linux-toradex.git/samples/seccomp, branch v4.14-rc3 Linux kernel for Apalis and Colibri modules samples/seccomp: fix 64-bit comparison macros 2017-01-09T06:22:03+00:00 Mathias Svensson idolf@google.com 2017-01-06T21:32:39+00:00 916cafdc95843fb9af5fd5f83ca499d75473d107 There were some bugs in the JNE64 and JLT64 comparision macros. This fixes them, improves comments, and cleans up the file while we are at it. Reported-by: Stephen Röttger <sroettger@google.com> Signed-off-by: Mathias Svensson <idolf@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: James Morris <james.l.morris@oracle.com> 
There were some bugs in the JNE64 and JLT64 comparision macros. This fixes
them, improves comments, and cleans up the file while we are at it.

Reported-by: Stephen Röttger <sroettger@google.com>
Signed-off-by: Mathias Svensson <idolf@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
samples/seccomp: Support programs with >256 instructions 2016-11-01T15:58:17+00:00 Ricky Zhou rickyz@chromium.org 2016-10-13T17:37:28+00:00 d881d25cf5bc2fafbbfb383a475278977e1bd55a Previously, the program size was incorrectly truncated to 8 bits, resulting in broken labels in large programs. Also changes the jump resolution loop to not rely on undefined behavior (making a pointer point before the filter array). Signed-off-by: Ricky Zhou <rickyz@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> 
Previously, the program size was incorrectly truncated to 8 bits,
resulting in broken labels in large programs. Also changes the jump
resolution loop to not rely on undefined behavior (making a pointer
point before the filter array).

Signed-off-by: Ricky Zhou <rickyz@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
samples/seccomp: Enable PR_SET_NO_NEW_PRIVS in dropper 2016-11-01T15:58:10+00:00 Ricky Zhou rickyz@chromium.org 2016-10-13T17:34:08+00:00 1ff120504f8c322a03fbce035d99e29e741da725 Either CAP_SYS_ADMIN or PR_SET_NO_NEW_PRIVS is required to enable seccomp. This allows samples/seccomp/dropper to be run without CAP_SYS_ADMIN. Signed-off-by: Ricky Zhou <rickyz@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> 
Either CAP_SYS_ADMIN or PR_SET_NO_NEW_PRIVS is required to enable
seccomp. This allows samples/seccomp/dropper to be run without
CAP_SYS_ADMIN.

Signed-off-by: Ricky Zhou <rickyz@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
samples/seccomp: Fix hostprogs variable 2016-11-01T15:57:42+00:00 Ricky Zhou rickyz@chromium.org 2016-10-13T17:29:14+00:00 0af04ba5640dd6318f117a9fcbfde886516a0220 In f6041c1d, a separate SAMPLES_SECCOMP option was added. This changed hostprogs-y to hostprogs-m, so adjust it. Signed-off-by: Ricky Zhou <rickyz@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> 
In f6041c1d, a separate SAMPLES_SECCOMP option was added. This changed
hostprogs-y to hostprogs-m, so adjust it.

Signed-off-by: Ricky Zhou <rickyz@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
samples/seccomp: Add standalone config option 2016-07-07T17:58:03+00:00 Olof Johansson olof@lixom.net 2016-07-06T06:53:19+00:00 f6041c1d8a0825e41219a0443d365318d238d7b3 Add a separate Kconfig option for SAMPLES_SECCOMP. Main reason for this is that, just like other samples, it's forced to be a module. Without this, since the sample is a target only controlled by CONFIG_SECCOMP_FILTER, the samples will be built before include files are put in place properly. For example, from an arm64 allmodconfig built with "make -sk -j 32" (without specific target), the following happens: samples/seccomp/bpf-fancy.c:13:27: fatal error: linux/seccomp.h: No such file or directory samples/seccomp/bpf-helper.h:20:50: fatal error: linux/seccomp.h: No such file or directory samples/seccomp/dropper.c:20:27: fatal error: linux/seccomp.h: No such file or directory samples/seccomp/bpf-direct.c:21:27: fatal error: linux/seccomp.h: No such file or directory So, just stick to the same format as other samples. Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Kees Cook <keescook@chromium.org> 
Add a separate Kconfig option for SAMPLES_SECCOMP.

Main reason for this is that, just like other samples, it's forced to
be a module.

Without this, since the sample is a target only controlled by
CONFIG_SECCOMP_FILTER, the samples will be built before include files are
put in place properly. For example, from an arm64 allmodconfig built with
"make -sk -j 32" (without specific target), the following happens:

  samples/seccomp/bpf-fancy.c:13:27: fatal error: linux/seccomp.h: No such file or directory
  samples/seccomp/bpf-helper.h:20:50: fatal error: linux/seccomp.h: No such file or directory
  samples/seccomp/dropper.c:20:27: fatal error: linux/seccomp.h: No such file or directory
  samples/seccomp/bpf-direct.c:21:27: fatal error: linux/seccomp.h: No such file or directory

So, just stick to the same format as other samples.

Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
samples/seccomp: improve label helper 2015-02-17T22:34:55+00:00 Kees Cook keescook@chromium.org 2015-02-17T21:47:58+00:00 3a9af0bd34410a255d27024ea1bc28dc4e3a0044 Fixes a potential corruption with uninitialized stack memory in the seccomp BPF sample program. [akpm@linux-foundation.org: coding-style fixlet] Signed-off-by: Kees Cook <keescook@chromium.org> Reported-by: Robert Swiecki <swiecki@google.com> Tested-by: Robert Swiecki <swiecki@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Fixes a potential corruption with uninitialized stack memory in the
seccomp BPF sample program.

[akpm@linux-foundation.org: coding-style fixlet]
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Robert Swiecki <swiecki@google.com>
Tested-by: Robert Swiecki <swiecki@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
samples/seccomp/Makefile: do not build tests if cross-compiling for MIPS 2014-04-03T23:21:06+00:00 Markos Chandras markos.chandras@imgtec.com 2014-04-03T21:48:32+00:00 e9107f88c985bcda5a8ec692cd692005738136f1 The Makefile is designed to use the host toolchain so it may be unsafe to build the tests if the kernel has been configured and built for another architecture. This fixes a build problem when the kernel has been configured and built for the MIPS architecture but the host is not MIPS (cross-compiled). The MIPS syscalls are only defined if one of the following is true: 1) _MIPS_SIM == _MIPS_SIM_ABI64 2) _MIPS_SIM == _MIPS_SIM_ABI32 3) _MIPS_SIM == _MIPS_SIM_NABI32 Of course, none of these make sense on a non-MIPS toolchain and the following build problem occurs when building on a non-MIPS host. linux/usr/include/linux/kexec.h:50: userspace cannot reference function or variable defined in the kernel samples/seccomp/bpf-direct.c: In function `emulator': samples/seccomp/bpf-direct.c:76:17: error: `__NR_write' undeclared (first use in this function) Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com> Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
The Makefile is designed to use the host toolchain so it may be unsafe
to build the tests if the kernel has been configured and built for
another architecture.  This fixes a build problem when the kernel has
been configured and built for the MIPS architecture but the host is not
MIPS (cross-compiled).  The MIPS syscalls are only defined if one of the
following is true:

 1) _MIPS_SIM == _MIPS_SIM_ABI64
 2) _MIPS_SIM == _MIPS_SIM_ABI32
 3) _MIPS_SIM == _MIPS_SIM_NABI32

Of course, none of these make sense on a non-MIPS toolchain and the
following build problem occurs when building on a non-MIPS host.

  linux/usr/include/linux/kexec.h:50: userspace cannot reference function or variable defined in the kernel
  samples/seccomp/bpf-direct.c: In function `emulator':
  samples/seccomp/bpf-direct.c:76:17: error: `__NR_write' undeclared (first use in this function)

Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
samples/seccomp: be less stupid about cross compiling 2013-02-05T09:38:49+00:00 Arnd Bergmann arnd@arndb.de 2013-02-04T22:28:52+00:00 275aaa68334c45f616c6576f20201e9890c5da18 The seccomp filters are currently built for the build host, not for the machine that they are going to run on, but they are also built for with the -m32 flag if the kernel is built for a 32 bit machine, both of which seems rather odd. It broke allyesconfig on my machine, which is x86-64, but building for 32 bit ARM, with this error message: In file included from /usr/include/stdio.h:28:0, from samples/seccomp/bpf-fancy.c:15: /usr/include/features.h:324:26: fatal error: bits/predefs.h: No such file or directory because there are no 32 bit libc headers installed on this machine. We should really be building all the samples for the target machine rather than the build host, but since the infrastructure for that appears to be missing right now, let's be a little bit smarter and not pass the '-m32' flag to the HOSTCC when cross- compiling. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Kees Cook <keescook@chromium.org> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: James Morris <james.l.morris@oracle.com> Acked-by: Will Drewry <wad@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
The seccomp filters are currently built for the build host, not for the
machine that they are going to run on, but they are also built for with
the -m32 flag if the kernel is built for a 32 bit machine, both of which
seems rather odd.

It broke allyesconfig on my machine, which is x86-64, but building for
32 bit ARM, with this error message:

  In file included from /usr/include/stdio.h:28:0,
                   from samples/seccomp/bpf-fancy.c:15:
  /usr/include/features.h:324:26: fatal error: bits/predefs.h: No such file or directory

because there are no 32 bit libc headers installed on this machine.  We
should really be building all the samples for the target machine rather
than the build host, but since the infrastructure for that appears to be
missing right now, let's be a little bit smarter and not pass the '-m32'
flag to the HOSTCC when cross- compiling.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: James Morris <james.l.morris@oracle.com>
Acked-by: Will Drewry <wad@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
samples/seccomp: fix 31 bit build on s390 2012-09-12T02:55:31+00:00 Heiko Carstens heiko.carstens@de.ibm.com 2012-09-08T08:23:42+00:00 b25b09ecf98bf6a32f3732281c2db13be6aeb14c On s390 the flag to force 31 builds is -m31 instead of -m32 unlike on all (?) other architectures. Fixes this compile error: HOSTCC samples/seccomp/bpf-direct.o cc1: error: unrecognized command line option "-m32" make[2]: *** [samples/seccomp/bpf-direct.o] Error 1 Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com> 
On s390 the flag to force 31 builds is -m31 instead of -m32 unlike
on all (?) other architectures.

Fixes this compile error:

  HOSTCC  samples/seccomp/bpf-direct.o
cc1: error: unrecognized command line option "-m32"
make[2]: *** [samples/seccomp/bpf-direct.o] Error 1

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
samples/seccomp: fix endianness bug in LO_ARG define 2012-08-03T04:27:40+00:00 Heiko Carstens heiko.carstens@de.ibm.com 2012-07-31T14:15:36+00:00 de4bb3b9c788ea5504dfe094e34d831e8395075d The LO_ARG define needs to consider endianness also for 32 bit builds. The "bpf_fancy" test case didn't work on s390 in 32 bit and compat mode because the LO_ARG define resulted in a BPF program which read the upper halve of the 64 bit system call arguments instead of the lower halves. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com> 
The LO_ARG define needs to consider endianness also for 32 bit builds.

The "bpf_fancy" test case didn't work on s390 in 32 bit and compat mode
because the LO_ARG define resulted in a BPF program which read the upper
halve of the 64 bit system call arguments instead of the lower halves.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>