From ef1a935c08ea97436f62edb0b1427d60e31b777b Mon Sep 17 00:00:00 2001 From: Max Filippov Date: Mon, 1 May 2017 06:17:47 -0700 Subject: xtensa: add audit support All bits needed for syscall audit are present on xtensa. Add audit_syscall_entry and audit_syscall_exit calls and select HAVE_ARCH_AUDITSYSCALL in Kconfig. Signed-off-by: Max Filippov --- arch/xtensa/include/asm/thread_info.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'arch/xtensa/include') diff --git a/arch/xtensa/include/asm/thread_info.h b/arch/xtensa/include/asm/thread_info.h index f092cc3f4e66..c49cc4a1f39a 100644 --- a/arch/xtensa/include/asm/thread_info.h +++ b/arch/xtensa/include/asm/thread_info.h @@ -111,15 +111,17 @@ static inline struct thread_info *current_thread_info(void) #define TIF_RESTORE_SIGMASK 6 /* restore signal mask in do_signal() */ #define TIF_NOTIFY_RESUME 7 /* callback before returning to user */ #define TIF_DB_DISABLED 8 /* debug trap disabled for syscall */ +#define TIF_SYSCALL_AUDIT 9 /* syscall auditing active */ #define _TIF_SYSCALL_TRACE (1< Date: Sat, 18 Jul 2020 17:47:43 -0700 Subject: xtensa: expose syscall through user_pt_regs Use one of the reserved slots in struct user_pt_regs to return syscall number in the GPR regset. Update syscall number from the GPR regset only when it's non-zero. Signed-off-by: Max Filippov --- arch/xtensa/include/uapi/asm/ptrace.h | 3 ++- arch/xtensa/kernel/ptrace.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'arch/xtensa/include') diff --git a/arch/xtensa/include/uapi/asm/ptrace.h b/arch/xtensa/include/uapi/asm/ptrace.h index 2ec0f9100a06..50db3e0a6341 100644 --- a/arch/xtensa/include/uapi/asm/ptrace.h +++ b/arch/xtensa/include/uapi/asm/ptrace.h @@ -50,7 +50,8 @@ struct user_pt_regs { __u32 windowstart; __u32 windowbase; __u32 threadptr; - __u32 reserved[7 + 48]; + __u32 syscall; + __u32 reserved[6 + 48]; __u32 a[64]; }; diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c index 0278d7dfb4d6..437b4297948d 100644 --- a/arch/xtensa/kernel/ptrace.c +++ b/arch/xtensa/kernel/ptrace.c @@ -52,6 +52,7 @@ static int gpr_get(struct task_struct *target, .threadptr = regs->threadptr, .windowbase = regs->windowbase, .windowstart = regs->windowstart, + .syscall = regs->syscall, }; memcpy(newregs.a, @@ -91,6 +92,9 @@ static int gpr_set(struct task_struct *target, regs->sar = newregs.sar; regs->threadptr = newregs.threadptr; + if (newregs.syscall) + regs->syscall = newregs.syscall; + if (newregs.windowbase != regs->windowbase || newregs.windowstart != regs->windowstart) { u32 rotws, wmask; -- cgit v1.2.3 From da94a40f72859ce24dc72de9292981513a33e427 Mon Sep 17 00:00:00 2001 From: Max Filippov Date: Wed, 13 Nov 2019 20:47:17 -0800 Subject: xtensa: add seccomp support Add SECCOMP to xtensa Kconfig, select HAVE_ARCH_SECCOMP_FILTER, add TIF_SECCOMP and call secure_computing from do_syscall_trace_enter. Signed-off-by: Max Filippov --- .../features/seccomp/seccomp-filter/arch-support.txt | 2 +- arch/xtensa/Kconfig | 15 +++++++++++++++ arch/xtensa/include/asm/Kbuild | 1 + arch/xtensa/include/asm/thread_info.h | 5 ++++- arch/xtensa/kernel/ptrace.c | 4 +++- 5 files changed, 24 insertions(+), 3 deletions(-) (limited to 'arch/xtensa/include') diff --git a/Documentation/features/seccomp/seccomp-filter/arch-support.txt b/Documentation/features/seccomp/seccomp-filter/arch-support.txt index c7b837f735b1..7b3ec8ea174a 100644 --- a/Documentation/features/seccomp/seccomp-filter/arch-support.txt +++ b/Documentation/features/seccomp/seccomp-filter/arch-support.txt @@ -30,5 +30,5 @@ | um: | ok | | unicore32: | TODO | | x86: | ok | - | xtensa: | TODO | + | xtensa: | ok | ----------------------- diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig index a7def0991a01..a461ee051e73 100644 --- a/arch/xtensa/Kconfig +++ b/arch/xtensa/Kconfig @@ -24,6 +24,7 @@ config XTENSA select HAVE_ARCH_AUDITSYSCALL select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL select HAVE_ARCH_KASAN if MMU && !XIP_KERNEL + select HAVE_ARCH_SECCOMP_FILTER select HAVE_ARCH_TRACEHOOK select HAVE_COPY_THREAD_TLS select HAVE_DEBUG_KMEMLEAK @@ -217,6 +218,20 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. +config SECCOMP + bool + prompt "Enable seccomp to safely compute untrusted bytecode" + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + config FAST_SYSCALL_XTENSA bool "Enable fast atomic syscalls" default n diff --git a/arch/xtensa/include/asm/Kbuild b/arch/xtensa/include/asm/Kbuild index 9718e9593564..c59c42a1221a 100644 --- a/arch/xtensa/include/asm/Kbuild +++ b/arch/xtensa/include/asm/Kbuild @@ -7,4 +7,5 @@ generic-y += mcs_spinlock.h generic-y += param.h generic-y += qrwlock.h generic-y += qspinlock.h +generic-y += seccomp.h generic-y += user.h diff --git a/arch/xtensa/include/asm/thread_info.h b/arch/xtensa/include/asm/thread_info.h index c49cc4a1f39a..8918f0f20c53 100644 --- a/arch/xtensa/include/asm/thread_info.h +++ b/arch/xtensa/include/asm/thread_info.h @@ -112,6 +112,7 @@ static inline struct thread_info *current_thread_info(void) #define TIF_NOTIFY_RESUME 7 /* callback before returning to user */ #define TIF_DB_DISABLED 8 /* debug trap disabled for syscall */ #define TIF_SYSCALL_AUDIT 9 /* syscall auditing active */ +#define TIF_SECCOMP 10 /* secure computing */ #define _TIF_SYSCALL_TRACE (1< #include #include +#include #include #include #include @@ -559,7 +560,8 @@ int do_syscall_trace_enter(struct pt_regs *regs) return 0; } - if (regs->syscall == NO_SYSCALL) { + if (regs->syscall == NO_SYSCALL || + secure_computing() == -1) { do_syscall_trace_leave(regs); return 0; } -- cgit v1.2.3 From 10b60595ddd53728e6975e50524841bb8c0339a8 Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Tue, 21 Jul 2020 14:00:44 -0700 Subject: xtensa: initialize_mmu.h: fix a duplicated word Change "The the" to "For the". Signed-off-by: Randy Dunlap Cc: Chris Zankel Cc: Max Filippov Cc: linux-xtensa@linux-xtensa.org Message-Id: <20200721210044.15458-1-rdunlap@infradead.org> Signed-off-by: Max Filippov --- arch/xtensa/include/asm/initialize_mmu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/xtensa/include') diff --git a/arch/xtensa/include/asm/initialize_mmu.h b/arch/xtensa/include/asm/initialize_mmu.h index 9ee0c1d004f9..05cb13dfe6f4 100644 --- a/arch/xtensa/include/asm/initialize_mmu.h +++ b/arch/xtensa/include/asm/initialize_mmu.h @@ -6,7 +6,7 @@ * For the new V3 MMU we remap the TLB from virtual == physical * to the standard Linux mapping used in earlier MMU's. * - * The the MMU we also support a new configuration register that + * For the MMU we also support a new configuration register that * specifies how the S32C1I instruction operates with the cache * controller. * -- cgit v1.2.3 From a0fc1436f1f4f84e93144480bf30e0c958d135b6 Mon Sep 17 00:00:00 2001 From: Max Filippov Date: Fri, 31 Jul 2020 12:38:05 -0700 Subject: xtensa: add missing exclusive access state management The result of the s32ex opcode is recorded in the ATOMCTL special register and must be retrieved with the getex opcode. Context switch between s32ex and getex may trash the ATOMCTL register and result in duplicate update or missing update of the atomic variable. Add atomctl8 field to the struct thread_info and use getex to swap ATOMCTL bit 8 as a part of context switch. Clear exclusive access monitor on kernel entry. Cc: stable@vger.kernel.org Fixes: f7c34874f04a ("xtensa: add exclusive atomics support") Signed-off-by: Max Filippov --- arch/xtensa/include/asm/thread_info.h | 4 ++++ arch/xtensa/kernel/asm-offsets.c | 3 +++ arch/xtensa/kernel/entry.S | 11 +++++++++++ 3 files changed, 18 insertions(+) (limited to 'arch/xtensa/include') diff --git a/arch/xtensa/include/asm/thread_info.h b/arch/xtensa/include/asm/thread_info.h index 8918f0f20c53..6acbbe0d87d3 100644 --- a/arch/xtensa/include/asm/thread_info.h +++ b/arch/xtensa/include/asm/thread_info.h @@ -55,6 +55,10 @@ struct thread_info { mm_segment_t addr_limit; /* thread address space */ unsigned long cpenable; +#if XCHAL_HAVE_EXCLUSIVE + /* result of the most recent exclusive store */ + unsigned long atomctl8; +#endif /* Allocate storage for extra user states and coprocessor states. */ #if XTENSA_HAVE_COPROCESSORS diff --git a/arch/xtensa/kernel/asm-offsets.c b/arch/xtensa/kernel/asm-offsets.c index 33a257b33723..dc5c83cad9be 100644 --- a/arch/xtensa/kernel/asm-offsets.c +++ b/arch/xtensa/kernel/asm-offsets.c @@ -93,6 +93,9 @@ int main(void) DEFINE(THREAD_RA, offsetof (struct task_struct, thread.ra)); DEFINE(THREAD_SP, offsetof (struct task_struct, thread.sp)); DEFINE(THREAD_CPENABLE, offsetof (struct thread_info, cpenable)); +#if XCHAL_HAVE_EXCLUSIVE + DEFINE(THREAD_ATOMCTL8, offsetof (struct thread_info, atomctl8)); +#endif #if XTENSA_HAVE_COPROCESSORS DEFINE(THREAD_XTREGS_CP0, offsetof(struct thread_info, xtregs_cp.cp0)); DEFINE(THREAD_XTREGS_CP1, offsetof(struct thread_info, xtregs_cp.cp1)); diff --git a/arch/xtensa/kernel/entry.S b/arch/xtensa/kernel/entry.S index 98515c24d9b2..703cf6205efe 100644 --- a/arch/xtensa/kernel/entry.S +++ b/arch/xtensa/kernel/entry.S @@ -374,6 +374,11 @@ common_exception: s32i a2, a1, PT_LCOUNT #endif +#if XCHAL_HAVE_EXCLUSIVE + /* Clear exclusive access monitor set by interrupted code */ + clrex +#endif + /* It is now save to restore the EXC_TABLE_FIXUP variable. */ rsr a2, exccause @@ -2020,6 +2025,12 @@ ENTRY(_switch_to) s32i a3, a4, THREAD_CPENABLE #endif +#if XCHAL_HAVE_EXCLUSIVE + l32i a3, a5, THREAD_ATOMCTL8 + getex a3 + s32i a3, a4, THREAD_ATOMCTL8 +#endif + /* Flush register file. */ spill_registers_kernel -- cgit v1.2.3