Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp413391imu; Tue, 27 Nov 2018 14:31:16 -0800 (PST) X-Google-Smtp-Source: AFSGD/WhIHmlyQWUO5s9kUF8KcO7d1UnLPcEmHJuAFRj2voU3kG08K5c8y3iKMYyXXjT17zfXyLC X-Received: by 2002:a63:d104:: with SMTP id k4mr30357482pgg.227.1543357875967; Tue, 27 Nov 2018 14:31:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543357875; cv=none; d=google.com; s=arc-20160816; b=sokmHs3racGcwtJMMDP2vV7OU6O2M9MBKV2czwLC72yzresyqalI9h2BHKo4Vz2JwV O4GTUN3bvvoakE02/ZT+kj8JsDIoQYZgnWsscShpvl8zFdXWqkJwf7cjYfzm2Tw1GBT3 ZI4Y5VDVuYABiH6xSFATMiRaqqJDlln/UEuNsnvr5EfLcu+Mwnyz++j/OkCtREawP0Re UrQQroXgRNT1GNShuZV8KULcLZvBdamxPGcCOOzzbBlvFB5CTZlW/jKTnK5u5wdBvOzR IurxrZBQ4cr27qpvBFPUo8Cvwa6CnndWEU4/y69DxcAk2ZYe6bKWNQ2UXZ3tZ9E6H0dY +/Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=WW8bgpKHo05gPWwa1WmZMrRyx4HbC5t6/zYCxOKYWjU=; b=xvL/xg7S821eJbYQRMJYmVgwjdFqlg/IK5N+n35xGQEcMont80bEFYzEc3GVQmbpv1 WO1TwpQ3TdPx2W9GkUYGAe2JQdQlNPTXT+FAGe1jCUBea1HmuEQYiIN8VnY6nt/rqXgm AmshbVgY4KXH1K22ktVWGa9X3Fdxi3ALm80qZtcnNbfQZaPgqv8dXp6LNT3O5jDYPH8y H9LwiJSxDaSOU0fu7CHIQxu7It3Dp0XNs8R8UgZM4uyPAzXEpidworr+/o0e3gyb16ZF 5urq6XJQJIsHiqI1EUPUU8N1VdKdG6yrcTAK3oJrlbF4qs1IJQoE0Z0SzZJ2kSpNRaiZ zZfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=LvTMQPpg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u202si5321943pgb.115.2018.11.27.14.31.00; Tue, 27 Nov 2018 14:31:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=LvTMQPpg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726995AbeK1J2Z (ORCPT + 99 others); Wed, 28 Nov 2018 04:28:25 -0500 Received: from mail-yw1-f66.google.com ([209.85.161.66]:40868 "EHLO mail-yw1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726299AbeK1J2Z (ORCPT ); Wed, 28 Nov 2018 04:28:25 -0500 Received: by mail-yw1-f66.google.com with SMTP id r130so6699240ywg.7 for ; Tue, 27 Nov 2018 14:29:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WW8bgpKHo05gPWwa1WmZMrRyx4HbC5t6/zYCxOKYWjU=; b=LvTMQPpgqsyYyAPPiHLWDGV5RTL4ir5J8VlwkfO1hECOvuW5mvyScnaMm4mFDJaDDs L3e1Tpt8KyqIgRwarytY3xoC/y1vq59QeTctm/HCKXAXhYwr0k58eOkDFMRwrmLiMXgh ibk92UYu7ntc/w2tsai6Wguvz1l603UZqTJx8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WW8bgpKHo05gPWwa1WmZMrRyx4HbC5t6/zYCxOKYWjU=; b=Zf8ViZRrbkQL+LJ5Q+7xXUhO8syFeEVurwVmHpnyEzxsTWbzEdIXPuTTv8eKhCRgbZ SMnLmpGD65DalQVmayMBmCZGyMuQY6h6TfyKztojmGUWgAAoybIm9/tELv5D722gnFyA x4kX2NaOKWmc2mzgmIqkmvX2J5wiXgPVX5wCZjZkICkvz8nyhSwLSfojsRC0MDKQuutv vkDvlES9OajIm/gWaQNo7hDmCEH/iMPWCpOCMhb3Zz7pLrSrYZAm3y1xrJy9Ij/tr8in 7vAyB/DXTdxFKAFNCwf7372T/GlgpYVuO45frDPVITOwXBmKVDpq5EvOTbO4CarzYWup FbEA== X-Gm-Message-State: AGRZ1gLMf8Ao6RBIyF27NDLf6lLqymNS1qNDF3nvOqc0WDCpnPQ3rL/M HTYh1gctcyLdTMQv5w4TfPVPDEXFMl4= X-Received: by 2002:a81:ad49:: with SMTP id l9mr36205013ywk.260.1543357741839; Tue, 27 Nov 2018 14:29:01 -0800 (PST) Received: from mail-yw1-f50.google.com (mail-yw1-f50.google.com. [209.85.161.50]) by smtp.gmail.com with ESMTPSA id q187sm1562112ywb.40.2018.11.27.14.28.59 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Nov 2018 14:29:00 -0800 (PST) Received: by mail-yw1-f50.google.com with SMTP id h138-v6so8055909ywa.11 for ; Tue, 27 Nov 2018 14:28:59 -0800 (PST) X-Received: by 2002:a81:c446:: with SMTP id s6mr26549072ywj.237.1543357739468; Tue, 27 Nov 2018 14:28:59 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a25:b906:0:0:0:0:0 with HTTP; Tue, 27 Nov 2018 14:28:58 -0800 (PST) In-Reply-To: <20181125041003.GA3258@altlinux.org> References: <20181121165806.07da7c98@akathisia> <20181121235634.GA14146@altlinux.org> <20181122191504.GB27204@altlinux.org> <20181123040139.GB2572@altlinux.org> <20181125041003.GA3258@altlinux.org> From: Kees Cook Date: Tue, 27 Nov 2018 14:28:58 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2] ptrace: add PTRACE_GET_SYSCALL_INFO request To: "Dmitry V. Levin" Cc: Andy Lutomirski , Elvira Khabirova , Linux API , Jann Horn , Oleg Nesterov , Steven Rostedt , Ingo Molnar , LKML , Eugene Syromiatnikov , strace-devel@lists.strace.io Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Nov 24, 2018 at 8:10 PM, Dmitry V. Levin wrote: > On Fri, Nov 23, 2018 at 07:01:39AM +0300, Dmitry V. Levin wrote: >> On Thu, Nov 22, 2018 at 04:19:10PM -0800, Andy Lutomirski wrote: >> > On Thu, Nov 22, 2018 at 11:15 AM Dmitry V. Levin wrote: >> > > On Thu, Nov 22, 2018 at 06:55:29AM -0800, Andy Lutomirski wrote: >> > > > On Wed, Nov 21, 2018 at 3:56 PM Dmitry V. Levin wrote: >> > > > > On Wed, Nov 21, 2018 at 02:56:57PM -0800, Andy Lutomirski wrote: >> > > > > > Please cc linux-api@vger.kernel.org for future versions. >> > > > > > >> > > > > > On Wed, Nov 21, 2018 at 7:58 AM Elvira Khabirova wrote: >> > > > > > > >> > > > > > > struct ptrace_syscall_info { >> > > > > > > __u8 op; /* 0 for entry, 1 for exit */ >> > > > > > >> > > > > > Can you add proper defines, like: >> > > > > > >> > > > > > #define PTRACE_SYSCALL_ENTRY 0 >> > > > > > #define PTRACE_SYSCALL_EXIT 1 >> > > > > > #define PTRACE_SYSCALL_SECCOMP 2 >> > > > > > >> > > > > > and make seccomp work from the start? I'd rather we don't merge an >> > > > > > implementation that doesn't work for seccomp and then have to rework >> > > > > > it later. Yes, please. >> > > > > >> > > > > What's the difference between PTRACE_EVENT_SECCOMP and syscall-entry-stop >> > > > > with regards to PTRACE_GET_SYSCALL_INFO request? At least they have the >> > > > > same entry_info to return. >> > > > >> > > > I'm not sure there's any material difference. >> > > >> > > In that case we don't really need PTRACE_SYSCALL_SECCOMP: op field >> > > describes the structure inside the union to use, not the ptrace stop. >> > >> > Unless we think the structures might diverge in the future. Yes, I want to make sure we have a way to expand this, especially for seccomp: we've come close a few times to adding new fields to struct seccomp_data, for example. >> >> If these structures ever diverge, then a seccomp structure will be added >> to the union, and a portable userspace code will likely look this way: >> >> #include >> ... >> struct ptrace_syscall_info info; >> long rc = ptrace(PTRACE_GET_SYSCALL_INFO, pid, (void *) sizeof(info), &info); >> ... >> switch (info.op) { >> case PTRACE_SYSCALL_INFO_ENTRY: >> /* handle info.entry */ >> case PTRACE_SYSCALL_INFO_EXIT: >> /* handle info.exit */ >> #ifdef PTRACE_SYSCALL_INFO_SECCOMP >> case PTRACE_SYSCALL_INFO_SECCOMP: >> /* handle info.seccomp */ >> #endif >> default: >> /* handle unknown info.op */ >> } >> >> In other words, it would be better if PTRACE_SYSCALL_INFO_* selector >> constants were introduced along with corresponding structures in the >> union. > > However, the approach I suggested doesn't provide forward compatibility: > if userspace is compiled with kernel headers that don't define > PTRACE_SYSCALL_INFO_SECCOMP, it will break when the kernel > starts to use PTRACE_SYSCALL_INFO_SECCOMP instead of > PTRACE_SYSCALL_INFO_ENTRY for PTRACE_EVENT_SECCOMP support > in PTRACE_GET_SYSCALL_INFO. > > The solution is to introduce PTRACE_SYSCALL_INFO_SECCOMP and struct > ptrace_syscall_info.seccomp along with PTRACE_EVENT_SECCOMP support > in PTRACE_GET_SYSCALL_INFO. The initial revision of the seccomp > structure could be made the same as the entry structure, or it can > diverge from the beginning, e.g., by adding ret_data field containing > SECCOMP_RET_DATA return value stored in ptrace_message, this would save > ptracers an extra PTRACE_GETEVENTMSG call currently required to obtain it. Yup, that'd be a nice addition. -- Kees Cook