Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-06 Thread Mickaël Salaün
On 04/12/2015 18:13, Tristan Schmelcher wrote: > File permissions are checked at time of open, so I think this fchmod > call has never had any effect. Indeed, mmap doesn't require the file to be executable, only readable and writable. The fchmod seems to be a guarantee for this permissions but I

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-06 Thread Mickaël Salaün
On 06/12/2015 12:32, Mickaël Salaün wrote: > On 04/12/2015 18:13, Tristan Schmelcher wrote: >> If there is a concern that the mkstemp implementation may be insecure, >> why not set and restore the umask? >> > > I will add this safeguard. Well, I'm concerned to use uma

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-06 Thread Mickaël Salaün
On 06/12/2015 12:32, Mickaël Salaün wrote: > On 04/12/2015 18:13, Tristan Schmelcher wrote: >> File permissions are checked at time of open, so I think this fchmod >> call has never had any effect. > > Indeed, mmap doesn't require the file to be executable, only rea

[PATCH v3 0/2] um: Protect memory mapped file

2015-12-09 Thread Mickaël Salaün
Mickaël Salaün (2): um: Do not set unsecure permission for temporary file um: Use race-free temporary file creation arch/um/os-Linux/mem.c | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) -- 2.6.2 -- To unsubscribe from this list: send the line "unsubscribe

[PATCH v3 1/2] um: Do not set unsecure permission for temporary file

2015-12-09 Thread Mickaël Salaün
arbitrary code execution. To not change the hostfs behavior, the temporary file creation permission now depend on the current umask(2) and the implementation of mkstemp(3). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <ric

[PATCH v3 2/2] um: Use race-free temporary file creation

2015-12-09 Thread Mickaël Salaün
Open the memory mapped file with the O_TMPFILE flag when available. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Acked-by: Tristan Schmelcher <tschmelc...@google.com> --- arch/um/os-Linux/mem.c

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-09 Thread Mickaël Salaün
On 08/12/2015 22:45, Richard Weinberger wrote: > Am 08.12.2015 um 21:37 schrieb Tristan Schmelcher: >> On 6 December 2015 at 09:43, Mickaël Salaün <m...@digikod.net> wrote: >>> Well, I'm concerned to use umask because it is not thread-safe and drivers >>> may

[PATCH v3 2/4] selftests/seccomp: Remove the need for HAVE_ARCH_TRACEHOOK

2015-12-29 Thread Mickaël Salaün
a new trigger HAVE_GETREGS. For now, this is only enabled for i386 and x86_64 architectures. This is required to be able to run this tests on User-mode Linux. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc

[PATCH v3 1/4] um: Fix ptrace GETREGS/SETREGS bugs

2015-12-29 Thread Mickaël Salaün
orig_eax automatically update the syscall number as well. This is now updated in handle_syscall(). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: Thomas Gleixner <t...@linutronix.de&

[PATCH v3 3/4] um: Add full asm/syscall.h support

2015-12-29 Thread Mickaël Salaün
() * syscall_set_arguments() * syscall_get_arch() provided by arch/x86/um/asm/syscall.h This provides the necessary syscall helpers needed by HAVE_ARCH_SECCOMP_FILTER plus syscall_get_error(). This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün &l

[PATCH v3 4/4] um: Add seccomp support

2015-12-29 Thread Mickaël Salaün
. This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: Ingo Molnar <mi...@redhat.com> Cc: Kees Cook <keesc...@chromi

[PATCH v3 0/4] um: Add seccomp support

2015-12-29 Thread Mickaël Salaün
] * rebase to v4.4-rc7 Changes since v1; addressed Richard Weinberger's comments: * fix a new PTRACE_SETREGS bug on x86_64 [1/4] * fix an old PTRACE_SETREGS bug when updating orig_ax on i386 [1/4] Regards, Mickaël Mickaël Salaün (4): um: Fix ptrace GETREGS/SETREGS bugs selftests/seccomp: Remove

[PATCH v1 0/4] um: Add seccomp support

2015-12-20 Thread Mickaël Salaün
This series add seccomp support to User-mode Linux (i386 and x86_64 subarchitectures) and fix ptrace issues. This apply on v4.4-rc4 and pass all the 48 tests from selftest/seccomp. Regards, Mickaël Mickaël Salaün (4): um: Fix ptrace GETREGS/SETREGS bugs selftests/seccomp: Remove the need

[PATCH v1 1/4] um: Fix ptrace GETREGS/SETREGS bugs

2015-12-20 Thread Mickaël Salaün
This fix two related bugs: * PTRACE_GETREGS doesn't get the right orig_ax (syscall) value * PTRACE_SETREGS can't set the orig_ax value (erased by initial value) Remove the now useless and error-prone get_syscall(). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@ad

[PATCH v1 3/4] um: Add full asm/syscall.h support

2015-12-20 Thread Mickaël Salaün
() * syscall_set_arguments() * syscall_get_arch() provided by arch/x86/um/asm/syscall.h This provides the necessary syscall helpers needed by HAVE_ARCH_SECCOMP_FILTER plus syscall_get_error(). This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün &l

[PATCH v1 4/4] um: Add seccomp support

2015-12-20 Thread Mickaël Salaün
. This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: Ingo Molnar <mi...@redha

[PATCH v1 2/4] selftests/seccomp: Remove the need for HAVE_ARCH_TRACEHOOK

2015-12-20 Thread Mickaël Salaün
a new trigger HAVE_GETREGS. For now, this is only enabled for i386 and x86_64 architectures. This is required to be able to run this tests on User-mode Linux. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc

[PATCH v2 3/4] um: Add full asm/syscall.h support

2015-12-21 Thread Mickaël Salaün
() * syscall_set_arguments() * syscall_get_arch() provided by arch/x86/um/asm/syscall.h This provides the necessary syscall helpers needed by HAVE_ARCH_SECCOMP_FILTER plus syscall_get_error(). This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün &l

[PATCH v2 1/4] um: Fix ptrace GETREGS/SETREGS bugs

2015-12-21 Thread Mickaël Salaün
orig_eax automatically update the syscall number as well. This is now updated in handle_syscall(). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Kees Coo

[PATCH v2 2/4] selftests/seccomp: Remove the need for HAVE_ARCH_TRACEHOOK

2015-12-21 Thread Mickaël Salaün
a new trigger HAVE_GETREGS. For now, this is only enabled for i386 and x86_64 architectures. This is required to be able to run this tests on User-mode Linux. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc

Re: [PATCH v1 1/4] um: Fix ptrace GETREGS/SETREGS bugs

2015-12-21 Thread Mickaël Salaün
On 21/12/2015 11:13, Richard Weinberger wrote: > Am 21.12.2015 um 10:23 schrieb Mickaël Salaün: >>>>> Doesn't this break the support for changing syscall numbers using >>>>> PTRACE_SETREGS? >>>> >>>> The logic is unchanged except updating

[PATCH v2 0/4] um: Add seccomp support

2015-12-21 Thread Mickaël Salaün
on x86_64 [1/4] * fix an old PTRACE_SETREGS bug when updating orig_ax on i386 [1/4] Regards, Mickaël Mickaël Salaün (4): um: Fix ptrace GETREGS/SETREGS bugs selftests/seccomp: Remove the need for HAVE_ARCH_TRACEHOOK um: Add full asm/syscall.h support um: Add seccomp support .../seccomp

[PATCH v2 4/4] um: Add seccomp support

2015-12-21 Thread Mickaël Salaün
. This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: Ingo Molnar <mi...@redha

[PATCH v5 0/2] um: Protect memory mapped file

2015-12-22 Thread Mickaël Salaün
Weinberger's comments: * add attacker model to the patch description [1/2] * remove errno reset [2/2] Regards, Mickaël Mickaël Salaün (2): um: Do not set unsecure permission for temporary file um: Use race-free temporary file creation arch/um/os-Linux/mem.c | 17 +++-- 1 file changed

[PATCH v5 2/2] um: Use race-free temporary file creation

2015-12-22 Thread Mickaël Salaün
Open the memory mapped file with the O_TMPFILE flag when available. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Acked-by: Tristan Schmelcher <tschmelc...@google.com> --- arch/um/os-Linux/mem.c

[PATCH] um: Fix build error and kconfig for i386

2015-12-22 Thread Mickaël Salaün
' Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> --- arch/x86/um/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/um/Kconfig b/arch/x86/um/Kconfig index ed56a1c4ae73..bb7cd8b38043 100644

[PATCH v5 1/2] um: Do not set unsecure permission for temporary file

2015-12-22 Thread Mickaël Salaün
arbitrary code execution. To not change the hostfs behavior, the temporary file creation permission now depends on the current umask(2) and the implementation of mkstemp(3). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <

[PATCH] um: Fix pointer cast

2015-12-22 Thread Mickaël Salaün
Fix a pointer cast typo introduced in v4.4-rc5 especially visible for the i386 subarchitecture where it results in a kernel crash. Fixes: 8090bfd2bb9a ("um: Fix fpstate handling") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Ri

[PATCH v2] um: Fix pointer cast

2015-12-23 Thread Mickaël Salaün
Fix a pointer cast typo introduced in v4.4-rc5 especially visible for the i386 subarchitecture where it results in a kernel crash. Fixes: 8090bfd2bb9a ("um: Fix fpstate handling") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Ri

Re: [PATCH v3] um: Fix build error and kconfig for i386

2015-12-25 Thread Mickaël Salaün
On 25/12/2015 02:34, Josh Triplett wrote: > On Thu, Dec 24, 2015 at 01:12:11PM +0100, Mickaël Salaün wrote: >> Fix build error by generating elfcore.o only when ELF_CORE (depending on >> COREDUMP) is selected: >> >> arch/x86/um/built-in.o: In function `elf_core_wr

[PATCH v4 0/2] um: Protect memory mapped file

2015-12-19 Thread Mickaël Salaün
/2] * remove errno reset [2/2] Regards, Mickaël Mickaël Salaün (2): um: Do not set unsecure permission for temporary file um: Use race-free temporary file creation arch/um/os-Linux/mem.c | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) -- 2.6.4 -- To unsubscribe

[PATCH v4 2/2] um: Use race-free temporary file creation

2015-12-19 Thread Mickaël Salaün
Open the memory mapped file with the O_TMPFILE flag when available. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Acked-by: Tristan Schmelcher <tschmelc...@google.com> --- arch/um/os-Linux/mem.c

[PATCH v4 1/2] um: Do not set unsecure permission for temporary file

2015-12-19 Thread Mickaël Salaün
arbitrary code execution. To not change the hostfs behavior, the temporary file creation permission now depend on the current umask(2) and the implementation of mkstemp(3). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich..

Re: [PATCH v1 1/4] um: Fix ptrace GETREGS/SETREGS bugs

2015-12-21 Thread Mickaël Salaün
On 21/12/2015 01:20, Richard Weinberger wrote: > Am 21.12.2015 um 01:03 schrieb Mickaël Salaün: >> diff --git a/arch/um/kernel/skas/syscall.c b/arch/um/kernel/skas/syscall.c >> index 1683b8e..65f0d1a 100644 >> --- a/arch/um/kernel/skas/syscall.c >> +++ b/arch/um/kerne

Re: [PATCH v1 1/4] um: Fix ptrace GETREGS/SETREGS bugs

2015-12-21 Thread Mickaël Salaün
On 21/12/2015 10:00, Richard Weinberger wrote: > [sending the mail again, Thunderbird crashed :-\] > > Am 21.12.2015 um 09:49 schrieb Mickaël Salaün: >> >> On 21/12/2015 01:20, Richard Weinberger wrote: >>> Am 21.12.2015 um 01:03 schrieb Mickaël Salaün: >>

Re: [PATCH] um: Fix build error and kconfig for i386

2015-12-23 Thread Mickaël Salaün
On 22/12/2015 23:28, Richard Weinberger wrote: > Am 22.12.2015 um 22:44 schrieb Mickaël Salaün: >> Fix build error by selecting COREDUMP when X86_32 is selected: >> >> arch/x86/um/built-in.o: In function `elf_core_write_extra_phdrs': >> (.text+0x3e62): undefined refer

[PATCH v2] um: Fix build error and kconfig for i386

2015-12-23 Thread Mickaël Salaün
' Fixes: 5d2acfc7b974 ("kconfig: make allnoconfig disable options behind EMBEDDED and EXPERT") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: Josh Triplett <j...@joshtriplett.

Re: [PATCH v2] um: Fix build error and kconfig for i386

2015-12-24 Thread Mickaël Salaün
On 23/12/2015 22:42, Josh Triplett wrote: > On Wed, Dec 23, 2015 at 01:59:13PM +0100, Mickaël Salaün wrote: >> Fix build error by selecting COREDUMP when X86_32 is selected: >> >> arch/x86/um/built-in.o: In function `elf_core_write_extra_phdrs': >> (.text+0

[PATCH v3] um: Fix build error and kconfig for i386

2015-12-24 Thread Mickaël Salaün
): undefined reference to `dump_emit' Fixes: 5d2acfc7b974 ("kconfig: make allnoconfig disable options behind EMBEDDED and EXPERT") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: Josh Triplett <

[PATCH 2/2] um: Use race-free temporary file creation

2015-11-28 Thread Mickaël Salaün
Open the memory mapped file with the O_TMPFILE flag when available. Signed-off-by: Mickaël Salaün <m...@digikod.net> --- arch/um/os-Linux/mem.c | 12 1 file changed, 12 insertions(+) diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c index 798aeb4..fe52e2d

[PATCH 1/2] um: Set secure access mode for temporary file

2015-11-28 Thread Mickaël Salaün
Replace the default insecure mode 0777 with 0700 for temporary file. Prohibit other users to change the executable mapped code. Signed-off-by: Mickaël Salaün <m...@digikod.net> --- arch/um/os-Linux/mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/um/os-Linux

Re: [PATCH 2/2] um: Use race-free temporary file creation

2015-11-28 Thread Mickaël Salaün
+ errno != EOPNOTSUPP)) + return fd; + errno = 0; >>> >>> Why are you resetting errno? >> >> It's to ignore/reset the error code from open, but it may not be needed >> because of the next call to malloc? > > But then you'd have to reset errno after

[PATCH 0/2] um: Protect memory mapped file

2015-11-28 Thread Mickaël Salaün
These patches protect the memory mapped file. Mickaël Salaün (2): um: Set secure access mode for temporary file um: Use race-free temporary file creation arch/um/os-Linux/mem.c | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) -- 2.6.2 -- To unsubscribe from this list

Re: [PATCH 1/2] um: Set secure access mode for temporary file

2015-11-28 Thread Mickaël Salaün
On 28/11/2015 22:40, Richard Weinberger wrote: > Am 28.11.2015 um 22:32 schrieb Mickaël Salaün: >> Replace the default insecure mode 0777 with 0700 for temporary file. >> >> Prohibit other users to change the executable mapped code. > > Hmm, isn't the tmp file alr

Re: [PATCH 2/2] um: Use race-free temporary file creation

2015-11-28 Thread Mickaël Salaün
On 28/11/2015 23:07, Richard Weinberger wrote: > Am 28.11.2015 um 22:32 schrieb Mickaël Salaün: >> Open the memory mapped file with the O_TMPFILE flag when available. >> >> Signed-off-by: Mickaël Salaün <m...@digikod.net> >> --- >> arch/um/os-Linux/mem.c |

Re: [PATCH 1/2] um: Set secure access mode for temporary file

2015-11-28 Thread Mickaël Salaün
On 28/11/2015 23:55, Richard Weinberger wrote: > Am 28.11.2015 um 23:52 schrieb Mickaël Salaün: >> >> On 28/11/2015 22:40, Richard Weinberger wrote: >>> Am 28.11.2015 um 22:32 schrieb Mickaël Salaün: >>>> Replace the default insecure mode 0777 with 0700 fo

[PATCH v2 2/2] um: Use race-free temporary file creation

2015-11-29 Thread Mickaël Salaün
Open the memory mapped file with the O_TMPFILE flag when available. Signed-off-by: Mickaël Salaün <m...@digikod.net> --- arch/um/os-Linux/mem.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c index 798aeb4..6ee4233

[PATCH v2 1/2] um: Set secure access mode for temporary file

2015-11-29 Thread Mickaël Salaün
to avoid arbitrary code execution. Signed-off-by: Mickaël Salaün <m...@digikod.net> --- arch/um/os-Linux/mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c index 897e9ad..798aeb4 100644 --- a/arch/um/os-Linux/mem.c +++ b/a

[PATCH v2 0/2] um: Protect memory mapped file

2015-11-29 Thread Mickaël Salaün
This series protect the memory mapped file. Changes since v1; addressed Richard Weinberger's comments: * add attacker model to the patch description [1/2] * remove errno reset [2/2] Regards, Mickaël Mickaël Salaün (2): um: Set secure access mode for temporary file um: Use race-free

Re: fs: NULL deref in atime_needs_update

2016-02-16 Thread Mickaël Salaün
Hi, Actually I found the same bug (without fuzzing) and I can reproduce it in a deterministic way (e.g. by creating a LSM that return 1 for the security_file_open hook). At least, from v4.2.8 I can easily trigger traces like this : BUG: unable to handle kernel NULL pointer dereference at

Re: fs: NULL deref in atime_needs_update

2016-02-20 Thread Mickaël Salaün
On 20/02/2016 04:54, Al Viro wrote: > On Sat, Feb 20, 2016 at 03:21:27AM +, Al Viro wrote: >> On Fri, Feb 19, 2016 at 08:32:10PM +0100, Dmitry Vyukov wrote: BUG: unable to handle kernel NULL pointer dereference at 0050 >> >> NULL inode->i_sb, by the look of the offset, but I

Re: fs: NULL deref in atime_needs_update

2016-02-20 Thread Mickaël Salaün
On 20/02/2016 18:10, Al Viro wrote: > On Sat, Feb 20, 2016 at 02:25:40PM +0100, Mickaël Salaün wrote: > >> I think the bug may be somewhere in the nd->depth handling (when its value >> is 0) in fs/namei.c:get_link(): struct saved *last = nd->stack + nd->depth - >

[PATCH v2 2/3] um/ptrace: Fix the syscall number update after a ptrace

2016-08-01 Thread Mickaël Salaün
ormally instead of by signal > (code: 1) > [ FAIL ] TRACE_syscall.kill_after_ptrace Fixes: 26703c636c1f ("um/ptrace: run seccomp after ptrace") Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard

[PATCH v2 3/3] seccomp: Remove 2-phase API documentation

2016-08-01 Thread Mickaël Salaün
Fixes: 8112c4f140fa ("seccomp: remove 2-phase API") Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: James Morris <jmor...@namei.org> --- arch/Kconfig | 11 --- 1 f

[PATCH v2 0/3] Fix seccomp for UM (next)

2016-08-01 Thread Mickaël Salaün
typo [2/3] * add Kees Cook's Acked-by * rebased on commit 7616ac70d1bb ("apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling") Available in the git repository at: https://github.com/l0kod/linux heads/um-fix-seccomp-ptrace-v2 Regards, Mickaël Salaün (

Re: [RFC 0/4] RFC: Add Checmate, BPF-driven minor LSM

2016-08-14 Thread Mickaël Salaün
Hi, I've been working on an extension to seccomp-bpf since last year and published a first RFC about it [1]. I'm working on a second RFC/PoC which use eBPF instead of cBPF and is more close to a common LSM than the first RFC. I plan to publish this second RFC by the end of the month. Our

Re: [RFC 0/4] RFC: Add Checmate, BPF-driven minor LSM

2016-08-15 Thread Mickaël Salaün
On 15/08/2016 05:09, Sargun Dhillon wrote: > On Mon, Aug 15, 2016 at 12:57:44AM +0200, Mickaël Salaün wrote: >> Our approaches have some common points (i.e. use eBPF in an LSM, stacked >> filters like seccomp) but I'm focused on a kind of unprivileged LSM (i.e. no >> CA

[PATCH v1 0/3] Fix seccomp for UM (next)

2016-07-11 Thread Mickaël Salaün
Hi, This series fix the recent seccomp update for the User-mode Linux architecture (32-bit and 64-bit) since commit 26703c636c1f3272b39bd0f6d04d2e970984f1b6 (close the hole where ptrace can change a syscall out from under seccomp). Regards, Mickaël Salaün (3): um/ptrace: Fix

[PATCH v1 1/3] um/ptrace: Fix the syscall_trace_leave call

2016-07-11 Thread Mickaël Salaün
nel panic - not syncing: BUG! Fixes: 26703c636c1f ("um/ptrace: run seccomp after ptrace") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: James Morris

[PATCH v1 2/3] um/ptrace: Fix the syscall number update after a ptrace

2016-07-11 Thread Mickaël Salaün
ormally instead of by signal > (code: 1) > [ FAIL ] TRACE_syscall.kill_after_ptrace Fixes: 26703c636c1f ("um/ptrace: run seccomp after ptrace") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard

[PATCH v1 3/3] seccomp: Remove 2-phase API documentation

2016-07-11 Thread Mickaël Salaün
Fixes: 8112c4f140fa ("seccomp: remove 2-phase API") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: James Morris <jmor...@namei.org> --- arch/Kconfig | 11 --- 1 file ch

Re: [PATCH v2 2/2] namespaces: add transparent user namespaces

2016-07-12 Thread Mickaël Salaün
Hi, I have been looking for this kind of feature for StemJail [1]. One of the main idea is to being able to create mount points inside a jail as an unprivileged user but to keep as much as possible the same environment from outside the jail. For now, I can only create a mapping for the current

[PATCH v1] module: Fully remove the kernel_module_from_file hook

2016-07-09 Thread Mickaël Salaün
Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Mimi Zohar <zo...@linux.vnet.ibm.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Luis R. Rodriguez <mcg...@kernel.org> Cc: Rusty

[PATCH v2 1/3] um/ptrace: Fix the syscall_trace_leave call

2016-08-01 Thread Mickaël Salaün
nel panic - not syncing: BUG! Fixes: 26703c636c1f ("um/ptrace: run seccomp after ptrace") Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Jeff Dike <jd...@addtoit.com> Cc: Richard Weinberger <rich...@nod.at> Cc: James Morris

[PATCH net-next v3 00/11] Improve BPF selftests and use the library (net-next tree)

2017-02-07 Thread Mickaël Salaün
s since v2: * use the patches from two previous series (unprivileged tests and bpf_sys.h replacement) * include one more stdint.h * rebase on net-next * add this cover letter Changes since v1: * exclude patches not intended for the net-next tree Regards, Mickaël Salaün (11): tools: Sync {,tool

[PATCH net-next v3 03/11] bpf: Always test unprivileged programs

2017-02-07 Thread Mickaël Salaün
ity check. Handling capabilities requires the libcap dependency. Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/Make

[PATCH net-next v3 10/11] bpf: Remove bpf_sys.h from selftests

2017-02-07 Thread Mickaël Salaün
Add require dependency headers. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c | 6 ++ tools/testing

[PATCH v3 5/5] samples/bpf: Add missing header

2017-02-07 Thread Mickaël Salaün
Include unistd.h to define __NR_getuid and __NR_getsid. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller <da...@dave

[PATCH v3 3/5] samples/bpf: Ignore already processed ELF sections

2017-02-07 Thread Mickaël Salaün
Add a missing check for the map fixup loop. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> --- samples/bpf/bpf_load.c | 2 ++ 1 file change

[PATCH net-next v3 06/11] bpf: Use bpf_map_lookup_elem() from the library

2017-02-07 Thread Mickaël Salaün
Replace bpf_map_lookup() with bpf_map_lookup_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c|

[PATCH net-next v3 11/11] bpf: Add test_tag to .gitignore

2017-02-07 Thread Mickaël Salaün
Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/

[PATCH net-next v3 09/11] bpf: Use bpf_create_map() from the library

2017-02-07 Thread Mickaël Salaün
Replace bpf_map_create() with bpf_create_map() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/bpf_sys.h | 1

[PATCH net-next v3 05/11] bpf: Use bpf_map_update_elem() from the library

2017-02-07 Thread Mickaël Salaün
Replace bpf_map_update() with bpf_map_update_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v3 08/11] bpf: Use bpf_map_get_next_key() from the library

2017-02-07 Thread Mickaël Salaün
Replace bpf_map_next_key() with bpf_map_get_next_key() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v3 04/11] bpf: Use bpf_load_program() from the library

2017-02-07 Thread Mickaël Salaün
Replace bpf_prog_load() with bpf_load_program() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c | 9

[PATCH v3 2/5] bpf: Simplify bpf_load_program() error handling in the library

2017-02-07 Thread Mickaël Salaün
Do not call a second time bpf(2) when a program load failed. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Wang Nan <wangn...@huawei.co

[PATCH v3 1/5] bpf: Add missing header to the library

2017-02-07 Thread Mickaël Salaün
Include stddef.h to define size_t. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Wang Nan <wangn...@huawei.com> --- tools/lib/bpf/

[PATCH v3 0/5] Miscellaneous fixes for BPF (perf tree)

2017-02-07 Thread Mickaël Salaün
de patches not intended for the perf tree Regards, Mickaël Salaün (5): bpf: Add missing header to the library bpf: Simplify bpf_load_program() error handling in the library samples/bpf: Ignore already processed ELF sections samples/bpf: Reset global variables samples/bpf: Add missing header

[PATCH v3 4/5] samples/bpf: Reset global variables

2017-02-07 Thread Mickaël Salaün
Before loading a new ELF, clean previous kernel version, license and processed sections. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net>

[PATCH net-next v3 02/11] bpf: Change the include directory for selftest

2017-02-07 Thread Mickaël Salaün
Use the tools include directory instead of the installed one to allow builds from other kernels. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net>

[PATCH net-next v3 07/11] bpf: Use bpf_map_delete_elem() from the library

2017-02-07 Thread Mickaël Salaün
Replace bpf_map_delete() with bpf_map_delete_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c|

[PATCH net-next v3 01/11] tools: Sync {,tools/}include/uapi/linux/bpf.h

2017-02-07 Thread Mickaël Salaün
2adcdb8 ("bpf: allow option for setting bpf_l4_csum_replace from scratch") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: D

Re: [PATCH v2 1/5] bpf: Add missing header to the library

2017-02-08 Thread Mickaël Salaün
On 08/02/2017 03:52, Wangnan (F) wrote: > Please add me into the cc list of all of the 5 patches. Sorry, get_maintainer.pl didn't get your name for all patches but I'll CC you for the next series. > > Thank you. > > On 2017/2/7 4:40, Mickaël Salaün wrote: >> Include stdd

[PATCH net-next v4 09/11] bpf: Use bpf_create_map() from the library

2017-02-08 Thread Mickaël Salaün
Replace bpf_map_create() with bpf_create_map() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/bpf_sys.h | 1

[PATCH net-next v4 03/11] bpf: Always test unprivileged programs

2017-02-08 Thread Mickaël Salaün
ity check. Handling capabilities requires the libcap dependency. Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/Make

[PATCH net-next v4 10/11] bpf: Remove bpf_sys.h from selftests

2017-02-08 Thread Mickaël Salaün
Add require dependency headers. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c | 6 ++ tools/testing

Re: [PATCH net-next v3 04/11] bpf: Use bpf_load_program() from the library

2017-02-08 Thread Mickaël Salaün
On 08/02/2017 20:46, Arnaldo Carvalho de Melo wrote: > Em Tue, Feb 07, 2017 at 03:17:43PM -0800, Alexei Starovoitov escreveu: >> On 2/7/17 1:44 PM, Mickaël Salaün wrote: >>> - union bpf_attr attr; >>> + union bpf_attr attr = {}; >>> >>> -

[PATCH v4 3/3] samples/bpf: Add missing header

2017-02-08 Thread Mickaël Salaün
Include unistd.h to define __NR_getuid and __NR_getsid. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller <da...@dave

[PATCH v4 0/3] Miscellaneous fixes for BPF (perf tree)

2017-02-08 Thread Mickaël Salaün
ed by Wang Nan Changes since v2: * add this cover letter Changes since v1: * exclude patches not intended for the perf tree Regards, Mickaël Salaün (3): samples/bpf: Ignore already processed ELF sections samples/bpf: Reset global variables samples/bpf: Add missing header samples/bpf/

[PATCH v4 2/3] samples/bpf: Reset global variables

2017-02-08 Thread Mickaël Salaün
Before loading a new ELF, clean previous kernel version, license and processed sections. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net>

[PATCH net-next v4 05/11] bpf: Use bpf_map_update_elem() from the library

2017-02-08 Thread Mickaël Salaün
Replace bpf_map_update() with bpf_map_update_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v4 04/11] bpf: Use bpf_load_program() from the library

2017-02-08 Thread Mickaël Salaün
Replace bpf_prog_load() with bpf_load_program() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c |

[PATCH net-next v4 02/11] bpf: Change the include directory for selftest

2017-02-08 Thread Mickaël Salaün
Use the tools include directory instead of the installed one to allow builds from other kernels. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net>

[PATCH net-next v4 01/11] tools: Sync {,tools/}include/uapi/linux/bpf.h

2017-02-08 Thread Mickaël Salaün
2adcdb8 ("bpf: allow option for setting bpf_l4_csum_replace from scratch") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: D

Re: [PATCH v3 2/5] bpf: Simplify bpf_load_program() error handling in the library

2017-02-08 Thread Mickaël Salaün
On 08/02/2017 03:35, Wangnan (F) wrote: > > > On 2017/2/8 4:56, Mickaël Salaün wrote: >> Do not call a second time bpf(2) when a program load failed. > > BPF_PROG_LOAD should success most of the time. Setting log_level to > 0 by default and require log buffer when fa

[PATCH net-next v4 08/11] bpf: Use bpf_map_get_next_key() from the library

2017-02-08 Thread Mickaël Salaün
Replace bpf_map_next_key() with bpf_map_get_next_key() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v4 11/11] bpf: Add test_tag to .gitignore

2017-02-08 Thread Mickaël Salaün
Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/

[PATCH net-next v4 06/11] bpf: Use bpf_map_lookup_elem() from the library

2017-02-08 Thread Mickaël Salaün
Replace bpf_map_lookup() with bpf_map_lookup_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH v4 1/3] samples/bpf: Ignore already processed ELF sections

2017-02-08 Thread Mickaël Salaün
Add a missing check for the map fixup loop. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> --- samples/bpf/bpf_load.c | 2 ++ 1 file change

[PATCH net-next v4 00/11] Improve BPF selftests and use the library (net-next tree)

2017-02-08 Thread Mickaël Salaün
s since v3: * keep the bzero() calls Changes since v2: * use the patches from two previous series (unprivileged tests and bpf_sys.h replacement) * include one more stdint.h * rebase on net-next * add this cover letter Changes since v1: * exclude patches not intended for the net-next tree Regards

  1   2   3   4   5   >