[PATCH v2] powerpc/kernel: Enable seccomp filter

Kees Cook keescook at chromium.org
Fri Jul 31 02:39:00 AEST 2015

On Wed, Jul 29, 2015 at 10:56 PM, Michael Ellerman <mpe at ellerman.id.au> wrote:
> This commit enables seccomp filter on powerpc, now that we have all the
> necessary pieces in place.
> To support seccomp's desire to modify the syscall return value under
> some circumstances, we use a different ABI to the ptrace ABI. That is we
> use r3 as the syscall return value, and orig_gpr3 is the first syscall
> parameter.
> This means the seccomp code, or a ptracer via SECCOMP_RET_TRACE, will
> see -ENOSYS preloaded in r3. This is identical to the behaviour on x86,
> and allows seccomp or the ptracer to either leave the -ENOSYS or change
> it to something else, as well as rejecting or not the syscall by
> modifying r0.
> If seccomp does not reject the syscall, we restore the register state to
> match what ptrace and audit expect, ie. r3 is the first syscall
> parameter again. We do this restore using orig_gpr3, which may have been
> modified by seccomp, which allows seccomp to modify the first syscall
> paramater and allow the syscall to proceed.
> We need to #ifdef the the additional handling of r3 for seccomp, so move
> it all out of line.
> Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>
> Reviewed-by: Kees Cook <keescook at chromium.org>
> ---
>  arch/powerpc/Kconfig         |  1 +
>  arch/powerpc/kernel/ptrace.c | 41 ++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 41 insertions(+), 1 deletion(-)
> v2: The previous version didn't compile for CONFIG_SECCOMP=n. To fix it up I
>     moved the logic out of line and #ifdef'ed that. It gets inlined by the compiler
>     so the end result is the same.
>     Kees I kept your Reviewed-by on the basis that the interesting logic is the
>     same, hope that's OK by you.

Totally fine. Thanks!


Kees Cook
Chrome OS Security

More information about the Linuxppc-dev mailing list