[RFC PATCH v2 0/9] SECCOMP based userspace for UML

Benjamin Berg benjamin at sipsolutions.net
Wed Oct 23 07:08:18 PDT 2024 

From: Benjamin Berg <benjamin.berg at intel.com>

Hi all,

here is an updated version of the SECCOMP patchset. The main improvement
to the previous RFC version is that now FP registers will work correctly
on 32 bit. I hope it is in a relatively good state overall, but I expect
we will not merge this into 6.13.

The patchset adds a new userspace handling mode to UML that is based on
a SECCOMP filter and trusted code within each userspace process.

One advantage of this approach is that it saves quite a few context
switches when handling pagefaults (and syscalls to some extend). The
reason is that the ptrace code needs a separate context switch to
execute syscalls in the stub as well as another one to grab the segfault
information.

Benjamin

RFCv2:
- Fix FP handling on i386
- Improved MM list for userspace sigchild handling

Benjamin Berg (9):
  um: Store full CSGSFS and SS register from mcontext
  um: Move faultinfo extraction into userspace routine
  um: Add UML_SECCOMP configuration option
  um: Add stub side of SECCOMP/futex based process handling
  um: Add helper functions to get/set state for SECCOMP
  um: Add SECCOMP support detection and initialization
  um: Track userspace children dying in SECCOMP mode
  um: Implement kernel side of SECCOMP based process handling
  um: pass FD for memory operations when needed

 arch/um/Kconfig                            |  19 +
 arch/um/include/asm/irq.h                  |   5 +-
 arch/um/include/asm/mmu.h                  |   3 +
 arch/um/include/shared/common-offsets.h    |   4 +
 arch/um/include/shared/irq_user.h          |   1 +
 arch/um/include/shared/os.h                |   3 +-
 arch/um/include/shared/skas/mm_id.h        |  13 +
 arch/um/include/shared/skas/skas.h         |   6 +
 arch/um/include/shared/skas/stub-data.h    |  21 +-
 arch/um/kernel/irq.c                       |   5 +
 arch/um/kernel/skas/mmu.c                  |  90 +++-
 arch/um/kernel/skas/stub.c                 | 131 +++++-
 arch/um/kernel/skas/stub_exe.c             | 156 ++++++-
 arch/um/os-Linux/internal.h                |   4 +
 arch/um/os-Linux/process.c                 |  31 ++
 arch/um/os-Linux/registers.c               |   4 +-
 arch/um/os-Linux/signal.c                  |  19 +-
 arch/um/os-Linux/skas/mem.c                | 104 ++++-
 arch/um/os-Linux/skas/process.c            | 493 +++++++++++++++------
 arch/um/os-Linux/start_up.c                | 148 ++++++-
 arch/x86/um/os-Linux/mcontext.c            | 223 +++++++++-
 arch/x86/um/ptrace.c                       |  76 +++-
 arch/x86/um/shared/sysdep/kernel-offsets.h |   2 +
 arch/x86/um/shared/sysdep/mcontext.h       |  10 +
 arch/x86/um/shared/sysdep/stub-data.h      |  23 +
 arch/x86/um/shared/sysdep/stub.h           |   2 +
 arch/x86/um/shared/sysdep/stub_32.h        |  13 +
 arch/x86/um/shared/sysdep/stub_64.h        |  14 +
 arch/x86/um/tls_32.c                       |  23 +-
 29 files changed, 1437 insertions(+), 209 deletions(-)
 create mode 100644 arch/x86/um/shared/sysdep/stub-data.h

-- 
2.47.0

More information about the linux-um mailing list