From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753403AbdK1Xmg (ORCPT ); Tue, 28 Nov 2017 18:42:36 -0500 Received: from mail-ua0-f196.google.com ([209.85.217.196]:45502 "EHLO mail-ua0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752694AbdK1Xmf (ORCPT ); Tue, 28 Nov 2017 18:42:35 -0500 X-Google-Smtp-Source: AGs4zMan+3tFSPjSygZKF24Z4OlGAKwVH6M6fFdroZwsgb14i9e7V7a0iRtPFOyUyZEa6uXVBPwJPgxqArKTJ/yX6Ic= MIME-Version: 1.0 In-Reply-To: <20171011153921.20731-2-tycho@docker.com> References: <20171011153921.20731-1-tycho@docker.com> <20171011153921.20731-2-tycho@docker.com> From: Kees Cook Date: Tue, 28 Nov 2017 15:42:33 -0800 X-Google-Sender-Auth: lXPp5DVw2SKrL7XPOEvED0VyD-E Message-ID: Subject: Re: [PATCH v3 2/2] ptrace, seccomp: add support for retrieving seccomp metadata To: Tycho Andersen Cc: LKML , Andy Lutomirski , Oleg Nesterov Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 11, 2017 at 8:39 AM, Tycho Andersen wrote: > With the new SECCOMP_FILTER_FLAG_LOG, we need to be able to extract these > flags for checkpoint restore, since they describe the state of a filter. > > So, let's add PTRACE_SECCOMP_GET_METADATA, similar to ..._GET_FILTER, which > returns the metadata of the nth filter (right now, just the flags). > Hopefully this will be future proof, and new per-filter metadata can be > added to this struct. > > v3: * use GET_METADATA instead of GET_FLAGS > > Signed-off-by: Tycho Andersen > CC: Kees Cook > CC: Andy Lutomirski > CC: Oleg Nesterov Applied for -next (with a minor whitespace fix). Thanks! -Kees > --- > include/linux/seccomp.h | 8 ++++++++ > include/uapi/linux/ptrace.h | 6 ++++++ > kernel/ptrace.c | 4 ++++ > kernel/seccomp.c | 34 ++++++++++++++++++++++++++++++++++ > 4 files changed, 52 insertions(+) > > diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h > index c8bef436b61d..a6dee99cd187 100644 > --- a/include/linux/seccomp.h > +++ b/include/linux/seccomp.h > @@ -94,11 +94,19 @@ static inline void get_seccomp_filter(struct task_struct *tsk) > #if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE) > extern long seccomp_get_filter(struct task_struct *task, > unsigned long filter_off, void __user *data); > +extern long seccomp_get_metadata(struct task_struct *task, > + unsigned long filter_off, void __user *data); > #else > static inline long seccomp_get_filter(struct task_struct *task, > unsigned long n, void __user *data) > { > return -EINVAL; > } > +static inline long seccomp_get_metadata(struct task_struct *task, > + unsigned long filter_off, > + void __user *data) > +{ > + return -EINVAL; > +} > #endif /* CONFIG_SECCOMP_FILTER && CONFIG_CHECKPOINT_RESTORE */ > #endif /* _LINUX_SECCOMP_H */ > diff --git a/include/uapi/linux/ptrace.h b/include/uapi/linux/ptrace.h > index fb8106509000..4e9774812dba 100644 > --- a/include/uapi/linux/ptrace.h > +++ b/include/uapi/linux/ptrace.h > @@ -65,6 +65,12 @@ struct ptrace_peeksiginfo_args { > #define PTRACE_SETSIGMASK 0x420b > > #define PTRACE_SECCOMP_GET_FILTER 0x420c > +#define PTRACE_SECCOMP_GET_METADATA 0x420d > + > +struct seccomp_metadata { > + unsigned long filter_off; /* Input: which filter */ > + unsigned int flags; /* Output: filter's flags */ > +}; > > /* Read signals from a shared (process wide) queue */ > #define PTRACE_PEEKSIGINFO_SHARED (1 << 0) > diff --git a/kernel/ptrace.c b/kernel/ptrace.c > index 84b1367935e4..58291e9f3276 100644 > --- a/kernel/ptrace.c > +++ b/kernel/ptrace.c > @@ -1092,6 +1092,10 @@ int ptrace_request(struct task_struct *child, long request, > ret = seccomp_get_filter(child, addr, datavp); > break; > > + case PTRACE_SECCOMP_GET_METADATA: > + ret = seccomp_get_metadata(child, addr, datavp); > + break; > + > default: > break; > } > diff --git a/kernel/seccomp.c b/kernel/seccomp.c > index 2e1568261ac4..ea762af4974d 100644 > --- a/kernel/seccomp.c > +++ b/kernel/seccomp.c > @@ -1060,6 +1060,40 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, > __put_seccomp_filter(filter); > return ret; > } > + > +long seccomp_get_metadata(struct task_struct *task, > + unsigned long size, void __user *data) > +{ > + long ret; > + struct seccomp_filter *filter; > + struct seccomp_metadata kmd = {}; > + > + if (!capable(CAP_SYS_ADMIN) || > + current->seccomp.mode != SECCOMP_MODE_DISABLED) { > + return -EACCES; > + } > + > + size = min_t(unsigned long, size, sizeof(kmd)); > + > + if (copy_from_user(&kmd, data, size)) > + return -EFAULT; > + > + filter = get_nth_filter(task, kmd.filter_off); > + if (IS_ERR(filter)) > + return PTR_ERR(filter); > + > + memset(&kmd, 0, sizeof(kmd)); > + if (filter->log) > + kmd.flags |= SECCOMP_FILTER_FLAG_LOG; > + > + ret = size; > + if (copy_to_user(data, &kmd, size)) > + ret = -EFAULT; > + > + __put_seccomp_filter(filter); > + return ret; > + > +} > #endif > > #ifdef CONFIG_SYSCTL > -- > 2.11.0 > -- Kees Cook Pixel Security