n from adding _text) but also, that does help keep it clear. :)
Acked-by: Kees Cook
-Kees
> ---
> drivers/misc/lkdtm/perms.c | 37 -
> 1 file changed, 28 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/misc/lkdtm/perms.c b/drivers/
reaks after
> patch 10 with CONFIG_LKDTM=m.
Oh good catch!
(There have been a few cases of LKDTM=m being the only thing needed a
symbol, so I've pondered giving it a namespace or constructing a little
ifdef wrapper... but this seems ok to export...)
--
Kees Cook
gt; + return (func_desc_t){addr};
There's only 1 element in the struct, so okay, but it hurt my eyes a
little. I would have been happier with:
return (func_desc_t){ .addr = addr; };
But of course that also looks bonkers because it starts with "return".
So no matter what I do m
gt;
> Signed-off-by: Christophe Leroy
I like the name. :)
Reviewed-by: Kees Cook
--
Kees Cook
nfo.
An additional note is that x86 is built with "-2G addressing"
(-mcmodel=kernel). There was some work done to make it actually
PIE, which would allow the KASLR base to move further:
https://github.com/KSPP/linux/issues/38
-Kees
--
Kees Cook
ss_vm(current, (unsigned long)dst, do_nothing,
> > > + copied = access_process_vm(current, (unsigned long)dst,
> > > do_nothing_text,
> > > EXEC_SIZE, FOLL_WRITE);
> > > if (copied < EXEC_SIZE)
> > > return;
> > > - pr_info("attempting bad execution at %px\n", func);
> > > + pr_info("attempting bad execution at %px\n", dst);
> > > + func = setup_function_descriptor(, dst);
> > > func();
> > > pr_err("FAIL: func returned\n");
> > > }
> > > @@ -153,7 +171,8 @@ void lkdtm_EXEC_VMALLOC(void)
> > > void lkdtm_EXEC_RODATA(void)
> > > {
> > > - execute_location(lkdtm_rodata_do_nothing, CODE_AS_IS);
> > > +
> > > execute_location(dereference_function_descriptor(lkdtm_rodata_do_nothing),
> > >
> > > + CODE_AS_IS);
> > > }
> > > void lkdtm_EXEC_USERSPACE(void)
> > >
--
Kees Cook
gs in get_wchan()").
> The solution could be applied to powerpc architecture too.
>
> As Andrey Ryabinin said, get_wchan() is racy by design, it may
> access volatile stack of running task, thus it may access
> redzone in a stack frame and cause KASAN to warn about this
On Wed, Nov 24, 2021 at 11:08:25AM +1100, Michael Ellerman wrote:
> Kees Cook writes:
> > On Mon, Nov 22, 2021 at 04:43:36PM +1100, Michael Ellerman wrote:
> >> LEROY Christophe writes:
> >> > Le 18/11/2021 à 21:36, Kees Cook a écrit :
> >> >> In prep
On Mon, Nov 22, 2021 at 04:43:36PM +1100, Michael Ellerman wrote:
> LEROY Christophe writes:
> > Le 18/11/2021 à 21:36, Kees Cook a écrit :
> >> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> >> field bounds checking for memset(), avoid i
cross-member memcpy() calls (which is usually undesirable) or
add a struct group so it can be seen as a "single member" memcpy again
(and usually results in 0 differences in binary output). :)
--
Kees Cook
On Fri, Nov 19, 2021 at 08:46:27AM +, LEROY Christophe wrote:
>
>
> Le 18/11/2021 à 21:36, Kees Cook a écrit :
> > In preparation for FORTIFY_SOURCE performing compile-time and run-time
> > field bounds checking for memset(), avoid intentionally writing across
&
Werror=attribute-warning]
195 |__write_overflow_field();
|^~~~
Reported-by: kernel test robot
Signed-off-by: Kees Cook
---
arch/powerpc/include/asm/processor.h | 6 --
arch/powerpc/kernel/signal_32.c | 14 +-
2 files changed, 13 inse
org/r/20211006181544.1670992-1-keesc...@chromium.org
Ah, I found it:
http://kisskb.ellerman.id.au/kisskb/buildresult/14660585/log/
it's actually:
inlined from 'kasan_memcmp' at /kisskb/src/lib/test_kasan.c:897:2:
and
inlined from 'kasan_memchr' at /kisskb/src/lib/test_kasan.c:872:2:
I can send a patch doing the same as what [1] does for these cases too.
--
Kees Cook
see if I can reproduce this. Is this with
W=1?
-Kees
[2]
https://www.ozlabs.org/~akpm/mmotm/broken-out/kasan-test-consolidate-workarounds-for-unwanted-__alloc_size-protection.patch
--
Kees Cook
git
> Fixes: 756f1ae8a44e ("PPC32: Rework signal code and add a swapcontext system
> call.")
> Fixes: 04879b04bf50 ("[PATCH] ppc64: VMX (Altivec) support & signal32 rework,
> from Ben Herrenschmidt")
> Signed-off-by: "Eric W. Biederman"
This looks right to me.
Reviewed-by: Kees Cook
--
Kees Cook
t;" : "=m"(func));
Since this is a descriptor, I assume no icache flush is needed. Are
function descriptors strictly dcache? (Is anything besides just a
barrier needed?)
> + func();
> +}
> +
> void lkdtm_EXEC_DATA(void)
> {
> execute_location(data_area, CODE_WRITE);
> --
> 2.31.1
>
--
Kees Cook
;attempting bad execution at %px\n",
> + dereference_function_descriptor(lkdtm_rodata_do_nothing));
> + lkdtm_rodata_do_nothing();
> + pr_err("FAIL: func returned\n");
> }
>
> void lkdtm_EXEC_USERSPACE(void)
> --
> 2.31.1
>
--
Kees Cook
c/sections.h
> +++ b/include/asm-generic/sections.h
> @@ -70,6 +70,11 @@ typedef struct {
> } func_desc_t;
> #endif
>
> +static inline bool have_function_descriptors(void)
> +{
> + return __is_defined(HAVE_FUNCTION_DESCRIPTORS);
> +}
> +
> /* random extra sections (if any). Override
> * in asm/sections.h */
> #ifndef arch_is_kernel_text
This hunk seems like it should live in a separate patch.
--
Kees Cook
uild"), we can use the "subdir- += boot" trick for
> all architectures. This can take advantage of the parallel option (-j)
> for "make clean".
>
> I also cleaned up the comments. The "archdep" target does not exist.
>
> Signed-off-by: Masahiro Yamada
I like the clean-up!
Reviewed-by: Kees Cook
--
Kees Cook
On Wed, Oct 13, 2021 at 09:23:56AM +0200, Christophe Leroy wrote:
>
>
> Le 13/10/2021 à 09:01, Kees Cook a écrit :
> > On Mon, Oct 11, 2021 at 05:25:32PM +0200, Christophe Leroy wrote:
> > > We have three architectures using function descriptors, each with its
> >
;
if (IS_ERR(func))
return;
pr_info("attempting bad execution at %px\n", dst);
func();
pr_err("FAIL: func returned\n");
}
What are the conditions for which dereference_symbol_descriptor works
but dereference _function_descriptor doesn't?
--
Kees Cook
t);
> do_nothing();
>
> - copied = access_process_vm(current, (unsigned long)dst, do_nothing,
> + copied = access_process_vm(current, (unsigned long)dst, do_nothing_text,
> EXEC_SIZE, FOLL_WRITE);
> if (copied < EXEC_SIZE)
> return;
> - pr_info("attempting bad execution at %px\n", func);
> + func = setup_function_descriptor(, dst);
> + if (IS_ERR(func))
> + return;
> +
> + pr_info("attempting bad execution at %px\n", dst);
Same here.
> func();
> pr_err("FAIL: func returned\n");
> }
> --
> 2.31.1
>
--
Kees Cook
r(lkdtm_rodata_do_nothing));
> + lkdtm_rodata_do_nothing();
> + pr_err("FAIL: func returned\n");
> }
>
> void lkdtm_EXEC_USERSPACE(void)
> --
> 2.31.1
>
--
Kees Cook
ng);
> + ptr = dereference_symbol_descriptor(do_overwritten);
But otherwise, yup, I expect there will be a bunch of things like this
to clean up in LKDTM. :| Sorry about that!
Acked-by: Kees Cook
>
> pr_info("attempting bad %zu byte write at %px\n", size, ptr);
> memcpy((void *)ptr, (unsigned char *)do_nothing, size);
> --
> 2.31.1
>
--
Kees Cook
s.
>
> Signed-off-by: Christophe Leroy
Acked-by: Kees Cook
--
Kees Cook
ons.h | 18 ++
> 5 files changed, 18 insertions(+), 72 deletions(-)
A diffstat to love. :)
Reviewed-by: Kees Cook
>
> diff --git a/arch/ia64/include/asm/sections.h
> b/arch/ia64/include/asm/sections.h
> index 929b5c535620..d9addaea8339 100644
> --- a/arch/
descriptors,
nit: funct_descr_t reads weird to me. why not func_desc_t ? Either way:
Reviewed-by: Kees Cook
> to avoid a forest of #ifdefs.
>
> Signed-off-by: Christophe Leroy
> ---
> arch/ia64/include/asm/sections.h| 1 +
> arch/parisc/include/asm/sections.h | 1 +
>
empty #if/#else in the commit log, as I,
like Helge, mentally tripped over it in the review. :)
Reviewed-by: Kees Cook
--
Kees Cook
> ia64 has 'ip'
> parisc has 'addr'
>
> Vote for 'addr' and update 'struct fdesc' accordingly.
>
> Signed-off-by: Christophe Leroy
Reviewed-by: Kees Cook
--
Kees Cook
> ia64 has 'ip'
> parisc has 'addr'
>
> Vote for 'addr' and update 'struct ppc64_opd_entry' accordingly.
>
> Signed-off-by: Christophe Leroy
Reasonable. :)
Reviewed-by: Kees Cook
--
Kees Cook
tures.
>
> Fixes: 2d291e902791 ("Fix compile failure with non modular builds")
> Signed-off-by: Christophe Leroy
I'd agree with Arnd: this is a reasonable cleanup and nothing should be
using it.
Reviewed-by: Kees Cook
--
Kees Cook
your
patches? I would appreciate that since b4 yells at me when patches aren't
signed. :)
-Kees
[1] https://github.com/mricon/patatt
--
Kees Cook
t; >
> > Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
>
> Thanks for the patch; sorry I broke this.
> Reviewed-by: Nick Desaulniers
Hah! Whoops; sorry I don't have an inverted version of this test! I
should have caught this when it broke. :|
-Kees
--
Kees Cook
sted it at all, if you
> >> > can point me at a
> >> > git tree with the dependencies I'd be happy to run some tests over it.
> >>
> >> Actually I realised I can just drop the last patch.
> >>
> >> So that looks fine, passes my standard quic
sted it at all, if you
> >> > can point me at a
> >> > git tree with the dependencies I'd be happy to run some tests over it.
> >>
> >> Actually I realised I can just drop the last patch.
> >>
> >> So that looks fine, passes my standard quic
/github.com/KSPP/linux/issues/153
> Signed-off-by: Stephen Kitt
> Suggested-by: Kees Cook
Thanks for doing this!
Acked-by: Kees Cook
--
Kees Cook
s what is being wiped.
Cc: Tyrel Datwyler
Cc: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: "James E.J. Bottomley"
Cc: "Martin K. Petersen"
Cc: linux-s...@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Kees Cook
Acked-by: Marti
.
Cc: Benjamin Herrenschmidt
Cc: Qinglang Miao
Cc: "Gustavo A. R. Silva"
Cc: Hulk Robot
Cc: Wang Wensheng
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Kees Cook
Reviewed-by: Michael Ellerman
Link: https://lore.kernel.org/lkml/87czqsnmw9@mpe.ellerman.id.au
---
drivers/macin
On Fri, Aug 20, 2021 at 05:49:35PM +1000, Michael Ellerman wrote:
> Kees Cook writes:
> > In preparation for FORTIFY_SOURCE performing compile-time and run-time
> > field bounds checking for memset(), avoid intentionally writing across
> > neighboring fields.
>
On Wed, Aug 18, 2021 at 08:42:18AM +0200, Christophe Leroy wrote:
>
>
> Le 18/08/2021 à 08:05, Kees Cook a écrit :
> > In preparation for FORTIFY_SOURCE performing compile-time and run-time
> > field bounds checking for memset(), avoid intentionally writing across
&
e use struct_group()?
>> [-Werror=attribute-warning]
195 |__write_overflow_field();
|^~~~
Cc: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Christophe Leroy
Cc: Sudeep Holla
Cc: linuxppc-dev@lists.ozlabs.org
Reported-by: kernel test ro
.
Cc: Benjamin Herrenschmidt
Cc: Qinglang Miao
Cc: "Gustavo A. R. Silva"
Cc: Hulk Robot
Cc: Wang Wensheng
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Kees Cook
Reviewed-by: Michael Ellerman
Link: https://lore.kernel.org/lkml/87czqsnmw9@mpe.ellerman.id.au
---
drivers/macin
s what is being wiped.
Cc: Tyrel Datwyler
Cc: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: "James E.J. Bottomley"
Cc: "Martin K. Petersen"
Cc: linux-s...@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Kees Cook
Acked-by: Marti
it gets exposed to malicious discovery, so probably
not.
I suspect the best is to just do the BUILTIN check, since building LKDTM
as a module on a _production_ kernel is rare if it exists at all. The
only downside is needing to completely reboot to perform updated tests,
but then, I frequently find myself breaking the kernel badly on bad
tests, so I have to reboot anyway. ;)
-Kees
--
Kees Cook
: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: "David S. Miller"
Cc: Jakub Kicinski
Cc: net...@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Kees Cook
---
drivers/net/ethernet/ibm/ibmvnic.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/d
On Thu, Jun 17, 2021 at 04:08:15PM +1000, Michael Ellerman wrote:
> Kees Cook writes:
> > Fix typo in memcpy() where size should be CTR_RFC3686_NONCE_SIZE.
> >
> > Fixes: 030f4e968741 ("crypto: nx - Fix reentrancy bugs")
> > Cc: sta...@vger.kernel.org
>
Fix typo in memcpy() where size should be CTR_RFC3686_NONCE_SIZE.
Fixes: 030f4e968741 ("crypto: nx - Fix reentrancy bugs")
Cc: sta...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/crypto/nx/nx-aes-ctr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers
b folder to use new header.
> Though for time being include new header back to kernel.h to avoid twisted
> indirected includes for existing users.
>
> Signed-off-by: Andy Shevchenko
I like it! Do you have a multi-arch CI to do allmodconfig builds to
double-check this?
Acked-by: Kees Cook
-Kees
--
Kees Cook
ers/hv/vmbus_drv.c | 7 +--
> drivers/mtd/mtdoops.c | 8 +--
> fs/pstore/platform.c | 8 +--
Reviewed-by: Kees Cook # pstore
-Kees
> include/linux/kmsg_dump.h | 38 ---
> kernel/debug/kdb/kd
ernel/vmlinux.lds.S
> index 3b4c26e94328..0318ba436f34 100644
> --- a/arch/powerpc/kernel/vmlinux.lds.S
> +++ b/arch/powerpc/kernel/vmlinux.lds.S
> @@ -296,6 +296,10 @@ SECTIONS
> #else
> .data : AT(ADDR(.data) - LOAD_OFFSET) {
> DATA_DATA
> +#ifdef CONFIG_UBSAN
&
On Wed, Dec 02, 2020 at 11:37:38AM +0900, Masahiro Yamada wrote:
> On Wed, Dec 2, 2020 at 5:56 AM Kees Cook wrote:
> >
> > On Tue, Dec 01, 2020 at 10:31:37PM +0900, Masahiro Yamada wrote:
> > > On Wed, Nov 25, 2020 at 7:22 AM Kees Cook wrote:
> > > >
> &
On Tue, Dec 01, 2020 at 10:31:37PM +0900, Masahiro Yamada wrote:
> On Wed, Nov 25, 2020 at 7:22 AM Kees Cook wrote:
> >
> > On Thu, Nov 19, 2020 at 01:13:27PM -0800, Nick Desaulniers wrote:
> > > On Thu, Nov 19, 2020 at 12:57 PM Nathan Chancellor
> > > wrote:
&g
t; Reported-by: Arvind Sankar
> > Reported-by: kernelci.org bot
> > Reported-by: Mark Brown
> > Reviewed-by: Kees Cook
> > Signed-off-by: Nathan Chancellor
>
> Thanks for the additions in v2.
> Reviewed-by: Nick Desaulniers
I'm going to carry this for a few days in -next, and if no one screams,
ask Linus to pull it for v5.10-rc6.
Thanks!
--
Kees Cook
upported architectures the same, introduce
> CONFIG_ARCH_WANT_LD_ORPHAN_WARN, which an architecture can select to
> gain this automatically after all of the sections are specified and size
> asserted. A special thanks to Kees Cook for the help text on this
> config.
>
> Link:
upported architectures the same, introduce
> CONFIG_ARCH_WANT_LD_ORPHAN_WARN, which an architecture can select to
> gain this automatically after all of the sections are specified and size
> asserted. A special thanks to Kees Cook for the help text on this
> config.
>
> Link: https
>= 11
depends on $(ld-option,--orphan-handling=warn)
Otherwise, yeah, looks good to me. With this and the other suggestions,
please consider it:
Reviewed-by: Kees Cook
--
Kees Cook
8] xtensa: Enable seccomp architecture tracking
https://git.kernel.org/kees/c/4f408bc643aa
[8/8] seccomp/cache: Report cache data through /proc/pid/seccomp_cache
https://git.kernel.org/kees/c/49a6968cc78f
--
Kees Cook
/asm/seccomp.h
> create mode 100644 arch/parisc/include/asm/seccomp.h
> create mode 100644 arch/xtensa/include/asm/seccomp.h
>
>
> base-commit: 38c37e8fd3d2590c4234d8cfbc22158362f0eb04
> --
> 2.29.2
--
Kees Cook
LEAK_ERASING OK: the rest of the thread stack is properly erased
> CFI_FORWARD_PROTO
> +PPC_SLB_MULTIHIT Recovered
Please squash this into the lkdtm patch -- I'd like test implementation
and kselftest awareness to go in together.
--
Kees Cook
le();
> +}
What does this do?
> +
> +void lkdtm_PPC_SLB_MULTIHIT(void)
> +{
> + if (mmu_has_feature(MMU_FTR_HPTE_TABLE)) {
> + inject_vmalloc_slb_multihit();
> + inject_kmalloc_slb_multihit();
> + insert_dup_slb_entry_0();
> + }
> + pr_info("Recovered from SLB multihit. (Ignore this message on non HPTE
> machines)");
Is this bad? If so, I'd expect pr_err("FAIL: ...") Can HPTE machines be
detected so that an XFAIL can be emitted instead?
Since there are three (two?) distinct regions being tested, should these
be separate tests? Right now there is no way to separate a vmalloc
failure from a kmalloc failure, and no way to fail the first without
hiding the result from the latter (or maybe the machine cannot survive
this test? ... which should also be a comment.)
And finally, assuming a successful test (or testing from a separate
thread later), so there any state that needs to be restored (or cleaned
up before doing the "insert" calls)?
Thanks!
--
Kees Cook
/20200911181012.171027-1-casca...@canonical.com/
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 40 +--
1 file changed, 27 insertions(+), 13 deletions(-)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing/selftests/seccomp
As the UAPI headers start to appear in distros, we need to avoid outdated
versions of struct clone_args to be able to test modern features;
rename to "struct __clone_args". Additionally update the struct size
macro names to match UAPI names.
Signed-off-by: Kees Cook
---
tools/testing
syscall number/return handling for powerpc. Additionally
fixes clone3 (which seccomp depends on for testing) to run under MIPS
where an old struct clone_args has become visible.
(FWIW, I expect to take these via the seccomp tree.)
Thanks,
Kees Cook (4):
selftests/seccomp: Record syscall during ptrace
In preparation for setting syscall nr and ret values separately, refactor
the helpers to take a pointer to a value, so that a NULL can indicate
"do not change this respective value". This is done to keep the regset
read/write happening once and in one code path.
Signed-off-by:
/20200911181012.171027-1-casca...@canonical.com/
Fixes: 58d0a862f573 ("seccomp: add tests for ptrace hole")
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 25 ---
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/seccomp/sec
On Tue, Sep 15, 2020 at 06:25:28PM +0200, Christian Brauner wrote:
> On Sat, Sep 12, 2020 at 04:08:19AM -0700, Kees Cook wrote:
> > As the UAPI headers start to appear in distros, we need to avoid
> > outdated versions of struct clone_args to be able to test modern
> > featur
On Tue, Sep 15, 2020 at 05:55:46PM +0200, Christian Brauner wrote:
> On Sat, Sep 12, 2020 at 04:08:08AM -0700, Kees Cook wrote:
> > Remove the mips special-case in change_syscall().
> >
> > Signed-off-by: Kees Cook
> > ---
> > tools/testing/sel
On Sun, Sep 13, 2020 at 10:34:23PM +1000, Michael Ellerman wrote:
> Thadeu Lima de Souza Cascardo writes:
> > On Tue, Sep 08, 2020 at 04:18:17PM -0700, Kees Cook wrote:
> >> On Tue, Jun 30, 2020 at 01:47:39PM -0300, Thadeu Lima de Souza Cascardo
> >> wrote:
> .
On Mon, Sep 14, 2020 at 10:15:18PM +1000, Michael Ellerman wrote:
> Kees Cook writes:
> > Hi,
> >
> > This refactors the seccomp selftest macros used in change_syscall(),
> > in an effort to remove special cases for mips, arm, arm64, and xtensa,
> > whic
On Mon, Sep 14, 2020 at 03:47:13PM +1000, Michael Ellerman wrote:
> Kees Cook writes:
> > Some archs (like ppc) only support changing the return code during
> > syscall exit when ptrace is used. As the syscall number might not
> > be available anymore during syscall exit,
The __NR_mknod syscall doesn't exist on arm64 (only __NR_mknodat).
Switch to the modern syscall.
Fixes: ad5682184a81 ("selftests/seccomp: Check for EPOLLHUP for user_notif")
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 2 +-
1 file changed, 1 inser
As the UAPI headers start to appear in distros, we need to avoid
outdated versions of struct clone_args to be able to test modern
features. Additionally pull in the syscall numbers correctly.
Signed-off-by: Kees Cook
---
I needed to fix this to get MIPS to build the seccomp selftests
an associated SYSCALL_RET() macro. This also paves the way for
architectures that need to do special things to set the return value
(e.g. powerpc).
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 33 +--
1 file changed, 23 insertions(+), 10 deletions
Suggested-by: Thadeu Lima de Souza Cascardo
Link:
https://lore.kernel.org/linux-kselftest/20200911181012.171027-1-casca...@canonical.com/
Fixes: 58d0a862f573 ("seccomp: add tests for ptrace hole")
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_
...@canonical.com/
Fixes: 5d83c2b37d43 ("selftests/seccomp: Add powerpc support")
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing
When none of the registers have changed, don't flush them back. This can
happen if the architecture uses a non-register way to change the syscall
(e.g. arm64) , and a return value hasn't been written.
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 6 --
1 file
Consolidate the REGSET logic into the new ARCH_GETREG() and
ARCH_SETREG() macros, avoiding more #ifdef code in function bodies.
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 42 +++
1 file changed, 15 insertions(+), 27 deletions(-)
diff --git
Instead of special-casing the get/set-registers routines, move the
HAVE_GETREG logic into the new ARCH_GETREG() and ARCH_SETREG() macros.
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 27 ++-
1 file changed, 15 insertions(+), 12 deletions(-)
diff
With all architectures now using the common SYSCALL_NUM_SET() macro, the
arch-specific #ifdef can be removed from change_syscall() itself.
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 16 +++-
1 file changed, 3 insertions(+), 13 deletions(-)
diff
Instead of having the mips O32 macro special-cased, pull the logic into
the SYSCALL_NUM() macro. Additionally include the ABI headers, since
these appear to have been missing, leaving __NR_O32_Linux undefined.
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 18
Remove the arm64 special-case in change_syscall().
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 27 +--
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing/selftests
Remove the arm special-case in change_syscall().
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 16 ++--
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing/selftests/seccomp
In order to avoid "#ifdef"s in the main function bodies, create a new
macro, SYSCALL_NUM_SET(), where arch-specific logic can live.
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 15 +--
1 file changed, 13 insertions(+), 2 deletions(-)
, and i386 selftests shortly,
but I currently don't have an easy way to check xtensa, mips, nor
powerpc. Any help there would be appreciated!
(FWIW, I expect to take these via the seccomp tree.)
Thanks,
-Kees
Kees Cook (15):
selftests/seccomp: Refactor arch register macros to avoid xtensa
To avoid an xtensa special-case, refactor all arch register macros to
take the register variable instead of depending on the macro expanding
as a struct member name.
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 97 +--
1 file changed, 47
Remove the mips special-case in change_syscall().
Signed-off-by: Kees Cook
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing/selftests/seccomp
gt; - nr = get_syscall(_metadata, tracee);
> + if (entry)
> + nr = get_syscall(_metadata, tracee);
> + else if (variant)
> + nr = variant->syscall_nr;
> + if (variant)
> + variant->syscall_nr = nr;
So, to be clear this is _only_ an issue for the ptrace side of things,
yes? i.e. seccomp's setting of the return value will correct stick?
--
Kees Cook
lude/asm/module.lds.h,
> which is included from scripts/module.lds.S.
>
> scripts/module.lds is fine because 'make clean' keeps all the build
> artifacts under scripts/.
>
> You can add arch-specific sections in .
>
> Signed-off-by: Masahiro Yamada
Reviewed-by: Kees Cook
--
Kees Cook
so being set.
>
> This has been tested on powerpc and amd64.
>
> Cc: Michael Ellerman
> Cc: Kees Cook
> Signed-off-by: Thadeu Lima de Souza Cascardo
Yikes, I missed this from a while ago. I apologize for responding so
late!
This appears still unfixed; is that corre
namic
> - .got: { *(.got) } :text
> .plt: { *(.plt) }
>
> _end = .;
> @@ -108,7 +107,9 @@ SECTIONS
> .debug_varnames 0 : { *(.debug_varnames) }
>
> /DISCARD/ : {
> + *(.got)
> *(.note.GNU-stack)
> + *(.branch_lt)
> *(.data .data.* .gnu.linkonce.d.* .sdata*)
> *(.bss .sbss .dynbss .dynsbss)
> *(.glink .iplt .plt .rela*)
> --
> 2.28.0.402.g5ffc5be6b7-goog
>
--
Kees Cook
t; So don't make the code uglier just to maintain a fiction that
> > something is tested when it isn't really.
>
> Sure fine with me unless Kees screams.
To clarify: if any of x86, arm64, arm, powerpc, riscv, and s390 are
using set_fs(), I want to keep this test. "ugly" is fine in lkdtm. :)
--
Kees Cook
t; So don't make the code uglier just to maintain a fiction that
> > something is tested when it isn't really.
>
> Sure fine with me unless Kees screams.
If we don't have set_fs, we don't need the tests. :)
--
Kees Cook
On Tue, Aug 18, 2020 at 10:00:16PM +0200, Christoph Hellwig wrote:
> On Tue, Aug 18, 2020 at 12:59:05PM -0700, Kees Cook wrote:
> > > I didn't see a problem bisecting, do you have something particular in
> > > mind?
> >
> > Oh, I misunderstood this patch to be a
On Tue, Aug 18, 2020 at 09:55:39PM +0200, Christoph Hellwig wrote:
> On Tue, Aug 18, 2020 at 12:44:49PM -0700, Kees Cook wrote:
> > On Mon, Aug 17, 2020 at 09:32:09AM +0200, Christoph Hellwig wrote:
> > > For 64-bit the only hing missing was a strategic _AC, and for 32-bit we
&g
On Tue, Aug 18, 2020 at 09:54:46PM +0200, Christoph Hellwig wrote:
> On Tue, Aug 18, 2020 at 12:39:34PM -0700, Kees Cook wrote:
> > On Mon, Aug 17, 2020 at 09:32:04AM +0200, Christoph Hellwig wrote:
> > > default_file_splice_write is the last piece of generic code that uses
&g
alternative is introduced, which just like the one in
> entry_64.S has to use the hardcoded virtual address bits to escape
> the fact that TASK_SIZE_MAX isn't actually a constant when 5-level
> page tables are enabled.
>
> Signed-off-by: Christoph Hellwig
Awesome. :)
Reviewed-by: Kees Cook
--
Kees Cook
((1UL << __VIRTUAL_MASK_SHIFT) - PAGE_SIZE)
> +#define TASK_SIZE_MAX((_AC(1,UL) << __VIRTUAL_MASK_SHIFT) -
> PAGE_SIZE)
>
> #define DEFAULT_MAP_WINDOW ((1UL << 47) - PAGE_SIZE)
>
> --
> 2.28.0
>
--
Kees Cook
On Mon, Aug 17, 2020 at 09:32:06AM +0200, Christoph Hellwig wrote:
> We can't run the tests for userspace bitmap parsing if set_fs() doesn't
> exist.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
provided so that architectures can start to opt out of providing set_fs.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
t can be added back
> by switching them to the iter ops and using generic_file_splice_read.
>
> Signed-off-by: Christoph Hellwig
This seems a bit disruptive? I feel like this is going to make fuzzers
really noisy (e.g. trinity likes to splice random stuff out of /sys and
/proc).
Co
101 - 200 of 739 matches
Mail list logo