On 04/12/2015 18:13, Tristan Schmelcher wrote:
> File permissions are checked at time of open, so I think this fchmod
> call has never had any effect.
Indeed, mmap doesn't require the file to be executable, only readable and
writable. The fchmod seems to be a guarantee for this permissions but I
On 06/12/2015 12:32, Mickaël Salaün wrote:
> On 04/12/2015 18:13, Tristan Schmelcher wrote:
>> If there is a concern that the mkstemp implementation may be insecure,
>> why not set and restore the umask?
>>
>
> I will add this safeguard.
Well, I'm concerned to use uma
On 06/12/2015 12:32, Mickaël Salaün wrote:
> On 04/12/2015 18:13, Tristan Schmelcher wrote:
>> File permissions are checked at time of open, so I think this fchmod
>> call has never had any effect.
>
> Indeed, mmap doesn't require the file to be executable, only rea
Mickaël Salaün (2):
um: Do not set unsecure permission for temporary file
um: Use race-free temporary file creation
arch/um/os-Linux/mem.c | 17 +++--
1 file changed, 11 insertions(+), 6 deletions(-)
--
2.6.2
--
To unsubscribe from this list: send the line "unsubscribe
arbitrary code execution.
To not change the hostfs behavior, the temporary file creation
permission now depend on the current umask(2) and the implementation of
mkstemp(3).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <ric
Open the memory mapped file with the O_TMPFILE flag when available.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Acked-by: Tristan Schmelcher <tschmelc...@google.com>
---
arch/um/os-Linux/mem.c
On 08/12/2015 22:45, Richard Weinberger wrote:
> Am 08.12.2015 um 21:37 schrieb Tristan Schmelcher:
>> On 6 December 2015 at 09:43, Mickaël Salaün <m...@digikod.net> wrote:
>>> Well, I'm concerned to use umask because it is not thread-safe and drivers
>>> may
a new trigger HAVE_GETREGS. For
now, this is only enabled for i386 and x86_64 architectures. This is
required to be able to run this tests on User-mode Linux.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc
orig_eax automatically update the syscall number as well. This
is now updated in handle_syscall().
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: Thomas Gleixner <t...@linutronix.de&
()
* syscall_set_arguments()
* syscall_get_arch() provided by arch/x86/um/asm/syscall.h
This provides the necessary syscall helpers needed by
HAVE_ARCH_SECCOMP_FILTER plus syscall_get_error().
This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).
Signed-off-by: Mickaël Salaün &l
.
This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: Kees Cook <keesc...@chromi
]
* rebase to v4.4-rc7
Changes since v1; addressed Richard Weinberger's comments:
* fix a new PTRACE_SETREGS bug on x86_64 [1/4]
* fix an old PTRACE_SETREGS bug when updating orig_ax on i386 [1/4]
Regards,
Mickaël
Mickaël Salaün (4):
um: Fix ptrace GETREGS/SETREGS bugs
selftests/seccomp: Remove
This series add seccomp support to User-mode Linux (i386 and x86_64
subarchitectures) and fix ptrace issues. This apply on v4.4-rc4 and pass all
the 48 tests from selftest/seccomp.
Regards,
Mickaël
Mickaël Salaün (4):
um: Fix ptrace GETREGS/SETREGS bugs
selftests/seccomp: Remove the need
This fix two related bugs:
* PTRACE_GETREGS doesn't get the right orig_ax (syscall) value
* PTRACE_SETREGS can't set the orig_ax value (erased by initial value)
Remove the now useless and error-prone get_syscall().
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@ad
()
* syscall_set_arguments()
* syscall_get_arch() provided by arch/x86/um/asm/syscall.h
This provides the necessary syscall helpers needed by
HAVE_ARCH_SECCOMP_FILTER plus syscall_get_error().
This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).
Signed-off-by: Mickaël Salaün &l
.
This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jonathan Corbet <cor...@lwn.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: Ingo Molnar <mi...@redha
a new trigger HAVE_GETREGS. For
now, this is only enabled for i386 and x86_64 architectures. This is
required to be able to run this tests on User-mode Linux.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc
()
* syscall_set_arguments()
* syscall_get_arch() provided by arch/x86/um/asm/syscall.h
This provides the necessary syscall helpers needed by
HAVE_ARCH_SECCOMP_FILTER plus syscall_get_error().
This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).
Signed-off-by: Mickaël Salaün &l
orig_eax automatically update the syscall number as well. This
is now updated in handle_syscall().
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Kees Coo
a new trigger HAVE_GETREGS. For
now, this is only enabled for i386 and x86_64 architectures. This is
required to be able to run this tests on User-mode Linux.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc
On 21/12/2015 11:13, Richard Weinberger wrote:
> Am 21.12.2015 um 10:23 schrieb Mickaël Salaün:
>>>>> Doesn't this break the support for changing syscall numbers using
>>>>> PTRACE_SETREGS?
>>>>
>>>> The logic is unchanged except updating
on x86_64 [1/4]
* fix an old PTRACE_SETREGS bug when updating orig_ax on i386 [1/4]
Regards,
Mickaël
Mickaël Salaün (4):
um: Fix ptrace GETREGS/SETREGS bugs
selftests/seccomp: Remove the need for HAVE_ARCH_TRACEHOOK
um: Add full asm/syscall.h support
um: Add seccomp support
.../seccomp
.
This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jonathan Corbet <cor...@lwn.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: Ingo Molnar <mi...@redha
Weinberger's comments:
* add attacker model to the patch description [1/2]
* remove errno reset [2/2]
Regards,
Mickaël
Mickaël Salaün (2):
um: Do not set unsecure permission for temporary file
um: Use race-free temporary file creation
arch/um/os-Linux/mem.c | 17 +++--
1 file changed
Open the memory mapped file with the O_TMPFILE flag when available.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Acked-by: Tristan Schmelcher <tschmelc...@google.com>
---
arch/um/os-Linux/mem.c
'
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
---
arch/x86/um/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/um/Kconfig b/arch/x86/um/Kconfig
index ed56a1c4ae73..bb7cd8b38043 100644
arbitrary code execution.
To not change the hostfs behavior, the temporary file creation
permission now depends on the current umask(2) and the implementation of
mkstemp(3).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <
Fix a pointer cast typo introduced in v4.4-rc5 especially visible for
the i386 subarchitecture where it results in a kernel crash.
Fixes: 8090bfd2bb9a ("um: Fix fpstate handling")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Ri
Fix a pointer cast typo introduced in v4.4-rc5 especially visible for
the i386 subarchitecture where it results in a kernel crash.
Fixes: 8090bfd2bb9a ("um: Fix fpstate handling")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Ri
On 25/12/2015 02:34, Josh Triplett wrote:
> On Thu, Dec 24, 2015 at 01:12:11PM +0100, Mickaël Salaün wrote:
>> Fix build error by generating elfcore.o only when ELF_CORE (depending on
>> COREDUMP) is selected:
>>
>> arch/x86/um/built-in.o: In function `elf_core_wr
/2]
* remove errno reset [2/2]
Regards,
Mickaël
Mickaël Salaün (2):
um: Do not set unsecure permission for temporary file
um: Use race-free temporary file creation
arch/um/os-Linux/mem.c | 17 +++--
1 file changed, 11 insertions(+), 6 deletions(-)
--
2.6.4
--
To unsubscribe
Open the memory mapped file with the O_TMPFILE flag when available.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Acked-by: Tristan Schmelcher <tschmelc...@google.com>
---
arch/um/os-Linux/mem.c
arbitrary code execution.
To not change the hostfs behavior, the temporary file creation
permission now depend on the current umask(2) and the implementation of
mkstemp(3).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich..
On 21/12/2015 01:20, Richard Weinberger wrote:
> Am 21.12.2015 um 01:03 schrieb Mickaël Salaün:
>> diff --git a/arch/um/kernel/skas/syscall.c b/arch/um/kernel/skas/syscall.c
>> index 1683b8e..65f0d1a 100644
>> --- a/arch/um/kernel/skas/syscall.c
>> +++ b/arch/um/kerne
On 21/12/2015 10:00, Richard Weinberger wrote:
> [sending the mail again, Thunderbird crashed :-\]
>
> Am 21.12.2015 um 09:49 schrieb Mickaël Salaün:
>>
>> On 21/12/2015 01:20, Richard Weinberger wrote:
>>> Am 21.12.2015 um 01:03 schrieb Mickaël Salaün:
>>
On 22/12/2015 23:28, Richard Weinberger wrote:
> Am 22.12.2015 um 22:44 schrieb Mickaël Salaün:
>> Fix build error by selecting COREDUMP when X86_32 is selected:
>>
>> arch/x86/um/built-in.o: In function `elf_core_write_extra_phdrs':
>> (.text+0x3e62): undefined refer
'
Fixes: 5d2acfc7b974 ("kconfig: make allnoconfig disable options behind EMBEDDED
and EXPERT")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: Josh Triplett <j...@joshtriplett.
On 23/12/2015 22:42, Josh Triplett wrote:
> On Wed, Dec 23, 2015 at 01:59:13PM +0100, Mickaël Salaün wrote:
>> Fix build error by selecting COREDUMP when X86_32 is selected:
>>
>> arch/x86/um/built-in.o: In function `elf_core_write_extra_phdrs':
>> (.text+0
): undefined reference to `dump_emit'
Fixes: 5d2acfc7b974 ("kconfig: make allnoconfig disable options behind EMBEDDED
and EXPERT")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: Josh Triplett <
Open the memory mapped file with the O_TMPFILE flag when available.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
---
arch/um/os-Linux/mem.c | 12
1 file changed, 12 insertions(+)
diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c
index 798aeb4..fe52e2d
Replace the default insecure mode 0777 with 0700 for temporary file.
Prohibit other users to change the executable mapped code.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
---
arch/um/os-Linux/mem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/um/os-Linux
+ errno != EOPNOTSUPP))
+ return fd;
+ errno = 0;
>>>
>>> Why are you resetting errno?
>>
>> It's to ignore/reset the error code from open, but it may not be needed
>> because of the next call to malloc?
>
> But then you'd have to reset errno after
These patches protect the memory mapped file.
Mickaël Salaün (2):
um: Set secure access mode for temporary file
um: Use race-free temporary file creation
arch/um/os-Linux/mem.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
--
2.6.2
--
To unsubscribe from this list
On 28/11/2015 22:40, Richard Weinberger wrote:
> Am 28.11.2015 um 22:32 schrieb Mickaël Salaün:
>> Replace the default insecure mode 0777 with 0700 for temporary file.
>>
>> Prohibit other users to change the executable mapped code.
>
> Hmm, isn't the tmp file alr
On 28/11/2015 23:07, Richard Weinberger wrote:
> Am 28.11.2015 um 22:32 schrieb Mickaël Salaün:
>> Open the memory mapped file with the O_TMPFILE flag when available.
>>
>> Signed-off-by: Mickaël Salaün <m...@digikod.net>
>> ---
>> arch/um/os-Linux/mem.c |
On 28/11/2015 23:55, Richard Weinberger wrote:
> Am 28.11.2015 um 23:52 schrieb Mickaël Salaün:
>>
>> On 28/11/2015 22:40, Richard Weinberger wrote:
>>> Am 28.11.2015 um 22:32 schrieb Mickaël Salaün:
>>>> Replace the default insecure mode 0777 with 0700 fo
Open the memory mapped file with the O_TMPFILE flag when available.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
---
arch/um/os-Linux/mem.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c
index 798aeb4..6ee4233
to avoid arbitrary code execution.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
---
arch/um/os-Linux/mem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c
index 897e9ad..798aeb4 100644
--- a/arch/um/os-Linux/mem.c
+++ b/a
This series protect the memory mapped file.
Changes since v1; addressed Richard Weinberger's comments:
* add attacker model to the patch description [1/2]
* remove errno reset [2/2]
Regards,
Mickaël
Mickaël Salaün (2):
um: Set secure access mode for temporary file
um: Use race-free
Hi,
Actually I found the same bug (without fuzzing) and I can reproduce it in a
deterministic way (e.g. by creating a LSM that return 1 for the
security_file_open hook). At least, from v4.2.8 I can easily trigger traces
like this :
BUG: unable to handle kernel NULL pointer dereference at
On 20/02/2016 04:54, Al Viro wrote:
> On Sat, Feb 20, 2016 at 03:21:27AM +, Al Viro wrote:
>> On Fri, Feb 19, 2016 at 08:32:10PM +0100, Dmitry Vyukov wrote:
BUG: unable to handle kernel NULL pointer dereference at 0050
>>
>> NULL inode->i_sb, by the look of the offset, but I
On 20/02/2016 18:10, Al Viro wrote:
> On Sat, Feb 20, 2016 at 02:25:40PM +0100, Mickaël Salaün wrote:
>
>> I think the bug may be somewhere in the nd->depth handling (when its value
>> is 0) in fs/namei.c:get_link(): struct saved *last = nd->stack + nd->depth -
>
ormally instead of by signal
> (code: 1)
> [ FAIL ] TRACE_syscall.kill_after_ptrace
Fixes: 26703c636c1f ("um/ptrace: run seccomp after ptrace")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Acked-by: Kees Cook <keesc...@chromium.org>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard
Fixes: 8112c4f140fa ("seccomp: remove 2-phase API")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Acked-by: Kees Cook <keesc...@chromium.org>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: James Morris <jmor...@namei.org>
---
arch/Kconfig | 11 ---
1 f
typo [2/3]
* add Kees Cook's Acked-by
* rebased on commit 7616ac70d1bb ("apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT
parameter handling")
Available in the git repository at:
https://github.com/l0kod/linux heads/um-fix-seccomp-ptrace-v2
Regards,
Mickaël Salaün (
Hi,
I've been working on an extension to seccomp-bpf since last year and published
a first RFC about it [1]. I'm working on a second RFC/PoC which use eBPF
instead of cBPF and is more close to a common LSM than the first RFC. I plan to
publish this second RFC by the end of the month.
Our
On 15/08/2016 05:09, Sargun Dhillon wrote:
> On Mon, Aug 15, 2016 at 12:57:44AM +0200, Mickaël Salaün wrote:
>> Our approaches have some common points (i.e. use eBPF in an LSM, stacked
>> filters like seccomp) but I'm focused on a kind of unprivileged LSM (i.e. no
>> CA
Hi,
This series fix the recent seccomp update for the User-mode Linux architecture
(32-bit and 64-bit) since commit 26703c636c1f3272b39bd0f6d04d2e970984f1b6
(close the hole where ptrace can change a syscall out from under seccomp).
Regards,
Mickaël Salaün (3):
um/ptrace: Fix
nel panic - not syncing: BUG!
Fixes: 26703c636c1f ("um/ptrace: run seccomp after ptrace")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: James Morris
ormally instead of by signal
> (code: 1)
> [ FAIL ] TRACE_syscall.kill_after_ptrace
Fixes: 26703c636c1f ("um/ptrace: run seccomp after ptrace")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard
Fixes: 8112c4f140fa ("seccomp: remove 2-phase API")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: James Morris <jmor...@namei.org>
---
arch/Kconfig | 11 ---
1 file ch
Hi,
I have been looking for this kind of feature for StemJail [1]. One of the main
idea is to being able to create mount points inside a jail as an unprivileged
user but to keep as much as possible the same environment from outside the
jail. For now, I can only create a mapping for the current
Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Mimi Zohar <zo...@linux.vnet.ibm.com>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Luis R. Rodriguez <mcg...@kernel.org>
Cc: Rusty
nel panic - not syncing: BUG!
Fixes: 26703c636c1f ("um/ptrace: run seccomp after ptrace")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Acked-by: Kees Cook <keesc...@chromium.org>
Cc: Jeff Dike <jd...@addtoit.com>
Cc: Richard Weinberger <rich...@nod.at>
Cc: James Morris
s since v2:
* use the patches from two previous series (unprivileged tests and bpf_sys.h
replacement)
* include one more stdint.h
* rebase on net-next
* add this cover letter
Changes since v1:
* exclude patches not intended for the net-next tree
Regards,
Mickaël Salaün (11):
tools: Sync {,tool
ity check.
Handling capabilities requires the libcap dependency.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Acked-by: Alexei Starovoitov <a...@kernel.org>
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/Make
Add require dependency headers.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c | 6 ++
tools/testing
Include unistd.h to define __NR_getuid and __NR_getsid.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller <da...@dave
Add a missing check for the map fixup loop.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
---
samples/bpf/bpf_load.c | 2 ++
1 file change
Replace bpf_map_lookup() with bpf_map_lookup_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c|
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/
Replace bpf_map_create() with bpf_create_map() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/bpf_sys.h | 1
Replace bpf_map_update() with bpf_map_update_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Replace bpf_map_next_key() with bpf_map_get_next_key() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Replace bpf_prog_load() with bpf_load_program() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c | 9
Do not call a second time bpf(2) when a program load failed.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Wang Nan <wangn...@huawei.co
Include stddef.h to define size_t.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Wang Nan <wangn...@huawei.com>
---
tools/lib/bpf/
de patches not intended for the perf tree
Regards,
Mickaël Salaün (5):
bpf: Add missing header to the library
bpf: Simplify bpf_load_program() error handling in the library
samples/bpf: Ignore already processed ELF sections
samples/bpf: Reset global variables
samples/bpf: Add missing header
Before loading a new ELF, clean previous kernel version, license and
processed sections.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Use the tools include directory instead of the installed one to allow
builds from other kernels.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Replace bpf_map_delete() with bpf_map_delete_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c|
2adcdb8 ("bpf: allow option for setting bpf_l4_csum_replace from
scratch")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: D
On 08/02/2017 03:52, Wangnan (F) wrote:
> Please add me into the cc list of all of the 5 patches.
Sorry, get_maintainer.pl didn't get your name for all patches but I'll
CC you for the next series.
>
> Thank you.
>
> On 2017/2/7 4:40, Mickaël Salaün wrote:
>> Include stdd
Replace bpf_map_create() with bpf_create_map() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/bpf_sys.h | 1
ity check.
Handling capabilities requires the libcap dependency.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Acked-by: Alexei Starovoitov <a...@kernel.org>
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/Make
Add require dependency headers.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c | 6 ++
tools/testing
On 08/02/2017 20:46, Arnaldo Carvalho de Melo wrote:
> Em Tue, Feb 07, 2017 at 03:17:43PM -0800, Alexei Starovoitov escreveu:
>> On 2/7/17 1:44 PM, Mickaël Salaün wrote:
>>> - union bpf_attr attr;
>>> + union bpf_attr attr = {};
>>>
>>> -
Include unistd.h to define __NR_getuid and __NR_getsid.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller <da...@dave
ed by Wang Nan
Changes since v2:
* add this cover letter
Changes since v1:
* exclude patches not intended for the perf tree
Regards,
Mickaël Salaün (3):
samples/bpf: Ignore already processed ELF sections
samples/bpf: Reset global variables
samples/bpf: Add missing header
samples/bpf/
Before loading a new ELF, clean previous kernel version, license and
processed sections.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Replace bpf_map_update() with bpf_map_update_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Replace bpf_prog_load() with bpf_load_program() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c |
Use the tools include directory instead of the installed one to allow
builds from other kernels.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
2adcdb8 ("bpf: allow option for setting bpf_l4_csum_replace from
scratch")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: D
On 08/02/2017 03:35, Wangnan (F) wrote:
>
>
> On 2017/2/8 4:56, Mickaël Salaün wrote:
>> Do not call a second time bpf(2) when a program load failed.
>
> BPF_PROG_LOAD should success most of the time. Setting log_level to
> 0 by default and require log buffer when fa
Replace bpf_map_next_key() with bpf_map_get_next_key() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/
Replace bpf_map_lookup() with bpf_map_lookup_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Add a missing check for the map fixup loop.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
---
samples/bpf/bpf_load.c | 2 ++
1 file change
s since v3:
* keep the bzero() calls
Changes since v2:
* use the patches from two previous series (unprivileged tests and bpf_sys.h
replacement)
* include one more stdint.h
* rebase on net-next
* add this cover letter
Changes since v1:
* exclude patches not intended for the net-next tree
Regards
1 - 100 of 1479 matches
Mail list logo