From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Will Deacon <will.deacon@arm.com>
Cc: "wad@chromium.org" <wad@chromium.org>,
Catalin Marinas <Catalin.Marinas@arm.com>,
"dsaxena@linaro.org" <dsaxena@linaro.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linaro-kernel@lists.linaro.org" <linaro-kernel@lists.linaro.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [RESEND PATCH v4 2/2] arm64: Add seccomp support
Date: Thu, 10 Jul 2014 06:33:50 +0200 [thread overview]
Message-ID: <53BE17AE.7080301@linaro.org> (raw)
In-Reply-To: <20140709111239.GH9485@arm.com>
Will,
> (1) Updating syscallno based on w8, but this ties us to the current ABI
> and could get messy if this register changes in the future.
So, is this the conclusion that I should follow?
-Takahiro AKASHI
On 07/09/2014 01:12 PM, Will Deacon wrote:
> Hi Akashi,
>
> On Fri, Jul 04, 2014 at 08:31:55AM +0100, AKASHI Takahiro wrote:
>> secure_computing() should always be called first in syscall_trace_enter().
>> If it returns non-zero, we should stop further handling. Then that system
>> call may eventually fail, be trapped or the process itself be killed
>> depending on loaded rules.
>> In this case, syscall_trace_enter() returns a dedicated value in order to
>> skip a normal syscall table lookup because a seccomp rule may have already
>> overridden errno.
>
> [...]
>
>> diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
>> index 70526cf..baab5fc 100644
>> --- a/arch/arm64/kernel/ptrace.c
>> +++ b/arch/arm64/kernel/ptrace.c
>> @@ -21,12 +21,14 @@
>>
>> #include <linux/audit.h>
>> #include <linux/compat.h>
>> +#include <linux/errno.h>
>> #include <linux/kernel.h>
>> #include <linux/sched.h>
>> #include <linux/mm.h>
>> #include <linux/smp.h>
>> #include <linux/ptrace.h>
>> #include <linux/user.h>
>> +#include <linux/seccomp.h>
>> #include <linux/security.h>
>> #include <linux/init.h>
>> #include <linux/signal.h>
>> @@ -1109,6 +1111,10 @@ static void tracehook_report_syscall(struct pt_regs *regs,
>>
>> asmlinkage int syscall_trace_enter(struct pt_regs *regs)
>> {
>> + if (secure_computing(regs->syscallno) == -1)
>> + /* seccomp failures shouldn't expose any additional code. */
>> + return -EPERM;
>> +
>> if (test_thread_flag(TIF_SYSCALL_TRACE))
>> tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
>
> We return regs->syscallno immediately after this, so we have the same issue
> that Kees identified for arch/arm/. Did you follow the discussion I had with
> Andy?
>
> Will
>
next prev parent reply other threads:[~2014-07-10 4:34 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-04 7:31 [RESEND PATCH v4 0/2] arm64: Add seccomp support AKASHI Takahiro
2014-07-04 7:31 ` [RESEND PATCH v4 1/2] asm-generic: Add generic seccomp.h for secure computing mode 1 AKASHI Takahiro
2014-07-04 7:31 ` [RESEND PATCH v4 2/2] arm64: Add seccomp support AKASHI Takahiro
2014-07-09 11:12 ` Will Deacon
2014-07-10 4:33 ` AKASHI Takahiro [this message]
2014-07-10 8:48 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53BE17AE.7080301@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=Catalin.Marinas@arm.com \
--cc=dsaxena@linaro.org \
--cc=linaro-kernel@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=wad@chromium.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).