[PATCH v2] powerpc/kernel: Enable seccomp filter
Kees Cook
keescook at chromium.org
Fri Jul 31 02:39:00 AEST 2015
On Wed, Jul 29, 2015 at 10:56 PM, Michael Ellerman <mpe at ellerman.id.au> wrote:
> This commit enables seccomp filter on powerpc, now that we have all the
> necessary pieces in place.
>
> To support seccomp's desire to modify the syscall return value under
> some circumstances, we use a different ABI to the ptrace ABI. That is we
> use r3 as the syscall return value, and orig_gpr3 is the first syscall
> parameter.
>
> This means the seccomp code, or a ptracer via SECCOMP_RET_TRACE, will
> see -ENOSYS preloaded in r3. This is identical to the behaviour on x86,
> and allows seccomp or the ptracer to either leave the -ENOSYS or change
> it to something else, as well as rejecting or not the syscall by
> modifying r0.
>
> If seccomp does not reject the syscall, we restore the register state to
> match what ptrace and audit expect, ie. r3 is the first syscall
> parameter again. We do this restore using orig_gpr3, which may have been
> modified by seccomp, which allows seccomp to modify the first syscall
> paramater and allow the syscall to proceed.
>
> We need to #ifdef the the additional handling of r3 for seccomp, so move
> it all out of line.
>
> Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>
> Reviewed-by: Kees Cook <keescook at chromium.org>
> ---
> arch/powerpc/Kconfig | 1 +
> arch/powerpc/kernel/ptrace.c | 41 ++++++++++++++++++++++++++++++++++++++++-
> 2 files changed, 41 insertions(+), 1 deletion(-)
>
>
> v2: The previous version didn't compile for CONFIG_SECCOMP=n. To fix it up I
> moved the logic out of line and #ifdef'ed that. It gets inlined by the compiler
> so the end result is the same.
>
> Kees I kept your Reviewed-by on the basis that the interesting logic is the
> same, hope that's OK by you.
Totally fine. Thanks!
-Kees
--
Kees Cook
Chrome OS Security
More information about the Linuxppc-dev
mailing list