[RFC PATCH 0/9] SECCOMP based userspace for UML

Benjamin Berg benjamin at sipsolutions.net
Wed Sep 25 13:32:23 PDT 2024 

From: Benjamin Berg <benjamin.berg at intel.com>

Hi all,

this is an updated version of the SECCOMP patchset. The patchset adds a
new userspace handling mode to UML that is based on a SECCOMP filter
and trusted code within each userspace process.

One advantage of this approach is that it saves quite a few context
switches when handling pagefaults (and syscalls to some extend). The
reason is that the ptrace code needs a separate context switch to
execute syscalls in the stub as well as another one to grab the segfault
information.

This new version of the patchset changes the security model to use FD
passing for the memory to ensure only the stub code can use the
permitted syscalls. Note that the current SECCOMP filter is not yet
sufficient to prevent userspace from tricking the kernel (and stub) to
map any physical memory.

Also new is working i386 support.

Benjamin

Benjamin Berg (9):
  um: Store full CSGSFS and SS register from mcontext
  um: Move faultinfo extraction into userspace routine
  um: Add UML_SECCOMP configuration option
  um: Add stub side of SECCOMP/futex based process handling
  um: Add helper functions to get/set state for SECCOMP
  um: Add SECCOMP support detection and initialization
  um: Track userspace children dying in SECCOMP mode
  um: Implement kernel side of SECCOMP based process handling
  um: pass FD for memory operations when needed

 arch/um/Kconfig                            |  20 +
 arch/um/include/asm/irq.h                  |   5 +-
 arch/um/include/shared/common-offsets.h    |   3 +
 arch/um/include/shared/irq_user.h          |   1 +
 arch/um/include/shared/os.h                |   3 +-
 arch/um/include/shared/skas/mm_id.h        |  16 +
 arch/um/include/shared/skas/skas.h         |   6 +
 arch/um/include/shared/skas/stub-data.h    |  21 +-
 arch/um/kernel/irq.c                       |   5 +
 arch/um/kernel/skas/mmu.c                  |  98 +++-
 arch/um/kernel/skas/stub.c                 | 131 +++++-
 arch/um/kernel/skas/stub_exe.c             | 162 ++++++-
 arch/um/kernel/tlb.c                       |  21 +-
 arch/um/os-Linux/internal.h                |   4 +
 arch/um/os-Linux/process.c                 |  31 ++
 arch/um/os-Linux/registers.c               |   4 +-
 arch/um/os-Linux/signal.c                  |  19 +-
 arch/um/os-Linux/skas/mem.c                | 104 ++++-
 arch/um/os-Linux/skas/process.c            | 501 +++++++++++++++------
 arch/um/os-Linux/start_up.c                | 150 +++++-
 arch/x86/um/os-Linux/mcontext.c            | 203 ++++++++-
 arch/x86/um/shared/sysdep/kernel-offsets.h |   2 +
 arch/x86/um/shared/sysdep/mcontext.h       |   9 +
 arch/x86/um/shared/sysdep/stub-data.h      |  18 +
 arch/x86/um/shared/sysdep/stub.h           |   2 +
 arch/x86/um/shared/sysdep/stub_32.h        |  13 +
 arch/x86/um/shared/sysdep/stub_64.h        |  14 +
 arch/x86/um/tls_32.c                       |  23 +-
 28 files changed, 1388 insertions(+), 201 deletions(-)
 create mode 100644 arch/x86/um/shared/sysdep/stub-data.h

-- 
2.46.1

More information about the linux-um mailing list