Modulo the minor comment below:
Reviewed-by: David Drysdale <drysd...@google.com>
On Thu, Oct 12, 2017 at 1:40 AM, Steve Muckle <smuckle.li...@gmail.com> wrote:
> When creating a pathname close to PATH_MAX to test execveat, factor in
> the current working directory path o
Modulo the minor comment below:
Reviewed-by: David Drysdale
On Thu, Oct 12, 2017 at 1:40 AM, Steve Muckle wrote:
> When creating a pathname close to PATH_MAX to test execveat, factor in
> the current working directory path otherwise we end up with an absolute
> path that is lo
On Fri, May 5, 2017 at 1:30 AM, Al Viro wrote:
> On Mon, May 01, 2017 at 07:36:52PM +0200, Jann Horn wrote:
>
>> Oh, nice!
>>
>> It looks like this is somewhat similar to the old O_BENEATH proposal,
>> but because the intentions behind the proposals are different
>>
On Fri, May 5, 2017 at 1:30 AM, Al Viro wrote:
> On Mon, May 01, 2017 at 07:36:52PM +0200, Jann Horn wrote:
>
>> Oh, nice!
>>
>> It looks like this is somewhat similar to the old O_BENEATH proposal,
>> but because the intentions behind the proposals are different
>> (application sandboxing versus
gt;>> - if (bio)
>>> - return submit_bio_wait(WRITE, bio);
>>> + if (bio) {
>>> + ret = submit_bio_wait(WRITE, bio);
>>> + bio_put(bio);
>>> + return ret;
>>> + }
>>> return 0;
>>> }
>>
>>
>> This patch appears to fix the memory leak on my machine.
>>
>> Tested-by: Catalin Marinas <catalin.mari...@arm.com>
>
>
> The patch appears to work here as well.
>
> Tested-by: Larry fin...@lwfinger.net
>
> Thanks,
>
> Larry
>
Works for me too.
Tested-by: David Drysdale <drysd...@google.com>
t; - return submit_bio_wait(WRITE, bio);
>>> + if (bio) {
>>> + ret = submit_bio_wait(WRITE, bio);
>>> + bio_put(bio);
>>> + return ret;
>>> + }
>>> return 0;
>>> }
>>
>>
>> This patch appears to fix the memory leak on my machine.
>>
>> Tested-by: Catalin Marinas
>
>
> The patch appears to work here as well.
>
> Tested-by: Larry fin...@lwfinger.net
>
> Thanks,
>
> Larry
>
Works for me too.
Tested-by: David Drysdale
On Sat, May 28, 2016 at 5:05 AM, Xiong Zhou wrote:
> On Fri, May 27, 2016 at 04:46:17PM +0800, Xiong Zhou wrote:
> ...
>> Still working on to id which commit in this merge causes this issuer,
>
> Narrowed down to:
>
> 37e5823 block: add offset in blk_add_request_payload()
>
On Sat, May 28, 2016 at 5:05 AM, Xiong Zhou wrote:
> On Fri, May 27, 2016 at 04:46:17PM +0800, Xiong Zhou wrote:
> ...
>> Still working on to id which commit in this merge causes this issuer,
>
> Narrowed down to:
>
> 37e5823 block: add offset in blk_add_request_payload()
> e048948 blk-mq: Export
On Thu, Apr 7, 2016 at 9:43 PM, Christoph Hellwig wrote:
> Signed-off-by: Christoph Hellwig
> ---
> arch/x86/entry/syscalls/syscall_32.tbl | 4 ++--
> arch/x86/entry/syscalls/syscall_64.tbl | 2 ++
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git
On Thu, Apr 7, 2016 at 9:43 PM, Christoph Hellwig wrote:
> Signed-off-by: Christoph Hellwig
> ---
> arch/x86/entry/syscalls/syscall_32.tbl | 4 ++--
> arch/x86/entry/syscalls/syscall_64.tbl | 2 ++
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git
dd Luff's original patch in my local tree so I
could do UML testing of Capsicum (which uses seccomp for some of its
userspace implementation). I've replaced my patch with this version, as
it's much more complete, and all my tests still work. Which I guess is
kind of:
Tested-by: David Drysdale
Many than
uml tree.
>
> Thanks!
>
> -Kees
I also had a version of Meredydd Luff's original patch in my local tree so I
could do UML testing of Capsicum (which uses seccomp for some of its
userspace implementation). I've replaced my patch with this version, as
it's much more complete, and all
On Thu, Sep 10, 2015 at 2:43 PM, Serge E. Hallyn wrote:
> On Tue, Sep 08, 2015 at 07:25:17PM -0500, Eric W. Biederman wrote:
>> Andy Lutomirski writes:
>>
>> > On Tue, Sep 8, 2015 at 4:07 PM, Eric W. Biederman
>> > wrote:
>>
>> >> Perhaps I had missed it but I don't recall capsicum being able
On Thu, Sep 10, 2015 at 2:43 PM, Serge E. Hallyn wrote:
> On Tue, Sep 08, 2015 at 07:25:17PM -0500, Eric W. Biederman wrote:
>> Andy Lutomirski writes:
>>
>> > On Tue, Sep 8, 2015 at 4:07 PM, Eric W. Biederman
>> > wrote:
>>
>> >>
On Wed, Sep 9, 2015 at 1:25 AM, Eric W. Biederman wrote:
> Andy Lutomirski writes:
> > On Tue, Sep 8, 2015 at 4:07 PM, Eric W. Biederman
> > wrote:
>
> >> Perhaps I had missed it but I don't recall capsicum being able to wrap
> >> things like reboot(2).
> >>
> >
> > Ah, so you want to be able
On Wed, Sep 9, 2015 at 1:25 AM, Eric W. Biederman wrote:
> Andy Lutomirski writes:
> > On Tue, Sep 8, 2015 at 4:07 PM, Eric W. Biederman
> > wrote:
>
> >> Perhaps I had missed it but I don't recall capsicum being able to wrap
>
On Fri, Aug 14, 2015 at 3:17 PM, Andy Lutomirski wrote:
> On Fri, Aug 14, 2015 at 2:29 AM, David Drysdale wrote:
>> On Fri, Aug 14, 2015 at 6:33 AM, Michael Kerrisk (man-pages)
>> wrote:
>>> On 13 August 2015 at 19:38, Andy Lutomirski wrote:
>>>> On Thu, Aug
On Fri, Aug 14, 2015 at 6:33 AM, Michael Kerrisk (man-pages)
wrote:
> On 13 August 2015 at 19:38, Andy Lutomirski wrote:
>> On Thu, Aug 13, 2015 at 2:32 AM, David Drysdale wrote:
>>> Signed-off-by: David Drysdale
>>
>> What's the behavior wrt fcntl(F_GE
On Thu, Aug 13, 2015 at 11:56 PM, Kees Cook wrote:
> On Thu, Aug 13, 2015 at 3:54 PM, Linus Torvalds
> wrote:
>> On Thu, Aug 13, 2015 at 3:49 PM, Linus Torvalds
>> wrote:
>>>
>>> Does the attached patch make sense and work?
>>
>> Btw, I'm not all that happy with it anyway.
>>
>> I still think
On Thu, Aug 13, 2015 at 11:56 PM, Kees Cook keesc...@chromium.org wrote:
On Thu, Aug 13, 2015 at 3:54 PM, Linus Torvalds
torva...@linux-foundation.org wrote:
On Thu, Aug 13, 2015 at 3:49 PM, Linus Torvalds
torva...@linux-foundation.org wrote:
Does the attached patch make sense and work?
On Fri, Aug 14, 2015 at 6:33 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
On 13 August 2015 at 19:38, Andy Lutomirski l...@amacapital.net wrote:
On Thu, Aug 13, 2015 at 2:32 AM, David Drysdale drysd...@google.com wrote:
Signed-off-by: David Drysdale drysd...@google.com
What's
On Fri, Aug 14, 2015 at 3:17 PM, Andy Lutomirski l...@amacapital.net wrote:
On Fri, Aug 14, 2015 at 2:29 AM, David Drysdale drysd...@google.com wrote:
On Fri, Aug 14, 2015 at 6:33 AM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
On 13 August 2015 at 19:38, Andy Lutomirski l
On Thu, Aug 13, 2015 at 6:15 PM, Andy Lutomirski wrote:
> On Thu, Aug 13, 2015 at 9:28 AM, David Drysdale wrote:
>> On Thu, Aug 13, 2015 at 4:17 PM, Denys Vlasenko wrote:
>>> On 08/13/2015 10:30 AM, David Drysdale wrote:
>>>> Hi folks,
>>>>
>&g
On Thu, Aug 13, 2015 at 4:17 PM, Denys Vlasenko wrote:
> On 08/13/2015 10:30 AM, David Drysdale wrote:
>> Hi folks,
>>
>> I've got an odd regression with the v4.2 rc kernel, and I wondered if anyone
>> else could reproduce it.
>>
>> The problem occurs with
Add simple tests of openat(2) variations, including examples that
check the new O_BENEATH flag.
Signed-off-by: David Drysdale
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/openat/.gitignore | 4 +
tools/testing/selftests/openat/Makefile | 29
tools
of nd_jump_link() for following symlinks without
path expansion, when O_BENEATH is set.
Signed-off-by: David Drysdale
---
arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
arch/sparc/include/uapi/asm/fcntl.h | 1 +
fs/fcntl.c | 4 ++--
fs
Signed-off-by: David Drysdale
---
man2/open.2 | 44
1 file changed, 44 insertions(+)
diff --git a/man2/open.2 b/man2/open.2
index f49ab3042161..d09511f9ffb0 100644
--- a/man2/open.2
+++ b/man2/open.2
@@ -201,6 +201,43 @@ See
for further details
o v2 of Capsicum patchset:
- renamed O_BENEATH_ONLY to O_BENEATH [Christoph Hellwig]
David Drysdale (2):
fs: add O_BENEATH flag to openat(2)
selftests: Add test of O_BENEATH & openat(2)
arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
ar
Hi folks,
I've got an odd regression with the v4.2 rc kernel, and I wondered if anyone
else could reproduce it.
The problem occurs with a seccomp-bpf filter program that's set up to return
an errno value -- an errno of 1 is always returned instead of what's in the
filter, plus other oddities
Hi folks,
I've got an odd regression with the v4.2 rc kernel, and I wondered if anyone
else could reproduce it.
The problem occurs with a seccomp-bpf filter program that's set up to return
an errno value -- an errno of 1 is always returned instead of what's in the
filter, plus other oddities
Signed-off-by: David Drysdale drysd...@google.com
---
man2/open.2 | 44
1 file changed, 44 insertions(+)
diff --git a/man2/open.2 b/man2/open.2
index f49ab3042161..d09511f9ffb0 100644
--- a/man2/open.2
+++ b/man2/open.2
@@ -201,6 +201,43 @@ See
of Capsicum patchset:
- renamed O_BENEATH_ONLY to O_BENEATH [Christoph Hellwig]
David Drysdale (2):
fs: add O_BENEATH flag to openat(2)
selftests: Add test of O_BENEATH openat(2)
arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
arch/sparc
Add simple tests of openat(2) variations, including examples that
check the new O_BENEATH flag.
Signed-off-by: David Drysdale drysd...@google.com
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/openat/.gitignore | 4 +
tools/testing/selftests/openat/Makefile
of nd_jump_link() for following symlinks without
path expansion, when O_BENEATH is set.
Signed-off-by: David Drysdale drysd...@google.com
---
arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
arch/sparc/include/uapi/asm/fcntl.h | 1 +
fs/fcntl.c
On Thu, Aug 13, 2015 at 6:15 PM, Andy Lutomirski l...@amacapital.net wrote:
On Thu, Aug 13, 2015 at 9:28 AM, David Drysdale drysd...@google.com wrote:
On Thu, Aug 13, 2015 at 4:17 PM, Denys Vlasenko dvlas...@redhat.com wrote:
On 08/13/2015 10:30 AM, David Drysdale wrote:
Hi folks,
I've got
On Thu, Aug 13, 2015 at 4:17 PM, Denys Vlasenko dvlas...@redhat.com wrote:
On 08/13/2015 10:30 AM, David Drysdale wrote:
Hi folks,
I've got an odd regression with the v4.2 rc kernel, and I wondered if anyone
else could reproduce it.
The problem occurs with a seccomp-bpf filter program
kups [Josh Triplett]
Changes since v1:
- added paragraph on build requirements to Testing section [Shuah Khan,
Peter Zijlstra]
- various text clarifications [Kees Cook]
- added Reviewed-by markers
David Drysdale (1):
Documentation: describe how to add a system call
Documentation/ad
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David Drysdale
Reviewed-by: Michael Kerrisk
Reviewed-by: Eric B Munson
On Wed, Aug 5, 2015 at 5:21 PM, Pavel Machek wrote:
> Hi!
>
>> Add a document describing the process of adding a new system call,
>> including the need for a flags argument for future compatibility, and
>> covering 32-bit/64-bit concerns (albeit in an x86-centric way).
&g
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David Drysdale drysd...@google.com
Reviewed-by: Michael Kerrisk mtk.manpa
[Josh Triplett]
Changes since v1:
- added paragraph on build requirements to Testing section [Shuah Khan,
Peter Zijlstra]
- various text clarifications [Kees Cook]
- added Reviewed-by markers
David Drysdale (1):
Documentation: describe how to add a system call
Documentation/adding
On Wed, Aug 5, 2015 at 5:21 PM, Pavel Machek pa...@ucw.cz wrote:
Hi!
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David
On Fri, Jul 31, 2015 at 2:06 PM, Josh Triplett wrote:
> On Fri, Jul 31, 2015 at 10:48:32AM +0100, David Drysdale wrote:
>> On Thu, Jul 30, 2015 at 7:50 PM, Josh Triplett wrote:
>> > On Thu, Jul 30, 2015 at 08:52:11AM +0100, David Drysdale wrote:
>> >> +needs to
since v1:
- added paragraph on build requirements to Testing section [Shuah Khan,
Peter Zijlstra]
- various text clarifications [Kees Cook]
- added Reviewed-by markers
David Drysdale (1):
Documentation: describe how to add a system call
Documentation/adding-syscalls.txt | 531
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David Drysdale
Reviewed-by: Michael Kerrisk
Reviewed-by: Eric B Munson
On Thu, Jul 30, 2015 at 7:50 PM, Josh Triplett wrote:
> On Thu, Jul 30, 2015 at 08:52:11AM +0100, David Drysdale wrote:
>> Add a document describing the process of adding a new system call,
>> including the need for a flags argument for future compatibility, and
>> covering 3
On Fri, Jul 31, 2015 at 2:06 PM, Josh Triplett j...@joshtriplett.org wrote:
On Fri, Jul 31, 2015 at 10:48:32AM +0100, David Drysdale wrote:
On Thu, Jul 30, 2015 at 7:50 PM, Josh Triplett j...@joshtriplett.org wrote:
On Thu, Jul 30, 2015 at 08:52:11AM +0100, David Drysdale wrote:
+needs
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David Drysdale drysd...@google.com
Reviewed-by: Michael Kerrisk mtk.manpa
since v1:
- added paragraph on build requirements to Testing section [Shuah Khan,
Peter Zijlstra]
- various text clarifications [Kees Cook]
- added Reviewed-by markers
David Drysdale (1):
Documentation: describe how to add a system call
Documentation/adding-syscalls.txt | 531
On Thu, Jul 30, 2015 at 7:50 PM, Josh Triplett j...@joshtriplett.org wrote:
On Thu, Jul 30, 2015 at 08:52:11AM +0100, David Drysdale wrote:
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit
On Thu, Jul 30, 2015 at 9:38 AM, Ingo Molnar wrote:
>
> * David Drysdale wrote:
>
>> +Designing the API
>> +-
>> +
>> +A new system call forms part of the API of the kernel, and has to be
>> supported
>> +indefinitely. As such
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David Drysdale
Reviewed-by: Michael Kerrisk
Reviewed-by: Eric B Munson
several clarifications and additions.)
Changes since v1:
- added paragraph on build requirements to Testing section [Shuah Khan,
Peter Zijlstra]
- various text clarifications [Kees Cook]
- added Reviewed-by markers
David Drysdale (1):
Documentation: describe how to add a system call
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David Drysdale drysd...@google.com
Reviewed-by: Michael Kerrisk mtk.manpa
several clarifications and additions.)
Changes since v1:
- added paragraph on build requirements to Testing section [Shuah Khan,
Peter Zijlstra]
- various text clarifications [Kees Cook]
- added Reviewed-by markers
David Drysdale (1):
Documentation: describe how to add a system call
On Thu, Jul 30, 2015 at 9:38 AM, Ingo Molnar mi...@kernel.org wrote:
* David Drysdale drysd...@google.com wrote:
+Designing the API
+-
+
+A new system call forms part of the API of the kernel, and has to be
supported
+indefinitely. As such, it's a very good idea
On Tue, Jul 28, 2015 at 5:43 PM, Kees Cook wrote:
> On Tue, Jul 28, 2015 at 4:41 AM, David Drysdale wrote:
>> Add a document describing the process of adding a new system call,
>> including the need for a flags argument for future compatibility, and
>> covering 32-bit/64
On Tue, Jul 28, 2015 at 3:19 PM, Peter Zijlstra wrote:
> On Tue, Jul 28, 2015 at 07:59:16AM -0600, Shuah Khan wrote:
>> On 07/28/2015 05:41 AM, David Drysdale wrote:
>> > Given that I've gotten some of the details wrong in the past (and I've
>> > seen others do li
On Tue, Jul 28, 2015 at 1:20 PM, Paul Moore wrote:
> On Tue, Jul 28, 2015 at 4:05 AM, David Drysdale wrote:
>> A while ago I was trying to build a seccomp-bpf filter program that would
>> survive a change of x86 architecture. This was complicated for all sorts of
>
to Andrew Morton for looking over an initial draft, and to
Michael Kerrisk for suggesting several clarifications and additions.)
David Drysdale (1):
Documentation: describe how to add a system call
Documentation/adding-syscalls.txt | 454 ++
1 file changed, 454
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David Drysdale
Reviewed-by: Michael Kerrisk
---
Documentation/adding
of definitions. For the new constants I've left in my
original suggestion (__NR_amd64_) for the time being.
What are folks' thoughts about the preferred naming for these?
David Drysdale (1):
UAPI,x86: export syscall numbers for all x86 archs
arch/x86/entry/syscalls/Makefile | 11
numbers in form __NR_amd64_.
For example, this allows a seccomp-bpf filter to include filtering
for multiple architectures, and (in particular) to include x32
syscalls in an x86_64 filter. (Programmatic control of the audit
framework is another possible use case.)
Signed-off-by: David Drysdale
of definitions. For the new constants I've left in my
original suggestion (__NR_amd64_) for the time being.
What are folks' thoughts about the preferred naming for these?
David Drysdale (1):
UAPI,x86: export syscall numbers for all x86 archs
arch/x86/entry/syscalls/Makefile | 11
call numbers in form __NR_amd64_name.
For example, this allows a seccomp-bpf filter to include filtering
for multiple architectures, and (in particular) to include x32
syscalls in an x86_64 filter. (Programmatic control of the audit
framework is another possible use case.)
Signed-off-by: David
On Tue, Jul 28, 2015 at 1:20 PM, Paul Moore p...@paul-moore.com wrote:
On Tue, Jul 28, 2015 at 4:05 AM, David Drysdale drysd...@google.com wrote:
A while ago I was trying to build a seccomp-bpf filter program that would
survive a change of x86 architecture. This was complicated for all sorts
On Tue, Jul 28, 2015 at 3:19 PM, Peter Zijlstra pet...@infradead.org wrote:
On Tue, Jul 28, 2015 at 07:59:16AM -0600, Shuah Khan wrote:
On 07/28/2015 05:41 AM, David Drysdale wrote:
Given that I've gotten some of the details wrong in the past (and I've
seen others do likewise), I thought
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering 32-bit/64-bit concerns (albeit in an x86-centric way).
Signed-off-by: David Drysdale drysd...@google.com
Reviewed-by: Michael Kerrisk mtk.manpa
to Andrew Morton for looking over an initial draft, and to
Michael Kerrisk for suggesting several clarifications and additions.)
David Drysdale (1):
Documentation: describe how to add a system call
Documentation/adding-syscalls.txt | 454 ++
1 file changed, 454
On Tue, Jul 28, 2015 at 5:43 PM, Kees Cook keesc...@chromium.org wrote:
On Tue, Jul 28, 2015 at 4:41 AM, David Drysdale drysd...@google.com wrote:
Add a document describing the process of adding a new system call,
including the need for a flags argument for future compatibility, and
covering
On Fri, Jun 26, 2015 at 12:29 AM, Vinson Lee wrote:
> From: Vinson Lee
>
> This patch fixes this build error on CentOS 5.
>
> execveat.c: In function ‘check_execveat_pathmax’:
> execveat.c:185: error: ‘AT_EMPTY_PATH’ undeclared (first use in this function)
> execveat.c:185: error: (Each
On Fri, Jun 26, 2015 at 12:29 AM, Vinson Lee v...@twopensource.com wrote:
From: Vinson Lee v...@twitter.com
This patch fixes this build error on CentOS 5.
execveat.c: In function ‘check_execveat_pathmax’:
execveat.c:185: error: ‘AT_EMPTY_PATH’ undeclared (first use in this function)
On Mon, Mar 23, 2015 at 3:05 PM, wrote:
> On Mon, Mar 23, 2015 at 02:11:45PM +0000, David Drysdale wrote:
>> On Sun, Mar 15, 2015 at 7:59 AM, Josh Triplett wrote:
>> > diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
>> > index 0286735..ba28306 1006
On Mon, Mar 23, 2015 at 3:05 PM, j...@joshtriplett.org wrote:
On Mon, Mar 23, 2015 at 02:11:45PM +, David Drysdale wrote:
On Sun, Mar 15, 2015 at 7:59 AM, Josh Triplett j...@joshtriplett.org wrote:
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 0286735..ba28306
On Sun, Mar 15, 2015 at 8:00 AM, Josh Triplett wrote:
> diff --git a/include/linux/compat.h b/include/linux/compat.h
> index 6c4a68d..c90df5a 100644
> --- a/include/linux/compat.h
> +++ b/include/linux/compat.h
> @@ -299,6 +299,8 @@ struct compat_clone4_args {
> compat_ulong_t
On Mon, Mar 16, 2015 at 11:29 PM, wrote:
> On Mon, Mar 16, 2015 at 03:14:14PM -0700, Thiago Macieira wrote:
>> On Monday 16 March 2015 14:44:20 Kees Cook wrote:
>> > > O_CLOEXEC
>> > > Set the close-on-exec flag on the new file
>> > >descriptor. See the
On Sun, Mar 15, 2015 at 7:59 AM, Josh Triplett wrote:
> diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
> index 0286735..ba28306 100644
> --- a/arch/x86/ia32/ia32entry.S
> +++ b/arch/x86/ia32/ia32entry.S
> @@ -483,6 +483,7 @@ GLOBAL(\label)
> PTREGSCALL stub32_execveat,
On Mon, Mar 16, 2015 at 11:29 PM, j...@joshtriplett.org wrote:
On Mon, Mar 16, 2015 at 03:14:14PM -0700, Thiago Macieira wrote:
On Monday 16 March 2015 14:44:20 Kees Cook wrote:
O_CLOEXEC
Set the close-on-exec flag on the new file
descriptor. See
On Sun, Mar 15, 2015 at 7:59 AM, Josh Triplett j...@joshtriplett.org wrote:
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 0286735..ba28306 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -483,6 +483,7 @@ GLOBAL(\label)
PTREGSCALL
On Sun, Mar 15, 2015 at 8:00 AM, Josh Triplett j...@joshtriplett.org wrote:
diff --git a/include/linux/compat.h b/include/linux/compat.h
index 6c4a68d..c90df5a 100644
--- a/include/linux/compat.h
+++ b/include/linux/compat.h
@@ -299,6 +299,8 @@ struct compat_clone4_args {
02:00:11PM +, David Drysdale wrote:
>> >> Test basic openat(2) behaviour.
>> >>
>> >> Test that if O_BENEATH flag is set, openat() will only open
>> >> paths that have no .. component and do not start with /.
>> >> Symlinks a
, 2015 at 02:00:11PM +, David Drysdale wrote:
Test basic openat(2) behaviour.
Test that if O_BENEATH flag is set, openat() will only open
paths that have no .. component and do not start with /.
Symlinks are also checked for the same restrictions.
Signed-off-by: David Drysdale drysd
On Sat, Mar 14, 2015 at 7:29 PM, Josh Triplett wrote:
> On Sat, Mar 14, 2015 at 12:03:12PM -0700, Thiago Macieira wrote:
>> On Friday 13 March 2015 18:11:32 Thiago Macieira wrote:
>> > On Friday 13 March 2015 14:51:47 Andy Lutomirski wrote:
>> > > In any event, we should find out what FreeBSD
On Fri, Mar 13, 2015 at 7:42 PM, Josh Triplett wrote:
> On Fri, Mar 13, 2015 at 04:05:29PM +0000, David Drysdale wrote:
>> On Fri, Mar 13, 2015 at 1:40 AM, Josh Triplett wrote:
>> > This patch series introduces a new clone flag, CLONE_FD, which lets the
>> > calle
On Sat, Mar 14, 2015 at 7:29 PM, Josh Triplett j...@joshtriplett.org wrote:
On Sat, Mar 14, 2015 at 12:03:12PM -0700, Thiago Macieira wrote:
On Friday 13 March 2015 18:11:32 Thiago Macieira wrote:
On Friday 13 March 2015 14:51:47 Andy Lutomirski wrote:
In any event, we should find out what
On Fri, Mar 13, 2015 at 7:42 PM, Josh Triplett j...@joshtriplett.org wrote:
On Fri, Mar 13, 2015 at 04:05:29PM +, David Drysdale wrote:
On Fri, Mar 13, 2015 at 1:40 AM, Josh Triplett j...@joshtriplett.org wrote:
This patch series introduces a new clone flag, CLONE_FD, which lets
On Fri, Mar 13, 2015 at 1:40 AM, Josh Triplett wrote:
> This patch series introduces a new clone flag, CLONE_FD, which lets the caller
> handle child process exit notification via a file descriptor rather than
> SIGCHLD. CLONE_FD makes it possible for libraries to safely launch and manage
>
On Fri, Mar 13, 2015 at 1:40 AM, Josh Triplett j...@joshtriplett.org wrote:
This patch series introduces a new clone flag, CLONE_FD, which lets the caller
handle child process exit notification via a file descriptor rather than
SIGCHLD. CLONE_FD makes it possible for libraries to safely launch
On Mon, Mar 9, 2015 at 2:32 PM, Michael Kerrisk (man-pages)
wrote:
> On 03/09/2015 03:00 PM, David Drysdale wrote:
>> Signed-off-by: David Drysdale
>
> Hi David,
>
> The text looks good insofar as it goes. But, it would be helpful
> to have sentence or to that expla
Test basic openat(2) behaviour.
Test that if O_BENEATH flag is set, openat() will only
open paths that have no .. component and do not start
with /. Symlinks are also checked for the same restrictions.
Signed-off-by: David Drysdale
---
.gitignore| 1 +
common/openat
Signed-off-by: David Drysdale
---
man2/open.2 | 32
1 file changed, 32 insertions(+)
diff --git a/man2/open.2 b/man2/open.2
index 956531b24b26..be40dd7710df 100644
--- a/man2/open.2
+++ b/man2/open.2
@@ -716,6 +716,31 @@ XFS support was added
.\" c
of nd_jump_link() for following symlinks without
path expansion, when O_BENEATH is set.
Signed-off-by: David Drysdale
---
arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
arch/sparc/include/uapi/asm/fcntl.h | 1 +
fs/fcntl.c | 4 ++--
fs
ONLY to O_BENEATH [Christoph Hellwig]
David Drysdale (1):
fs: add O_BENEATH flag to openat(2)
arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
arch/sparc/include/uapi/asm/fcntl.h | 1 +
fs/fcntl.c | 4 ++--
fs/nam
Test basic openat(2) behaviour.
Test that if O_BENEATH flag is set, openat() will only
open paths that have no .. component and do not start
with /. Symlinks are also checked for the same restrictions.
Signed-off-by: David Drysdale drysd...@google.com
---
.gitignore| 1 +
common
Signed-off-by: David Drysdale drysd...@google.com
---
man2/open.2 | 32
1 file changed, 32 insertions(+)
diff --git a/man2/open.2 b/man2/open.2
index 956531b24b26..be40dd7710df 100644
--- a/man2/open.2
+++ b/man2/open.2
@@ -716,6 +716,31 @@ XFS support was added
to O_BENEATH [Christoph Hellwig]
David Drysdale (1):
fs: add O_BENEATH flag to openat(2)
arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
arch/sparc/include/uapi/asm/fcntl.h | 1 +
fs/fcntl.c | 4 ++--
fs/namei.c
of nd_jump_link() for following symlinks without
path expansion, when O_BENEATH is set.
Signed-off-by: David Drysdale drysd...@google.com
---
arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
arch/sparc/include/uapi/asm/fcntl.h | 1 +
fs/fcntl.c
On Mon, Mar 9, 2015 at 2:32 PM, Michael Kerrisk (man-pages)
mtk.manpa...@gmail.com wrote:
On 03/09/2015 03:00 PM, David Drysdale wrote:
Signed-off-by: David Drysdale drysd...@google.com
Hi David,
The text looks good insofar as it goes. But, it would be helpful
to have sentence
Treat x32 ABI variants of execve[at] the same as x86_64
variants.
Slightly speculative as the audit subsystem doesn't currently
work with x32 ABI syscalls. If and when audit+x32 does work,
this should correctly classify exec calls.
Signed-off-by: David Drysdale
---
arch/x86/kernel/audit_64.c
New execveat syscall from v3.19 is missing from
audit_classify_compat_syscall().
Reported-by: Brian Gerst
Signed-off-by: David Drysdale
---
lib/compat_audit.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/compat_audit.c b/lib/compat_audit.c
index 873f75b640ab..a49469f0511d 100644
1 - 100 of 382 matches
Mail list logo