Re: [RESEND PATCH v4 2/2] arm64: Add seccomp support

From: AKASHI Takahiro
Date: Thu Jul 10 2014 - 00:35:02 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH v2] mm/vmalloc.c: clean up map_vm_area third argument"
Previous message: Trond Myklebust: "Re: [PATCH 1/1] Fix permission checking by NFS client for open-create with mode 000"
In reply to: Will Deacon: "Re: [RESEND PATCH v4 2/2] arm64: Add seccomp support"
Next in thread: Will Deacon: "Re: [RESEND PATCH v4 2/2] arm64: Add seccomp support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Will,

> (1) Updating syscallno based on w8, but this ties us to the current ABI
> and could get messy if this register changes in the future.

So, is this the conclusion that I should follow?

-Takahiro AKASHI

On 07/09/2014 01:12 PM, Will Deacon wrote:

Hi Akashi,

On Fri, Jul 04, 2014 at 08:31:55AM +0100, AKASHI Takahiro wrote:

secure_computing() should always be called first in syscall_trace_enter().
If it returns non-zero, we should stop further handling. Then that system
call may eventually fail, be trapped or the process itself be killed
depending on loaded rules.
In this case, syscall_trace_enter() returns a dedicated value in order to
skip a normal syscall table lookup because a seccomp rule may have already
overridden errno.

[...]

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 70526cf..baab5fc 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -21,12 +21,14 @@

#include <linux/audit.h>
#include <linux/compat.h>
+#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/mm.h>
#include <linux/smp.h>
#include <linux/ptrace.h>
#include <linux/user.h>
+#include <linux/seccomp.h>
#include <linux/security.h>
#include <linux/init.h>
#include <linux/signal.h>
@@ -1109,6 +1111,10 @@ static void tracehook_report_syscall(struct pt_regs *regs,

asmlinkage int syscall_trace_enter(struct pt_regs *regs)
{
+ if (secure_computing(regs->syscallno) == -1)
+ /* seccomp failures shouldn't expose any additional code. */
+ return -EPERM;
+
if (test_thread_flag(TIF_SYSCALL_TRACE))
tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);

We return regs->syscallno immediately after this, so we have the same issue
that Kees identified for arch/arm/. Did you follow the discussion I had with
Andy?

Will

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "Re: [PATCH v2] mm/vmalloc.c: clean up map_vm_area third argument"
Previous message: Trond Myklebust: "Re: [PATCH 1/1] Fix permission checking by NFS client for open-create with mode 000"
In reply to: Will Deacon: "Re: [RESEND PATCH v4 2/2] arm64: Add seccomp support"
Next in thread: Will Deacon: "Re: [RESEND PATCH v4 2/2] arm64: Add seccomp support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]