Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp720932ybh; Sat, 18 Jul 2020 19:17:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyOIvUFeQHvNsxvkeJnX76swwd4sOxYSdd2JCv7lVIBHzNAwTqMxdupSUkizdaFmn7lpdx4 X-Received: by 2002:aa7:cf82:: with SMTP id z2mr15031296edx.15.1595125055029; Sat, 18 Jul 2020 19:17:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595125055; cv=none; d=google.com; s=arc-20160816; b=nfFU5i3YyY+aLRHYWjhR1Mvtst9jMj4TYQqMjO9LpyBQbgYXhud8sOzRtbP2e32jAY KhVnEX8OmeenqMHpwAVeqNhfmV0k0X9tKgGFmI1tRMPYtT5IddD8Xke5DLHTIC6KFaPK EcJIfoAen1OURwAWV4Qq1Z2r666tK9qO2TvTEdWzadIsc85nAHu/hwSD562VTaWeB36c LJL+/LKCbkhN10L+dkSNVmYacmWzs5mF/XC/xYgb+V5LN7YyGFxzxHTfPsfghU5NCeg+ Y6qBpvNHQGH98hFzhMMaO56y+ofyodj8wGyRbKn8AFqOV7q9bTjVaJS9ZdRo91wtuYuK SBXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DDjkruDZZiGuO+G4uGfQWxOYHUq1vj3yKKda7hKMhwc=; b=qSnzFrnyV8FK5QZ1fUs+tCZytFjxtwyrkZyooG3/x+ZqM+dHko3a/CZ1L5dnLtoV+8 CpYP3Mi88vOhTsFyTwcgVshRWsiOnkLBtxyF0DrAOlo0bNt6UIzqTw+WJd514iRzCLoI n0YgRZlvqmHEuFDaWL30Moo1HfFSH+xIQyav7W7ISJmPFCoUjI+WNwoHYEKs5LUpuTr4 SAKYFeZw9BOaXcDs5KFv+zoT2XdvBIUCjbhtEr9TRL7G2PWgiUEd3MxSG2rVRutFLcTC 0lXAPkZphMIRcdERP98ZpDjJP0Jyr4uq3Kxq39WlUDUpiwN6UlKQ4+T+krlf59SVPKdH ECTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=sUh8rRPh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y2si8392486edt.252.2020.07.18.19.17.12; Sat, 18 Jul 2020 19:17:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=sUh8rRPh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726666AbgGSCRE (ORCPT + 99 others); Sat, 18 Jul 2020 22:17:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34202 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726619AbgGSCRD (ORCPT ); Sat, 18 Jul 2020 22:17:03 -0400 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B499C0619D2; Sat, 18 Jul 2020 19:17:03 -0700 (PDT) Received: by mail-pl1-x644.google.com with SMTP id l6so7077331plt.7; Sat, 18 Jul 2020 19:17:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DDjkruDZZiGuO+G4uGfQWxOYHUq1vj3yKKda7hKMhwc=; b=sUh8rRPhAmf8OutYt/BHJG13s9KA8uRNsqFyjyJz/7Yh/Y7BbVuVKPk/Pt1FLSzi9X xm66I9JrTallWYHWskBcOH1tB9T1NAuD/+Vi9G6hA3/1Sc4jpdKTVzkN+G8kj5CIinxh G2Y6TLfZmgvsZT7R2LMk1eRJ8HNBpHfNn/AbwXvv97eVJYl7SqBsbsswjWECFSGd0the kUi+PWWD3hTage2lAs7zlvsE+cRDlI7nAnHXLoRnBcqnCasO2TuIgxMyQdA4nDeQcz3h nwrEVd/e18B0GtZvKaE6bySlF+sR3I0UDIeilLQaYS9xAGVTXZWdxjQ/b4YfWAC0vtqD kJRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DDjkruDZZiGuO+G4uGfQWxOYHUq1vj3yKKda7hKMhwc=; b=ekTpisN8gB2M/86ZnRR+Xh5NSNuO5HXvsOgE3rpvbkSSifjYdlb9guSCGaHpryWqHw hM4f7Ml7VMT/0ypv4ChV7zFdww/dNyca0ooN7guY2xgAtoyfVMFvx3+Vv6RGwCaVMhec T5+1QG9+c6rsu7oQ/8sw+DM5BeUqf+qohK9Yb28Klp3Chgr4fXCjgAOmCEx3/HyRbTT0 h+DiWVwPYYcnJsEebT5rtS8ZZvwGN6U5ZpFLpEhHLtA4VQ+Z5ynHLwtStXYvnqSKcfd5 urxNuPanRJJnklTPpZCYg083EO4xAexTqiLwKYV36PDzX1sdJDP8Ip0PcBFARUqPA3gD 6S3A== X-Gm-Message-State: AOAM533RaWTkY/YUBoBjnWk0bnR3HOr6yr5OY6Huw2LSKgN2s3VWpNaX zEz5pkJxFxgjLG6OuGsdfhI= X-Received: by 2002:a17:902:fe0d:: with SMTP id g13mr13465637plj.326.1595125022614; Sat, 18 Jul 2020 19:17:02 -0700 (PDT) Received: from octofox.hsd1.ca.comcast.net ([2601:641:400:e00:19b7:f650:7bbe:a7fb]) by smtp.gmail.com with ESMTPSA id a68sm6891159pje.35.2020.07.18.19.17.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Jul 2020 19:17:02 -0700 (PDT) From: Max Filippov To: linux-xtensa@linux-xtensa.org Cc: Chris Zankel , linux-kernel@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, Max Filippov Subject: [PATCH 2/3] xtensa: add seccomp support Date: Sat, 18 Jul 2020 19:16:53 -0700 Message-Id: <20200719021654.25922-3-jcmvbkbc@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200719021654.25922-1-jcmvbkbc@gmail.com> References: <20200719021654.25922-1-jcmvbkbc@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add SECCOMP to xtensa Kconfig, select HAVE_ARCH_SECCOMP_FILTER, add TIF_SECCOMP and call secure_computing from do_syscall_trace_enter. Signed-off-by: Max Filippov --- .../seccomp/seccomp-filter/arch-support.txt | 2 +- arch/xtensa/Kconfig | 15 +++++++++++++++ arch/xtensa/include/asm/Kbuild | 1 + arch/xtensa/include/asm/thread_info.h | 5 ++++- arch/xtensa/kernel/ptrace.c | 4 +++- 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/Documentation/features/seccomp/seccomp-filter/arch-support.txt b/Documentation/features/seccomp/seccomp-filter/arch-support.txt index c7b837f735b1..7b3ec8ea174a 100644 --- a/Documentation/features/seccomp/seccomp-filter/arch-support.txt +++ b/Documentation/features/seccomp/seccomp-filter/arch-support.txt @@ -30,5 +30,5 @@ | um: | ok | | unicore32: | TODO | | x86: | ok | - | xtensa: | TODO | + | xtensa: | ok | ----------------------- diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig index a7def0991a01..a461ee051e73 100644 --- a/arch/xtensa/Kconfig +++ b/arch/xtensa/Kconfig @@ -24,6 +24,7 @@ config XTENSA select HAVE_ARCH_AUDITSYSCALL select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL select HAVE_ARCH_KASAN if MMU && !XIP_KERNEL + select HAVE_ARCH_SECCOMP_FILTER select HAVE_ARCH_TRACEHOOK select HAVE_COPY_THREAD_TLS select HAVE_DEBUG_KMEMLEAK @@ -217,6 +218,20 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. +config SECCOMP + bool + prompt "Enable seccomp to safely compute untrusted bytecode" + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + config FAST_SYSCALL_XTENSA bool "Enable fast atomic syscalls" default n diff --git a/arch/xtensa/include/asm/Kbuild b/arch/xtensa/include/asm/Kbuild index 9718e9593564..c59c42a1221a 100644 --- a/arch/xtensa/include/asm/Kbuild +++ b/arch/xtensa/include/asm/Kbuild @@ -7,4 +7,5 @@ generic-y += mcs_spinlock.h generic-y += param.h generic-y += qrwlock.h generic-y += qspinlock.h +generic-y += seccomp.h generic-y += user.h diff --git a/arch/xtensa/include/asm/thread_info.h b/arch/xtensa/include/asm/thread_info.h index c49cc4a1f39a..8918f0f20c53 100644 --- a/arch/xtensa/include/asm/thread_info.h +++ b/arch/xtensa/include/asm/thread_info.h @@ -112,6 +112,7 @@ static inline struct thread_info *current_thread_info(void) #define TIF_NOTIFY_RESUME 7 /* callback before returning to user */ #define TIF_DB_DISABLED 8 /* debug trap disabled for syscall */ #define TIF_SYSCALL_AUDIT 9 /* syscall auditing active */ +#define TIF_SECCOMP 10 /* secure computing */ #define _TIF_SYSCALL_TRACE (1< #include #include +#include #include #include #include @@ -559,7 +560,8 @@ int do_syscall_trace_enter(struct pt_regs *regs) return 0; } - if (regs->syscall == NO_SYSCALL) { + if (regs->syscall == NO_SYSCALL || + secure_computing() == -1) { do_syscall_trace_leave(regs); return 0; } -- 2.20.1