Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp785336pxk;
        Wed, 23 Sep 2020 16:36:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwONFt7WyqtKOysH8gkN0KP0hmFgJfeCet8mW/qh8gaFQ6QYf1YJsG87ierLY0LXlkognFn
X-Received: by 2002:a17:906:2786:: with SMTP id j6mr1940326ejc.73.1600904192389;
        Wed, 23 Sep 2020 16:36:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600904192; cv=none;
        d=google.com; s=arc-20160816;
        b=TqzyYksgKx3LV05kVPB1TUA/l9wyjGzokAksuQuekh+7k+M1D8ULmkXJV11C6XmX9K
         IzSk98cs8oslku8qNEwfjVJg0wVoHo5Y0KCAhpGfRIElVi3mztrGg0Z/lb/Xyk8rOo0S
         lvWXn1qQ/AWBJw9Xg+WVIQUKEEZKuiwalyBu7HokVYsAlyUb6N8+9rQupOPy1BwGKqO/
         M+/NpU+kKY6VOSJOSAaUsZnru4K5gKKyJwurXZQxqZ4KWC84zyrLp9iU5yia75VJ+7w+
         OsN+yVklUmNtlxhjY0ry422KBKQUJrWENt9kY3f6ycqTyKu2+wzWzVh2RXavf+Lr6LmL
         GaBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=dRM2RxYevz4ZLx42XYlJ4AIQPGby+e+r+LDyrwiMJmY=;
        b=PPcq2RIzSJ+I2IUvEjWPlmj2S9exb0oJsUjL75dB12v2WhdMJ93ih+rLeg+CxxMA09
         Ki3i3ANzpvNPuWqMdtvUMrHQeMo7FWjQX7YCCpGs3lTsYoTvWVMLp01UvWvSLA/6MHRl
         4eSjZuPZmRWfB/aFAq991OC+iFk5G0Wsuo7ERcJgti61PcOJeKV1rDpK7b223vg191qF
         uVGF1rTc6kh+AXI0GxttDREqRNG+Y+82Xcre8Yht0at9EdH1aEZAWJlA9x4Zedquv8bG
         ksEQp3wPgVT+NErDQ9Dd6nGt+qlKdlngAZVq6k1z8jrptKnRVvp9hfzePLfBjHjfNusU
         jqyQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YImT8s0t;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z15si857986ejm.695.2020.09.23.16.36.09;
        Wed, 23 Sep 2020 16:36:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YImT8s0t;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726572AbgIWX32 (ORCPT <rfc822;0330sisy@gmail.com> + 99 others);
        Wed, 23 Sep 2020 19:29:28 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60290 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726562AbgIWX31 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Sep 2020 19:29:27 -0400
Received: from mail-pl1-x641.google.com (mail-pl1-x641.google.com [IPv6:2607:f8b0:4864:20::641])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D91C9C0613D2
        for <linux-kernel@vger.kernel.org>; Wed, 23 Sep 2020 16:29:27 -0700 (PDT)
Received: by mail-pl1-x641.google.com with SMTP id q12so557769plr.12
        for <linux-kernel@vger.kernel.org>; Wed, 23 Sep 2020 16:29:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=dRM2RxYevz4ZLx42XYlJ4AIQPGby+e+r+LDyrwiMJmY=;
        b=YImT8s0t4ro5HLSsWUw0wPm9p8M2rMPRr1XMLfBu5tvvY24Y3b7+SScvQCxYa+mKnA
         hgoYM5/ccPMAXnlw70N83Y9+Cl38QLui9PJIpibXpOgNKL6n5KQ4soHzwx2kGWb3WXCm
         Jnq0DOeHpwfCyW/oH3OOX/dvAtuDKFlbXMpdQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=dRM2RxYevz4ZLx42XYlJ4AIQPGby+e+r+LDyrwiMJmY=;
        b=NmSNVZU5yPynFKlrujbXFMOUYnq5i3vVpGc5M4Q1OsZpZTCG9oA43ppb7aVkVhV7Db
         PUkEIHJnH6lNNCnCwRvIzM2N7MPzD/AFEgMd30bPGk16QWkXZdZYIOW1+k2FyF3MdqVy
         TJdNZ+h6YVNijzHp2/0z4y4cELV7+zVoTDkLkkCTdDMJed4cCk8R3Ta+QIR3zDZKKYrb
         r5iDbL2xrpN3OTBc1Fd5hZwiG2qB2Ms/RJEZdXOZtmwn667ayR5vlUeiEkHXrIfUtVYZ
         tG6PSsVBKi8LUIQkBaz/hVsPy1HOz63JzgjsMDAZAGH43fVh1XHDKJ3+/bf52DAIyean
         herQ==
X-Gm-Message-State: AOAM531RK1wn+cqH6nFy/GjuNUlLkq01dcUyjpxesryfXo1J+ZH8CWw9
        GmwSUS/HeY2sxNwZ8UjsYm+7Ow==
X-Received: by 2002:a17:90a:4046:: with SMTP id k6mr1441778pjg.11.1600903767231;
        Wed, 23 Sep 2020 16:29:27 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id c186sm828427pga.61.2020.09.23.16.29.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 23 Sep 2020 16:29:26 -0700 (PDT)
From:   Kees Cook <keescook@chromium.org>
To:     YiFei Zhu <yifeifz2@illinois.edu>
Cc:     Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Tycho Andersen <tycho@tycho.pizza>,
        Andy Lutomirski <luto@amacapital.net>,
        Will Drewry <wad@chromium.org>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Giuseppe Scrivano <gscrivan@redhat.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Dimitrios Skarlatos <dskarlat@cs.cmu.edu>,
        Valentin Rothberg <vrothber@redhat.com>,
        Hubertus Franke <frankeh@us.ibm.com>,
        Jack Chen <jianyan2@illinois.edu>,
        Josep Torrellas <torrella@illinois.edu>,
        Tianyin Xu <tyxu@illinois.edu>, bpf@vger.kernel.org,
        containers@lists.linux-foundation.org, linux-api@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH 2/6] x86: Enable seccomp architecture tracking
Date:   Wed, 23 Sep 2020 16:29:19 -0700
Message-Id: <20200923232923.3142503-3-keescook@chromium.org>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200923232923.3142503-1-keescook@chromium.org>
References: <20200923232923.3142503-1-keescook@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Provide seccomp internals with the details to calculate which syscall
table the running kernel is expecting to deal with. This allows for
efficient architecture pinning and paves the way for constant-action
bitmaps.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/include/asm/seccomp.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/arch/x86/include/asm/seccomp.h b/arch/x86/include/asm/seccomp.h
index 2bd1338de236..38181e20e1d3 100644
--- a/arch/x86/include/asm/seccomp.h
+++ b/arch/x86/include/asm/seccomp.h
@@ -16,6 +16,20 @@
 #define __NR_seccomp_sigreturn_32	__NR_ia32_sigreturn
 #endif
 
+#ifdef CONFIG_X86_64
+# define SECCOMP_ARCH					AUDIT_ARCH_X86_64
+# ifdef CONFIG_COMPAT
+#  define SECCOMP_ARCH_COMPAT				AUDIT_ARCH_I386
+# endif
+# ifdef CONFIG_X86_X32_ABI
+#  define SECCOMP_MULTIPLEXED_SYSCALL_TABLE_ARCH	AUDIT_ARCH_X86_64
+#  define SECCOMP_MULTIPLEXED_SYSCALL_TABLE_MASK	__X32_SYSCALL_BIT
+#  define SECCOMP_MULTIPLEXED_SYSCALL_TABLE_SHIFT	29
+#endif
+#else /* !CONFIG_X86_64 */
+# define SECCOMP_ARCH					AUDIT_ARCH_I386
+#endif
+
 #include <asm-generic/seccomp.h>
 
 #endif /* _ASM_X86_SECCOMP_H */
-- 
2.25.1