linux-toradex.git/samples/seccomp, branch v5.12-rc8 Linux kernel for Apalis and Colibri modules kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-09T16:32:59+00:00 Masahiro Yamada masahiroy@kernel.org 2020-08-01T12:27:18+00:00 faabed295cccc2aba2b67f2e7b309f2892d55004 To build host programs, you need to add the program names to 'hostprogs' to use the necessary build rule, but it is not enough to build them because there is no dependency. There are two types of host programs: built as the prerequisite of another (e.g. gen_crc32table in lib/Makefile), or always built when Kbuild visits the Makefile (e.g. genksyms in scripts/genksyms/Makefile). The latter is typical in Makefiles under scripts/, which contains host programs globally used during the kernel build. To build them, you need to add them to both 'hostprogs' and 'always-y'. This commit adds hostprogs-always-y as a shorthand. The same applies to user programs. net/bpfilter/Makefile builds bpfilter_umh on demand, hence always-y is unneeded. In contrast, programs under samples/ are added to both 'userprogs' and 'always-y' so they are always built when Kbuild visits the Makefiles. userprogs-always-y works as a shorthand. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Acked-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com> 
To build host programs, you need to add the program names to 'hostprogs'
to use the necessary build rule, but it is not enough to build them
because there is no dependency.

There are two types of host programs: built as the prerequisite of
another (e.g. gen_crc32table in lib/Makefile), or always built when
Kbuild visits the Makefile (e.g. genksyms in scripts/genksyms/Makefile).

The latter is typical in Makefiles under scripts/, which contains host
programs globally used during the kernel build. To build them, you need
to add them to both 'hostprogs' and 'always-y'.

This commit adds hostprogs-always-y as a shorthand.

The same applies to user programs. net/bpfilter/Makefile builds
bpfilter_umh on demand, hence always-y is unneeded. In contrast,
programs under samples/ are added to both 'userprogs' and 'always-y'
so they are always built when Kbuild visits the Makefiles.

userprogs-always-y works as a shorthand.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
samples: seccomp: build sample programs for target architecture 2020-05-17T09:52:01+00:00 Masahiro Yamada masahiroy@kernel.org 2020-04-29T03:45:16+00:00 f59e76687742fc2d6226e0d6449ae09c5942e9fc These userspace programs include UAPI headers exported to usr/include/. 'make headers' always works for the target architecture (i.e. the same architecture as the kernel), so the sample programs should be built for the target as well. Kbuild now supports 'userprogs' for that. I also guarded the CONFIG option by 'depends on CC_CAN_LINK' because $(CC) may not provide libc. The 'ifndef CROSS_COMPILE' is no longer needed. BTW, the -m31 for s390 is left-over code. Commit 5a79859ae0f3 ("s390: remove 31 bit support") killed it. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Acked-by: Sam Ravnborg <sam@ravnborg.org> 
These userspace programs include UAPI headers exported to usr/include/.
'make headers' always works for the target architecture (i.e. the same
architecture as the kernel), so the sample programs should be built for
the target as well. Kbuild now supports 'userprogs' for that.

I also guarded the CONFIG option by 'depends on CC_CAN_LINK' because
$(CC) may not provide libc.

The 'ifndef CROSS_COMPILE' is no longer needed.

BTW, the -m31 for s390 is left-over code. Commit 5a79859ae0f3 ("s390:
remove 31 bit support") killed it.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
.gitignore: add SPDX License Identifier 2020-03-25T10:50:48+00:00 Masahiro Yamada masahiroy@kernel.org 2020-03-03T13:35:59+00:00 d198b34f3855eee2571dda03eea75a09c7c31480 Add SPDX License Identifier to all .gitignore files. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Add SPDX License Identifier to all .gitignore files.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-03T16:53:07+00:00 Masahiro Yamada masahiroy@kernel.org 2020-02-01T16:49:24+00:00 5f2fb52fac15a8a8e10ce020dd532504a8abfc4e In old days, the "host-progs" syntax was used for specifying host programs. It was renamed to the current "hostprogs-y" in 2004. It is typically useful in scripts/Makefile because it allows Kbuild to selectively compile host programs based on the kernel configuration. This commit renames like follows: always -> always-y hostprogs-y -> hostprogs So, scripts/Makefile will look like this: always-$(CONFIG_BUILD_BIN2C) += ... always-$(CONFIG_KALLSYMS) += ... ... hostprogs := $(always-y) $(always-m) I think this makes more sense because a host program is always a host program, irrespective of the kernel configuration. We want to specify which ones to compile by CONFIG options, so always-y will be handier. The "always", "hostprogs-y", "hostprogs-m" will be kept for backward compatibility for a while. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
In old days, the "host-progs" syntax was used for specifying host
programs. It was renamed to the current "hostprogs-y" in 2004.

It is typically useful in scripts/Makefile because it allows Kbuild to
selectively compile host programs based on the kernel configuration.

This commit renames like follows:

  always       ->  always-y
  hostprogs-y  ->  hostprogs

So, scripts/Makefile will look like this:

  always-$(CONFIG_BUILD_BIN2C) += ...
  always-$(CONFIG_KALLSYMS)    += ...
      ...
  hostprogs := $(always-y) $(always-m)

I think this makes more sense because a host program is always a host
program, irrespective of the kernel configuration. We want to specify
which ones to compile by CONFIG options, so always-y will be handier.

The "always", "hostprogs-y", "hostprogs-m" will be kept for backward
compatibility for a while.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
samples/seccomp: Zero out members based on seccomp_notif_sizes 2020-01-02T21:03:39+00:00 Sargun Dhillon sargun@sargun.me 2019-12-30T20:35:03+00:00 771b894f2f3dfedc2ba5561731fffa0e39b1bbb6 The sizes by which seccomp_notif and seccomp_notif_resp are allocated are based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful extension of these datastructures. If userspace zeroes out the datastructure based on its version, and it is lagging behind the kernel's version, it will end up sending trailing garbage. On the other hand, if it is ahead of the kernel version, it will write extra zero space, and potentially cause corruption. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Suggested-by: Tycho Andersen <tycho@tycho.ws> Link: https://lore.kernel.org/r/20191230203503.4925-1-sargun@sargun.me Fixes: fec7b6690541 ("samples: add an example of seccomp user trap") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> 
The sizes by which seccomp_notif and seccomp_notif_resp are allocated are
based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful
extension of these datastructures. If userspace zeroes out the
datastructure based on its version, and it is lagging behind the kernel's
version, it will end up sending trailing garbage. On the other hand,
if it is ahead of the kernel version, it will write extra zero space,
and potentially cause corruption.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Tycho Andersen <tycho@tycho.ws>
Link: https://lore.kernel.org/r/20191230203503.4925-1-sargun@sargun.me
Fixes: fec7b6690541 ("samples: add an example of seccomp user trap")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
samples: guard sub-directories with CONFIG options 2019-05-18T02:29:01+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2019-05-09T01:00:19+00:00 6944a06d141b9afea38b15da08bd773d90abef0c Do not descend to sub-directories when unneeded. I used subdir-$(CONFIG_...) for hidraw, seccomp, and vfs because they only contain host programs. While we are here, let's add SPDX License tag, and sort the directories alphabetically. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
Do not descend to sub-directories when unneeded.

I used subdir-$(CONFIG_...) for hidraw, seccomp, and vfs because
they only contain host programs.

While we are here, let's add SPDX License tag, and sort the directories
alphabetically.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
samples: seccomp: turn CONFIG_SAMPLE_SECCOMP into a bool option 2019-05-03T14:05:00+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2019-04-27T03:33:39+00:00 7206c1247416f2c62ce38b65994b5e74fefe2e2b The prompt of CONFIG_SAMPLE_SECCOMP claims this is "loadable module only", which is invalid. samples/seccomp/ only contains host programs, so having it tristate is pointless. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
The prompt of CONFIG_SAMPLE_SECCOMP claims this is "loadable module
only", which is invalid.

samples/seccomp/ only contains host programs, so having it tristate
is pointless.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
samples/seccomp: Fix 32-bit build 2019-01-08T06:45:01+00:00 Tycho Andersen tycho@tycho.ws 2019-01-07T23:16:31+00:00 a77d1d196bc63b37d9b4d1b614884669e8e79d32 Both the .o and the actual executable need to be built with -m32 in order to link correctly. Reported-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Tycho Andersen <tycho@tycho.ws> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Borislav Petkov <bp@alien8.de> Cc: James Morris <jmorris@namei.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Fixes: fec7b6690541 ("samples: add an example of seccomp user trap") Link: http://lkml.kernel.org/r/20190107231631.1849-1-tycho@tycho.ws Signed-off-by: Ingo Molnar <mingo@kernel.org> 
Both the .o and the actual executable need to be built with -m32 in order
to link correctly.

Reported-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: James Morris <jmorris@namei.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: fec7b6690541 ("samples: add an example of seccomp user trap")
Link: http://lkml.kernel.org/r/20190107231631.1849-1-tycho@tycho.ws
Signed-off-by: Ingo Molnar <mingo@kernel.org>
samples: add an example of seccomp user trap 2018-12-12T00:32:11+00:00 Tycho Andersen tycho@tycho.ws 2018-12-09T18:24:14+00:00 fec7b6690541b8128663a13c9586b1daf42b0a6c The idea here is just to give a demonstration of how one could safely use the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular policy is (as noted in the comment) not very interesting, but it serves to illustrate how one might apply a policy dodging the various TOCTOU issues. Signed-off-by: Tycho Andersen <tycho@tycho.ws> CC: Kees Cook <keescook@chromium.org> CC: Andy Lutomirski <luto@amacapital.net> CC: Oleg Nesterov <oleg@redhat.com> CC: Eric W. Biederman <ebiederm@xmission.com> CC: "Serge E. Hallyn" <serge@hallyn.com> CC: Christian Brauner <christian@brauner.io> CC: Tyler Hicks <tyhicks@canonical.com> CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> Signed-off-by: Kees Cook <keescook@chromium.org> 
The idea here is just to give a demonstration of how one could safely use
the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular
policy is (as noted in the comment) not very interesting, but it serves to
illustrate how one might apply a policy dodging the various TOCTOU issues.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: Kees Cook <keescook@chromium.org>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
CC: Eric W. Biederman <ebiederm@xmission.com>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: Christian Brauner <christian@brauner.io>
CC: Tyler Hicks <tyhicks@canonical.com>
CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Signed-off-by: Kees Cook <keescook@chromium.org>
kbuild: Rename HOST_LOADLIBES to KBUILD_HOSTLDLIBS 2018-07-17T16:18:05+00:00 Laura Abbott labbott@redhat.com 2018-07-10T00:46:01+00:00 8377bd2b9ee1be35b39b5523f640a2b75ddd7c4e In preparation for enabling command line LDLIBS, re-name HOST_LOADLIBES to KBUILD_HOSTLDLIBS as the internal use only flags. Also rename existing usage to HOSTLDLIBS for consistency. This should not have any visible effects. Signed-off-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
In preparation for enabling command line LDLIBS, re-name HOST_LOADLIBES
to KBUILD_HOSTLDLIBS as the internal use only flags. Also rename
existing usage to HOSTLDLIBS for consistency. This should not have any
visible effects.

Signed-off-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>