Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3478399pxu;
        Sun, 11 Oct 2020 11:07:53 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxuWqCkVAhIvhiAP7ZAmUzyEBxaXDLIJxZlHoc/kz4JYXWJG+KQSrLjIkAclCKL4VtMqezq
X-Received: by 2002:a17:906:350d:: with SMTP id r13mr4413719eja.117.1602439673622;
        Sun, 11 Oct 2020 11:07:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1602439673; cv=none;
        d=google.com; s=arc-20160816;
        b=CgnUxHHiHXBNfkAPIcLWdzwGlgThGGoJO3Zp/U0brRK0Q7640BaudAe75B9jWd0xgt
         7Vxrdl6zVMG68driM5iiYvg/zhaa70OAcbsQPLW4jyMb9Sw8c98UK8SJeqW1gvuQ229w
         wJ11yHtIrQGIV0wPStOOGKAsuSFMBQEiAQLiT1xGP3WHQmz7OJzhO3nzAoeJjxKUbTvI
         0yDKYx7LgC9U4d1kLGgHoMUN5UIZjruJkcPpf2URctV5+dsE0m9YmHV6UqKhGISSq9cF
         oFZ8gHU8GqyNYZlfIZlpdpSeMjTajiOHQ1KW2VptFlHJ3/ahSgaATwgoN0e2MqeUbrI3
         sqYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=SiGgaoVfTiGKzLu8iQvphsAHQCnyBXcNFjoytO86qNs=;
        b=qSd3jK4py7QDiJVKSWvyDvgsSwKoXAqD5TGEa1kC9s+nwFl/1lqxu+6fADN7b6ZR0x
         8N6qE2Mk+i4dGV2kb2Rr2BeZWWGBjYNNm6UuexG3lnjqbVvyvZ9asVuJC/Yf5Dvhl8cn
         FKGM636jDS4jWrvKZN7yX50VUpIQUbwsrDiJlP+KK9o+GNCGLPG+3TQm2rftuqnlAGOW
         OIwWUtUfccXONBcLdhBLrJHOWlRwydG477oLsYjcjhz4ydO9Kq/1SdJ9fr5N2yaS79tH
         QBfIvflGPRatN8jKHtjhglmwsJa0PgwTIpeNBr4zU8mNoB1ik6Vaq6NEmyiSQIo7l/c9
         79lg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=EqnDbMv2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r10si10630494eji.253.2020.10.11.11.07.31;
        Sun, 11 Oct 2020 11:07:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=EqnDbMv2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729544AbgJKPs7 (ORCPT <rfc822;kerneldev.sdk@gmail.com>
        + 99 others); Sun, 11 Oct 2020 11:48:59 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55236 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729114AbgJKPsH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 11 Oct 2020 11:48:07 -0400
Received: from mail-il1-x144.google.com (mail-il1-x144.google.com [IPv6:2607:f8b0:4864:20::144])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5BCFC0613D0;
        Sun, 11 Oct 2020 08:48:06 -0700 (PDT)
Received: by mail-il1-x144.google.com with SMTP id o18so13683554ill.2;
        Sun, 11 Oct 2020 08:48:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=SiGgaoVfTiGKzLu8iQvphsAHQCnyBXcNFjoytO86qNs=;
        b=EqnDbMv2+QH/bUYXjHA4oEFiZK/SRlkK98epO2CpOCdeI35huS4KGSZHrIMOznMTkD
         FWi3vpmXZAXyc0BUsI7owhCPG2s2RNBLUbIFHiBlP88+c1FMPJxQGUzkrCiigh7o2ChL
         D3j8hXs6QJdJ9wb6VaDyAE7jnGzPgxEx70Jbm7FgUAYrx4yzY00uqs75PjUQNKcOtJCX
         H46fu2LSySIbNObwinw/JsvHKjMnd0pf725X8hPyY0ekpohIIia+uiiSOg2aZDKf/+Oi
         nq7r3NCLfyWCZ/Gej/QMixoUeWBHpFblB0xWi38uwQqamdnrO6ukjzrPaOJ3brK/204C
         6V3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=SiGgaoVfTiGKzLu8iQvphsAHQCnyBXcNFjoytO86qNs=;
        b=eBsJEQC3UYAksWTs7pJpktaFZocqkQ6fP/dwUaYVaWOmntROBEk/lVru+5r/WiaQE/
         EEwnKP8eJ1I59bu1EZRjLRcbgl5M/fTMnWvQNTZ02Y9CFEbEtSL7diqVQOGjNWMtK8D7
         I9bVuf+JpamR0kcGDbH3zgg5C3A7KTxTfI8Q74P/JoW261zPm1QX99GxADtP1nQUI1M0
         UB89p02Mwiag7V/elaUEIQzwIA+HHBGIdYexqAMF1DIk89iKMYeMGiBe1kJ8XetcyxTp
         twTByFBmzIBv14XUYo4o2HKXnRL6xQYPk4FyxE0H5B5rkGN24nrb1m0ttQR70o/V+ctN
         GsZQ==
X-Gm-Message-State: AOAM5320rx0x0mfxkfETglCgDTaTmG6j7pjosVS3xrwUWfUH+F04nfkW
        LEo4Ze9zOwFbLPIrTdc3gwV/MiBcNNxELw==
X-Received: by 2002:a92:6811:: with SMTP id d17mr16188550ilc.145.1602431286122;
        Sun, 11 Oct 2020 08:48:06 -0700 (PDT)
Received: from localhost.localdomain (host-173-230-99-154.tnkngak.clients.pavlovmedia.com. [173.230.99.154])
        by smtp.gmail.com with ESMTPSA id q16sm7502881ilj.71.2020.10.11.08.48.05
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 11 Oct 2020 08:48:05 -0700 (PDT)
From:   YiFei Zhu <zhuyifei1999@gmail.com>
To:     containers@lists.linux-foundation.org
Cc:     YiFei Zhu <yifeifz2@illinois.edu>, bpf@vger.kernel.org,
        linux-kernel@vger.kernel.org, Aleksa Sarai <cyphar@cyphar.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andy Lutomirski <luto@amacapital.net>,
        David Laight <David.Laight@aculab.com>,
        Dimitrios Skarlatos <dskarlat@cs.cmu.edu>,
        Giuseppe Scrivano <gscrivan@redhat.com>,
        Hubertus Franke <frankeh@us.ibm.com>,
        Jack Chen <jianyan2@illinois.edu>,
        Jann Horn <jannh@google.com>,
        Josep Torrellas <torrella@illinois.edu>,
        Kees Cook <keescook@chromium.org>,
        Tianyin Xu <tyxu@illinois.edu>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Tycho Andersen <tycho@tycho.pizza>,
        Valentin Rothberg <vrothber@redhat.com>,
        Will Drewry <wad@chromium.org>
Subject: [PATCH v5 seccomp 3/5] x86: Enable seccomp architecture tracking
Date:   Sun, 11 Oct 2020 10:47:44 -0500
Message-Id: <da58c3733d95c4f2115dd94225dfbe2573ba4d87.1602431034.git.yifeifz2@illinois.edu>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <cover.1602431034.git.yifeifz2@illinois.edu>
References: <cover.1602431034.git.yifeifz2@illinois.edu>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Kees Cook <keescook@chromium.org>

Provide seccomp internals with the details to calculate which syscall
table the running kernel is expecting to deal with. This allows for
efficient architecture pinning and paves the way for constant-action
bitmaps.

Signed-off-by: Kees Cook <keescook@chromium.org>
Co-developed-by: YiFei Zhu <yifeifz2@illinois.edu>
Signed-off-by: YiFei Zhu <yifeifz2@illinois.edu>
---
 arch/x86/include/asm/seccomp.h | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/arch/x86/include/asm/seccomp.h b/arch/x86/include/asm/seccomp.h
index 2bd1338de236..b17d037c72ce 100644
--- a/arch/x86/include/asm/seccomp.h
+++ b/arch/x86/include/asm/seccomp.h
@@ -16,6 +16,23 @@
 #define __NR_seccomp_sigreturn_32	__NR_ia32_sigreturn
 #endif
 
+#ifdef CONFIG_X86_64
+# define SECCOMP_ARCH_NATIVE		AUDIT_ARCH_X86_64
+# define SECCOMP_ARCH_NATIVE_NR		NR_syscalls
+# ifdef CONFIG_COMPAT
+#  define SECCOMP_ARCH_COMPAT		AUDIT_ARCH_I386
+#  define SECCOMP_ARCH_COMPAT_NR	IA32_NR_syscalls
+# endif
+/*
+ * x32 will have __X32_SYSCALL_BIT set in syscall number. We don't support
+ * caching them and they are treated as out of range syscalls, which will
+ * always pass through the BPF filter.
+ */
+#else /* !CONFIG_X86_64 */
+# define SECCOMP_ARCH_NATIVE		AUDIT_ARCH_I386
+# define SECCOMP_ARCH_NATIVE_NR	        NR_syscalls
+#endif
+
 #include <asm-generic/seccomp.h>
 
 #endif /* _ASM_X86_SECCOMP_H */
-- 
2.28.0