Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp11036399imu; Thu, 6 Dec 2018 10:27:39 -0800 (PST) X-Google-Smtp-Source: AFSGD/VhxGFqvjmNQEnTkJ1YC2hwkZukh4gNL9bjpuSpyLjxijVolD1nnpn47+amXR238WpWIrQN X-Received: by 2002:a62:3ac1:: with SMTP id v62mr28652914pfj.87.1544120859850; Thu, 06 Dec 2018 10:27:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544120859; cv=none; d=google.com; s=arc-20160816; b=QfbBdZYj21OmC3DoZ6MPr/FVeJNwZHYc0OGrkswl2t636HujRFwbLa9eozgWpGBJbO qOriJuvhp3c59N0P2CLvGhPvnlbTgrIiGYiixQyEteStRO/Gt62jB3S9kKzgBwf2cQzf OHFX6a5TRXGB73WuFnD8sTgDJY0ZDUXgfpSGPqSJalNFUzY6RoFAL9j5VkfA8YqZFmHE K2D5Aaou4AICgkBujW6MYoiSufVAyQ4vbCoMI426yaOgWRB+4K10lnCwF3B4QVLQhXQ5 ge57xhhJhH86xDQ5GuYjKW/jpqEaRddSq18G1Dh3qy2CZdY5AT3pZGYQo7IF/m9iMnnB bt8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=v2DWXNZ/Eudi3XtWV6e+8PEfxt5fUO75Ry2aNHGeSqc=; b=Fg9kGrLWHcXe3k1cbrth/DmfSOMd6hHzTYH/hWouKQDKG01YjPdNsknDaG34kEaLVe Ygg6nJgSkmp+Ghswi5N3AOhe88mJT+Lsyc/YVGzwsHBAifPKqIZa+0T/MOnoC2DYH6Yu dA6g/KK+5EuzWLSYGSNrZMqVckpzMpqTKCBrhe22s7aFSiz0zLsUyKOZmk4rReh68NRV btG7WFd2fc4Zss2lTvbVZWD8QBbXBsPD/q3FaIhzy7+NNshKUscgUlqe2bhz5Me3yqve j40MzTCRX6RE7ngnrZaiAUASi62mVKK+eX5sE3doAi6HY1MVYYzo9OoWAUiKWBxN3xe9 rzVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HApzvqug; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i9si808762plb.35.2018.12.06.10.27.24; Thu, 06 Dec 2018 10:27:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HApzvqug; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726027AbeLFS0H (ORCPT + 99 others); Thu, 6 Dec 2018 13:26:07 -0500 Received: from mail-oi1-f193.google.com ([209.85.167.193]:35510 "EHLO mail-oi1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725898AbeLFS0H (ORCPT ); Thu, 6 Dec 2018 13:26:07 -0500 Received: by mail-oi1-f193.google.com with SMTP id v6so1239488oif.2 for ; Thu, 06 Dec 2018 10:26:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=v2DWXNZ/Eudi3XtWV6e+8PEfxt5fUO75Ry2aNHGeSqc=; b=HApzvqugz5o2w6TxLkJMJyiDE8mJAGIlDA9FJyxBHkuVOHFh7NfJLcR33fvCdetIXi mJkJ5NunGNHcTiSVB8CjhxkY/q925yEtAggokiXdEoL1Xe9g6G64IPTnLqeq/iXzj8bY AVD41zZiaLS8IoLePz77v/Px6epYakxgnzewzQJyZXBUn/RHyORkSlY6zRzuY4gC3C0c q+uhVCxfK7+hINXXTTlHkAMB6DNxSM/kcbT9zrEqQkZUz9Smv/jzvj8K7Tqi42h7Qnxp t3wC3r7yCYI2akhS3iLveyDcrlazyg0XTXcbZSVS79PIEcRYYOjAmLOV3oV8RY0cGFkI MbCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=v2DWXNZ/Eudi3XtWV6e+8PEfxt5fUO75Ry2aNHGeSqc=; b=s5w/yTjIncvwSWfaPKD2WhxHXmANMGm4pqMBgqZG7RYBUM2wFbxU8N092kN4NGXhJX Z2pVqw398VpZcu93H2XQPhFBjmwKY0dWCM6yWO3/miP1j+DOJPpZYLN9++CgCnAtxVsw HFJVFlG16u3a5JguETQHEvXXd/9UUnX6j7MrAnwYphwaEANjo/JjfwR5N+fT0JPvg3tD lRRd+mgFOUKKkw5BmYDrZEBS04hUcvWwx9lTBpsn4fuCKovzDh1FUJtCNLmLxttunhJh kWmVMNZ3W9PIvJlKjcjS71oy/DOQhpyswy2pDo6mNVoLXooZ7fAqwPcmkH1P7BLpXPZT feHg== X-Gm-Message-State: AA+aEWbzeGJRW7GrMJh6bBlFPIDEIK0IUnOIgnY2hYt6c2xD6ds3XLAE AZBM7nGgzc1Er3mhkUVvOavUzf9/4B/UbpMatw8= X-Received: by 2002:aca:db85:: with SMTP id s127mr17302958oig.165.1544120766589; Thu, 06 Dec 2018 10:26:06 -0800 (PST) MIME-Version: 1.0 References: <20181206150156.28210-1-david.abdurachmanov@gmail.com> <20181206150156.28210-2-david.abdurachmanov@gmail.com> In-Reply-To: From: David Abdurachmanov Date: Thu, 6 Dec 2018 19:25:55 +0100 Message-ID: Subject: Re: [PATCH 1/2] riscv: add support for SECCOMP incl. filters To: Kees Cook Cc: Palmer Dabbelt , aou@eecs.berkeley.edu, luto@amacapital.net, Will Drewry , Green Hu , deanbo422@gmail.com, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 6, 2018 at 5:52 PM Kees Cook wrote: > > On Thu, Dec 6, 2018 at 7:02 AM David Abdurachmanov > wrote: > > The patch adds support for SECCOMP and SECCOMP_FILTER (BPF). > > Can you add support to tools/testing/selftests/seccomp/seccomp_bpf.c > as well? That selftest finds a lot of weird corner-cases... I hate it locally and will include in v2. The results see fine (tested in QEMU). TAP version 13 selftests: seccomp: seccomp_bpf ======================================== [==========] Running 64 tests from 1 test cases. [ RUN ] global.mode_strict_support [ OK ] global.mode_strict_support [ RUN ] global.mode_strict_cannot_call_prctl [ OK ] global.mode_strict_cannot_call_prctl [ RUN ] global.no_new_privs_support [ OK ] global.no_new_privs_support [ RUN ] global.mode_filter_support [ OK ] global.mode_filter_support [ RUN ] global.mode_filter_without_nnp [ OK ] global.mode_filter_without_nnp [ RUN ] global.filter_size_limits [ OK ] global.filter_size_limits [ RUN ] global.filter_chain_limits [ OK ] global.filter_chain_limits [ RUN ] global.mode_filter_cannot_move_to_strict [ OK ] global.mode_filter_cannot_move_to_strict [ RUN ] global.mode_filter_get_seccomp [ OK ] global.mode_filter_get_seccomp [ RUN ] global.ALLOW_all [ OK ] global.ALLOW_all [ RUN ] global.empty_prog [ OK ] global.empty_prog [ RUN ] global.log_all [ OK ] global.log_all [ RUN ] global.unknown_ret_is_kill_inside [ OK ] global.unknown_ret_is_kill_inside [ RUN ] global.unknown_ret_is_kill_above_allow [ OK ] global.unknown_ret_is_kill_above_allow [ RUN ] global.KILL_all [ OK ] global.KILL_all [ RUN ] global.KILL_one [ OK ] global.KILL_one [ RUN ] global.KILL_one_arg_one [ OK ] global.KILL_one_arg_one [ RUN ] global.KILL_one_arg_six [ OK ] global.KILL_one_arg_six [ RUN ] global.KILL_thread [ OK ] global.KILL_thread [ RUN ] global.KILL_process [ OK ] global.KILL_process [ RUN ] global.arg_out_of_range [ OK ] global.arg_out_of_range [ RUN ] global.ERRNO_valid [ OK ] global.ERRNO_valid [ RUN ] global.ERRNO_zero [ OK ] global.ERRNO_zero [ RUN ] global.ERRNO_capped [ OK ] global.ERRNO_capped [ RUN ] global.ERRNO_order [ OK ] global.ERRNO_order [ RUN ] TRAP.dfl [ OK ] TRAP.dfl [ RUN ] TRAP.ign [ OK ] TRAP.ign [ RUN ] TRAP.handler [ OK ] TRAP.handler [ RUN ] precedence.allow_ok [ OK ] precedence.allow_ok [ RUN ] precedence.kill_is_highest [ OK ] precedence.kill_is_highest [ RUN ] precedence.kill_is_highest_in_any_order [ OK ] precedence.kill_is_highest_in_any_order [ RUN ] precedence.trap_is_second [ OK ] precedence.trap_is_second [ RUN ] precedence.trap_is_second_in_any_order [ OK ] precedence.trap_is_second_in_any_order [ RUN ] precedence.errno_is_third [ OK ] precedence.errno_is_third [ RUN ] precedence.errno_is_third_in_any_order [ OK ] precedence.errno_is_third_in_any_order [ RUN ] precedence.trace_is_fourth [ OK ] precedence.trace_is_fourth [ RUN ] precedence.trace_is_fourth_in_any_order [ OK ] precedence.trace_is_fourth_in_any_order [ RUN ] precedence.log_is_fifth [ OK ] precedence.log_is_fifth [ RUN ] precedence.log_is_fifth_in_any_order [ OK ] precedence.log_is_fifth_in_any_order [ RUN ] TRACE_poke.read_has_side_effects [ OK ] TRACE_poke.read_has_side_effects [ RUN ] TRACE_poke.getpid_runs_normally [ OK ] TRACE_poke.getpid_runs_normally [ RUN ] TRACE_syscall.ptrace_syscall_redirected [ OK ] TRACE_syscall.ptrace_syscall_redirected [ RUN ] TRACE_syscall.ptrace_syscall_dropped [ OK ] TRACE_syscall.ptrace_syscall_dropped [ RUN ] TRACE_syscall.syscall_allowed [ OK ] TRACE_syscall.syscall_allowed [ RUN ] TRACE_syscall.syscall_redirected [ OK ] TRACE_syscall.syscall_redirected [ RUN ] TRACE_syscall.syscall_dropped [ OK ] TRACE_syscall.syscall_dropped [ RUN ] TRACE_syscall.skip_after_RET_TRACE [ OK ] TRACE_syscall.skip_after_RET_TRACE [ RUN ] TRACE_syscall.kill_after_RET_TRACE [ OK ] TRACE_syscall.kill_after_RET_TRACE [ RUN ] TRACE_syscall.skip_after_ptrace [ OK ] TRACE_syscall.skip_after_ptrace [ RUN ] TRACE_syscall.kill_after_ptrace [ OK ] TRACE_syscall.kill_after_ptrace [ RUN ] global.seccomp_syscall [ OK ] global.seccomp_syscall [ RUN ] global.seccomp_syscall_mode_lock [ OK ] global.seccomp_syscall_mode_lock [ RUN ] global.detect_seccomp_filter_flags [ OK ] global.detect_seccomp_filter_flags [ RUN ] global.TSYNC_first [ OK ] global.TSYNC_first [ RUN ] TSYNC.siblings_fail_prctl [ OK ] TSYNC.siblings_fail_prctl [ RUN ] TSYNC.two_siblings_with_ancestor [ OK ] TSYNC.two_siblings_with_ancestor [ RUN ] TSYNC.two_sibling_want_nnp [ OK ] TSYNC.two_sibling_want_nnp [ RUN ] TSYNC.two_siblings_with_no_filter [ OK ] TSYNC.two_siblings_with_no_filter [ RUN ] TSYNC.two_siblings_with_one_divergence [ OK ] TSYNC.two_siblings_with_one_divergence [ RUN ] TSYNC.two_siblings_not_under_filter [ OK ] TSYNC.two_siblings_not_under_filter [ RUN ] global.syscall_restart [ OK ] global.syscall_restart [ RUN ] global.filter_flag_log [ OK ] global.filter_flag_log [ RUN ] global.get_action_avail [ OK ] global.get_action_avail [ RUN ] global.get_metadata [ OK ] global.get_metadata [==========] 64 / 64 tests passed. [ PASSED ] ok 1..1 selftests: seccomp: seccomp_bpf [PASS] selftests: seccomp: seccomp_benchmark ======================================== Calibrating reasonable sample size... 1544120467.383132905 - 1544120467.382814604 = 318301 1544120467.384111505 - 1544120467.383931405 = 180100 1544120467.385728706 - 1544120467.384510905 = 1217801 1544120467.386858006 - 1544120467.386096506 = 761500 1544120467.388563407 - 1544120467.387171006 = 1392401 1544120467.392465908 - 1544120467.390143107 = 2322801 1544120467.397988410 - 1544120467.393666109 = 4322301 1544120467.406494614 - 1544120467.398347511 = 8147103 1544120467.427372522 - 1544120467.406955414 = 20417108 1544120467.467600338 - 1544120467.427772222 = 39828116 1544120467.542484667 - 1544120467.467954738 = 74529929 1544120467.693806026 - 1544120467.543004867 = 150801159 1544120467.970921334 - 1544120467.694244026 = 276677308 1544120468.522149049 - 1544120467.971549534 = 550599515 1544120469.637696984 - 1544120468.522606749 = 1115090235 1544120471.829467338 - 1544120469.638147084 = 2191320254 1544120476.263601568 - 1544120471.829850239 = 4433751329 1544120485.135465027 - 1544120476.263980268 = 8871484759 Benchmarking 4194304 samples... 26.716000000 - 17.812000000 = 8904000000 getpid native: 2122 ns 46.548000000 - 26.716000000 = 19832000000 getpid RET_ALLOW: 4728 ns Estimated seccomp overhead per syscall: 2606 ns ok 1..2 selftests: seccomp: seccomp_benchmark [PASS] > > > diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h > > index 1c9cc8389928..1fd6e4130cab 100644 > > --- a/arch/riscv/include/asm/thread_info.h > > +++ b/arch/riscv/include/asm/thread_info.h > > @@ -81,6 +81,7 @@ struct thread_info { > > #define TIF_MEMDIE 5 /* is terminating due to OOM killer */ > > #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ > > #define TIF_SYSCALL_AUDIT 7 /* syscall auditing */ > > +#define TIF_SECCOMP 8 /* syscall secure computing */ > > Nit: extra tab needs to be removed. > > -- > Kees Cook