Commit 23d67a54 authored by Gabriel Krisman Bertazi's avatar Gabriel Krisman Bertazi Committed by Thomas Gleixner
Browse files

seccomp: Migrate to use SYSCALL_WORK flag 



On architectures using the generic syscall entry code the architecture
independent syscall work is moved to flags in thread_info::syscall_work.
This removes architecture dependencies and frees up TIF bits.

Define SYSCALL_WORK_SECCOMP, use it in the generic entry code and convert
the code which uses the TIF specific helper functions to use the new
*_syscall_work() helpers which either resolve to the new mode for users of
the generic entry code or to the TIF based functions for the other
architectures.

Signed-off-by: default avatarGabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Reviewed-by: default avatarAndy Lutomirski <luto@kernel.org>
Link: https://lore.kernel.org/r/20201116174206.2639648-5-krisman@collabora.com
parent b86678cf

include/asm-generic/syscall.h

+1 −1
Original line number Diff line number Diff line
@@ -135,7 +135,7 @@ void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs, 
 * Returns the AUDIT_ARCH_* based on the system call convention in use.

 *

 * It's only valid to call this when @task is stopped on entry to a system

 * call, due to %TIF_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or %TIF_SECCOMP.

 * call, due to %TIF_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or %SYSCALL_WORK_SECCOMP.

 *

 * Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must

 * provide an implementation of this.

include/linux/entry-common.h

+2 −6
Original line number Diff line number Diff line
@@ -21,10 +21,6 @@ 
# define _TIF_SYSCALL_TRACEPOINT	(0)

#endif



#ifndef _TIF_SECCOMP

# define _TIF_SECCOMP			(0)

#endif



#ifndef _TIF_SYSCALL_AUDIT

# define _TIF_SYSCALL_AUDIT		(0)

#endif
@@ -49,7 +45,7 @@ 
#endif



#define SYSCALL_ENTER_WORK						\

	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SECCOMP |	\

	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT  |			\

	 _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_EMU |			\

	 ARCH_SYSCALL_ENTER_WORK)
@@ -64,7 +60,7 @@ 
	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT |			\

	 _TIF_SYSCALL_TRACEPOINT | ARCH_SYSCALL_EXIT_WORK)



#define SYSCALL_WORK_ENTER	(0)

#define SYSCALL_WORK_ENTER	(SYSCALL_WORK_SECCOMP)

#define SYSCALL_WORK_EXIT	(0)



/*

include/linux/seccomp.h

+1 −1
Original line number Diff line number Diff line
@@ -42,7 +42,7 @@ struct seccomp { 
extern int __secure_computing(const struct seccomp_data *sd);

static inline int secure_computing(void)

{

	if (unlikely(test_thread_flag(TIF_SECCOMP)))

	if (unlikely(test_syscall_work(SECCOMP)))

		return  __secure_computing(NULL);

	return 0;

}

include/linux/thread_info.h

+6 −0
Original line number Diff line number Diff line
@@ -35,6 +35,12 @@ enum { 
	GOOD_STACK,

};



enum syscall_work_bit {

	SYSCALL_WORK_BIT_SECCOMP,

};



#define SYSCALL_WORK_SECCOMP		BIT(SYSCALL_WORK_BIT_SECCOMP)



#include <asm/thread_info.h>



#ifdef __KERNEL__

kernel/entry/common.c

+1 −1
Original line number Diff line number Diff line
@@ -54,7 +54,7 @@ static long syscall_trace_enter(struct pt_regs *regs, long syscall, 
	}



	/* Do seccomp after ptrace, to catch any tracer changes. */

	if (ti_work & _TIF_SECCOMP) {

	if (work & SYSCALL_WORK_SECCOMP) {

		ret = __secure_computing(NULL);

		if (ret == -1L)

			return ret;