Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1632672pxa; Sun, 2 Aug 2020 15:02:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwrHqsXZcuexJ+nI7jDlocX8uAeBmY/T9S8+M8iDHxvYefUBVV2x78EweaLSBaJnjwN9uQV X-Received: by 2002:a17:906:27d7:: with SMTP id k23mr13584948ejc.74.1596405760094; Sun, 02 Aug 2020 15:02:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596405760; cv=none; d=google.com; s=arc-20160816; b=MdNbvNYnuXtYzKzAx00tTHIxQPPQVdfnyzD7BxFvWNN6vOPhpC2L/0XUNBiKD1PkUC UsjTSfkPk46dxUdTE49+YYq0J0GxLkElXq+yheBL4RTzXTXwT0dcjlDQResIMCPjwooe t38WH3yyyjOxznQRLuURN3dLyeu1oNBvlwVAKT0BdDeUUfNd5/CLx3SPnnrZw84wvOMO D+q+uUbgshJUlksSW7hMcZopNXz3fzRbUI8p6y0QKBUn+GOQuro2P6NUir7lOPjoT/Bt 6MO7Yo+fGydlzXJDnT5y++N9hT+63Mp9Tw5rpXyLK/GsFXp9NhxrhRCmK+7ifx4pOiHR lTqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=f5S9JNnF2UEJe5yVlsL0SbCgobt+c34saRmh1QKIm4Y=; b=I3U9Qx4Q7oVzgILFuUx7TMpoaNO9L5k3EcE+vJb9hiJsU01mc/zTCf9GCsDeE+oQgz +y8IcbK+HjPZ1U+TUvdmrcYlpEFxxE9zYpctC+Ntr2aC3dEub+sRfvD9e+v13tsxFkms j2YedJoYn0jQRsdHbRgRaRBeTYlyW87mrYhz/m+uO5flsMcS21ax/kCsUueM7l/pew8E mbQFnLJDF34clmd8z81p1QDC878blixvunjbuPq7VPZI9R8QsJbquMxKo4hA7A2105++ lbIHSv5J1cTNCFquuUrNLUa8dZszNvNbbinG9/4DbmjgcvvLTQR3+w59cZqJwvCBY3xI gdyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b23si9478146ejb.465.2020.08.02.15.02.17; Sun, 02 Aug 2020 15:02:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728224AbgHBV76 (ORCPT + 99 others); Sun, 2 Aug 2020 17:59:58 -0400 Received: from smtp-190e.mail.infomaniak.ch ([185.125.25.14]:57003 "EHLO smtp-190e.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728193AbgHBV7y (ORCPT ); Sun, 2 Aug 2020 17:59:54 -0400 Received: from smtp-2-0000.mail.infomaniak.ch (unknown [10.5.36.107]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4BKZgC1k2lzlhb5w; Sun, 2 Aug 2020 23:59:35 +0200 (CEST) Received: from localhost (unknown [94.23.54.103]) by smtp-2-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4BKZgB5sdmzlh8T4; Sun, 2 Aug 2020 23:59:34 +0200 (CEST) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: linux-kernel@vger.kernel.org Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Al Viro , Andy Lutomirski , Anton Ivanov , Arnd Bergmann , Casey Schaufler , James Morris , Jann Horn , Jeff Dike , Jonathan Corbet , Kees Cook , Michael Kerrisk , Richard Weinberger , "Serge E . Hallyn" , Shuah Khan , Vincent Dagonneau , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-security-module@vger.kernel.org, x86@kernel.org Subject: [PATCH v20 09/12] arch: Wire up Landlock syscalls Date: Sun, 2 Aug 2020 23:59:00 +0200 Message-Id: <20200802215903.91936-10-mic@digikod.net> X-Mailer: git-send-email 2.28.0.rc2 In-Reply-To: <20200802215903.91936-1-mic@digikod.net> References: <20200802215903.91936-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Wire up the following system calls for all architectures: * landlock_get_features(2) * landlock_create_ruleset(2) * landlock_add_rule(2) * landlock_enforce_ruleset(2) Signed-off-by: Mickaël Salaün Cc: Arnd Bergmann Cc: James Morris Cc: Jann Horn Cc: Kees Cook Cc: Serge E. Hallyn --- Changes since v19: * Increase syscall numbers by 4 to leave space for new ones (in linux-next): watch_mount(2), watch_sb(2), fsinfo(2) and process_madvise(2) (requested by Arnd Bergmann). * Replace the previous multiplexor landlock(2) with 4 syscalls: landlock_get_features(2), landlock_create_ruleset(2), landlock_add_rule(2) and landlock_enforce_ruleset(2). Changes since v18: * Increase the syscall number because of the new faccessat2(2). Changes since v14: * Add all architectures. Changes since v13: * New implementation. --- arch/alpha/kernel/syscalls/syscall.tbl | 4 ++++ arch/arm/tools/syscall.tbl | 4 ++++ arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 8 ++++++++ arch/ia64/kernel/syscalls/syscall.tbl | 4 ++++ arch/m68k/kernel/syscalls/syscall.tbl | 4 ++++ arch/microblaze/kernel/syscalls/syscall.tbl | 4 ++++ arch/mips/kernel/syscalls/syscall_n32.tbl | 4 ++++ arch/mips/kernel/syscalls/syscall_n64.tbl | 4 ++++ arch/mips/kernel/syscalls/syscall_o32.tbl | 4 ++++ arch/parisc/kernel/syscalls/syscall.tbl | 4 ++++ arch/powerpc/kernel/syscalls/syscall.tbl | 4 ++++ arch/s390/kernel/syscalls/syscall.tbl | 4 ++++ arch/sh/kernel/syscalls/syscall.tbl | 4 ++++ arch/sparc/kernel/syscalls/syscall.tbl | 4 ++++ arch/x86/entry/syscalls/syscall_32.tbl | 4 ++++ arch/x86/entry/syscalls/syscall_64.tbl | 4 ++++ arch/xtensa/kernel/syscalls/syscall.tbl | 4 ++++ include/uapi/asm-generic/unistd.h | 10 +++++++++- 19 files changed, 82 insertions(+), 2 deletions(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index 5ddd128d4b7a..d59664094690 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -478,3 +478,7 @@ 547 common openat2 sys_openat2 548 common pidfd_getfd sys_pidfd_getfd 549 common faccessat2 sys_faccessat2 +554 common landlock_get_features sys_landlock_get_features +555 common landlock_create_ruleset sys_landlock_create_ruleset +556 common landlock_add_rule sys_landlock_add_rule +557 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index d5cae5ffede0..9fe59a61fa75 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -452,3 +452,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h index 3b859596840d..fb7a0be2f3d9 100644 --- a/arch/arm64/include/asm/unistd.h +++ b/arch/arm64/include/asm/unistd.h @@ -38,7 +38,7 @@ #define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5) #define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800) -#define __NR_compat_syscalls 440 +#define __NR_compat_syscalls 448 #endif #define __ARCH_WANT_SYS_CLONE diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index 6d95d0c8bf2f..d150396491e6 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -885,6 +885,14 @@ __SYSCALL(__NR_openat2, sys_openat2) __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd) #define __NR_faccessat2 439 __SYSCALL(__NR_faccessat2, sys_faccessat2) +#define __NR_landlock_get_features 444 +__SYSCALL(__NR_landlock_get_features, sys_landlock_get_features) +#define __NR_landlock_create_ruleset 445 +__SYSCALL(__NR_landlock_create_ruleset, sys_landlock_create_ruleset) +#define __NR_landlock_add_rule 446 +__SYSCALL(__NR_landlock_add_rule, sys_landlock_add_rule) +#define __NR_landlock_enforce_ruleset 447 +__SYSCALL(__NR_landlock_enforce_ruleset, sys_landloc_enforce_rulesetk) /* * Please add new compat syscalls above this comment and update diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl index 49e325b604b3..84872f8daa42 100644 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@ -359,3 +359,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index f71b1bbcc198..a362b4b16d7b 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -438,3 +438,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index edacc4561f2b..acc931725b43 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -444,3 +444,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index f777141f5256..5e1d5bfced9d 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -377,3 +377,7 @@ 437 n32 openat2 sys_openat2 438 n32 pidfd_getfd sys_pidfd_getfd 439 n32 faccessat2 sys_faccessat2 +444 n32 landlock_get_features sys_landlock_get_features +445 n32 landlock_create_ruleset sys_landlock_create_ruleset +446 n32 landlock_add_rule sys_landlock_add_rule +447 n32 landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index da8c76394e17..8d9b6175f4af 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -353,3 +353,7 @@ 437 n64 openat2 sys_openat2 438 n64 pidfd_getfd sys_pidfd_getfd 439 n64 faccessat2 sys_faccessat2 +444 n64 landlock_get_features sys_landlock_get_features +445 n64 landlock_create_ruleset sys_landlock_create_ruleset +446 n64 landlock_add_rule sys_landlock_add_rule +447 n64 landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 13280625d312..66e58338772a 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -426,3 +426,7 @@ 437 o32 openat2 sys_openat2 438 o32 pidfd_getfd sys_pidfd_getfd 439 o32 faccessat2 sys_faccessat2 +444 o32 landlock_get_features sys_landlock_get_features +445 o32 landlock_create_ruleset sys_landlock_create_ruleset +446 o32 landlock_add_rule sys_landlock_add_rule +447 o32 landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index 5a758fa6ec52..70bdc7c43464 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -436,3 +436,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index f833a3190822..3f1d2c12eb98 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -528,3 +528,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index bfdcb7633957..577d590450e9 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -441,3 +441,7 @@ 437 common openat2 sys_openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index acc35daa1b79..9202338a9e70 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -441,3 +441,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 8004a276cb74..b4c47eefda57 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -484,3 +484,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index d8f8a1a69ed1..26735df8c19e 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -443,3 +443,7 @@ 437 i386 openat2 sys_openat2 438 i386 pidfd_getfd sys_pidfd_getfd 439 i386 faccessat2 sys_faccessat2 +444 i386 landlock_get_features sys_landlock_get_features +445 i386 landlock_create_ruleset sys_landlock_create_ruleset +446 i386 landlock_add_rule sys_landlock_add_rule +447 i386 landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index 78847b32e137..7e9c927b51fb 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -360,6 +360,10 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset # # x32-specific system call numbers start at 512 to avoid cache impact diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index 69d0d73876b3..c8b1a6218ee6 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -409,3 +409,7 @@ 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd 439 common faccessat2 sys_faccessat2 +444 common landlock_get_features sys_landlock_get_features +445 common landlock_create_ruleset sys_landlock_create_ruleset +446 common landlock_add_rule sys_landlock_add_rule +447 common landlock_enforce_ruleset sys_landlock_enforce_ruleset diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index f4a01305d9a6..ff3afbf02b51 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -857,9 +857,17 @@ __SYSCALL(__NR_openat2, sys_openat2) __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd) #define __NR_faccessat2 439 __SYSCALL(__NR_faccessat2, sys_faccessat2) +#define __NR_landlock_get_features 444 +__SYSCALL(__NR_landlock_get_features, sys_landlock_get_features) +#define __NR_landlock_create_ruleset 445 +__SYSCALL(__NR_landlock_create_ruleset, sys_landlock_create_ruleset) +#define __NR_landlock_add_rule 446 +__SYSCALL(__NR_landlock_add_rule, sys_landlock_add_rule) +#define __NR_landlock_enforce_ruleset 447 +__SYSCALL(__NR_landlock_enforce_ruleset, sys_landloc_enforce_rulesetk) #undef __NR_syscalls -#define __NR_syscalls 440 +#define __NR_syscalls 448 /* * 32 bit systems traditionally used different -- 2.28.0.rc2