Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp2388382pxu; Fri, 9 Oct 2020 16:08:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz/q0U2aThU4w52agCbHOuPE6cBzf27SNVVTV86gN5zZp+0qxPfrBT+RwKcucsm9Fw/7DN5 X-Received: by 2002:a17:906:684c:: with SMTP id a12mr16393318ejs.406.1602284891079; Fri, 09 Oct 2020 16:08:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602284891; cv=none; d=google.com; s=arc-20160816; b=DDGcearxYfgzSBdjkHqMt0CaUd7JXIO7OAH0hbA9zV+k1PsZXLzaolxgzw9Mspxqqi 7w3V1S3Y5TUVVNj2+KtHsto4g6FHkfK+r3VzDqQP+2d2lkHu6wE78DnFMADY19rQ+WeU kpcULOJ9nM5qEeP0Z1qYE+yv5VHn6ilFmA9kFPwh6AIC5vQtYs5WrkvBCPYMdLyc2CTO OzCpeNNDmaFU4GIiUTLI9AqXAPUCT8+vDLcHtE6Ccckt1y5/qiC5jGL0xd+hhetXnEGB 7FeI8YuW6zs2ZWAzgYrBIZJ/tyTKgdbwGcnA/SsEkLTJ+EBI5aayZapv9fvA9plMot6p 8ifA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6QWwJmFq8+B51i1Dnz1FEveL5hiUIq3knnDImjqdYNQ=; b=USL6zbrLKk2SbKlJOCruUhog0TMaQvf+JvtyHgDjtiURFmoPvtxVI4P4yJEIhqPu3C RxyYxaA7chaTVhvXQ9I4RYPtclgHW3t7c9chR28c6KifhZwVDb8aTrX+PWmGq3VLsVwf uccYLIuS2KaoUSDHe2zLBVoYlVli7IKNOZo5RxOauxUYoqLxI6+MW/25t+okhw0S2/vt ZblqNO/9kEt7JAS1+4bufwKR5FF/JMKuX1Oq0DLm/++F1Rt3ee7W40muD3mk/Tbu8FGc vjVFo6pNgYyIiMNsYRPbbAH98GVZ/Ds3EPEPX0qJ8bN9zc0A7h9CfFwLQZmoP2D3ZyDy LDwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=OvglK0ql; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c21si7010773edw.472.2020.10.09.16.07.48; Fri, 09 Oct 2020 16:08:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=OvglK0ql; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733106AbgJIRQ2 (ORCPT + 99 others); Fri, 9 Oct 2020 13:16:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731546AbgJIRPh (ORCPT ); Fri, 9 Oct 2020 13:15:37 -0400 Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB88FC0613D5; Fri, 9 Oct 2020 10:15:36 -0700 (PDT) Received: by mail-io1-xd43.google.com with SMTP id n6so10788224ioc.12; Fri, 09 Oct 2020 10:15:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6QWwJmFq8+B51i1Dnz1FEveL5hiUIq3knnDImjqdYNQ=; b=OvglK0ql2T5Rj2i89d2RG31J78gpJ11Kt+B8r5vsiTrs+HEDZgIUJGR2hEDVJ9czqq AsrD9LLA31F/wV30sQ22To8RML0HHtbcU3W/qrggGVSqI7sjxvzkJfgkwNoKUftieHZT e7onGJZm3lTHaEtUNcjUePx0wrarPZMx/aTfNeS/Rg/VzUJH++9s6FSuySVjLYGEz71P jtDJ+s2JYvwqsBhW0FY46isRatRVLjmQi4ZokfWKagzVeNSkAmREQy1UwutWhkvZPhxU 2NIq2fE4uCBQxYJL0d0sJkT1n08/0tmul2VeF92SVDtXGybyRgk7mcYeeldfQy8VfdP8 aYlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6QWwJmFq8+B51i1Dnz1FEveL5hiUIq3knnDImjqdYNQ=; b=NE0+Ol2AI/yP21py/YeBMt5dNbY8MeoHzh26+IPiDaGtx0WRxkAVItoaTMAb/VorA8 JcPUtZt+wezpoEkz/hnZ2wOi2J28WXtU27XWfCQO++WemjEjc2ABMvWx6vi4KVgy4SuJ etulvRw9MI4x2IjDInm9+jovfRnHYPiP6Dk9pOpVtexvzACdhntOC1VsDp4WiVfq93z7 8m1AgNBNV5IRIvxjU0J//pudu3FQDVIVScPiR2uSRw7MAvieFRLcXHIy3qP5TV3HZkWO O/xVzlvht5N6qOUy16X8EzNsgBXqAJzsOuNyKl520Ivg3Xzle/XGH3MvLLXjvRpkjWQ/ Om5Q== X-Gm-Message-State: AOAM5336K09nXQMqWF26PEHazSMM4Nc8PVbcaIy09bdb7HzaYtFb6j3N qWGse2Lcd1zVK3y7UCOLOtg= X-Received: by 2002:a02:c611:: with SMTP id i17mr11902592jan.28.1602263736233; Fri, 09 Oct 2020 10:15:36 -0700 (PDT) Received: from localhost.localdomain (host-173-230-99-154.tnkngak.clients.pavlovmedia.com. [173.230.99.154]) by smtp.gmail.com with ESMTPSA id c2sm3762830iot.52.2020.10.09.10.15.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Oct 2020 10:15:35 -0700 (PDT) From: YiFei Zhu To: containers@lists.linux-foundation.org Cc: YiFei Zhu , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Aleksa Sarai , Andrea Arcangeli , Andy Lutomirski , David Laight , Dimitrios Skarlatos , Giuseppe Scrivano , Hubertus Franke , Jack Chen , Jann Horn , Josep Torrellas , Kees Cook , Tianyin Xu , Tobin Feldman-Fitzthum , Tycho Andersen , Valentin Rothberg , Will Drewry Subject: [PATCH v4 seccomp 3/5] x86: Enable seccomp architecture tracking Date: Fri, 9 Oct 2020 12:14:31 -0500 Message-Id: <122e3e70cf775e461ebdfadb5fbb4b6813cca3dd.1602263422.git.yifeifz2@illinois.edu> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Kees Cook Provide seccomp internals with the details to calculate which syscall table the running kernel is expecting to deal with. This allows for efficient architecture pinning and paves the way for constant-action bitmaps. Signed-off-by: Kees Cook Co-developed-by: YiFei Zhu Signed-off-by: YiFei Zhu --- arch/x86/include/asm/seccomp.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/include/asm/seccomp.h b/arch/x86/include/asm/seccomp.h index 2bd1338de236..03365af6165d 100644 --- a/arch/x86/include/asm/seccomp.h +++ b/arch/x86/include/asm/seccomp.h @@ -16,6 +16,18 @@ #define __NR_seccomp_sigreturn_32 __NR_ia32_sigreturn #endif +#ifdef CONFIG_X86_64 +# define SECCOMP_ARCH_NATIVE AUDIT_ARCH_X86_64 +# define SECCOMP_ARCH_NATIVE_NR NR_syscalls +# ifdef CONFIG_COMPAT +# define SECCOMP_ARCH_COMPAT AUDIT_ARCH_I386 +# define SECCOMP_ARCH_COMPAT_NR IA32_NR_syscalls +# endif +#else /* !CONFIG_X86_64 */ +# define SECCOMP_ARCH_NATIVE AUDIT_ARCH_I386 +# define SECCOMP_ARCH_NATIVE_NR NR_syscalls +#endif + #include #endif /* _ASM_X86_SECCOMP_H */ -- 2.28.0