linux-stable.git/tools/testing/selftests/seccomp, branch linux-4.4.y Linux kernel stable tree seccomp: Add filter flag to opt-out of SSB mitigation 2018-07-25T08:18:27+00:00 Kees Cook keescook@chromium.org 2018-07-14T09:36:57+00:00 c463c0f037f2d83aea54415ed7c61deb0b90333b commit 00a02d0c502a06d15e07b857f8ff921e3e402675 upstream If a seccomp user is not interested in Speculative Store Bypass mitigation by default, it can set the new SECCOMP_FILTER_FLAG_SPEC_ALLOW flag when adding filters. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> Reviewed-by: Matt Helsley (VMware) <matt.helsley@gmail.com> Reviewed-by: Alexey Makhalov <amakhalov@vmware.com> Reviewed-by: Bo Gan <ganb@vmware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 00a02d0c502a06d15e07b857f8ff921e3e402675 upstream

If a seccomp user is not interested in Speculative Store Bypass mitigation
by default, it can set the new SECCOMP_FILTER_FLAG_SPEC_ALLOW flag when
adding filters.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>
Reviewed-by: Matt Helsley (VMware) <matt.helsley@gmail.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
selftest/seccomp: Fix the seccomp(2) signature 2018-07-25T08:18:22+00:00 Mickaël Salaün mic@digikod.net 2018-07-14T09:33:08+00:00 9f62897343da5fbbbd0db7441750ecc4c833a6ef commit 505ce68c6da3432454c62e43c24a22ea5b1d754b upstream Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Kees Cook <keescook@chromium.org> Cc: Shuah Khan <shuahkh@osg.samsung.com> Cc: Will Drewry <wad@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> Reviewed-by: Matt Helsley (VMware) <matt.helsley@gmail.com> Reviewed-by: Alexey Makhalov <amakhalov@vmware.com> Reviewed-by: Bo Gan <ganb@vmware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 505ce68c6da3432454c62e43c24a22ea5b1d754b upstream

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>
Reviewed-by: Matt Helsley (VMware) <matt.helsley@gmail.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC 2018-07-25T08:18:22+00:00 Mickaël Salaün mic@digikod.net 2018-07-14T09:33:00+00:00 b4553a4ec2f64b818193ba85434b1f42c68d5aff commit 6c045d07bb305c527140bdec4cf8ab50f7c980d8 upstream Rename SECCOMP_FLAG_FILTER_TSYNC to SECCOMP_FILTER_FLAG_TSYNC to match the UAPI. Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Kees Cook <keescook@chromium.org> Cc: Shuah Khan <shuahkh@osg.samsung.com> Cc: Will Drewry <wad@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> Reviewed-by: Matt Helsley (VMware) <matt.helsley@gmail.com> Reviewed-by: Alexey Makhalov <amakhalov@vmware.com> Reviewed-by: Bo Gan <ganb@vmware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 6c045d07bb305c527140bdec4cf8ab50f7c980d8 upstream

Rename SECCOMP_FLAG_FILTER_TSYNC to SECCOMP_FILTER_FLAG_TSYNC to match
the UAPI.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>
Reviewed-by: Matt Helsley (VMware) <matt.helsley@gmail.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Bo Gan <ganb@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
selftests/seccomp: Get page size from sysconf 2015-11-18T23:56:53+00:00 Bamvor Jian Zhang bamvor.zhangjian@linaro.org 2015-11-13T03:17:51+00:00 2ce47b44b25d8fb0114ff117813742adbefec8ff The commit fd88d16c58c2 ("selftests/seccomp: Be more precise with syscall arguments.") use PAGE_SIZE directly which lead to build failure on arm64. Replace it with generic interface(sysconf(_SC_PAGESIZE)) to fix this failure. Build and test successful on x86_64 and arm64. Signed-off-by: Bamvor Jian Zhang <bamvor.zhangjian@linaro.org> Acked-by: Kees Cook <keescook@chromium.org> Tested-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> 
The commit fd88d16c58c2 ("selftests/seccomp: Be more precise with
syscall arguments.") use PAGE_SIZE directly which lead to build
failure on arm64.

Replace it with generic interface(sysconf(_SC_PAGESIZE)) to fix this
failure.

Build and test successful on x86_64 and arm64.

Signed-off-by: Bamvor Jian Zhang <bamvor.zhangjian@linaro.org>
Acked-by: Kees Cook <keescook@chromium.org>
Tested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
selftests/seccomp: Be more precise with syscall arguments. 2015-11-02T21:41:02+00:00 Robert Sesek rsesek@google.com 2015-11-02T20:28:49+00:00 fd88d16c58c2ad689a68d6790c789e7d5be3fc5b Certain syscall emulation layers strictly check that the number of arguments match what the syscall handler expects. The KILL_one_arg_one and KILL_one_arg_six tests passed more parameters than expected to various syscalls, causing failures in this emulation mode. Instead, test using syscalls that take the appropriate number of arguments. Signed-off-by: Robert Sesek <rsesek@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> 
Certain syscall emulation layers strictly check that the number of
arguments match what the syscall handler expects. The KILL_one_arg_one and
KILL_one_arg_six tests passed more parameters than expected to various
syscalls, causing failures in this emulation mode. Instead, test using
syscalls that take the appropriate number of arguments.

Signed-off-by: Robert Sesek <rsesek@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
selftests/seccomp: build and pass on arm64 2015-10-16T02:06:27+00:00 Kees Cook keescook@chromium.org 2015-10-06T19:30:25+00:00 256d0afb11d6e878e8c793e4a6e3bbfb81f9aae8 Changing arm64 syscalls is done via a specific register set, more like s390 than like arm (specific ptrace call) and x86 (part of general registers). Since (restarting) poll doesn't exist on arm64, switch to using nanosleep for testing restart_syscall. And since it looks like the syscall ABI is inconsistent on arm-compat, so we must work around it (and document it) in the test. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> 
Changing arm64 syscalls is done via a specific register set, more like s390
than like arm (specific ptrace call) and x86 (part of general registers).
Since (restarting) poll doesn't exist on arm64, switch to using nanosleep
for testing restart_syscall. And since it looks like the syscall ABI is
inconsistent on arm-compat, so we must work around it (and document it) in
the test.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
selftests/seccomp: add support for s390 2015-09-14T22:41:37+00:00 Kees Cook keescook@chromium.org 2015-08-21T18:22:35+00:00 b623c4daadb5a4bfaef62783085b95bd9ba5a77c This adds support for s390 to the seccomp selftests. Some improvements were made to enhance the accuracy of failure reporting, and additional tests were added to validate assumptions about the currently traced syscall. Also adds early asserts for running on older kernels to avoid noise when the seccomp syscall is not implemented. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> 
This adds support for s390 to the seccomp selftests. Some improvements
were made to enhance the accuracy of failure reporting, and additional
tests were added to validate assumptions about the currently traced
syscall. Also adds early asserts for running on older kernels to avoid
noise when the seccomp syscall is not implemented.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
selftests/seccomp: Add powerpc support 2015-07-30T04:35:36+00:00 Michael Ellerman mpe@ellerman.id.au 2015-07-23T10:21:11+00:00 5d83c2b37d435b88452bc88a2a47672346efb2b4 Wire up the syscall number and regs so the tests work on powerpc. With the powerpc kernel support just merged, all tests pass on ppc64, ppc64 (compat), ppc64le, ppc, ppc64e and ppc64e (compat). Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> 
Wire up the syscall number and regs so the tests work on powerpc.

With the powerpc kernel support just merged, all tests pass on ppc64,
ppc64 (compat), ppc64le, ppc, ppc64e and ppc64e (compat).

Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
selftests/seccomp: Make seccomp tests work on big endian 2015-07-30T04:35:36+00:00 Michael Ellerman mpe@ellerman.id.au 2015-07-23T10:21:10+00:00 c385d0db30f3c0bf687a080c38e8088c342116a3 The seccomp_bpf test uses BPF_LD|BPF_W|BPF_ABS to load 32-bit values from seccomp_data->args. On big endian machines this will load the high word of the argument, which is not what the test wants. Borrow a hack from samples/seccomp/bpf-helper.h which changes the offset on big endian to account for this. Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Acked-by: Kees Cook <keescook@chromium.org> 
The seccomp_bpf test uses BPF_LD|BPF_W|BPF_ABS to load 32-bit values
from seccomp_data->args. On big endian machines this will load the high
word of the argument, which is not what the test wants.

Borrow a hack from samples/seccomp/bpf-helper.h which changes the offset
on big endian to account for this.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Acked-by: Kees Cook <keescook@chromium.org>
selftests: add seccomp suite 2015-06-17T23:12:32+00:00 Kees Cook keescook@chromium.org 2015-06-16T17:54:14+00:00 c99ee51a9d9716fe33f5022c763728a565e3bd08 This imports the existing seccomp test suite into the kernel's selftests tree. It contains extensive testing of seccomp features and corner cases. There remain additional tests to move into the kernel tree, but they have not yet been ported to all the architectures seccomp supports: https://github.com/redpig/seccomp/tree/master/tests Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> 
This imports the existing seccomp test suite into the kernel's selftests
tree. It contains extensive testing of seccomp features and corner cases.
There remain additional tests to move into the kernel tree, but they have
not yet been ported to all the architectures seccomp supports:
https://github.com/redpig/seccomp/tree/master/tests

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>