2015-02-18 6:50 ` Purcareata Bogdan 0 siblings, 0 replies; 6+ messages in thread From: Purcareata Bogdan @ 2015-02-18 6:50 UTC (permalink / raw) To: Mike Strosaker, Bogdan Purcareata, benh, paulus, linuxppc-dev, mpe Cc: pmoore, linux-kernel On 18.02.2015 05:01, Mike Strosaker wrote: > This patch failed to build using pseries_le_defconfig. With the change > noted below in entry_64.S, the build succeeded and seccomp mode 2 worked > correctly. > > Best, > Mike Strosaker > > On 02/13/2015 02:22 AM, Bogdan Purcareata wrote: >> In certain scenarios - e.g. seccomp filtering with ERRNO as default action - >> the system call fails for other reasons than the syscall not being available. >> The seccomp filter can be configured to store a user-defined error code on >> return from a blacklisted syscall. Don't always set ENOSYS on >> do_syscall_trace_enter failure. >> >> Delegate setting ENOSYS in case of failure, where appropriate, to >> do_syscall_trace_enter. >> >> v3: >> - keep setting ENOSYS in the syscall entry assembly for scenarios without >> syscall tracing >> >> v2: >> - move setting ENOSYS as errno from the syscall entry assembly to >> do_syscall_trace_enter, only in the specific case >> >> Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> >> --- >> arch/powerpc/kernel/entry_32.S | 7 ++++++- >> arch/powerpc/kernel/entry_64.S | 5 +++-- >> arch/powerpc/kernel/ptrace.c | 4 +++- >> 3 files changed, 12 insertions(+), 4 deletions(-) >> >> diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S >> index 46fc0f4..b2f88cd 100644 >> --- a/arch/powerpc/kernel/entry_32.S >> +++ b/arch/powerpc/kernel/entry_32.S >> @@ -333,12 +333,12 @@ _GLOBAL(DoSyscall) >> lwz r11,TI_FLAGS(r10) >> andi. r11,r11,_TIF_SYSCALL_DOTRACE >> bne- syscall_dotrace >> -syscall_dotrace_cont: >> cmplwi 0,r0,NR_syscalls >> lis r10,sys_call_table@h >> ori r10,r10,sys_call_table@l >> slwi r0,r0,2 >> bge- 66f >> +syscall_dotrace_cont: >> lwzx r10,r10,r0 /* Fetch system call handler [ptr] */ >> mtlr r10 >> addi r9,r1,STACK_FRAME_OVERHEAD >> @@ -457,6 +457,11 @@ syscall_dotrace: >> lwz r7,GPR7(r1) >> lwz r8,GPR8(r1) >> REST_NVGPRS(r1) >> + cmplwi 0,r0,NR_syscalls >> + lis r10,sys_call_table@h >> + ori r10,r10,sys_call_table@l >> + slwi r0,r0,2 >> + bge- ret_from_syscall >> b syscall_dotrace_cont >> >> syscall_exit_work: >> diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S >> index d180caf2..0d22fa8 100644 >> --- a/arch/powerpc/kernel/entry_64.S >> +++ b/arch/powerpc/kernel/entry_64.S >> @@ -144,7 +144,6 @@ END_FW_FTR_SECTION_IFSET(FW_FEATURE_SPLPAR) >> ld r10,TI_FLAGS(r11) >> andi. r11,r10,_TIF_SYSCALL_DOTRACE >> bne syscall_dotrace >> -.Lsyscall_dotrace_cont: >> cmpldi 0,r0,NR_syscalls >> bge- syscall_enosys >> >> @@ -253,7 +252,9 @@ syscall_dotrace: >> addi r9,r1,STACK_FRAME_OVERHEAD >> CURRENT_THREAD_INFO(r10, r1) >> ld r10,TI_FLAGS(r10) >> - b .Lsyscall_dotrace_cont >> + cmpldi 0,r0,NR_syscalls >> + bge- syscall_exit > > Shouldn't this be .Lsyscall_exit? Thanks for testing and spotting this! The kernel I tested with didn't have syscall_exit converted to a local label (commit 4c3b21686111e0ac6018469dacbc5549f9915cf8). Will resend with this change. Bogdan P. >> + b system_call >> >> syscall_enosys: >> li r3,-ENOSYS >> diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c >> index f21897b..2edae06 100644 >> --- a/arch/powerpc/kernel/ptrace.c >> +++ b/arch/powerpc/kernel/ptrace.c >> @@ -1775,13 +1775,15 @@ long do_syscall_trace_enter(struct pt_regs *regs) >> secure_computing_strict(regs->gpr[0]); >> >> if (test_thread_flag(TIF_SYSCALL_TRACE) && >> - tracehook_report_syscall_entry(regs)) >> + tracehook_report_syscall_entry(regs)) { >> /* >> * Tracing decided this syscall should not happen. >> * We'll return a bogus call number to get an ENOSYS >> * error, but leave the original number in regs->gpr[0]. >> */ >> ret = -1L; >> + syscall_set_return_value(current, regs, ENOSYS, 0); >> + } >> >> if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) >> trace_sys_enter(regs, regs->gpr[0]); >> > ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v3 2/3] powerpc: Relax secure computing on syscall entry trace 2015-02-13 8:22 [PATCH v3 0/3] powerpc: Enable seccomp filter support Bogdan Purcareata 2015-02-13 8:22 ` [PATCH v3 1/3] powerpc: Don't force ENOSYS as error on syscall fail Bogdan Purcareata @ 2015-02-13 8:22 ` Bogdan Purcareata 2015-02-13 8:22 ` [PATCH v3 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER Bogdan Purcareata 2 siblings, 0 replies; 6+ messages in thread From: Bogdan Purcareata @ 2015-02-13 8:22 UTC (permalink / raw) To: benh, paulus, linuxppc-dev, mpe Cc: pmoore, linux-kernel, Bogdan Purcareata, strosake The secure_computing_strict will just force the kernel to panic on secure_computing failure. Once SECCOMP_FILTER support is enabled in the kernel, syscalls can be denied without system failure. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> --- arch/powerpc/kernel/ptrace.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c index 2edae06..285e056 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c @@ -1772,7 +1772,9 @@ long do_syscall_trace_enter(struct pt_regs *regs) user_exit(); - secure_computing_strict(regs->gpr[0]); + /* Do the secure computing check first; failures should be fast. */ + if (secure_computing(regs->gpr[0]) == -1) + return -1L; if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) { -- 2.1.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v3 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER 2015-02-13 8:22 [PATCH v3 0/3] powerpc: Enable seccomp filter support Bogdan Purcareata 2015-02-13 8:22 ` [PATCH v3 1/3] powerpc: Don't force ENOSYS as error on syscall fail Bogdan Purcareata 2015-02-13 8:22 ` [PATCH v3 2/3] powerpc: Relax secure computing on syscall entry trace Bogdan Purcareata @ 2015-02-13 8:22 ` Bogdan Purcareata 2 siblings, 0 replies; 6+ messages in thread From: Bogdan Purcareata @ 2015-02-13 8:22 UTC (permalink / raw) To: benh, paulus, linuxppc-dev, mpe Cc: pmoore, linux-kernel, Bogdan Purcareata, strosake Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> --- arch/powerpc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 22b0940..2588b57 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -104,6 +104,7 @@ config PPC select HAVE_EFFICIENT_UNALIGNED_ACCESS if !CPU_LITTLE_ENDIAN select HAVE_KPROBES select HAVE_ARCH_KGDB + select HAVE_ARCH_SECCOMP_FILTER select HAVE_KRETPROBES select HAVE_ARCH_TRACEHOOK select HAVE_MEMBLOCK -- 2.1.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-02-18 6:51 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-02-13 8:22 [PATCH v3 0/3] powerpc: Enable seccomp filter support Bogdan Purcareata 2015-02-13 8:22 ` [PATCH v3 1/3] powerpc: Don't force ENOSYS as error on syscall fail Bogdan Purcareata 2015-02-18 3:01 ` Mike Strosaker 2015-02-18 6:50 ` Purcareata Bogdan 2015-02-13 8:22 ` [PATCH v3 2/3] powerpc: Relax secure computing on syscall entry trace Bogdan Purcareata 2015-02-13 8:22 ` [PATCH v3 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER Bogdan Purcareata
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).