Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thu, Feb 16, 2012 at 10:12 PM, H. Peter Anvin <hpa@xxxxxxxxx> wrote:
> On 02/16/2012 07:53 PM, Will Drewry wrote:
>>
>> An earlier change Roland had prodded me toward was adding a
>> syscall_get_arch() call to asm/syscall.h which returned the
>> appropriate audit arch value for the current calling convention.  I
>> hate to suggest this, but should I go ahead and wire that up for x86
>> now, make it a dependency for HAVE_ARCH_SECCOMP_FILTER (and officially
>> part of asm/syscall.h) then let it trickle into existence?  Maybe
>> something like:
>>
>
> ... and we have been talking about making a regset and export it to
> ptrace and core dumps, too.

Would having an audit_arch returning function be useful for building
those cases too? Or would this just be nearly-duplicated code
everywhere?  (As is, ptrace usually takes shortcuts since it has the
arch-specific knowledge, so maybe it just wouldn't matter.)

>> static inline int syscall_get_arch(struct task_struct *task, struct
>> pt_regs *regs)
>> {
>> #ifdef CONFIG_IA32_EMULATION
>>   if (task_thread_info(task)->status & TS_COMPAT)
>>     return AUDIT_ARCH_I386;
>> #endif
>> #ifdef CONFIG_64BIT
>>   return AUDIT_ARCH_X86_64;
>> #else
>>   return AUDIT_ARCH_I386;
>> #endif
>> }
>>
>
> In this case it could be is_compat_task().

I wasn't sure if it was fine to add any syscall_* functions that
depended on the caller being current.

>> There would be no other callers, though, because everywhere AUDIT_ARCH
>> is used it is hardcoded as appropriate.  Then when x32 comes along, it
>> can figure out where it belongs using tif status and/or regs.
>
> For x32 you have the option of introducing a new value or relying on bit
> 30 in eax (and AUDIT_ARCH_X86_64).  The latter is more natural, probably.

Will that bit be visible as the syscall number or will it be stripped
out before passing the number around?  If it's visible, then it
doesn't seem like there'd need to be a new AUDIT_ARCH, but I suspect
someone like Eric will have an actually useful opinion.

thanks!
will
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/


[Other Archives]     [Linux Kernel Newbies]     [Linux Driver Development]     [Fedora Kernel]     [Linux Kernel Testers]     [Linux SH]     [Linux Omap]     [Linux Kbuild]     [Linux Tape]     [Linux Input]     [Linux Kernel Janitors]     [Linux Kernel Packagers]     [Linux Doc]     [Linux Man Pages]     [Linux API]     [Linux Memory Management]     [Linux Modules]     [Linux Standards]     [Kernel Announce]     [Netdev]     [Git]     [Linux PCI]     Linux CAN Development     [Linux I2C]     [Linux RDMA]     [Linux NUMA]     [Netfilter]     [Netfilter Devel]     [SELinux]     [Bugtraq]     [FIO]     [Linux Perf Users]     [Linux Serial]     [Linux PPP]     [Linux ISDN]     [Linux Next]     [Kernel Stable Commits]     [Linux Tip Commits]     [Kernel MM Commits]     [Linux Security Module]     [Filesystem Development]     [Ext3 Filesystem]     [Linux bcache]     [Ext4 Filesystem]     [Linux BTRFS]     [Linux CEPH Filesystem]     [Linux XFS]     [XFS]     [Linux NFS]     [Linux CIFS]     [Ecryptfs]     [Linux NILFS]     [Linux Cachefs]     [Reiser FS]     [Initramfs]     [Linux FB Devel]     [Linux OpenGL]     [DRI Devel]     [Fastboot]     [Linux RT Users]     [Linux RT Stable]     [eCos]     [Corosync]     [Linux Clusters]     [LVS Devel]     [Hot Plug]     [Linux Virtualization]     [KVM]     [KVM PPC]     [KVM ia64]     [Linux Containers]     [Linux Hexagon]     [Linux Cgroups]     [Util Linux]     [Wireless]     [Linux Bluetooth]     [Bluez Devel]     [Ethernet Bridging]     [Embedded Linux]     [Barebox]     [Linux MMC]     [Linux IIO]     [Sparse]     [Smatch]     [Linux Arch]     [x86 Platform Driver]     [Linux ACPI]     [Linux IBM ACPI]     [LM Sensors]     [CPU Freq]     [Linux Power Management]     [Linmodems]     [Linux DCCP]     [Linux SCTP]     [ALSA Devel]     [Linux USB]     [Linux PA RISC]     [Linux Samsung SOC]     [MIPS Linux]     [IBM S/390 Linux]     [ARM Linux]     [ARM Kernel]     [ARM MSM]     [Tegra Devel]     [Sparc Linux]     [Linux Security]     [Linux Sound]     [Linux Media]     [Video 4 Linux]     [Linux IRDA Users]     [Linux for the blind]     [Linux RAID]     [Linux ATA RAID]     [Device Mapper]     [Linux SCSI]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Linux IDE]     [Linux SMP]     [Linux AXP]     [Linux Alpha]     [Linux M68K]     [Linux ia64]     [Linux 8086]     [Linux x86_64]     [Linux Config]     [Linux Apps]     [Linux MSDOS]     [Linux X.25]     [Linux Crypto]     [DM Crypt]     [Linux Trace Users]     [Linux Btrace]     [Linux Watchdog]     [Utrace Devel]     [Linux C Programming]     [Linux Assembly]     [Dash]     [DWARVES]     [Hail Devel]     [Linux Kernel Debugger]     [Linux gcc]     [Gcc Help]     [X.Org]     [Wine]

Add to Google Powered by Linux

[Older Kernel Discussion]     [Yosemite National Park Forum]     [Large Format Photos]     [Gimp]     [Yosemite Photos]     [Stuff]