05 Oct, 2017
1 commit
-
commit 10859f3855db4c6f10dc7974ff4b3a292f3de8e0 upstream.
The 2.26 release of glibc changed how siginfo_t is defined, and the earlier
work-around to using the kernel definition are no longer needed. The old
way needs to stay around for a while, though.Reported-by: Seth Forshee
Cc: Andy Lutomirski
Cc: Will Drewry
Cc: Shuah Khan
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Kees Cook
Tested-by: Seth Forshee
Signed-off-by: Shuah Khan
Signed-off-by: Greg Kroah-Hartman
15 Jun, 2016
1 commit
-
One problem with seccomp was that ptrace could be used to change a
syscall after seccomp filtering had completed. This was a well documented
limitation, and it was recommended to block ptrace when defining a filter
to avoid this problem. This can be quite a limitation for containers or
other places where ptrace is desired even under seccomp filters.This adds tests for both SECCOMP_RET_TRACE and PTRACE_SYSCALL manipulations.
Signed-off-by: Kees Cook
Cc: Andy Lutomirski
23 May, 2016
1 commit
-
By adding TRACEHOOK support we now get a clean user interface to access
registers via PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and
PTRACE_SETFPREGS.The user-visible regset struct user_regs_struct and user_fp_struct are
modelled similiar to x86 and can be accessed via PTRACE_GETREGSET.Signed-off-by: Helge Deller
13 May, 2016
1 commit
-
This adds self-test support on MIPS, based on RFC patch from Kees Cook.
Modifications from the RFC:
- support the O32 syscall which passes the real syscall number in a0.
- Use PTRACE_{GET,SET}REGS
- Because SYSCALL_NUM and SYSCALL_RET are the same register, it is not
possible to test modifying the syscall return value when skipping,
since both would need to set the same register. Therefore modify that
test case to just detect the skipped test.
Tested on MIPS32r2 / MIPS64r2 with O32, N32 and N64 userlands.Signed-off-by: Matt Redfearn
Acked-by: Kees Cook
Cc: Andy Lutomirski
Cc: Shuah Khan
Cc: Will Drewry
Cc: IMG-MIPSLinuxKerneldevelopers@imgtec.com
Cc: linux-kernel@vger.kernel.org
Cc: linux-kselftest@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/12977/
Signed-off-by: Ralf Baechle
30 Mar, 2016
2 commits
-
Signed-off-by: Mickaël Salaün
Cc: Andy Lutomirski
Cc: Kees Cook
Cc: Shuah Khan
Cc: Will Drewry
Acked-by: Kees Cook
Signed-off-by: Shuah Khan -
Rename SECCOMP_FLAG_FILTER_TSYNC to SECCOMP_FILTER_FLAG_TSYNC to match
the UAPI.Signed-off-by: Mickaël Salaün
Cc: Andy Lutomirski
Cc: Kees Cook
Cc: Shuah Khan
Cc: Will Drewry
Acked-by: Kees Cook
Signed-off-by: Shuah Khan
26 Feb, 2016
1 commit
-
Create the config file in each directory of testcase which need
more kernel configuration than the default defconfig. User could
use these configs with merge_config.sh script:Enable config for specific testcase:
(export ARCH=xxx #for cross compiling)
./scripts/kconfig/merge_config.sh .config \
tools/testing/selftests/xxx/configEnable configs for all testcases:
(export ARCH=xxx #for cross compiling)
./scripts/kconfig/merge_config.sh .config \
tools/testing/selftests/*/configSigned-off-by: Bamvor Jian Zhang
Reviewed-by: Shuah Khan
Signed-off-by: Shuah Khan
18 Jan, 2016
1 commit
-
…/git/shuah/linux-kselftest
Pull kselftest updates from Shuah Khan:
"This 14 patch update:- adds a new test for intel_pstate driver
- adds empty string and async test cases to firmware class tests
- fixes and cleans up several existing tests"* tag 'linux-kselftest-4.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
selftests: firmware: add empty string and async tests
firmware: actually return NULL on failed request_firmware_nowait()
test: firmware_class: add asynchronous request trigger
test: firmware_class: use kstrndup() where appropriate
test: firmware_class: report errors properly on failure
selftests/seccomp: fix 32-bit build warnings
add breakpoints/.gitignore
add ptrace/.gitignore
update .gitignore in selftests/timers
update .gitignore in selftests/vm
tools, testing, add test for intel_pstate driver
selftest/ipc: actually test it
selftests/capabilities: actually test it
selftests/capabilities: clean up for Makefile
11 Jan, 2016
1 commit
-
Some architectures do not implement PTRACE_GETREGSET nor
PTRACE_SETREGSET (required by HAVE_ARCH_TRACEHOOK) but only implement
PTRACE_GETREGS and PTRACE_SETREGS (e.g. User-mode Linux).This improve seccomp selftest portability for architectures without
HAVE_ARCH_TRACEHOOK support by defining a new trigger HAVE_GETREGS. For
now, this is only enabled for i386 and x86_64 architectures. This is
required to be able to run this tests on User-mode Linux.Signed-off-by: Mickaël Salaün
Cc: Jeff Dike
Cc: Richard Weinberger
Cc: Kees Cook
Cc: Andy Lutomirski
Cc: Will Drewry
Cc: Shuah Khan
Cc: Meredydd Luff
Cc: David Drysdale
Signed-off-by: Richard Weinberger
Acked-by: Kees Cook
08 Jan, 2016
1 commit
-
The casting was done incorrectly for 32-bit builds. Fixed to use uintptr_t.
Reported-by: Eric Adams
Signed-off-by: Kees Cook
Signed-off-by: Shuah Khan
19 Nov, 2015
1 commit
-
The commit fd88d16c58c2 ("selftests/seccomp: Be more precise with
syscall arguments.") use PAGE_SIZE directly which lead to build
failure on arm64.Replace it with generic interface(sysconf(_SC_PAGESIZE)) to fix this
failure.Build and test successful on x86_64 and arm64.
Signed-off-by: Bamvor Jian Zhang
Acked-by: Kees Cook
Tested-by: Michael Ellerman
Signed-off-by: Shuah Khan
03 Nov, 2015
1 commit
-
Certain syscall emulation layers strictly check that the number of
arguments match what the syscall handler expects. The KILL_one_arg_one and
KILL_one_arg_six tests passed more parameters than expected to various
syscalls, causing failures in this emulation mode. Instead, test using
syscalls that take the appropriate number of arguments.Signed-off-by: Robert Sesek
Signed-off-by: Kees Cook
Signed-off-by: Shuah Khan
16 Oct, 2015
1 commit
-
Changing arm64 syscalls is done via a specific register set, more like s390
than like arm (specific ptrace call) and x86 (part of general registers).
Since (restarting) poll doesn't exist on arm64, switch to using nanosleep
for testing restart_syscall. And since it looks like the syscall ABI is
inconsistent on arm-compat, so we must work around it (and document it) in
the test.Signed-off-by: Kees Cook
Signed-off-by: Shuah Khan
15 Sep, 2015
1 commit
-
This adds support for s390 to the seccomp selftests. Some improvements
were made to enhance the accuracy of failure reporting, and additional
tests were added to validate assumptions about the currently traced
syscall. Also adds early asserts for running on older kernels to avoid
noise when the seccomp syscall is not implemented.Signed-off-by: Kees Cook
Signed-off-by: Shuah Khan
30 Jul, 2015
2 commits
-
Wire up the syscall number and regs so the tests work on powerpc.
With the powerpc kernel support just merged, all tests pass on ppc64,
ppc64 (compat), ppc64le, ppc, ppc64e and ppc64e (compat).Acked-by: Kees Cook
Signed-off-by: Michael Ellerman -
The seccomp_bpf test uses BPF_LD|BPF_W|BPF_ABS to load 32-bit values
from seccomp_data->args. On big endian machines this will load the high
word of the argument, which is not what the test wants.Borrow a hack from samples/seccomp/bpf-helper.h which changes the offset
on big endian to account for this.Signed-off-by: Michael Ellerman
Acked-by: Kees Cook
18 Jun, 2015
1 commit
-
This imports the existing seccomp test suite into the kernel's selftests
tree. It contains extensive testing of seccomp features and corner cases.
There remain additional tests to move into the kernel tree, but they have
not yet been ported to all the architectures seccomp supports:
https://github.com/redpig/seccomp/tree/master/testsSigned-off-by: Kees Cook
Signed-off-by: Shuah Khan