| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z5JTPJXcL8J4B2mD@alpha.franken.de>
Date: Thu, 23 Jan 2025 15:33:32 +0100
From: Thomas Bogendoerfer <tsbogend@...ha.franken.de>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Kees Cook <kees@...nel.org>, Andy Lutomirski <luto@...capital.net>,
Will Drewry <wad@...omium.org>,
Madhavan Srinivasan <maddy@...ux.ibm.com>,
Michael Ellerman <mpe@...erman.id.au>,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>, linux-kernel@...r.kernel.org,
linux-mips@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH 1/4] seccomp/mips: change syscall_trace_enter() to use
secure_computing()
On Mon, Jan 20, 2025 at 02:44:45PM +0100, Oleg Nesterov wrote:
> arch/mips/Kconfig selects HAVE_ARCH_SECCOMP_FILTER so syscall_trace_enter()
> can just use __secure_computing(NULL) and rely on populate_seccomp_data(sd)
> and "sd == NULL" checks in __secure_computing(sd) paths.
>
> With the change above syscall_trace_enter() can just use secure_computing()
> and avoid #ifdef + test_thread_flag(TIF_SECCOMP). CONFIG_GENERIC_ENTRY is
> not defined, so test_syscall_work(SECCOMP) will check TIF_SECCOMP.
>
> Signed-off-by: Oleg Nesterov <oleg@...hat.com>
> ---
> arch/mips/kernel/ptrace.c | 20 ++------------------
> 1 file changed, 2 insertions(+), 18 deletions(-)
>
> diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
> index 61503a36067e..f7107479c7fa 100644
> --- a/arch/mips/kernel/ptrace.c
> +++ b/arch/mips/kernel/ptrace.c
> @@ -1326,24 +1326,8 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs)
> return -1;
> }
>
> -#ifdef CONFIG_SECCOMP
> - if (unlikely(test_thread_flag(TIF_SECCOMP))) {
> - int ret, i;
> - struct seccomp_data sd;
> - unsigned long args[6];
> -
> - sd.nr = current_thread_info()->syscall;
> - sd.arch = syscall_get_arch(current);
> - syscall_get_arguments(current, regs, args);
> - for (i = 0; i < 6; i++)
> - sd.args[i] = args[i];
> - sd.instruction_pointer = KSTK_EIP(current);
> -
> - ret = __secure_computing(&sd);
> - if (ret == -1)
> - return ret;
> - }
> -#endif
> + if (secure_computing())
> + return -1;
>
> if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
> trace_sys_enter(regs, regs->regs[2]);
> --
> 2.25.1.362.g51ebf55
Acked-by: Thomas Bogendoerfer <tsbogend@...ha.franken.de>
--
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea. [ RFC1925, 2.3 ]
Powered by blists - more mailing lists