Re: [PATCH] m68k/kernel - wire up syscall_trace_enter/leave for m68k

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

	Hi Adrian,

On Wed, 26 Aug 2020, John Paul Adrian Glaubitz wrote:

On 8/26/20 2:38 PM, Geert Uytterhoeven wrote:

That part is outdated. It was removed in the second commit I posted, see:


https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/sh?id=0bb605c2c7f2b4b314b91510810b226de7f34fa1


That's the part which adds seccomp filter support.


Do you have the check of the return value already in syscall_trace_entry?

It should check for "-1" and jump to syscall_exit if true.


No, as that's needed only for seccomp filter support, AFAIU.

Have a look at arm, where seccomp filter support is optional, depending on ABI.


As far as I know, filter support is mandatory these days. At least for SH, libseccomp
sent me away with my PR and told me to come back until the kernel has filter support.


OK.


Maybe I'm missing something but let's put Michael Karcher in the loop, he knows better
as he helped me with the kernel parts of SECCOMP on SH.


More work on top of the previous patch. It starts to look better:

   -FAILED: 13 / 86 tests passed.
   +FAILED: 35 / 86 tests passed.

But there are still fishy failures.  Most popular one is:

    Test exited normally instead of by signal (code: 0)

And things like:

    Expected 0 (0) == syscall(__NR_getpid) (705)
    Expected 0 (-270272472) == ptrace(PTRACE_GETREGS, tracee, 0, &regs) (0)




From 1ae515061575024081af930f4e5f9283910648de Mon Sep 17 00:00:00 2001

From: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
Date: Wed, 26 Aug 2020 16:11:35 +0200
Subject: [PATCH] [WIP] seccomp filter support

Signed-off-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
---
 arch/m68k/68000/entry.S         |  2 ++
 arch/m68k/Kconfig               |  1 +
 arch/m68k/coldfire/entry.S      |  2 ++
 arch/m68k/include/asm/syscall.h | 41 +++++++++++++++++++++++++++++++++
 arch/m68k/kernel/ptrace.c       |  3 ++-
 5 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/arch/m68k/68000/entry.S b/arch/m68k/68000/entry.S
index 259b3661b614168f..3526970e3c10535f 100644
--- a/arch/m68k/68000/entry.S
+++ b/arch/m68k/68000/entry.S
@@ -47,6 +47,8 @@ do_trace:
 	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	tstl	%d0
+	jne	ret_from_exception
 	movel	%sp@(PT_OFF_ORIG_D0),%d1
 	movel	#-ENOSYS,%d0
 	cmpl	#NR_syscalls,%d1
diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
index 29ab228a9a721939..2166c9d84794a969 100644
--- a/arch/m68k/Kconfig
+++ b/arch/m68k/Kconfig
@@ -19,6 +19,7 @@ config M68K
 	select GENERIC_STRNCPY_FROM_USER if MMU
 	select GENERIC_STRNLEN_USER if MMU
 	select HAVE_AOUT if MMU
+	select HAVE_ARCH_SECCOMP_FILTER
 	select HAVE_ASM_MODVERSIONS
 	select HAVE_DEBUG_BUGVERBOSE
 	select HAVE_FUTEX_CMPXCHG if MMU && FUTEX
diff --git a/arch/m68k/coldfire/entry.S b/arch/m68k/coldfire/entry.S
index d43a02795a4a445e..13bf787968273165 100644
--- a/arch/m68k/coldfire/entry.S
+++ b/arch/m68k/coldfire/entry.S
@@ -92,6 +92,8 @@ ENTRY(system_call)
 	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	tstl	%d0
+	jne	ret_from_exception
 	movel	%d3,%a0
 	jbsr	%a0@
 	movel	%d0,%sp@(PT_OFF_D0)		/* save the return value */
diff --git a/arch/m68k/include/asm/syscall.h b/arch/m68k/include/asm/syscall.h
index 465ac039be09a1b8..ac0f5d997be63b07 100644
--- a/arch/m68k/include/asm/syscall.h
+++ b/arch/m68k/include/asm/syscall.h
@@ -4,6 +4,47 @@

 #include <uapi/linux/audit.h>

+static inline long syscall_get_nr(struct task_struct *tsk,
+				  struct pt_regs *regs)
+{
+	return regs->orig_d0;
+}
+
+static inline void syscall_rollback(struct task_struct *task,
+				    struct pt_regs *regs)
+{
+	regs->d0 = regs->orig_d0;
+}
+
+static inline long syscall_get_return_value(struct task_struct *task,
+					    struct pt_regs *regs)
+{
+	return regs->d0;
+}
+
+static inline void syscall_set_return_value(struct task_struct *task,
+					    struct pt_regs *regs,
+					    int error, long val)
+{
+	regs->d0 = error ?: val;
+}
+
+static inline void syscall_get_arguments(struct task_struct *tsk,
+					 struct pt_regs *regs,
+					 unsigned long *args)
+{
+	memcpy(args, &regs->d1, 6 * sizeof(args[0]));
+}
+
+static inline void syscall_set_arguments(struct task_struct *task,
+					 struct pt_regs *regs,
+					 unsigned int i, unsigned int n,
+					 const unsigned long *args)
+{
+	BUG_ON(i + n > 6);
+	memcpy(&regs->d1 + i, args, n * sizeof(args[0]));
+}
+
 static inline int syscall_get_arch(struct task_struct *task)
 {
 	return AUDIT_ARCH_M68K;
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index ec5653b85dcdb4f9..a3a0a230dcdfc953 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -279,7 +279,8 @@ asmlinkage int syscall_trace_enter(void)
 	if (test_thread_flag(TIF_SYSCALL_TRACE))
 		ret = tracehook_report_syscall_entry(task_pt_regs(current));

-	secure_computing_strict(task_pt_regs(current)->orig_d0);
+	if (secure_computing())
+		return -1;

 	return ret;
 }
--
2.17.1



Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds
[Index of Archives]     [Video for Linux]     [Yosemite News]     [Linux S/390]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux