| Message ID | 1398177636-10442-1-git-send-email-markos.chandras@imgtec.com |
|---|---|
| State | Accepted |
| Delegated to: | Ralf Baechle |
| Headers | show |
On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: > A MIPS64 kernel may support ELF files for all 3 MIPS ABIs > (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token > does not provide enough information about the ABI for the 64-bit > process. As a result of which, userland needs to use complex > seccomp filters to decide whether a syscall belongs to the o32 or n32 > or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it > can be used by seccomp to explicitely set syscall filters for this ABI. > > Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ > Cc: Andy Lutomirski <luto@amacapital.net> > Cc: Eric Paris <eparis@redhat.com> > Cc: Paul Moore <pmoore@redhat.com> > Cc: Ralf Baechle <ralf@linux-mips.org> > Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> > --- > Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? > > Thanks a lot! > --- > arch/mips/include/asm/syscall.h | 2 ++ > include/uapi/linux/audit.h | 12 ++++++++++++ > 2 files changed, 14 insertions(+) I'm far from qualified to ACK any MIPS specific patches, but I do want to add my support for this patch. As Markos states above, without this patch any seccomp BPF code will be more complex than necessary (see x32 for an idea) and projects that try to abstract away the arch/ABI specific nature of the BPF seccomp filters will be have to do a lot more work. Please merge this patch, or something similar, along with the MIPS BPF seccomp filters in 3.15; waiting until 3.16 will be too late. I also don't want to speak for the audit folks (Eric?), but I think you'll hear that this patch makes life much easier for them as well. Thanks, -Paul > diff --git a/arch/mips/include/asm/syscall.h > b/arch/mips/include/asm/syscall.h index c6e9cd2..17960fe 100644 > --- a/arch/mips/include/asm/syscall.h > +++ b/arch/mips/include/asm/syscall.h > @@ -133,6 +133,8 @@ static inline int syscall_get_arch(void) > #ifdef CONFIG_64BIT > if (!test_thread_flag(TIF_32BIT_REGS)) > arch |= __AUDIT_ARCH_64BIT; > + if (test_thread_flag(TIF_32BIT_ADDR)) > + arch |= __AUDIT_ARCH_CONVENTION_MIPS64_N32; > #endif > #if defined(__LITTLE_ENDIAN) > arch |= __AUDIT_ARCH_LE; > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 11917f7..1b1efdd 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -331,9 +331,17 @@ enum { > #define AUDIT_FAIL_PRINTK 1 > #define AUDIT_FAIL_PANIC 2 > > +/* > + * These bits disambiguate different calling conventions that share an > + * ELF machine type, bitness, and endianness > + */ > +#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000 > +#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000 > + > /* distinguish syscall tables */ > #define __AUDIT_ARCH_64BIT 0x80000000 > #define __AUDIT_ARCH_LE 0x40000000 > + > #define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) > #define AUDIT_ARCH_ARMEB (EM_ARM) > @@ -346,7 +354,11 @@ enum { > #define AUDIT_ARCH_MIPS (EM_MIPS) > #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) > #define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT) > +#define AUDIT_ARCH_MIPS64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|\ > + __AUDIT_ARCH_CONVENTION_MIPS64_N32) > #define AUDIT_ARCH_MIPSEL64 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > +#define AUDIT_ARCH_MIPSEL64N32 (EM_MIPS|__AUDIT_ARCH_64BIT| __AUDIT_ARCH_LE\ > + __AUDIT_ARCH_CONVENTION_MIPS64_N32) > #define AUDIT_ARCH_OPENRISC (EM_OPENRISC) > #define AUDIT_ARCH_PARISC (EM_PARISC) > #define AUDIT_ARCH_PARISC64 (EM_PARISC|__AUDIT_ARCH_64BIT)
On 04/24/2014 08:19 PM, Paul Moore wrote: > On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: >> A MIPS64 kernel may support ELF files for all 3 MIPS ABIs >> (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token >> does not provide enough information about the ABI for the 64-bit >> process. As a result of which, userland needs to use complex >> seccomp filters to decide whether a syscall belongs to the o32 or n32 >> or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it >> can be used by seccomp to explicitely set syscall filters for this ABI. >> >> Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ >> Cc: Andy Lutomirski <luto@amacapital.net> >> Cc: Eric Paris <eparis@redhat.com> >> Cc: Paul Moore <pmoore@redhat.com> >> Cc: Ralf Baechle <ralf@linux-mips.org> >> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> >> --- >> Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? >> >> Thanks a lot! >> --- >> arch/mips/include/asm/syscall.h | 2 ++ >> include/uapi/linux/audit.h | 12 ++++++++++++ >> 2 files changed, 14 insertions(+) > > I'm far from qualified to ACK any MIPS specific patches, but I do want to add > my support for this patch. As Markos states above, without this patch any > seccomp BPF code will be more complex than necessary (see x32 for an idea) and > projects that try to abstract away the arch/ABI specific nature of the BPF > seccomp filters will be have to do a lot more work. Please merge this patch, > or something similar, along with the MIPS BPF seccomp filters in 3.15; waiting > until 3.16 will be too late. > > I also don't want to speak for the audit folks (Eric?), but I think you'll > hear that this patch makes life much easier for them as well. > > Thanks, > -Paul Ralf ping? Can we please have this in 3.15 so userspace application get the updated token instead of using the AUDIT_ARCH_MIPS{,EL}64 for both n32 and n64? It may be harder to change it once 3.15 is released (ABI break).
On 04/30/2014 10:24 AM, Markos Chandras wrote: > On 04/24/2014 08:19 PM, Paul Moore wrote: >> On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: >>> A MIPS64 kernel may support ELF files for all 3 MIPS ABIs >>> (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token >>> does not provide enough information about the ABI for the 64-bit >>> process. As a result of which, userland needs to use complex >>> seccomp filters to decide whether a syscall belongs to the o32 or n32 >>> or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it >>> can be used by seccomp to explicitely set syscall filters for this ABI. >>> >>> Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ >>> Cc: Andy Lutomirski <luto@amacapital.net> >>> Cc: Eric Paris <eparis@redhat.com> >>> Cc: Paul Moore <pmoore@redhat.com> >>> Cc: Ralf Baechle <ralf@linux-mips.org> >>> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> >>> --- >>> Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? >>> >>> Thanks a lot! >>> --- >>> arch/mips/include/asm/syscall.h | 2 ++ >>> include/uapi/linux/audit.h | 12 ++++++++++++ >>> 2 files changed, 14 insertions(+) >> >> I'm far from qualified to ACK any MIPS specific patches, but I do want to add >> my support for this patch. As Markos states above, without this patch any >> seccomp BPF code will be more complex than necessary (see x32 for an idea) and >> projects that try to abstract away the arch/ABI specific nature of the BPF >> seccomp filters will be have to do a lot more work. Please merge this patch, >> or something similar, along with the MIPS BPF seccomp filters in 3.15; waiting >> until 3.16 will be too late. >> >> I also don't want to speak for the audit folks (Eric?), but I think you'll >> hear that this patch makes life much easier for them as well. >> >> Thanks, >> -Paul > > Ralf ping? Can we please have this in 3.15 so userspace application get > the updated token instead of using the AUDIT_ARCH_MIPS{,EL}64 for both > n32 and n64? It may be harder to change it once 3.15 is released (ABI > break). > Ralf ping again? With -r5 approaching, there might be limited time left to push this.
On Wednesday, April 30, 2014 10:24:10 AM Markos Chandras wrote: > On 04/24/2014 08:19 PM, Paul Moore wrote: > > On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: > >> A MIPS64 kernel may support ELF files for all 3 MIPS ABIs > >> (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token > >> does not provide enough information about the ABI for the 64-bit > >> process. As a result of which, userland needs to use complex > >> seccomp filters to decide whether a syscall belongs to the o32 or n32 > >> or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it > >> can be used by seccomp to explicitely set syscall filters for this ABI. > >> > >> Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ > >> Cc: Andy Lutomirski <luto@amacapital.net> > >> Cc: Eric Paris <eparis@redhat.com> > >> Cc: Paul Moore <pmoore@redhat.com> > >> Cc: Ralf Baechle <ralf@linux-mips.org> > >> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> > >> --- > >> Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? > >> > >> Thanks a lot! > >> --- > >> > >> arch/mips/include/asm/syscall.h | 2 ++ > >> include/uapi/linux/audit.h | 12 ++++++++++++ > >> 2 files changed, 14 insertions(+) > > > > I'm far from qualified to ACK any MIPS specific patches, but I do want to > > add my support for this patch. As Markos states above, without this > > patch any seccomp BPF code will be more complex than necessary (see x32 > > for an idea) and projects that try to abstract away the arch/ABI specific > > nature of the BPF seccomp filters will be have to do a lot more work. > > Please merge this patch, or something similar, along with the MIPS BPF > > seccomp filters in 3.15; waiting until 3.16 will be too late. > > > > I also don't want to speak for the audit folks (Eric?), but I think you'll > > hear that this patch makes life much easier for them as well. > > > > Thanks, > > -Paul > > Ralf ping? Can we please have this in 3.15 so userspace application get > the updated token instead of using the AUDIT_ARCH_MIPS{,EL}64 for both > n32 and n64? It may be harder to change it once 3.15 is released (ABI > break). I haven't heard anything on this patch and I don't see it in the tree this morning. Can we please get this into the 3.15 release? If not, can you please explain why so we have something to go on? This will cause us a lot of pain in userspace if we don't get this patch merged.
On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: > A MIPS64 kernel may support ELF files for all 3 MIPS ABIs > (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token > does not provide enough information about the ABI for the 64-bit > process. As a result of which, userland needs to use complex > seccomp filters to decide whether a syscall belongs to the o32 or n32 > or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it > can be used by seccomp to explicitely set syscall filters for this ABI. > > Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ > Cc: Andy Lutomirski <luto@amacapital.net> > Cc: Eric Paris <eparis@redhat.com> > Cc: Paul Moore <pmoore@redhat.com> > Cc: Ralf Baechle <ralf@linux-mips.org> > Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> > --- > Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? > > Thanks a lot! > --- > arch/mips/include/asm/syscall.h | 2 ++ > include/uapi/linux/audit.h | 12 ++++++++++++ > 2 files changed, 14 insertions(+) [NOTE: Adding lkml to the To line to hopefully spur discussion/acceptance as this *really* should be in 3.15] I'm re-replying to this patch and adding lkml to the To line because I believe it is very important we get this patch into 3.15. For those who don't follow the MIPS architecture very closely, the upcoming 3.15 is the first release to include support for seccomp filters, the latest generation of syscall filtering which used a BPF based filter language. For reason that are easy to understand, the syscall filters are ABI specific (e.g. syscall tables, word length, endianness) and those generating syscall filters in userspace (e.g. libseccomp) need to take great care to ensure that the generated filters take the ABI into account and fail safely in the case where a different ABI is used (e.g. x86, x86_64, x32). The patch below corrects, what is IMHO, an omission in the original MIPS seccomp filter patch, allowing userspace to easily separate MIPS and MIPS64. Without this patch we will be forced to handle MIPS/MIPS64 like we handle x86_64/x32 which is a royal pain and not something I want to have deal with again. Further, while I don't want to speak for the audit folks, it is my understanding that they want this patch for similar reasons. Please merge this patch for 3.15 or at least provide some feedback as to why this isn't a viable solution for upstream. Once 3.15 ships, fixing this will require breaking the MIPS ABI which isn't something any of us want. Thanks, -Paul > diff --git a/arch/mips/include/asm/syscall.h > b/arch/mips/include/asm/syscall.h index c6e9cd2..17960fe 100644 > --- a/arch/mips/include/asm/syscall.h > +++ b/arch/mips/include/asm/syscall.h > @@ -133,6 +133,8 @@ static inline int syscall_get_arch(void) > #ifdef CONFIG_64BIT > if (!test_thread_flag(TIF_32BIT_REGS)) > arch |= __AUDIT_ARCH_64BIT; > + if (test_thread_flag(TIF_32BIT_ADDR)) > + arch |= __AUDIT_ARCH_CONVENTION_MIPS64_N32; > #endif > #if defined(__LITTLE_ENDIAN) > arch |= __AUDIT_ARCH_LE; > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 11917f7..1b1efdd 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -331,9 +331,17 @@ enum { > #define AUDIT_FAIL_PRINTK 1 > #define AUDIT_FAIL_PANIC 2 > > +/* > + * These bits disambiguate different calling conventions that share an > + * ELF machine type, bitness, and endianness > + */ > +#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000 > +#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000 > + > /* distinguish syscall tables */ > #define __AUDIT_ARCH_64BIT 0x80000000 > #define __AUDIT_ARCH_LE 0x40000000 > + > #define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) > #define AUDIT_ARCH_ARMEB (EM_ARM) > @@ -346,7 +354,11 @@ enum { > #define AUDIT_ARCH_MIPS (EM_MIPS) > #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) > #define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT) > +#define AUDIT_ARCH_MIPS64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|\ > + __AUDIT_ARCH_CONVENTION_MIPS64_N32) > #define AUDIT_ARCH_MIPSEL64 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > +#define AUDIT_ARCH_MIPSEL64N32 (EM_MIPS|__AUDIT_ARCH_64BIT| __AUDIT_ARCH_LE\ > + __AUDIT_ARCH_CONVENTION_MIPS64_N32) > #define AUDIT_ARCH_OPENRISC (EM_OPENRISC) > #define AUDIT_ARCH_PARISC (EM_PARISC) > #define AUDIT_ARCH_PARISC64 (EM_PARISC|__AUDIT_ARCH_64BIT)
On Mon, 2014-05-12 at 14:53 -0400, Paul Moore wrote: > On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: > > A MIPS64 kernel may support ELF files for all 3 MIPS ABIs > > (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token > > does not provide enough information about the ABI for the 64-bit > > process. As a result of which, userland needs to use complex > > seccomp filters to decide whether a syscall belongs to the o32 or n32 > > or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it > > can be used by seccomp to explicitely set syscall filters for this ABI. > > > > Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ > > Cc: Andy Lutomirski <luto@amacapital.net> > > Cc: Eric Paris <eparis@redhat.com> > > Cc: Paul Moore <pmoore@redhat.com> > > Cc: Ralf Baechle <ralf@linux-mips.org> > > Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> > > --- > > Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? > > > > Thanks a lot! > > --- > > arch/mips/include/asm/syscall.h | 2 ++ > > include/uapi/linux/audit.h | 12 ++++++++++++ > > 2 files changed, 14 insertions(+) > > [NOTE: Adding lkml to the To line to hopefully spur discussion/acceptance as > this *really* should be in 3.15] > > I'm re-replying to this patch and adding lkml to the To line because I believe > it is very important we get this patch into 3.15. For those who don't follow > the MIPS architecture very closely, the upcoming 3.15 is the first release to > include support for seccomp filters, the latest generation of syscall > filtering which used a BPF based filter language. For reason that are easy to > understand, the syscall filters are ABI specific (e.g. syscall tables, word > length, endianness) and those generating syscall filters in userspace (e.g. > libseccomp) need to take great care to ensure that the generated filters take > the ABI into account and fail safely in the case where a different ABI is used > (e.g. x86, x86_64, x32). > > The patch below corrects, what is IMHO, an omission in the original MIPS > seccomp filter patch, allowing userspace to easily separate MIPS and MIPS64. > Without this patch we will be forced to handle MIPS/MIPS64 like we handle > x86_64/x32 which is a royal pain and not something I want to have deal with > again. > > Further, while I don't want to speak for the audit folks, it is my > understanding that they want this patch for similar reasons. Audit would also like to see this patch. We can survive without it, but having this patch lets us write a better/easier userspace. Acked-by: Eric Paris <eparis@redhat.com> > > Please merge this patch for 3.15 or at least provide some feedback as to why > this isn't a viable solution for upstream. Once 3.15 ships, fixing this will > require breaking the MIPS ABI which isn't something any of us want. > > Thanks, > -Paul > > > diff --git a/arch/mips/include/asm/syscall.h > > b/arch/mips/include/asm/syscall.h index c6e9cd2..17960fe 100644 > > --- a/arch/mips/include/asm/syscall.h > > +++ b/arch/mips/include/asm/syscall.h > > @@ -133,6 +133,8 @@ static inline int syscall_get_arch(void) > > #ifdef CONFIG_64BIT > > if (!test_thread_flag(TIF_32BIT_REGS)) > > arch |= __AUDIT_ARCH_64BIT; > > + if (test_thread_flag(TIF_32BIT_ADDR)) > > + arch |= __AUDIT_ARCH_CONVENTION_MIPS64_N32; > > #endif > > #if defined(__LITTLE_ENDIAN) > > arch |= __AUDIT_ARCH_LE; > > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > > index 11917f7..1b1efdd 100644 > > --- a/include/uapi/linux/audit.h > > +++ b/include/uapi/linux/audit.h > > @@ -331,9 +331,17 @@ enum { > > #define AUDIT_FAIL_PRINTK 1 > > #define AUDIT_FAIL_PANIC 2 > > > > +/* > > + * These bits disambiguate different calling conventions that share an > > + * ELF machine type, bitness, and endianness > > + */ > > +#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000 > > +#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000 > > + > > /* distinguish syscall tables */ > > #define __AUDIT_ARCH_64BIT 0x80000000 > > #define __AUDIT_ARCH_LE 0x40000000 > > + > > #define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > > #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) > > #define AUDIT_ARCH_ARMEB (EM_ARM) > > @@ -346,7 +354,11 @@ enum { > > #define AUDIT_ARCH_MIPS (EM_MIPS) > > #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) > > #define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT) > > +#define AUDIT_ARCH_MIPS64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|\ > > + __AUDIT_ARCH_CONVENTION_MIPS64_N32) > > #define AUDIT_ARCH_MIPSEL64 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) > > +#define AUDIT_ARCH_MIPSEL64N32 (EM_MIPS|__AUDIT_ARCH_64BIT| > __AUDIT_ARCH_LE\ > > + __AUDIT_ARCH_CONVENTION_MIPS64_N32) > > #define AUDIT_ARCH_OPENRISC (EM_OPENRISC) > > #define AUDIT_ARCH_PARISC (EM_PARISC) > > #define AUDIT_ARCH_PARISC64 (EM_PARISC|__AUDIT_ARCH_64BIT) >
On Monday, May 12, 2014 02:53:05 PM Paul Moore wrote: > On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: > > A MIPS64 kernel may support ELF files for all 3 MIPS ABIs > > (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token > > does not provide enough information about the ABI for the 64-bit > > process. As a result of which, userland needs to use complex > > seccomp filters to decide whether a syscall belongs to the o32 or n32 > > or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it > > can be used by seccomp to explicitely set syscall filters for this ABI. > > > > Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ > > Cc: Andy Lutomirski <luto@amacapital.net> > > Cc: Eric Paris <eparis@redhat.com> > > Cc: Paul Moore <pmoore@redhat.com> > > Cc: Ralf Baechle <ralf@linux-mips.org> > > Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> > > --- > > Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? > > > > Thanks a lot! > > --- > > > > arch/mips/include/asm/syscall.h | 2 ++ > > include/uapi/linux/audit.h | 12 ++++++++++++ > > 2 files changed, 14 insertions(+) > > [NOTE: Adding lkml to the To line to hopefully spur discussion/acceptance as > this *really* should be in 3.15] > > I'm re-replying to this patch and adding lkml to the To line because I > believe it is very important we get this patch into 3.15. For those who > don't follow the MIPS architecture very closely, the upcoming 3.15 is the > first release to include support for seccomp filters, the latest generation > of syscall filtering which used a BPF based filter language. For reason > that are easy to understand, the syscall filters are ABI specific (e.g. > syscall tables, word length, endianness) and those generating syscall > filters in userspace (e.g. libseccomp) need to take great care to ensure > that the generated filters take the ABI into account and fail safely in the > case where a different ABI is used (e.g. x86, x86_64, x32). > > The patch below corrects, what is IMHO, an omission in the original MIPS > seccomp filter patch, allowing userspace to easily separate MIPS and MIPS64. > Without this patch we will be forced to handle MIPS/MIPS64 like we handle > x86_64/x32 which is a royal pain and not something I want to have deal with > again. > > Further, while I don't want to speak for the audit folks, it is my > understanding that they want this patch for similar reasons. > > Please merge this patch for 3.15 or at least provide some feedback as to why > this isn't a viable solution for upstream. Once 3.15 ships, fixing this > will require breaking the MIPS ABI which isn't something any of us want. > > Thanks, > -Paul *Bump* I don't know what else needs to be done to get some action on this and we're running out of time for 3.15.
On Wed, May 21, 2014 at 1:59 PM, Paul Moore <pmoore@redhat.com> wrote: > On Monday, May 12, 2014 02:53:05 PM Paul Moore wrote: >> On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: >> > A MIPS64 kernel may support ELF files for all 3 MIPS ABIs >> > (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token >> > does not provide enough information about the ABI for the 64-bit >> > process. As a result of which, userland needs to use complex >> > seccomp filters to decide whether a syscall belongs to the o32 or n32 >> > or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it >> > can be used by seccomp to explicitely set syscall filters for this ABI. >> > >> > Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ >> > Cc: Andy Lutomirski <luto@amacapital.net> >> > Cc: Eric Paris <eparis@redhat.com> >> > Cc: Paul Moore <pmoore@redhat.com> >> > Cc: Ralf Baechle <ralf@linux-mips.org> >> > Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> >> > --- >> > Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? >> > >> > Thanks a lot! >> > --- >> > >> > arch/mips/include/asm/syscall.h | 2 ++ >> > include/uapi/linux/audit.h | 12 ++++++++++++ >> > 2 files changed, 14 insertions(+) >> >> [NOTE: Adding lkml to the To line to hopefully spur discussion/acceptance as >> this *really* should be in 3.15] >> >> I'm re-replying to this patch and adding lkml to the To line because I >> believe it is very important we get this patch into 3.15. For those who >> don't follow the MIPS architecture very closely, the upcoming 3.15 is the >> first release to include support for seccomp filters, the latest generation >> of syscall filtering which used a BPF based filter language. For reason >> that are easy to understand, the syscall filters are ABI specific (e.g. >> syscall tables, word length, endianness) and those generating syscall >> filters in userspace (e.g. libseccomp) need to take great care to ensure >> that the generated filters take the ABI into account and fail safely in the >> case where a different ABI is used (e.g. x86, x86_64, x32). >> >> The patch below corrects, what is IMHO, an omission in the original MIPS >> seccomp filter patch, allowing userspace to easily separate MIPS and MIPS64. >> Without this patch we will be forced to handle MIPS/MIPS64 like we handle >> x86_64/x32 which is a royal pain and not something I want to have deal with >> again. >> >> Further, while I don't want to speak for the audit folks, it is my >> understanding that they want this patch for similar reasons. >> >> Please merge this patch for 3.15 or at least provide some feedback as to why >> this isn't a viable solution for upstream. Once 3.15 ships, fixing this >> will require breaking the MIPS ABI which isn't something any of us want. >> >> Thanks, >> -Paul > > *Bump* > > I don't know what else needs to be done to get some action on this and we're > running out of time for 3.15. Reply to Linus' next -rc email. --Andy
On Wednesday 21 May 2014 16:59:22 Paul Moore wrote: > On Monday, May 12, 2014 02:53:05 PM Paul Moore wrote: > > On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote: > > > A MIPS64 kernel may support ELF files for all 3 MIPS ABIs > > > (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token > > > does not provide enough information about the ABI for the 64-bit > > > process. As a result of which, userland needs to use complex > > > seccomp filters to decide whether a syscall belongs to the o32 or n32 > > > or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it > > > can be used by seccomp to explicitely set syscall filters for this ABI. > > > > > > Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ > > > Cc: Andy Lutomirski <luto@amacapital.net> > > > Cc: Eric Paris <eparis@redhat.com> > > > Cc: Paul Moore <pmoore@redhat.com> > > > Cc: Ralf Baechle <ralf@linux-mips.org> > > > Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> > > > --- > > > Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? > > > > > > Thanks a lot! > > > --- > > > > > > arch/mips/include/asm/syscall.h | 2 ++ > > > include/uapi/linux/audit.h | 12 ++++++++++++ > > > 2 files changed, 14 insertions(+) > > > > [NOTE: Adding lkml to the To line to hopefully spur discussion/acceptance > > as this *really* should be in 3.15] > > > > I'm re-replying to this patch and adding lkml to the To line because I > > believe it is very important we get this patch into 3.15. For those who > > don't follow the MIPS architecture very closely, the upcoming 3.15 is the > > first release to include support for seccomp filters, the latest > > generation > > of syscall filtering which used a BPF based filter language. For reason > > that are easy to understand, the syscall filters are ABI specific (e.g. > > syscall tables, word length, endianness) and those generating syscall > > filters in userspace (e.g. libseccomp) need to take great care to ensure > > that the generated filters take the ABI into account and fail safely in > > the > > case where a different ABI is used (e.g. x86, x86_64, x32). > > > > The patch below corrects, what is IMHO, an omission in the original MIPS > > seccomp filter patch, allowing userspace to easily separate MIPS and > > MIPS64. Without this patch we will be forced to handle MIPS/MIPS64 like > > we handle x86_64/x32 which is a royal pain and not something I want to > > have deal with again. > > > > Further, while I don't want to speak for the audit folks, it is my > > understanding that they want this patch for similar reasons. > > > > Please merge this patch for 3.15 or at least provide some feedback as to > > why this isn't a viable solution for upstream. Once 3.15 ships, fixing > > this will require breaking the MIPS ABI which isn't something any of us > > want. > > > > Thanks, > > -Paul > > *Bump* > > I don't know what else needs to be done to get some action on this and we're > running out of time for 3.15. It was merged yesterday: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c7d6891a770aa97dd36c2df3545031e64c6a0ef3 Cheers James
diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h index c6e9cd2..17960fe 100644 --- a/arch/mips/include/asm/syscall.h +++ b/arch/mips/include/asm/syscall.h @@ -133,6 +133,8 @@ static inline int syscall_get_arch(void) #ifdef CONFIG_64BIT if (!test_thread_flag(TIF_32BIT_REGS)) arch |= __AUDIT_ARCH_64BIT; + if (test_thread_flag(TIF_32BIT_ADDR)) + arch |= __AUDIT_ARCH_CONVENTION_MIPS64_N32; #endif #if defined(__LITTLE_ENDIAN) arch |= __AUDIT_ARCH_LE; diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 11917f7..1b1efdd 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -331,9 +331,17 @@ enum { #define AUDIT_FAIL_PRINTK 1 #define AUDIT_FAIL_PANIC 2 +/* + * These bits disambiguate different calling conventions that share an + * ELF machine type, bitness, and endianness + */ +#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000 +#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000 + /* distinguish syscall tables */ #define __AUDIT_ARCH_64BIT 0x80000000 #define __AUDIT_ARCH_LE 0x40000000 + #define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) #define AUDIT_ARCH_ARMEB (EM_ARM) @@ -346,7 +354,11 @@ enum { #define AUDIT_ARCH_MIPS (EM_MIPS) #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) #define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT) +#define AUDIT_ARCH_MIPS64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|\ + __AUDIT_ARCH_CONVENTION_MIPS64_N32) #define AUDIT_ARCH_MIPSEL64 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#define AUDIT_ARCH_MIPSEL64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE\ + __AUDIT_ARCH_CONVENTION_MIPS64_N32) #define AUDIT_ARCH_OPENRISC (EM_OPENRISC) #define AUDIT_ARCH_PARISC (EM_PARISC) #define AUDIT_ARCH_PARISC64 (EM_PARISC|__AUDIT_ARCH_64BIT)
A MIPS64 kernel may support ELF files for all 3 MIPS ABIs (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token does not provide enough information about the ABI for the 64-bit process. As a result of which, userland needs to use complex seccomp filters to decide whether a syscall belongs to the o32 or n32 or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it can be used by seccomp to explicitely set syscall filters for this ABI. Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ Cc: Andy Lutomirski <luto@amacapital.net> Cc: Eric Paris <eparis@redhat.com> Cc: Paul Moore <pmoore@redhat.com> Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> --- Ralf, can we please have this in 3.15 (Assuming it's ACK'd)? Thanks a lot! --- arch/mips/include/asm/syscall.h | 2 ++ include/uapi/linux/audit.h | 12 ++++++++++++ 2 files changed, 14 insertions(+)