um: Add stub side of SECCOMP/futex based process handling (dac494bf) · Commits · git / linux-nf

arch/um/include/shared/common-offsets.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -14,3 +14,5 @@ DEFINE(UM_THREAD_SIZE, THREAD_SIZE);

		DEFINE(UM_NSEC_PER_SEC, NSEC_PER_SEC);
		DEFINE(UM_NSEC_PER_USEC, NSEC_PER_USEC);

		DEFINE(UM_KERN_GDT_ENTRY_TLS_ENTRIES, GDT_ENTRY_TLS_ENTRIES);

+14 −0

Original line number	Diff line number	Diff line
		@@ -11,6 +11,10 @@
		#include <linux/compiler_types.h>
		#include <as-layout.h>
		#include <sysdep/tls.h>
		#include <sysdep/stub-data.h>

		#define FUTEX_IN_CHILD 0
		#define FUTEX_IN_KERN 1

		struct stub_init_data {
		unsigned long stub_start;
		@@ -52,6 +56,16 @@ struct stub_data {
		/* 128 leaves enough room for additional fields in the struct */
		struct stub_syscall syscall_data[(UM_KERN_PAGE_SIZE - 128) / sizeof(struct stub_syscall)] __aligned(16);

		/* data shared with signal handler (only used in seccomp mode) */
		short restart_wait;
		unsigned int futex;
		int signal;
		unsigned short si_offset;
		unsigned short mctx_offset;

		/* seccomp architecture specific state restore */
		struct stub_data_arch arch_data;

		/* Stack for our signal handlers and for calling into . */
		unsigned char sigstack[UM_KERN_PAGE_SIZE] __aligned(UM_KERN_PAGE_SIZE);
		};

+49 −0

Original line number	Diff line number	Diff line
		@@ -5,6 +5,9 @@

		#include <sysdep/stub.h>

		#include <linux/futex.h>
		#include <errno.h>

		static __always_inline int syscall_handler(struct stub_data *d)
		{
		int i;
		@@ -57,3 +60,49 @@ stub_syscall_handler(void)

		trap_myself();
		}

		void __section(".__syscall_stub")
		stub_signal_interrupt(int sig, siginfo_t info, void p)
		{
		struct stub_data *d = get_stub_data();
		ucontext_t *uc = p;
		long res;

		d->signal = sig;
		d->si_offset = (unsigned long)info - (unsigned long)&d->sigstack[0];
		d->mctx_offset = (unsigned long)&uc->uc_mcontext - (unsigned long)&d->sigstack[0];

		restart_wait:
		d->futex = FUTEX_IN_KERN;
		do {
		res = stub_syscall3(__NR_futex, (unsigned long)&d->futex,
		FUTEX_WAKE, 1);
		} while (res == -EINTR);
		do {
		res = stub_syscall4(__NR_futex, (unsigned long)&d->futex,
		FUTEX_WAIT, FUTEX_IN_KERN, 0);
		} while (res == -EINTR \|\| d->futex == FUTEX_IN_KERN);

		if (res < 0 && res != -EAGAIN)
		stub_syscall1(__NR_exit_group, 1);

		/* Try running queued syscalls. */
		if (syscall_handler(d) < 0 \|\| d->restart_wait) {
		/* Report SIGSYS if we restart. */
		d->signal = SIGSYS;
		d->restart_wait = 0;
		goto restart_wait;
		}

		/* Restore arch dependent state that is not part of the mcontext */
		stub_seccomp_restore_state(&d->arch_data);

		/* Return so that the host modified mcontext is restored. */
		}

		void __section(".__syscall_stub")
		stub_signal_restorer(void)
		{
		/* We must not have anything on the stack when doing rt_sigreturn */
		stub_syscall0(__NR_rt_sigreturn);
		}

0 → 100644

+23 −0

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0 */
		#ifndef __ARCH_STUB_DATA_H
		#define __ARCH_STUB_DATA_H

		#ifdef __i386__
		#include <generated/asm-offsets.h>
		#include <asm/ldt.h>

		struct stub_data_arch {
		int sync;
		struct user_desc tls[UM_KERN_GDT_ENTRY_TLS_ENTRIES];
		};
		#else
		#define STUB_SYNC_FS_BASE (1 << 0)
		#define STUB_SYNC_GS_BASE (1 << 1)
		struct stub_data_arch {
		int sync;
		unsigned long fs_base;
		unsigned long gs_base;
		};
		#endif

		#endif /* __ARCH_STUB_DATA_H */

+2 −0

Original line number	Diff line number	Diff line
		@@ -13,3 +13,5 @@

		extern void stub_segv_handler(int, siginfo_t , void );
		extern void stub_syscall_handler(void);
		extern void stub_signal_interrupt(int, siginfo_t , void );
		extern void stub_signal_restorer(void);