[RFC 2/3] abi_spec: hooks into syscall to allow pre and post checking

Wed, 16 Nov 2016 09:38:37 -0800 

This is a simple way to be able to verify syscall parameters before the
call to the actual syscall, and also verify the return value after the
call.

Signed-off-by: Sasha Levin <[email protected]>
---
 include/linux/syscalls.h |  7 ++++++-
 kernel/Makefile          |  2 ++
 kernel/abi_spec.c        | 15 +++++++++++++++
 3 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 kernel/abi_spec.c

diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 91a740f..6aa3228 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -79,6 +79,7 @@ union bpf_attr;
 #include <linux/quota.h>
 #include <linux/key.h>
 #include <trace/syscall.h>
+#include <linux/abi_spec.h>
 
 /*
  * __MAP - apply a macro to syscall arguments
@@ -192,13 +193,17 @@ extern struct trace_event_functions 
exit_syscall_print_funcs;
 
 #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__)
 #define __SYSCALL_DEFINEx(x, name, ...)                                        
\
+       extern const struct syscall_spec syscall_spec##name;            \
        asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))       \
                __attribute__((alias(__stringify(SyS##name))));         \
        static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));  \
        asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));      \
        asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))       \
        {                                                               \
-               long ret = SYSC##name(__MAP(x,__SC_CAST,__VA_ARGS__));  \
+               long ret;                                               \
+               abispec_check_pre(&syscall_spec##name, 
__MAP(x,__SC_CAST,__VA_ARGS__)); \
+               ret = SYSC##name(__MAP(x,__SC_CAST,__VA_ARGS__));       \
+               abispec_check_post(&syscall_spec##name, ret, 
__MAP(x,__SC_CAST,__VA_ARGS__)); \
                __MAP(x,__SC_TEST,__VA_ARGS__);                         \
                __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__));       \
                return ret;                                             \
diff --git a/kernel/Makefile b/kernel/Makefile
index eb26e12c..d94a1f9 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -113,6 +113,8 @@ obj-$(CONFIG_MEMBARRIER) += membarrier.o
 
 obj-$(CONFIG_HAS_IOMEM) += memremap.o
 
+obj-y += abi_spec.o
+
 $(obj)/configs.o: $(obj)/config_data.h
 
 # config_data.h contains the same information as ikconfig.h but gzipped.
diff --git a/kernel/abi_spec.c b/kernel/abi_spec.c
new file mode 100644
index 0000000..7933c45
--- /dev/null
+++ b/kernel/abi_spec.c
@@ -0,0 +1,15 @@
+#include <linux/kernel.h>
+#include <linux/abi_spec.h>
+#include <linux/limits.h>
+#include <linux/uaccess.h>
+
+void abispec_check_pre(const struct syscall_spec *s, ...)
+{
+}
+EXPORT_SYMBOL_GPL(abispec_check_pre);
+
+void abispec_check_post(const struct syscall_spec *s, long retval, ...)
+{
+}
+EXPORT_SYMBOL_GPL(abispec_check_post);
+
-- 
2.7.4

Reply via email to