Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2441125pxb; Fri, 5 Feb 2021 19:19:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJygKJnFlSsO3EmRImbFI0iNiFo+27FvJdq9vU2g7HcmpuozBaiQnj9RzfpZnFwEkwjDfu3r X-Received: by 2002:aa7:d888:: with SMTP id u8mr6558119edq.239.1612581554401; Fri, 05 Feb 2021 19:19:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612581554; cv=none; d=google.com; s=arc-20160816; b=B8Whba61D2z55DAT+bMcIzfgo3YyaDaTYzdnXvX1IX9Lrs53nL05eTNrfbjwNr00cT sOWBTuQwKgX+pIxpkwoa8DJM1mgOG2GdMVP6HX2bVclRYNfbh7y33kZfXMqZo2WHzpnl KhL7UuYCw9/2YDsEAA0YtZ32gO4IdLnM/ny5q6Ll+6dzyqGn0SSgVpwwQl8SwaLdusq8 hQaQF/Yr4EjoerEi2GdFrDB9q9rbdCRLJku8NSgAwz2L146CIKu/2XNcw5RErVAt26Ey 1X6MMjbNUpb/p2NokXLyExeEHfsBS2NIas8T7Cc67lAI8nLLWdPU6DQCIW2hjdJfn3gU vqeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=ZnEceAcJS8RbJxqxuC/DUSlKXfvuFogvHWnmfyoEmiA=; b=oVa9IPVi4gYBlGs/700Jpcw0E7jI7ONZzwWprdrFSq+qTVobxdwoOzlCYdJeVUdsf0 3aCIqEFm3ic3JQVCx3FijAixskQyrYQt6vY0lavzhsulGxTHX6iknq8MqPblog+PEfza q0GleHYl2nJ/FH8g/QXDsLnslLFDF3gNymDuu2OuXXPBUJty4/mN6tQC+P9qbNJCynCh VBYoYQKzdqjvJFyAnPvr1HpNIB8ESIOSD8vvIatf7bGliVz/cSKbwNsjwLbfc8NYRbps +zeyJLUT/fP/qZxgqazmVC9xdnU2Mc2B1pJ6xZSRkZrvozr6vi+JmcMDjTJDrCvUwpeb 66Lg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b="28/ipzOD"; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=Ye5Akb2u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b8si7102457edz.576.2021.02.05.19.18.50; Fri, 05 Feb 2021 19:19:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b="28/ipzOD"; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=Ye5Akb2u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232295AbhBFDRo (ORCPT + 99 others); Fri, 5 Feb 2021 22:17:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231476AbhBFCkR (ORCPT ); Fri, 5 Feb 2021 21:40:17 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46D2BC08ED89; Fri, 5 Feb 2021 15:25:31 -0800 (PST) Date: Fri, 05 Feb 2021 23:24:42 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1612567484; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZnEceAcJS8RbJxqxuC/DUSlKXfvuFogvHWnmfyoEmiA=; b=28/ipzOD5LSAJOUrZzG3hp6nprNMFCNX8AZgsojfv9lWAjQngJTYk7BdEjN55dDZIlhiFv UqrWXs5z7rrxlvQ0x3bmpWRCmBZvSkEuGc6znGOTCxB3N9DFhZB1itcepMNaGTFu+khzSj qZ38kAUhu4htRL1mBPy9xNixaZLg0pfYirjZI6SKHoGHgsUHeSKPwOn3vH230ExZi0rxDG 7b8fNNSYOnGy78dO/jkNYc45kg7TGB7EBXHzefOs9eXuM20ISTFxCVP3T1DDXcgeSMGuhJ BZau0XNcT6Y4yQ+PWNxCpbJkA9vMuslApWfKmoX1GNPnImZLyXMOIwAuqNlmzg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1612567484; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZnEceAcJS8RbJxqxuC/DUSlKXfvuFogvHWnmfyoEmiA=; b=Ye5Akb2u3WJjSCUVfGjj1Yfc7D3mxj0401n8rUN3VqQZ+ADPyjm1zD28Z9bbIHqGUWibXM B38fBtakSHOm2PAw== From: "tip-bot2 for Gabriel Krisman Bertazi" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: core/urgent] entry: Use different define for selector variable in SUD Cc: "Michael Kerrisk (man-pages)" , Gabriel Krisman Bertazi , Thomas Gleixner , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20210205184321.2062251-1-krisman@collabora.com> References: <20210205184321.2062251-1-krisman@collabora.com> MIME-Version: 1.0 Message-ID: <161256748291.23325.9194806071651632586.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the core/urgent branch of tip: Commit-ID: 36a6c843fd0d8e02506681577e96dabd203dd8e8 Gitweb: https://git.kernel.org/tip/36a6c843fd0d8e02506681577e96dabd203dd8e8 Author: Gabriel Krisman Bertazi AuthorDate: Fri, 05 Feb 2021 13:43:21 -05:00 Committer: Thomas Gleixner CommitterDate: Sat, 06 Feb 2021 00:21:42 +01:00 entry: Use different define for selector variable in SUD Michael Kerrisk suggested that, from an API perspective, it is a bad idea to share the PR_SYS_DISPATCH_ defines between the prctl operation and the selector variable. Therefore, define two new constants to be used by SUD's selector variable and update the corresponding documentation and test cases. While this changes the API syscall user dispatch has never been part of a Linux release, it will show up for the first time in 5.11. Suggested-by: Michael Kerrisk (man-pages) Signed-off-by: Gabriel Krisman Bertazi Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20210205184321.2062251-1-krisman@collabora.com --- Documentation/admin-guide/syscall-user-dispatch.rst | 4 +- include/uapi/linux/prctl.h | 3 ++- kernel/entry/syscall_user_dispatch.c | 4 +- tools/testing/selftests/syscall_user_dispatch/sud_benchmark.c | 8 ++-- tools/testing/selftests/syscall_user_dispatch/sud_test.c | 14 ++++--- 5 files changed, 20 insertions(+), 13 deletions(-) diff --git a/Documentation/admin-guide/syscall-user-dispatch.rst b/Documentation/admin-guide/syscall-user-dispatch.rst index a380d65..6031495 100644 --- a/Documentation/admin-guide/syscall-user-dispatch.rst +++ b/Documentation/admin-guide/syscall-user-dispatch.rst @@ -70,8 +70,8 @@ trampoline code on the vDSO, that trampoline is never intercepted. [selector] is a pointer to a char-sized region in the process memory region, that provides a quick way to enable disable syscall redirection thread-wide, without the need to invoke the kernel directly. selector -can be set to PR_SYS_DISPATCH_ON or PR_SYS_DISPATCH_OFF. Any other -value should terminate the program with a SIGSYS. +can be set to SYSCALL_DISPATCH_FILTER_ALLOW or SYSCALL_DISPATCH_FILTER_BLOCK. +Any other value should terminate the program with a SIGSYS. Security Notes -------------- diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 90deb41..667f1ae 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -251,5 +251,8 @@ struct prctl_mm_map { #define PR_SET_SYSCALL_USER_DISPATCH 59 # define PR_SYS_DISPATCH_OFF 0 # define PR_SYS_DISPATCH_ON 1 +/* The control values for the user space selector when dispatch is enabled */ +# define SYSCALL_DISPATCH_FILTER_ALLOW 0 +# define SYSCALL_DISPATCH_FILTER_BLOCK 1 #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/entry/syscall_user_dispatch.c b/kernel/entry/syscall_user_dispatch.c index b0338a5..c240302 100644 --- a/kernel/entry/syscall_user_dispatch.c +++ b/kernel/entry/syscall_user_dispatch.c @@ -50,10 +50,10 @@ bool syscall_user_dispatch(struct pt_regs *regs) if (unlikely(__get_user(state, sd->selector))) do_exit(SIGSEGV); - if (likely(state == PR_SYS_DISPATCH_OFF)) + if (likely(state == SYSCALL_DISPATCH_FILTER_ALLOW)) return false; - if (state != PR_SYS_DISPATCH_ON) + if (state != SYSCALL_DISPATCH_FILTER_BLOCK) do_exit(SIGSYS); } diff --git a/tools/testing/selftests/syscall_user_dispatch/sud_benchmark.c b/tools/testing/selftests/syscall_user_dispatch/sud_benchmark.c index 6689f11..073a037 100644 --- a/tools/testing/selftests/syscall_user_dispatch/sud_benchmark.c +++ b/tools/testing/selftests/syscall_user_dispatch/sud_benchmark.c @@ -22,6 +22,8 @@ # define PR_SET_SYSCALL_USER_DISPATCH 59 # define PR_SYS_DISPATCH_OFF 0 # define PR_SYS_DISPATCH_ON 1 +# define SYSCALL_DISPATCH_FILTER_ALLOW 0 +# define SYSCALL_DISPATCH_FILTER_BLOCK 1 #endif #ifdef __NR_syscalls @@ -55,8 +57,8 @@ unsigned long trapped_call_count = 0; unsigned long native_call_count = 0; char selector; -#define SYSCALL_BLOCK (selector = PR_SYS_DISPATCH_ON) -#define SYSCALL_UNBLOCK (selector = PR_SYS_DISPATCH_OFF) +#define SYSCALL_BLOCK (selector = SYSCALL_DISPATCH_FILTER_BLOCK) +#define SYSCALL_UNBLOCK (selector = SYSCALL_DISPATCH_FILTER_ALLOW) #define CALIBRATION_STEP 100000 #define CALIBRATE_TO_SECS 5 @@ -170,7 +172,7 @@ int main(void) syscall(MAGIC_SYSCALL_1); #ifdef TEST_BLOCKED_RETURN - if (selector == PR_SYS_DISPATCH_OFF) { + if (selector == SYSCALL_DISPATCH_FILTER_ALLOW) { fprintf(stderr, "Failed to return with selector blocked.\n"); exit(-1); } diff --git a/tools/testing/selftests/syscall_user_dispatch/sud_test.c b/tools/testing/selftests/syscall_user_dispatch/sud_test.c index 6498b05..b5d592d 100644 --- a/tools/testing/selftests/syscall_user_dispatch/sud_test.c +++ b/tools/testing/selftests/syscall_user_dispatch/sud_test.c @@ -18,6 +18,8 @@ # define PR_SET_SYSCALL_USER_DISPATCH 59 # define PR_SYS_DISPATCH_OFF 0 # define PR_SYS_DISPATCH_ON 1 +# define SYSCALL_DISPATCH_FILTER_ALLOW 0 +# define SYSCALL_DISPATCH_FILTER_BLOCK 1 #endif #ifndef SYS_USER_DISPATCH @@ -30,8 +32,8 @@ # define MAGIC_SYSCALL_1 (0xff00) /* Bad Linux syscall number */ #endif -#define SYSCALL_DISPATCH_ON(x) ((x) = 1) -#define SYSCALL_DISPATCH_OFF(x) ((x) = 0) +#define SYSCALL_DISPATCH_ON(x) ((x) = SYSCALL_DISPATCH_FILTER_BLOCK) +#define SYSCALL_DISPATCH_OFF(x) ((x) = SYSCALL_DISPATCH_FILTER_ALLOW) /* Test Summary: * @@ -56,7 +58,7 @@ TEST_SIGNAL(dispatch_trigger_sigsys, SIGSYS) { - char sel = 0; + char sel = SYSCALL_DISPATCH_FILTER_ALLOW; struct sysinfo info; int ret; @@ -79,7 +81,7 @@ TEST_SIGNAL(dispatch_trigger_sigsys, SIGSYS) TEST(bad_prctl_param) { - char sel = 0; + char sel = SYSCALL_DISPATCH_FILTER_ALLOW; int op; /* Invalid op */ @@ -220,7 +222,7 @@ TEST_SIGNAL(bad_selector, SIGSYS) sigset_t mask; struct sysinfo info; - glob_sel = 0; + glob_sel = SYSCALL_DISPATCH_FILTER_ALLOW; nr_syscalls_emulated = 0; si_code = 0; si_errno = 0; @@ -288,7 +290,7 @@ TEST(direct_dispatch_range) { int ret = 0; struct sysinfo info; - char sel = 0; + char sel = SYSCALL_DISPATCH_FILTER_ALLOW; /* * Instead of calculating libc addresses; allow the entire