Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751834Ab2BQE00 (ORCPT ); Thu, 16 Feb 2012 23:26:26 -0500 Received: from mail-lpp01m010-f46.google.com ([209.85.215.46]:35920 "EHLO mail-lpp01m010-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750712Ab2BQE0X convert rfc822-to-8bit (ORCPT ); Thu, 16 Feb 2012 23:26:23 -0500 MIME-Version: 1.0 In-Reply-To: <4F3DD39C.9090905@zytor.com> References: <1329422549-16407-1-git-send-email-wad@chromium.org> <1329422549-16407-3-git-send-email-wad@chromium.org> <4F3D61CB.2000301@zytor.com> <4F3D7250.6040504@zytor.com> <4F3D766E.7040205@zytor.com> <4F3D7DD4.6070103@zytor.com> <1329439809.2337.32.camel@localhost> <4F3DD39C.9090905@zytor.com> Date: Thu, 16 Feb 2012 22:26:20 -0600 Message-ID: Subject: Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF From: Will Drewry To: "H. Peter Anvin" Cc: Eric Paris , Markus Gutschke , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com, netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de, davem@davemloft.net, mingo@redhat.com, oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net, mcgrathr@chromium.org, tglx@linutronix.de, luto@mit.edu, serge.hallyn@canonical.com, djm@mindrot.org, scarybeasts@gmail.com, indan@nul.nu, pmoore@redhat.com, akpm@linux-foundation.org, corbet@lwn.net, eric.dumazet@gmail.com, keescook@chromium.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2285 Lines: 59 On Thu, Feb 16, 2012 at 10:12 PM, H. Peter Anvin wrote: > On 02/16/2012 07:53 PM, Will Drewry wrote: >> >> An earlier change Roland had prodded me toward was adding a >> syscall_get_arch() call to asm/syscall.h which returned the >> appropriate audit arch value for the current calling convention. ?I >> hate to suggest this, but should I go ahead and wire that up for x86 >> now, make it a dependency for HAVE_ARCH_SECCOMP_FILTER (and officially >> part of asm/syscall.h) then let it trickle into existence? ?Maybe >> something like: >> > > ... and we have been talking about making a regset and export it to > ptrace and core dumps, too. Would having an audit_arch returning function be useful for building those cases too? Or would this just be nearly-duplicated code everywhere? (As is, ptrace usually takes shortcuts since it has the arch-specific knowledge, so maybe it just wouldn't matter.) >> static inline int syscall_get_arch(struct task_struct *task, struct >> pt_regs *regs) >> { >> #ifdef CONFIG_IA32_EMULATION >> ? if (task_thread_info(task)->status & TS_COMPAT) >> ? ? return AUDIT_ARCH_I386; >> #endif >> #ifdef CONFIG_64BIT >> ? return AUDIT_ARCH_X86_64; >> #else >> ? return AUDIT_ARCH_I386; >> #endif >> } >> > > In this case it could be is_compat_task(). I wasn't sure if it was fine to add any syscall_* functions that depended on the caller being current. >> There would be no other callers, though, because everywhere AUDIT_ARCH >> is used it is hardcoded as appropriate. ?Then when x32 comes along, it >> can figure out where it belongs using tif status and/or regs. > > For x32 you have the option of introducing a new value or relying on bit > 30 in eax (and AUDIT_ARCH_X86_64). ?The latter is more natural, probably. Will that bit be visible as the syscall number or will it be stripped out before passing the number around? If it's visible, then it doesn't seem like there'd need to be a new AUDIT_ARCH, but I suspect someone like Eric will have an actually useful opinion. thanks! will -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/