From patchwork Mon Oct 9 12:40:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13414738 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C8F8EB8 for ; Tue, 10 Oct 2023 02:02:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="T3aE0jdN" Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7562DB6; Mon, 9 Oct 2023 19:02:23 -0700 (PDT) Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-6934202b8bdso4219756b3a.1; Mon, 09 Oct 2023 19:02:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696903343; x=1697508143; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+VxS46BYkOtM3n7DPKOT+7jWKqjJz3x5dhTSs9Wey/A=; b=T3aE0jdN0XsYgzr+jcXWVJveECX4F7A76p4QA6JIhAwkRtd0LzCo1wRDRykdYaShGI dATLylqxruhu5yMRJ9FizUYNVkZm2V2QoTFbHxK4y/e2gH4qQUH+mUMbg7b9bkuYO3JO JRGr9zT0r1vQPETYgk5s5uDL166C9vgN7wogjxDguf/dfGNNfbkCdZTRYLrUuPBrOpR/ VAucJ7/qsYJIuTQgh98bgF1QKadsNrXfizP74hExYuxosOilsQUOVptZPnGFPOqxfbP9 n1L5e3O8jhodkykyOKUFYo6WVN0iQHM2S27EPseqTv2LH5SzeLxTA9F6XhRV6ruhCOxW fPtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696903343; x=1697508143; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+VxS46BYkOtM3n7DPKOT+7jWKqjJz3x5dhTSs9Wey/A=; b=EUjPIA3vTNKd6n4GpEnuvUgHxyLnlSradLZ9djngXGWnL1cO3sYFhCM46u4s8ofE39 pEAMf7CZ4Bz8DVmvVMVzmMUn6azzsa82oZ+fuqyRp4/SLvZ334KRd2DmEZ/14lEr3qMF /yCqWINGcTIcbEhsWazgREd+ISQP6dE4Vs3DYarkCMMCYbvI8Cp5zPodTk5zJeQVviV5 V7pa3fX/KEl/j1zmyU+Oe33AnO2pwilGcIzdT51umySVkFq6XbNpfaO/R3XUpeIHDpxC C+w87MRhQmZpq2xnHrTdEKQB7i6euf3ZLpebD12kCOCSA6tbv3MlKXlVnIXgZINH2z1L 44Xw== X-Gm-Message-State: AOJu0YwwggTIrCd7QCOKyBxnUNx4z+IwhJEPAU74bM8Rp0iRxa4DUU5f 2M6xo6VYvCyneAOsfet2bIOkpyS+X3TIAA== X-Google-Smtp-Source: AGHT+IG4jABoJ4Ft8AFqTRnHmyQQfN+6eFolPGMFVeidOVxbh/8KpVMbWjpTkWAnc/afrBwh9Ldiug== X-Received: by 2002:a05:6a00:1390:b0:693:3d55:2ba6 with SMTP id t16-20020a056a00139000b006933d552ba6mr21377676pfg.9.1696903342657; Mon, 09 Oct 2023 19:02:22 -0700 (PDT) Received: from ubuntu.. ([43.132.98.112]) by smtp.googlemail.com with ESMTPSA id t28-20020aa7939c000000b0068a46cd4120sm7044809pfe.199.2023.10.09.19.02.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Oct 2023 19:02:22 -0700 (PDT) From: Hengqi Chen To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org Cc: keescook@chromium.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, luto@amacapital.net, wad@chromium.org, alexyonghe@tencent.com, hengqi.chen@gmail.com Subject: [PATCH 1/4] seccomp: Refactor filter copy/create for reuse Date: Mon, 9 Oct 2023 12:40:43 +0000 Message-Id: <20231009124046.74710-2-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231009124046.74710-1-hengqi.chen@gmail.com> References: <20231009124046.74710-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DATE_IN_PAST_12_24, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net This extracts two helpers for reuse in subsequent additions. No functional change intended, just a prep work. Signed-off-by: Hengqi Chen --- kernel/seccomp.c | 76 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 54 insertions(+), 22 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 255999ba9190..37490497f687 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -640,14 +640,14 @@ static inline void seccomp_sync_threads(unsigned long flags) } /** - * seccomp_prepare_filter: Prepares a seccomp filter for use. - * @fprog: BPF program to install + * seccomp_prepare_prog - prepares a JITed BPF filter for use. + * @pfp: the unattached filter that is created + * @fprog: the filter program * - * Returns filter on success or an ERR_PTR on failure. + * Returns 0 on success and non-zero otherwise. */ -static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) +static int seccomp_prepare_prog(struct bpf_prog **pfp, struct sock_fprog *fprog) { - struct seccomp_filter *sfilter; int ret; const bool save_orig = #if defined(CONFIG_CHECKPOINT_RESTORE) || defined(SECCOMP_ARCH_NATIVE) @@ -657,10 +657,28 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) #endif if (fprog->len == 0 || fprog->len > BPF_MAXINSNS) - return ERR_PTR(-EINVAL); + return -EINVAL; BUG_ON(INT_MAX / fprog->len < sizeof(struct sock_filter)); + ret = bpf_prog_create_from_user(pfp, fprog, seccomp_check_filter, save_orig); + if (ret < 0) + return ret; + + return 0; +} + +/** + * seccomp_prepare_filter: Prepares a seccomp filter for use. + * @fprog: BPF program to install + * + * Returns filter on success or an ERR_PTR on failure. + */ +static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) +{ + struct seccomp_filter *sfilter; + int ret; + /* * Installing a seccomp filter requires that the task has * CAP_SYS_ADMIN in its namespace or be running with no_new_privs. @@ -677,8 +695,7 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) return ERR_PTR(-ENOMEM); mutex_init(&sfilter->notify_lock); - ret = bpf_prog_create_from_user(&sfilter->prog, fprog, - seccomp_check_filter, save_orig); + ret = seccomp_prepare_prog(&sfilter->prog, fprog); if (ret < 0) { kfree(sfilter); return ERR_PTR(ret); @@ -692,31 +709,46 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) } /** - * seccomp_prepare_user_filter - prepares a user-supplied sock_fprog + * seccomp_copy_user_filter - copies a user-supplied sock_fprog * @user_filter: pointer to the user data containing a sock_fprog. + * @fprog: pointer to store the copied BPF program * * Returns 0 on success and non-zero otherwise. */ -static struct seccomp_filter * -seccomp_prepare_user_filter(const char __user *user_filter) +static int seccomp_copy_user_filter(const char __user *user_filter, struct sock_fprog *fprog) { - struct sock_fprog fprog; - struct seccomp_filter *filter = ERR_PTR(-EFAULT); - #ifdef CONFIG_COMPAT if (in_compat_syscall()) { struct compat_sock_fprog fprog32; if (copy_from_user(&fprog32, user_filter, sizeof(fprog32))) - goto out; - fprog.len = fprog32.len; - fprog.filter = compat_ptr(fprog32.filter); + return -EFAULT; + fprog->len = fprog32.len; + fprog->filter = compat_ptr(fprog32.filter); } else /* falls through to the if below. */ #endif - if (copy_from_user(&fprog, user_filter, sizeof(fprog))) - goto out; - filter = seccomp_prepare_filter(&fprog); -out: - return filter; + if (copy_from_user(fprog, user_filter, sizeof(*fprog))) + return -EFAULT; + + return 0; +} + +/** + * seccomp_prepare_user_filter - prepares a user-supplied sock_fprog + * @user_filter: pointer to the user data containing a sock_fprog. + * + * Returns filter on success or an ERR_PTR on failure. + */ +static struct seccomp_filter * +seccomp_prepare_user_filter(const char __user *user_filter) +{ + struct sock_fprog fprog; + int ret; + + ret = seccomp_copy_user_filter(user_filter, &fprog); + if (ret) + return ERR_PTR(ret); + + return seccomp_prepare_filter(&fprog); } #ifdef SECCOMP_ARCH_NATIVE From patchwork Mon Oct 9 12:40:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13414739 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4BC561364 for ; Tue, 10 Oct 2023 02:02:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VkNA4XiJ" Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66C9FC4; Mon, 9 Oct 2023 19:02:28 -0700 (PDT) Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-68bed2c786eso3754521b3a.0; Mon, 09 Oct 2023 19:02:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696903347; x=1697508147; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8MoH5lgYSa4yL07ZT7yepVJBaBTQBgOgS38SCCkBf/E=; b=VkNA4XiJCcYgdEC+Ky7EqMyfww1g5Sblz3/KxOvRVW+/HCI7n8YcHO2bLqF7O2lAvn sV7/UBqJZ5Ds/z6RQAiGIfIQ9V2Gwbzkg9Pmu36eZLl6bMxlWd50EhQLSiTamSyu9jZe YF8Fs6Z0G3lwKvncVe7l7NhdhenkpK2mK2p3n/N6k0A25uRokp0uGseUFjKZnB8Mc6Ud aGLwPWQTYlLThMNqDru89H7Cscbyjpz/g25JSsYgXKLdMZIcZTu2ixjxClJvCq8L6gkm 52QYmn8fC7SYwb+bdw2aRbXpqWwwFuddFEV9wel1gAzWrG9KMxwJ9SEZ4l0AOnj9T9s1 hnug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696903347; x=1697508147; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8MoH5lgYSa4yL07ZT7yepVJBaBTQBgOgS38SCCkBf/E=; b=CpvTlZxNxjxZvOeOxjNOAz9nwv0sHEWBumxri9DbgMKvMPlTYgpQGx/xT9rpouMlJY QWS8X5Mo6rcnnz6OeWUBbyV02a1Dv2SomhXznAo9yUkzroNS8sXfg3JRur8+TcfM988I F3S04I8B0UOnVf9XbzwtEWtriwC6zMQOOT9WHJZUelrNbKn669/Ywv7VvrMEr3gpEu0s Zp7ndTHXa6pnWI0GviPHz/kpZ8XHLrRB4i0zHlqaymxGDw+xswjd7+H5c9GXsm2UxRV1 f2gtIYoMMO0OHPgpLwwzAecOLHMgJL5dNH5nxyGJroXANqu2DzJu0F+KbRer09O4K32N H5ug== X-Gm-Message-State: AOJu0YyP/EbMAvDV1V4InvfBBUyC9XYO5uFcJHpnY28Kcigd0o+7yKbc mrKHRArq1jqo80Z4LK37dE23XJU+xE0a1g== X-Google-Smtp-Source: AGHT+IFZ/JOWKfabCyPw57Q82PGBI8uzT/7hVs4Jv5zX/5FelL9FcdkRQfpTCRDGQbYAeU81PTl/SA== X-Received: by 2002:a05:6a20:cea8:b0:171:878f:8f9b with SMTP id if40-20020a056a20cea800b00171878f8f9bmr1060823pzb.26.1696903347428; Mon, 09 Oct 2023 19:02:27 -0700 (PDT) Received: from ubuntu.. ([43.132.98.112]) by smtp.googlemail.com with ESMTPSA id t28-20020aa7939c000000b0068a46cd4120sm7044809pfe.199.2023.10.09.19.02.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Oct 2023 19:02:27 -0700 (PDT) From: Hengqi Chen To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org Cc: keescook@chromium.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, luto@amacapital.net, wad@chromium.org, alexyonghe@tencent.com, hengqi.chen@gmail.com Subject: [PATCH 2/4] seccomp, bpf: Introduce SECCOMP_LOAD_FILTER operation Date: Mon, 9 Oct 2023 12:40:44 +0000 Message-Id: <20231009124046.74710-3-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231009124046.74710-1-hengqi.chen@gmail.com> References: <20231009124046.74710-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DATE_IN_PAST_12_24, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net This patch adds a new operation named SECCOMP_LOAD_FILTER. It accepts the same arguments as SECCOMP_SET_MODE_FILTER but only performs the loading process. If succeed, return a new fd associated with the JITed BPF program (the filter). The filter can then be pinned to bpffs using the returned fd and reused for different processes. To distinguish the filter from other BPF progs, BPF_PROG_TYPE_SECCOMP is added. Signed-off-by: Hengqi Chen --- include/uapi/linux/bpf.h | 1 + include/uapi/linux/seccomp.h | 1 + kernel/seccomp.c | 40 ++++++++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 70bfa997e896..8890fb776bbb 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -995,6 +995,7 @@ enum bpf_prog_type { BPF_PROG_TYPE_SK_LOOKUP, BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */ BPF_PROG_TYPE_NETFILTER, + BPF_PROG_TYPE_SECCOMP, }; enum bpf_attach_type { diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index dbfc9b37fcae..ee2c83697810 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -16,6 +16,7 @@ #define SECCOMP_SET_MODE_FILTER 1 #define SECCOMP_GET_ACTION_AVAIL 2 #define SECCOMP_GET_NOTIF_SIZES 3 +#define SECCOMP_LOAD_FILTER 4 /* Valid flags for SECCOMP_SET_MODE_FILTER */ #define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 37490497f687..3ae43db3b642 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -2028,12 +2028,47 @@ static long seccomp_set_mode_filter(unsigned int flags, seccomp_filter_free(prepared); return ret; } + +static long seccomp_load_filter(const char __user *filter) +{ + struct sock_fprog fprog; + struct bpf_prog *prog; + int ret; + + ret = seccomp_copy_user_filter(filter, &fprog); + if (ret) + return ret; + + ret = seccomp_prepare_prog(&prog, &fprog); + if (ret) + return ret; + + ret = security_bpf_prog_alloc(prog->aux); + if (ret) { + bpf_prog_free(prog); + return ret; + } + + prog->aux->user = get_current_user(); + atomic64_set(&prog->aux->refcnt, 1); + prog->type = BPF_PROG_TYPE_SECCOMP; + + ret = bpf_prog_new_fd(prog); + if (ret < 0) + bpf_prog_put(prog); + return ret; +} #else static inline long seccomp_set_mode_filter(unsigned int flags, const char __user *filter) { return -EINVAL; } + +static inline long seccomp_load_filter(const char __user *filter) +{ + return -EINVAL; +} #endif static long seccomp_get_action_avail(const char __user *uaction) @@ -2095,6 +2130,11 @@ static long do_seccomp(unsigned int op, unsigned int flags, return -EINVAL; return seccomp_get_notif_sizes(uargs); + case SECCOMP_LOAD_FILTER: + if (flags != 0) + return -EINVAL; + + return seccomp_load_filter(uargs); default: return -EINVAL; } From patchwork Mon Oct 9 12:40:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13414740 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB48538E for ; Tue, 10 Oct 2023 02:02:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Zsk2prxx" Received: from mail-oa1-x2f.google.com (mail-oa1-x2f.google.com [IPv6:2001:4860:4864:20::2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92E6A8F; Mon, 9 Oct 2023 19:02:34 -0700 (PDT) Received: by mail-oa1-x2f.google.com with SMTP id 586e51a60fabf-1dcfe9cd337so2543082fac.2; Mon, 09 Oct 2023 19:02:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696903353; x=1697508153; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hd0Jd8fTbfkR1Wny5FqeiXspnLvfaqfYN+8ZoWdzer8=; b=Zsk2prxxot7oIGdcv3NB4/x50HPhIfAhtKsh7rCXcxN98zhuLALVW2w4YgOHPX0+lj 3OeYEMhijcCvpm5ESii97grFFGxE0I0RbQ+k5L0VrFi5YsTwUAIo6XVsqaeY6+IfQ7dB NNS0aQtSeZEf0jFMM1olGw8ShYKvcr+ZQ2zAenoQsN+8XiXqrhrmQ32tVdUgG7I9RshN qjDEgSxDf9OUz5bw7/3OfwcfmRlA3M4DYAhYfSUjKeAtvgxgcfcVC3ny4haeUagPWF7i tZHMoutZkrPmMsHbzDJbQ2SPx6I7YItVYIdLxOkm+efIm55bnTXRlEcW64/0lWOjmdFU 3jRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696903353; x=1697508153; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hd0Jd8fTbfkR1Wny5FqeiXspnLvfaqfYN+8ZoWdzer8=; b=c9uHg0LpDaO4jCg/lQvvawiOpyWNjwxe65V4bMrEMB+Vw3UwNEzqXJm0h7Ou/kAH56 iykRVX/PaUD3nM9FBNiM2uQWP4QLSJybEHW3dYbWp9ebu78zZcUrQ+cg08eDvvDjKQ22 qn10mavLsC8GWyr/AmqjSHRr4+H1+Z+idXEVnDPZ9XhbzhQhzWdWMYcFJ7wIYVhyYg42 WangoX76uTKEyCeJXhrcroB5+ACBpaPwjDgyJjrCmreAxs6EvZA1W3gZ5tUGvqQX82Ms q55Tjt4eSOYJAqo1IQEeuyEdAQnEnPDnXBubK/O4Tbr2SEUi1OzyxkH8jK58OdcCKLRY BbPw== X-Gm-Message-State: AOJu0YxAnW9gICbGHoyXRBSBL8uDYnJlH/M/91KyI9/NNoNYy/IcguMf MN53ZwgWmjYJh2HN1eGoJNkVywlsTdqtTQ== X-Google-Smtp-Source: AGHT+IHa3ztTr4LysKNQ5kf92fjrKoWeTv7z3kKrWrZo7E1gbohjbHDtypavQ2PblTSE0y7AdUQWPg== X-Received: by 2002:a05:6870:c0c5:b0:1e0:eb36:a7ed with SMTP id e5-20020a056870c0c500b001e0eb36a7edmr16247567oad.29.1696903353597; Mon, 09 Oct 2023 19:02:33 -0700 (PDT) Received: from ubuntu.. ([43.132.98.112]) by smtp.googlemail.com with ESMTPSA id t28-20020aa7939c000000b0068a46cd4120sm7044809pfe.199.2023.10.09.19.02.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Oct 2023 19:02:33 -0700 (PDT) From: Hengqi Chen To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org Cc: keescook@chromium.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, luto@amacapital.net, wad@chromium.org, alexyonghe@tencent.com, hengqi.chen@gmail.com Subject: [PATCH 3/4] seccomp: Introduce SECCOMP_ATTACH_FILTER operation Date: Mon, 9 Oct 2023 12:40:45 +0000 Message-Id: <20231009124046.74710-4-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231009124046.74710-1-hengqi.chen@gmail.com> References: <20231009124046.74710-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DATE_IN_PAST_12_24, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net The SECCOMP_ATTACH_FILTER operation is used to attach a loaded filter to the current process. The loaded filter is represented by a fd which is either returned by the SECCOMP_LOAD_FILTER operation or obtained from bpffs using bpf syscall. Signed-off-by: Hengqi Chen --- include/uapi/linux/seccomp.h | 1 + kernel/seccomp.c | 68 +++++++++++++++++++++++++++++++++--- 2 files changed, 64 insertions(+), 5 deletions(-) diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index ee2c83697810..fbe30262fdfc 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -17,6 +17,7 @@ #define SECCOMP_GET_ACTION_AVAIL 2 #define SECCOMP_GET_NOTIF_SIZES 3 #define SECCOMP_LOAD_FILTER 4 +#define SECCOMP_ATTACH_FILTER 5 /* Valid flags for SECCOMP_SET_MODE_FILTER */ #define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 3ae43db3b642..9f9d8a7a1d6e 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -523,7 +523,10 @@ static inline pid_t seccomp_can_sync_threads(void) static inline void seccomp_filter_free(struct seccomp_filter *filter) { if (filter) { - bpf_prog_destroy(filter->prog); + if (filter->prog->type == BPF_PROG_TYPE_SECCOMP) + bpf_prog_put(filter->prog); + else + bpf_prog_destroy(filter->prog); kfree(filter); } } @@ -894,7 +897,7 @@ static void seccomp_cache_prepare(struct seccomp_filter *sfilter) #endif /* SECCOMP_ARCH_NATIVE */ /** - * seccomp_attach_filter: validate and attach filter + * seccomp_do_attach_filter: validate and attach filter * @flags: flags to change filter behavior * @filter: seccomp filter to add to the current process * @@ -905,8 +908,8 @@ static void seccomp_cache_prepare(struct seccomp_filter *sfilter) * seccomp mode or did not have an ancestral seccomp filter * - in NEW_LISTENER mode: the fd of the new listener */ -static long seccomp_attach_filter(unsigned int flags, - struct seccomp_filter *filter) +static long seccomp_do_attach_filter(unsigned int flags, + struct seccomp_filter *filter) { unsigned long total_insns; struct seccomp_filter *walker; @@ -2001,7 +2004,7 @@ static long seccomp_set_mode_filter(unsigned int flags, goto out; } - ret = seccomp_attach_filter(flags, prepared); + ret = seccomp_do_attach_filter(flags, prepared); if (ret) goto out; /* Do not free the successfully attached filter. */ @@ -2058,6 +2061,51 @@ static long seccomp_load_filter(const char __user *filter) bpf_prog_put(prog); return ret; } + +static long seccomp_attach_filter(const char __user *ufd) +{ + const unsigned long seccomp_mode = SECCOMP_MODE_FILTER; + struct seccomp_filter *sfilter; + struct bpf_prog *prog; + int flags = 0; + int fd, ret; + + if (copy_from_user(&fd, ufd, sizeof(fd))) + return -EFAULT; + + prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_SECCOMP); + if (IS_ERR(prog)) + return PTR_ERR(prog); + + sfilter = kzalloc(sizeof(*sfilter), GFP_KERNEL | __GFP_NOWARN); + if (!sfilter) { + bpf_prog_put(prog); + return -ENOMEM; + } + + sfilter->prog = prog; + refcount_set(&sfilter->refs, 1); + refcount_set(&sfilter->users, 1); + mutex_init(&sfilter->notify_lock); + init_waitqueue_head(&sfilter->wqh); + + spin_lock_irq(¤t->sighand->siglock); + + ret = -EINVAL; + if (!seccomp_may_assign_mode(seccomp_mode)) + goto out; + + ret = seccomp_do_attach_filter(flags, sfilter); + if (ret) + goto out; + + sfilter = NULL; + seccomp_assign_mode(current, seccomp_mode, flags); +out: + spin_unlock_irq(¤t->sighand->siglock); + seccomp_filter_free(sfilter); + return ret; +} #else static inline long seccomp_set_mode_filter(unsigned int flags, const char __user *filter) @@ -2069,6 +2117,11 @@ static inline long seccomp_load_filter(const char __user *filter) { return -EINVAL; } + +static inline long seccomp_attach_filter(const char __user *ufd) +{ + return -EINVAL; +} #endif static long seccomp_get_action_avail(const char __user *uaction) @@ -2135,6 +2188,11 @@ static long do_seccomp(unsigned int op, unsigned int flags, return -EINVAL; return seccomp_load_filter(uargs); + case SECCOMP_ATTACH_FILTER: + if (flags != 0) + return -EINVAL; + + return seccomp_attach_filter(uargs); default: return -EINVAL; } From patchwork Mon Oct 9 12:40:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13414741 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5073E38E for ; Tue, 10 Oct 2023 02:02:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YfDFt3MU" Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EA13FD7; Mon, 9 Oct 2023 19:02:41 -0700 (PDT) Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-692b2bdfce9so4605182b3a.3; Mon, 09 Oct 2023 19:02:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696903361; x=1697508161; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WtdXd8zzfUQBn/Ye5tSm8UdJuve0zGYoqRvrat58Hz4=; b=YfDFt3MUbqGgM/HZkE2Z0BZgFPz4kxIntfVYoquRfJYLracZLwXn07A04W9v4+ckGR mzUZQmMdivzFvfdFTRvMaWVf5rLsoXu6UAmhhUzJpBI3xm2Tr0q4jKvggb6E7tXVWV1G HRLcABEPJUld8TujAJNhhkVYbxc3XziO21zCwwNV0ZOHwe8WW5wIK3bp8SKt7k9nmRji ZF+gzl3KBkjyXGSVmsudoQi2Nvje5Nydc0MOYvVpZgbZPdcKxXGKLyyPp7yMTrZt9WTF a7XGLEkv/lbL9+iJ4+1MLbsqT/RubTpOUEsOezmxrlMkRFwNZGOg9ewAS4q/nWfskEX0 tLtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696903361; x=1697508161; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WtdXd8zzfUQBn/Ye5tSm8UdJuve0zGYoqRvrat58Hz4=; b=PUtOR1Bm7vaIcsblnY6/bXIgcT6jg16MKZhazdHLjXYsP5/52cHNpPCVLd9dzrFxN4 Qk+CfF0LwJj447g0efMEUxKeHzSPXdFNSvoWMU6peFpjAoSxxREoczYu3/fiIgxlKCmc zuUHuTRcQbplQ42QkB6fwaeHwDtvtVZyF0S2imfS4gdQBV9PSpwypTPPiRACHHmp4xnY Rt/5PE/jfZoHlr/WlEUSqgHLKpKzGTzOh3A3tSm1KoEwmQNwe/on+zNDCU/6iG0UYJw3 QM6AcG1OfXwUWxlCFxdn3kFyLnaL98Sxr+mBaSnjpl2vL82A1DDSAZZz39J97Ej0W6ZV FCrQ== X-Gm-Message-State: AOJu0YwyM5chVCeZ/NhucUr6UhLTvcQrJvAr18hNwpo32L0sIzjj0GjA yAJxT5kDV3eEDJo5EEVekxbqXlSruMcgyg== X-Google-Smtp-Source: AGHT+IGE/Wvfh56YqXKHMKN/e88TuB1AvEwjGLel0rS8MBBVQu8zPnmg96buRkkUG1bSlMZFjoikMw== X-Received: by 2002:a05:6a00:2405:b0:68f:cd71:45d5 with SMTP id z5-20020a056a00240500b0068fcd7145d5mr19253361pfh.3.1696903361038; Mon, 09 Oct 2023 19:02:41 -0700 (PDT) Received: from ubuntu.. ([43.132.98.112]) by smtp.googlemail.com with ESMTPSA id t28-20020aa7939c000000b0068a46cd4120sm7044809pfe.199.2023.10.09.19.02.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Oct 2023 19:02:40 -0700 (PDT) From: Hengqi Chen To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org Cc: keescook@chromium.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, luto@amacapital.net, wad@chromium.org, alexyonghe@tencent.com, hengqi.chen@gmail.com Subject: [PATCH 4/4] selftests/seccomp: Test SECCOMP_LOAD_FILTER and SECCOMP_ATTACH_FILTER Date: Mon, 9 Oct 2023 12:40:46 +0000 Message-Id: <20231009124046.74710-5-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231009124046.74710-1-hengqi.chen@gmail.com> References: <20231009124046.74710-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DATE_IN_PAST_12_24, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Add a testcase to exercise the newly added SECCOMP_LOAD_FILTER and SECCOMP_ATTACH_FILTER operations. Signed-off-by: Hengqi Chen --- tools/testing/selftests/seccomp/seccomp_bpf.c | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 38f651469968..8f7010482194 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -4735,6 +4735,26 @@ TEST(user_notification_wait_killable_fatal) EXPECT_EQ(SIGTERM, WTERMSIG(status)); } +TEST(seccomp_filter_load_and_attach) +{ + struct sock_filter filter[] = { + BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), + }; + struct sock_fprog prog = { + .len = (unsigned short)ARRAY_SIZE(filter), + .filter = filter, + }; + int fd, ret; + + fd = seccomp(SECCOMP_LOAD_FILTER, 0, &prog); + ASSERT_GT(fd, -1); + + ret = seccomp(SECCOMP_ATTACH_FILTER, 0, &fd); + ASSERT_EQ(ret, 0); + + close(fd); +} + /* * TODO: * - expand NNP testing