linux-stable.git/tools/testing/selftests/seccomp, branch v5.8.2 Linux kernel stable tree seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID 2020-08-19T06:26:12+00:00 Kees Cook keescook@chromium.org 2020-06-15T22:42:46+00:00 51ef07ca87be36941e869f34896b95e15729b706 [ Upstream commit 47e33c05f9f07cac3de833e531bcac9ae052c7ca ] When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced it had the wrong direction flag set. While this isn't a big deal as nothing currently enforces these bits in the kernel, it should be defined correctly. Fix the define and provide support for the old command until it is no longer needed for backward compatibility. Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 47e33c05f9f07cac3de833e531bcac9ae052c7ca ]

When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced it had the wrong
direction flag set. While this isn't a big deal as nothing currently
enforces these bits in the kernel, it should be defined correctly. Fix
the define and provide support for the old command until it is no longer
needed for backward compatibility.

Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
selftests/seccomp: s390 shares the syscall and return value register 2020-06-16T11:44:04+00:00 Sven Schnelle svens@linux.ibm.com 2020-03-09T15:56:53+00:00 4bae85b620dc1f7aa4d2338b923d9d9b394b58c4 s390 cannot set syscall number and reture code at the same time, so set the appropriate flag to indicate it. Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> 
s390 cannot set syscall number and reture code at the same time,
so set the appropriate flag to indicate it.

Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
selftests/seccomp: allow clock_nanosleep instead of nanosleep 2020-04-14T15:49:51+00:00 Thadeu Lima de Souza Cascardo cascardo@canonical.com 2020-04-08T23:57:53+00:00 d42b8dbec46c08c6bd3f9d264127bd4910581c07 glibc 2.31 calls clock_nanosleep when its nanosleep function is used. So the restart_syscall fails after that. In order to deal with it, we trace clock_nanosleep and nanosleep. Then we check for either. This works just fine on systems with both glibc 2.30 and glibc 2.31, whereas it failed before on a system with glibc 2.31. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 
glibc 2.31 calls clock_nanosleep when its nanosleep function is used. So
the restart_syscall fails after that. In order to deal with it, we trace
clock_nanosleep and nanosleep. Then we check for either.

This works just fine on systems with both glibc 2.30 and glibc 2.31,
whereas it failed before on a system with glibc 2.31.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Merge tag 'spdx-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx 2020-04-03T20:12:26+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-04-03T20:12:26+00:00 ff2ae607c6f329d11a3b0528801ea7474be8c3e9 Pull SPDX updates from Greg KH: "Here are three SPDX patches for 5.7-rc1. One fixes up the SPDX tag for a single driver, while the other two go through the tree and add SPDX tags for all of the .gitignore files as needed. Nothing too complex, but you will get a merge conflict with your current tree, that should be trivial to handle (one file modified by two things, one file deleted.) All three of these have been in linux-next for a while, with no reported issues other than the merge conflict" * tag 'spdx-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx: ASoC: MT6660: make spdxcheck.py happy .gitignore: add SPDX License Identifier .gitignore: remove too obvious comments 
Pull SPDX updates from Greg KH:
 "Here are three SPDX patches for 5.7-rc1.

  One fixes up the SPDX tag for a single driver, while the other two go
  through the tree and add SPDX tags for all of the .gitignore files as
  needed.

  Nothing too complex, but you will get a merge conflict with your
  current tree, that should be trivial to handle (one file modified by
  two things, one file deleted.)

  All three of these have been in linux-next for a while, with no
  reported issues other than the merge conflict"

* tag 'spdx-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx:
  ASoC: MT6660: make spdxcheck.py happy
  .gitignore: add SPDX License Identifier
  .gitignore: remove too obvious comments
Merge tag 'linux-kselftest-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest 2020-04-01T23:09:12+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-04-01T23:09:12+00:00 397a97946798890b9bdaa6122fcfad7147690670 Pull kselftest update from Shuah Khan: "This kselftest update consists of: - resctrl_tests for resctrl file system. resctrl isn't included in the default TARGETS list in kselftest Makefile. It can be run manually. - Kselftest harness improvements. - Kselftest framework and individual test fixes to support runs on Kernel CI rings and other environments that use relocatable build and install features. - Minor cleanups and typo fixes" * tag 'linux-kselftest-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: (25 commits) selftests: enforce local header dependency in lib.mk selftests: Fix memfd to support relocatable build (O=objdir) selftests: Fix seccomp to support relocatable build (O=objdir) selftests/harness: Handle timeouts cleanly selftests/harness: Move test child waiting logic selftests: android: Fix custom install from skipping test progs selftests: android: ion: Fix ionmap_test compile error selftests: Fix kselftest O=objdir build from cluttering top level objdir selftests/seccomp: Adjust test fixture counts selftests/ftrace: Fix typo in trigger-multihist.tc selftests/timens: Remove duplicated include <time.h> selftests/resctrl: fix spelling mistake "Errror" -> "Error" selftests/resctrl: Add the test in MAINTAINERS selftests/resctrl: Disable MBA and MBM tests for AMD selftests/resctrl: Use cache index3 id for AMD schemata masks selftests/resctrl: Add vendor detection mechanism selftests/resctrl: Add Cache Allocation Technology (CAT) selftest selftests/resctrl: Add Cache QoS Monitoring (CQM) selftest selftests/resctrl: Add MBA test selftests/resctrl: Add MBM test ... 
Pull kselftest update from Shuah Khan:
 "This kselftest update consists of:

   - resctrl_tests for resctrl file system. resctrl isn't included in
     the default TARGETS list in kselftest Makefile. It can be run
     manually.

   - Kselftest harness improvements.

   - Kselftest framework and individual test fixes to support runs on
     Kernel CI rings and other environments that use relocatable build
     and install features.

   - Minor cleanups and typo fixes"

* tag 'linux-kselftest-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: (25 commits)
  selftests: enforce local header dependency in lib.mk
  selftests: Fix memfd to support relocatable build (O=objdir)
  selftests: Fix seccomp to support relocatable build (O=objdir)
  selftests/harness: Handle timeouts cleanly
  selftests/harness: Move test child waiting logic
  selftests: android: Fix custom install from skipping test progs
  selftests: android: ion: Fix ionmap_test compile error
  selftests: Fix kselftest O=objdir build from cluttering top level objdir
  selftests/seccomp: Adjust test fixture counts
  selftests/ftrace: Fix typo in trigger-multihist.tc
  selftests/timens: Remove duplicated include <time.h>
  selftests/resctrl: fix spelling mistake "Errror" -> "Error"
  selftests/resctrl: Add the test in MAINTAINERS
  selftests/resctrl: Disable MBA and MBM tests for AMD
  selftests/resctrl: Use cache index3 id for AMD schemata masks
  selftests/resctrl: Add vendor detection mechanism
  selftests/resctrl: Add Cache Allocation Technology (CAT) selftest
  selftests/resctrl: Add Cache QoS Monitoring (CQM) selftest
  selftests/resctrl: Add MBA test
  selftests/resctrl: Add MBM test
  ...
selftests: Fix seccomp to support relocatable build (O=objdir) 2020-03-26T21:28:19+00:00 Shuah Khan skhan@linuxfoundation.org 2020-03-25T23:16:02+00:00 860f0a7792a5abcaae047a114a8b24807ce0880f Fix seccomp relocatable builds. This is a simple fix to use the right lib.mk variable TEST_GEN_PROGS. Local header dependency is addressed in a change to lib.mk as a framework change that enforces the dependency without requiring changes to individual tests. The following use-cases work with this change: In seccomp directory: make all and make clean From top level from main Makefile: make kselftest-install O=objdir ARCH=arm64 HOSTCC=gcc \ CROSS_COMPILE=aarch64-linux-gnu- TARGETS=seccomp Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 
Fix seccomp relocatable builds. This is a simple fix to use the
right lib.mk variable TEST_GEN_PROGS. Local header dependency
is addressed in a change to lib.mk as a framework change that
enforces the dependency without requiring changes to individual
tests.

The following use-cases work with this change:

In seccomp directory:
make all and make clean

From top level from main Makefile:
make kselftest-install O=objdir ARCH=arm64 HOSTCC=gcc \
 CROSS_COMPILE=aarch64-linux-gnu- TARGETS=seccomp

Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
.gitignore: add SPDX License Identifier 2020-03-25T10:50:48+00:00 Masahiro Yamada masahiroy@kernel.org 2020-03-03T13:35:59+00:00 d198b34f3855eee2571dda03eea75a09c7c31480 Add SPDX License Identifier to all .gitignore files. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Add SPDX License Identifier to all .gitignore files.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
selftests/seccomp: Adjust test fixture counts 2020-03-13T19:32:04+00:00 Kees Cook keescook@chromium.org 2020-03-11T19:21:28+00:00 1ae81d78a8b2f6314fb90dc4296202611e710b37 The seccomp selftest reported the wrong test counts since it was using slightly the wrong API for defining text fixtures. Adjust the API usage. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 
The seccomp selftest reported the wrong test counts since it was using
slightly the wrong API for defining text fixtures. Adjust the API usage.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
seccomp: allow TSYNC and USER_NOTIF together 2020-03-04T22:48:54+00:00 Tycho Andersen tycho@tycho.ws 2020-03-04T18:05:17+00:00 51891498f2da78ee64dfad88fa53c9e85fb50abf The restriction introduced in 7a0df7fbc145 ("seccomp: Make NEW_LISTENER and TSYNC flags exclusive") is mostly artificial: there is enough information in a seccomp user notification to tell which thread triggered a notification. The reason it was introduced is because TSYNC makes the syscall return a thread-id on failure, and NEW_LISTENER returns an fd, and there's no way to distinguish between these two cases (well, I suppose the caller could check all fds it has, then do the syscall, and if the return value was an fd that already existed, then it must be a thread id, but bleh). Matthew would like to use these two flags together in the Chrome sandbox which wants to use TSYNC for video drivers and NEW_LISTENER to proxy syscalls. So, let's fix this ugliness by adding another flag, TSYNC_ESRCH, which tells the kernel to just return -ESRCH on a TSYNC error. This way, NEW_LISTENER (and any subsequent seccomp() commands that want to return positive values) don't conflict with each other. Suggested-by: Matthew Denton <mpdenton@google.com> Signed-off-by: Tycho Andersen <tycho@tycho.ws> Link: https://lore.kernel.org/r/20200304180517.23867-1-tycho@tycho.ws Signed-off-by: Kees Cook <keescook@chromium.org> 
The restriction introduced in 7a0df7fbc145 ("seccomp: Make NEW_LISTENER and
TSYNC flags exclusive") is mostly artificial: there is enough information
in a seccomp user notification to tell which thread triggered a
notification. The reason it was introduced is because TSYNC makes the
syscall return a thread-id on failure, and NEW_LISTENER returns an fd, and
there's no way to distinguish between these two cases (well, I suppose the
caller could check all fds it has, then do the syscall, and if the return
value was an fd that already existed, then it must be a thread id, but
bleh).

Matthew would like to use these two flags together in the Chrome sandbox
which wants to use TSYNC for video drivers and NEW_LISTENER to proxy
syscalls.

So, let's fix this ugliness by adding another flag, TSYNC_ESRCH, which
tells the kernel to just return -ESRCH on a TSYNC error. This way,
NEW_LISTENER (and any subsequent seccomp() commands that want to return
positive values) don't conflict with each other.

Suggested-by: Matthew Denton <mpdenton@google.com>
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Link: https://lore.kernel.org/r/20200304180517.23867-1-tycho@tycho.ws
Signed-off-by: Kees Cook <keescook@chromium.org>
selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV 2020-01-02T21:15:45+00:00 Sargun Dhillon sargun@sargun.me 2019-12-30T20:38:11+00:00 e4ab5ccc357b978999328fadae164e098c26fa40 This adds logic to the user_notification_basic test to set a member of struct seccomp_notif to an invalid value to ensure that the kernel returns EINVAL if any of the struct seccomp_notif members are set to invalid values. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Suggested-by: Christian Brauner <christian.brauner@ubuntu.com> Link: https://lore.kernel.org/r/20191230203811.4996-1-sargun@sargun.me Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> 
This adds logic to the user_notification_basic test to set a member
of struct seccomp_notif to an invalid value to ensure that the kernel
returns EINVAL if any of the struct seccomp_notif members are set to
invalid values.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20191230203811.4996-1-sargun@sargun.me
Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>