From patchwork Mon Mar 12 21:28:33 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Drewry X-Patchwork-Id: 146259 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id F41EFB6FB6 for ; Tue, 13 Mar 2012 08:32:05 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753757Ab2CLVbn (ORCPT ); Mon, 12 Mar 2012 17:31:43 -0400 Received: from mail-yx0-f174.google.com ([209.85.213.174]:37453 "EHLO mail-yx0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757501Ab2CLVaM (ORCPT ); Mon, 12 Mar 2012 17:30:12 -0400 Received: by mail-yx0-f174.google.com with SMTP id l12so3080533yen.19 for ; Mon, 12 Mar 2012 14:30:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references; bh=0xlcPjQYSOz4othT2Kw6CCmTKTaFjlFG+o+qADYoA3M=; b=EGBSXdYn1XO7b/DR87szu1q1Whc7Mo+iwVrNlRYokBKW3ASTw7TY6NI2cG976Ey2ka umemwD9smRtDcwNhGX4AGTwJquKt/XJQyOZclaDT91vwcNJeFdUb7t2YrRfYqiTfpODk wz8OocKSI9TAM+JxoSyAH5YEmf9HWe5HSgpok= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references :x-gm-message-state; bh=0xlcPjQYSOz4othT2Kw6CCmTKTaFjlFG+o+qADYoA3M=; b=AdaKsShel2whFpryPgqGJB8mKbgquflmeox4+zcQfkK6Xh64MC8lBLYiH7+gvAXjlS oWIdFsSANxc1cihcCHnaWnlDQuNnlxgn3soqRKZY00VKZPqxI1wuEOf63PKGtEElg9ds 3JmUxD7rirFAmMcXyuHkX/avlLAFJraw37FTYuu3rTULX63uucy5zKhAFEKo5ruhNnml zxdXTxjTHM7LTD9d0H+t8PAFe+lL1mXNE4bARgwp9CSozl0ERT7eQVoEqBSHL1gTSFU+ 7lJADvlfLBCNb66TUPNM46t1QpxbZNatGEOdn8c3hjjqm966vHDLCWSANlNosayMxJif sS7Q== Received: by 10.101.20.9 with SMTP id x9mr4617640ani.66.1331587811937; Mon, 12 Mar 2012 14:30:11 -0700 (PDT) Received: from localhost.localdomain (173-164-30-65-Nashville.hfc.comcastbusiness.net. [173.164.30.65]) by mx.google.com with ESMTPS id p3sm24586214and.4.2012.03.12.14.30.09 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 12 Mar 2012 14:30:10 -0700 (PDT) From: Will Drewry To: linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com, netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de, davem@davemloft.net, hpa@zytor.com, mingo@redhat.com, oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net, mcgrathr@chromium.org, tglx@linutronix.de, luto@mit.edu, eparis@redhat.com, serge.hallyn@canonical.com, djm@mindrot.org, scarybeasts@gmail.com, indan@nul.nu, pmoore@redhat.com, akpm@linux-foundation.org, corbet@lwn.net, eric.dumazet@gmail.com, markus@chromium.org, coreyb@linux.vnet.ibm.com, keescook@chromium.org, Will Drewry Subject: [PATCH v14 11/13] x86: Enable HAVE_ARCH_SECCOMP_FILTER Date: Mon, 12 Mar 2012 16:28:33 -0500 Message-Id: <1331587715-26069-11-git-send-email-wad@chromium.org> X-Mailer: git-send-email 1.7.5.4 In-Reply-To: <1331587715-26069-1-git-send-email-wad@chromium.org> References: <1331587715-26069-1-git-send-email-wad@chromium.org> X-Gm-Message-State: ALoCoQmheNxexbs72g36RjdApv0UGoWsU+jr/yeZE4oKm/ABr/kLpxydppVuk2qnqBCy2O4NCiQp Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Enable support for seccomp filter on x86: - asm/tracehook.h exists - syscall_get_arguments() works - syscall_rollback() works - ptrace_report_syscall() works - secure_computing() return value is honored (see below) This also adds support for honoring the return value from secure_computing(). SECCOMP_RET_TRACE and SECCOMP_RET_TRAP may result in seccomp needing to skip a system call without killing the process. This is done by returning a non-zero (-1) value from secure_computing. This change makes x86 respect that return value. To ensure that minimal kernel code is exposed, a non-zero return value results in an immediate return to user space (with an invalid syscall number). Signed-off-by: Will Drewry --- arch/x86/Kconfig | 1 + arch/x86/kernel/ptrace.c | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 5bed94e..4c9012b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -82,6 +82,7 @@ config X86 select CLKEVT_I8253 select ARCH_HAVE_NMI_SAFE_CMPXCHG select GENERIC_IOMAP + select HAVE_ARCH_SECCOMP_FILTER config INSTRUCTION_DECODER def_bool (KPROBES || PERF_EVENTS) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 5026738..90d465a 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -1380,7 +1380,11 @@ long syscall_trace_enter(struct pt_regs *regs) regs->flags |= X86_EFLAGS_TF; /* do the secure computing check first */ - secure_computing(regs->orig_ax); + if (secure_computing(regs->orig_ax)) { + /* seccomp failures shouldn't expose any additional code. */ + ret = -1L; + goto out; + } if (unlikely(test_thread_flag(TIF_SYSCALL_EMU))) ret = -1L; @@ -1405,6 +1409,7 @@ long syscall_trace_enter(struct pt_regs *regs) regs->dx, regs->r10); #endif +out: return ret ?: regs->orig_ax; }