* [PATCH v4 0/3] powerpc: Enable seccomp filter support
@ 2015-02-18 8:16 ` Bogdan Purcareata
0 siblings, 0 replies; 18+ messages in thread
From: Bogdan Purcareata @ 2015-02-18 8:16 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: linux-kernel, pmoore, strosake, Bogdan Purcareata
Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
architectures, and enable this support.
Testing has been pursued using libseccomp with the latest ppc support patches
[1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
also been tested, courtesy of Mike Strosaker.
[1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
[2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
v4:
- rebased on top of 3.19
v3:
- keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
v2:
- move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
Bogdan Purcareata (3):
powerpc: Don't force ENOSYS as error on syscall fail
powerpc: Relax secure computing on syscall entry trace
powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
arch/powerpc/Kconfig | 1 +
arch/powerpc/kernel/entry_32.S | 7 ++++++-
arch/powerpc/kernel/entry_64.S | 5 +++--
arch/powerpc/kernel/ptrace.c | 8 ++++++--
4 files changed, 16 insertions(+), 5 deletions(-)
--
2.1.4
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v4 0/3] powerpc: Enable seccomp filter support
@ 2015-02-18 8:16 ` Bogdan Purcareata
0 siblings, 0 replies; 18+ messages in thread
From: Bogdan Purcareata @ 2015-02-18 8:16 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: pmoore, linux-kernel, Bogdan Purcareata, strosake
Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
architectures, and enable this support.
Testing has been pursued using libseccomp with the latest ppc support patches
[1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
also been tested, courtesy of Mike Strosaker.
[1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
[2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
v4:
- rebased on top of 3.19
v3:
- keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
v2:
- move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
Bogdan Purcareata (3):
powerpc: Don't force ENOSYS as error on syscall fail
powerpc: Relax secure computing on syscall entry trace
powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
arch/powerpc/Kconfig | 1 +
arch/powerpc/kernel/entry_32.S | 7 ++++++-
arch/powerpc/kernel/entry_64.S | 5 +++--
arch/powerpc/kernel/ptrace.c | 8 ++++++--
4 files changed, 16 insertions(+), 5 deletions(-)
--
2.1.4
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v4 1/3] powerpc: Don't force ENOSYS as error on syscall fail
2015-02-18 8:16 ` Bogdan Purcareata
@ 2015-02-18 8:16 ` Bogdan Purcareata
-1 siblings, 0 replies; 18+ messages in thread
From: Bogdan Purcareata @ 2015-02-18 8:16 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: linux-kernel, pmoore, strosake, Bogdan Purcareata
In certain scenarios - e.g. seccomp filtering with ERRNO as default action -
the system call fails for other reasons than the syscall not being available.
The seccomp filter can be configured to store a user-defined error code on
return from a blacklisted syscall. Don't always set ENOSYS on
do_syscall_trace_enter failure.
Delegate setting ENOSYS in case of failure, where appropriate, to
do_syscall_trace_enter.
v4:
- update syscall_exit to be local label on 64bit, after rebasing on top of 3.19
v3:
- keep setting ENOSYS in the syscall entry assembly for scenarios without
syscall tracing
v2:
- move setting ENOSYS as errno from the syscall entry assembly to
do_syscall_trace_enter, only in the specific case
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
---
arch/powerpc/kernel/entry_32.S | 7 ++++++-
arch/powerpc/kernel/entry_64.S | 5 +++--
arch/powerpc/kernel/ptrace.c | 4 +++-
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 46fc0f4..b2f88cd 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -333,12 +333,12 @@ _GLOBAL(DoSyscall)
lwz r11,TI_FLAGS(r10)
andi. r11,r11,_TIF_SYSCALL_DOTRACE
bne- syscall_dotrace
-syscall_dotrace_cont:
cmplwi 0,r0,NR_syscalls
lis r10,sys_call_table@h
ori r10,r10,sys_call_table@l
slwi r0,r0,2
bge- 66f
+syscall_dotrace_cont:
lwzx r10,r10,r0 /* Fetch system call handler [ptr] */
mtlr r10
addi r9,r1,STACK_FRAME_OVERHEAD
@@ -457,6 +457,11 @@ syscall_dotrace:
lwz r7,GPR7(r1)
lwz r8,GPR8(r1)
REST_NVGPRS(r1)
+ cmplwi 0,r0,NR_syscalls
+ lis r10,sys_call_table@h
+ ori r10,r10,sys_call_table@l
+ slwi r0,r0,2
+ bge- ret_from_syscall
b syscall_dotrace_cont
syscall_exit_work:
diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
index d180caf2..5e7434e 100644
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -144,7 +144,6 @@ END_FW_FTR_SECTION_IFSET(FW_FEATURE_SPLPAR)
ld r10,TI_FLAGS(r11)
andi. r11,r10,_TIF_SYSCALL_DOTRACE
bne syscall_dotrace
-.Lsyscall_dotrace_cont:
cmpldi 0,r0,NR_syscalls
bge- syscall_enosys
@@ -253,7 +252,9 @@ syscall_dotrace:
addi r9,r1,STACK_FRAME_OVERHEAD
CURRENT_THREAD_INFO(r10, r1)
ld r10,TI_FLAGS(r10)
- b .Lsyscall_dotrace_cont
+ cmpldi 0,r0,NR_syscalls
+ bge- .Lsyscall_exit
+ b system_call
syscall_enosys:
li r3,-ENOSYS
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index f21897b..2edae06 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1775,13 +1775,15 @@ long do_syscall_trace_enter(struct pt_regs *regs)
secure_computing_strict(regs->gpr[0]);
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
- tracehook_report_syscall_entry(regs))
+ tracehook_report_syscall_entry(regs)) {
/*
* Tracing decided this syscall should not happen.
* We'll return a bogus call number to get an ENOSYS
* error, but leave the original number in regs->gpr[0].
*/
ret = -1L;
+ syscall_set_return_value(current, regs, ENOSYS, 0);
+ }
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
trace_sys_enter(regs, regs->gpr[0]);
--
2.1.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 1/3] powerpc: Don't force ENOSYS as error on syscall fail
@ 2015-02-18 8:16 ` Bogdan Purcareata
0 siblings, 0 replies; 18+ messages in thread
From: Bogdan Purcareata @ 2015-02-18 8:16 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: pmoore, linux-kernel, Bogdan Purcareata, strosake
In certain scenarios - e.g. seccomp filtering with ERRNO as default action -
the system call fails for other reasons than the syscall not being available.
The seccomp filter can be configured to store a user-defined error code on
return from a blacklisted syscall. Don't always set ENOSYS on
do_syscall_trace_enter failure.
Delegate setting ENOSYS in case of failure, where appropriate, to
do_syscall_trace_enter.
v4:
- update syscall_exit to be local label on 64bit, after rebasing on top of 3.19
v3:
- keep setting ENOSYS in the syscall entry assembly for scenarios without
syscall tracing
v2:
- move setting ENOSYS as errno from the syscall entry assembly to
do_syscall_trace_enter, only in the specific case
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
---
arch/powerpc/kernel/entry_32.S | 7 ++++++-
arch/powerpc/kernel/entry_64.S | 5 +++--
arch/powerpc/kernel/ptrace.c | 4 +++-
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 46fc0f4..b2f88cd 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -333,12 +333,12 @@ _GLOBAL(DoSyscall)
lwz r11,TI_FLAGS(r10)
andi. r11,r11,_TIF_SYSCALL_DOTRACE
bne- syscall_dotrace
-syscall_dotrace_cont:
cmplwi 0,r0,NR_syscalls
lis r10,sys_call_table@h
ori r10,r10,sys_call_table@l
slwi r0,r0,2
bge- 66f
+syscall_dotrace_cont:
lwzx r10,r10,r0 /* Fetch system call handler [ptr] */
mtlr r10
addi r9,r1,STACK_FRAME_OVERHEAD
@@ -457,6 +457,11 @@ syscall_dotrace:
lwz r7,GPR7(r1)
lwz r8,GPR8(r1)
REST_NVGPRS(r1)
+ cmplwi 0,r0,NR_syscalls
+ lis r10,sys_call_table@h
+ ori r10,r10,sys_call_table@l
+ slwi r0,r0,2
+ bge- ret_from_syscall
b syscall_dotrace_cont
syscall_exit_work:
diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
index d180caf2..5e7434e 100644
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -144,7 +144,6 @@ END_FW_FTR_SECTION_IFSET(FW_FEATURE_SPLPAR)
ld r10,TI_FLAGS(r11)
andi. r11,r10,_TIF_SYSCALL_DOTRACE
bne syscall_dotrace
-.Lsyscall_dotrace_cont:
cmpldi 0,r0,NR_syscalls
bge- syscall_enosys
@@ -253,7 +252,9 @@ syscall_dotrace:
addi r9,r1,STACK_FRAME_OVERHEAD
CURRENT_THREAD_INFO(r10, r1)
ld r10,TI_FLAGS(r10)
- b .Lsyscall_dotrace_cont
+ cmpldi 0,r0,NR_syscalls
+ bge- .Lsyscall_exit
+ b system_call
syscall_enosys:
li r3,-ENOSYS
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index f21897b..2edae06 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1775,13 +1775,15 @@ long do_syscall_trace_enter(struct pt_regs *regs)
secure_computing_strict(regs->gpr[0]);
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
- tracehook_report_syscall_entry(regs))
+ tracehook_report_syscall_entry(regs)) {
/*
* Tracing decided this syscall should not happen.
* We'll return a bogus call number to get an ENOSYS
* error, but leave the original number in regs->gpr[0].
*/
ret = -1L;
+ syscall_set_return_value(current, regs, ENOSYS, 0);
+ }
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
trace_sys_enter(regs, regs->gpr[0]);
--
2.1.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 2/3] powerpc: Relax secure computing on syscall entry trace
2015-02-18 8:16 ` Bogdan Purcareata
@ 2015-02-18 8:16 ` Bogdan Purcareata
-1 siblings, 0 replies; 18+ messages in thread
From: Bogdan Purcareata @ 2015-02-18 8:16 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: linux-kernel, pmoore, strosake, Bogdan Purcareata
The secure_computing_strict will just force the kernel to panic on
secure_computing failure. Once SECCOMP_FILTER support is enabled in the kernel,
syscalls can be denied without system failure.
v4:
- rebase on top of 3.19
v3,v2: no changes
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
---
arch/powerpc/kernel/ptrace.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index 2edae06..cb9fd33 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1772,7 +1772,9 @@ long do_syscall_trace_enter(struct pt_regs *regs)
user_exit();
- secure_computing_strict(regs->gpr[0]);
+ /* Do the secure computing check first; failures should be fast. */
+ if (secure_computing() == -1)
+ return -1L;
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
tracehook_report_syscall_entry(regs)) {
--
2.1.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 2/3] powerpc: Relax secure computing on syscall entry trace
@ 2015-02-18 8:16 ` Bogdan Purcareata
0 siblings, 0 replies; 18+ messages in thread
From: Bogdan Purcareata @ 2015-02-18 8:16 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: pmoore, linux-kernel, Bogdan Purcareata, strosake
The secure_computing_strict will just force the kernel to panic on
secure_computing failure. Once SECCOMP_FILTER support is enabled in the kernel,
syscalls can be denied without system failure.
v4:
- rebase on top of 3.19
v3,v2: no changes
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
---
arch/powerpc/kernel/ptrace.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index 2edae06..cb9fd33 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1772,7 +1772,9 @@ long do_syscall_trace_enter(struct pt_regs *regs)
user_exit();
- secure_computing_strict(regs->gpr[0]);
+ /* Do the secure computing check first; failures should be fast. */
+ if (secure_computing() == -1)
+ return -1L;
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
tracehook_report_syscall_entry(regs)) {
--
2.1.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
2015-02-18 8:16 ` Bogdan Purcareata
@ 2015-02-18 8:16 ` Bogdan Purcareata
-1 siblings, 0 replies; 18+ messages in thread
From: Bogdan Purcareata @ 2015-02-18 8:16 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: linux-kernel, pmoore, strosake, Bogdan Purcareata
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
---
arch/powerpc/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 22b0940..2588b57 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -104,6 +104,7 @@ config PPC
select HAVE_EFFICIENT_UNALIGNED_ACCESS if !CPU_LITTLE_ENDIAN
select HAVE_KPROBES
select HAVE_ARCH_KGDB
+ select HAVE_ARCH_SECCOMP_FILTER
select HAVE_KRETPROBES
select HAVE_ARCH_TRACEHOOK
select HAVE_MEMBLOCK
--
2.1.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
@ 2015-02-18 8:16 ` Bogdan Purcareata
0 siblings, 0 replies; 18+ messages in thread
From: Bogdan Purcareata @ 2015-02-18 8:16 UTC (permalink / raw)
To: benh, paulus, linuxppc-dev, mpe
Cc: pmoore, linux-kernel, Bogdan Purcareata, strosake
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
---
arch/powerpc/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 22b0940..2588b57 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -104,6 +104,7 @@ config PPC
select HAVE_EFFICIENT_UNALIGNED_ACCESS if !CPU_LITTLE_ENDIAN
select HAVE_KPROBES
select HAVE_ARCH_KGDB
+ select HAVE_ARCH_SECCOMP_FILTER
select HAVE_KRETPROBES
select HAVE_ARCH_TRACEHOOK
select HAVE_MEMBLOCK
--
2.1.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
2015-02-18 8:16 ` Bogdan Purcareata
@ 2015-02-27 7:28 ` Purcareata Bogdan
-1 siblings, 0 replies; 18+ messages in thread
From: Purcareata Bogdan @ 2015-02-27 7:28 UTC (permalink / raw)
To: Bogdan Purcareata, benh, paulus, linuxppc-dev, mpe
Cc: linux-kernel, pmoore, strosake
Ping?
On 18.02.2015 10:16, Bogdan Purcareata wrote:
> Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
> architectures, and enable this support.
>
> Testing has been pursued using libseccomp with the latest ppc support patches
> [1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
> also been tested, courtesy of Mike Strosaker.
>
> [1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
> [2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
>
> v4:
> - rebased on top of 3.19
>
> v3:
> - keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
>
> v2:
> - move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
>
> Bogdan Purcareata (3):
> powerpc: Don't force ENOSYS as error on syscall fail
> powerpc: Relax secure computing on syscall entry trace
> powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
>
> arch/powerpc/Kconfig | 1 +
> arch/powerpc/kernel/entry_32.S | 7 ++++++-
> arch/powerpc/kernel/entry_64.S | 5 +++--
> arch/powerpc/kernel/ptrace.c | 8 ++++++--
> 4 files changed, 16 insertions(+), 5 deletions(-)
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
@ 2015-02-27 7:28 ` Purcareata Bogdan
0 siblings, 0 replies; 18+ messages in thread
From: Purcareata Bogdan @ 2015-02-27 7:28 UTC (permalink / raw)
To: Bogdan Purcareata, benh, paulus, linuxppc-dev, mpe
Cc: pmoore, linux-kernel, strosake
Ping?
On 18.02.2015 10:16, Bogdan Purcareata wrote:
> Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
> architectures, and enable this support.
>
> Testing has been pursued using libseccomp with the latest ppc support patches
> [1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
> also been tested, courtesy of Mike Strosaker.
>
> [1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
> [2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
>
> v4:
> - rebased on top of 3.19
>
> v3:
> - keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
>
> v2:
> - move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
>
> Bogdan Purcareata (3):
> powerpc: Don't force ENOSYS as error on syscall fail
> powerpc: Relax secure computing on syscall entry trace
> powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
>
> arch/powerpc/Kconfig | 1 +
> arch/powerpc/kernel/entry_32.S | 7 ++++++-
> arch/powerpc/kernel/entry_64.S | 5 +++--
> arch/powerpc/kernel/ptrace.c | 8 ++++++--
> 4 files changed, 16 insertions(+), 5 deletions(-)
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
2015-02-27 7:28 ` Purcareata Bogdan
@ 2015-02-27 20:54 ` Benjamin Herrenschmidt
-1 siblings, 0 replies; 18+ messages in thread
From: Benjamin Herrenschmidt @ 2015-02-27 20:54 UTC (permalink / raw)
To: Purcareata Bogdan
Cc: Bogdan Purcareata, paulus, linuxppc-dev, mpe, linux-kernel,
pmoore, strosake
On Fri, 2015-02-27 at 09:28 +0200, Purcareata Bogdan wrote:
> Ping?
What is the ping for ?
Ben.
> On 18.02.2015 10:16, Bogdan Purcareata wrote:
> > Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
> > architectures, and enable this support.
> >
> > Testing has been pursued using libseccomp with the latest ppc support patches
> > [1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
> > also been tested, courtesy of Mike Strosaker.
> >
> > [1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
> > [2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
> >
> > v4:
> > - rebased on top of 3.19
> >
> > v3:
> > - keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
> >
> > v2:
> > - move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
> >
> > Bogdan Purcareata (3):
> > powerpc: Don't force ENOSYS as error on syscall fail
> > powerpc: Relax secure computing on syscall entry trace
> > powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
> >
> > arch/powerpc/Kconfig | 1 +
> > arch/powerpc/kernel/entry_32.S | 7 ++++++-
> > arch/powerpc/kernel/entry_64.S | 5 +++--
> > arch/powerpc/kernel/ptrace.c | 8 ++++++--
> > 4 files changed, 16 insertions(+), 5 deletions(-)
> >
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
@ 2015-02-27 20:54 ` Benjamin Herrenschmidt
0 siblings, 0 replies; 18+ messages in thread
From: Benjamin Herrenschmidt @ 2015-02-27 20:54 UTC (permalink / raw)
To: Purcareata Bogdan
Cc: linux-kernel, pmoore, paulus, Bogdan Purcareata, linuxppc-dev, strosake
On Fri, 2015-02-27 at 09:28 +0200, Purcareata Bogdan wrote:
> Ping?
What is the ping for ?
Ben.
> On 18.02.2015 10:16, Bogdan Purcareata wrote:
> > Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
> > architectures, and enable this support.
> >
> > Testing has been pursued using libseccomp with the latest ppc support patches
> > [1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
> > also been tested, courtesy of Mike Strosaker.
> >
> > [1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
> > [2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
> >
> > v4:
> > - rebased on top of 3.19
> >
> > v3:
> > - keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
> >
> > v2:
> > - move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
> >
> > Bogdan Purcareata (3):
> > powerpc: Don't force ENOSYS as error on syscall fail
> > powerpc: Relax secure computing on syscall entry trace
> > powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
> >
> > arch/powerpc/Kconfig | 1 +
> > arch/powerpc/kernel/entry_32.S | 7 ++++++-
> > arch/powerpc/kernel/entry_64.S | 5 +++--
> > arch/powerpc/kernel/ptrace.c | 8 ++++++--
> > 4 files changed, 16 insertions(+), 5 deletions(-)
> >
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
2015-02-27 20:54 ` Benjamin Herrenschmidt
@ 2015-03-09 8:26 ` Purcareata Bogdan
-1 siblings, 0 replies; 18+ messages in thread
From: Purcareata Bogdan @ 2015-03-09 8:26 UTC (permalink / raw)
To: Benjamin Herrenschmidt
Cc: Bogdan Purcareata, paulus, linuxppc-dev, mpe, linux-kernel,
pmoore, strosake
On 27.02.2015 22:54, Benjamin Herrenschmidt wrote:
> On Fri, 2015-02-27 at 09:28 +0200, Purcareata Bogdan wrote:
>> Ping?
>
> What is the ping for ?
>
> Ben.
Making sure the patches are not lost on the mailing lists :) Didn't
receive any feedback on v4 and just wanted to check if there's anything
more I can do.
Thank you,
Bogdan P.
>> On 18.02.2015 10:16, Bogdan Purcareata wrote:
>>> Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
>>> architectures, and enable this support.
>>>
>>> Testing has been pursued using libseccomp with the latest ppc support patches
>>> [1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
>>> also been tested, courtesy of Mike Strosaker.
>>>
>>> [1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
>>> [2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
>>>
>>> v4:
>>> - rebased on top of 3.19
>>>
>>> v3:
>>> - keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
>>>
>>> v2:
>>> - move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
>>>
>>> Bogdan Purcareata (3):
>>> powerpc: Don't force ENOSYS as error on syscall fail
>>> powerpc: Relax secure computing on syscall entry trace
>>> powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
>>>
>>> arch/powerpc/Kconfig | 1 +
>>> arch/powerpc/kernel/entry_32.S | 7 ++++++-
>>> arch/powerpc/kernel/entry_64.S | 5 +++--
>>> arch/powerpc/kernel/ptrace.c | 8 ++++++--
>>> 4 files changed, 16 insertions(+), 5 deletions(-)
>>>
>
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
@ 2015-03-09 8:26 ` Purcareata Bogdan
0 siblings, 0 replies; 18+ messages in thread
From: Purcareata Bogdan @ 2015-03-09 8:26 UTC (permalink / raw)
To: Benjamin Herrenschmidt
Cc: linux-kernel, pmoore, paulus, Bogdan Purcareata, linuxppc-dev, strosake
On 27.02.2015 22:54, Benjamin Herrenschmidt wrote:
> On Fri, 2015-02-27 at 09:28 +0200, Purcareata Bogdan wrote:
>> Ping?
>
> What is the ping for ?
>
> Ben.
Making sure the patches are not lost on the mailing lists :) Didn't
receive any feedback on v4 and just wanted to check if there's anything
more I can do.
Thank you,
Bogdan P.
>> On 18.02.2015 10:16, Bogdan Purcareata wrote:
>>> Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
>>> architectures, and enable this support.
>>>
>>> Testing has been pursued using libseccomp with the latest ppc support patches
>>> [1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
>>> also been tested, courtesy of Mike Strosaker.
>>>
>>> [1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
>>> [2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
>>>
>>> v4:
>>> - rebased on top of 3.19
>>>
>>> v3:
>>> - keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
>>>
>>> v2:
>>> - move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
>>>
>>> Bogdan Purcareata (3):
>>> powerpc: Don't force ENOSYS as error on syscall fail
>>> powerpc: Relax secure computing on syscall entry trace
>>> powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
>>>
>>> arch/powerpc/Kconfig | 1 +
>>> arch/powerpc/kernel/entry_32.S | 7 ++++++-
>>> arch/powerpc/kernel/entry_64.S | 5 +++--
>>> arch/powerpc/kernel/ptrace.c | 8 ++++++--
>>> 4 files changed, 16 insertions(+), 5 deletions(-)
>>>
>
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
2015-02-27 20:54 ` Benjamin Herrenschmidt
@ 2015-03-23 11:44 ` Purcareata Bogdan
-1 siblings, 0 replies; 18+ messages in thread
From: Purcareata Bogdan @ 2015-03-23 11:44 UTC (permalink / raw)
To: Benjamin Herrenschmidt, Michael Ellerman
Cc: Bogdan Purcareata, paulus, linuxppc-dev, mpe, linux-kernel,
pmoore, strosake, Scott Wood
On 27.02.2015 22:54, Benjamin Herrenschmidt wrote:
> On Fri, 2015-02-27 at 09:28 +0200, Purcareata Bogdan wrote:
>> Ping?
>
> What is the ping for ?
>
> Ben.
Hello Ben,
I just wanted to check with you what's the current status of these
patches. I noticed in patchwork [1][2][3] that the patches are marked as
non-applicable.
As of today, I cloned Michael Ellerman's tree [4], applied the patches
on the master branch, compiled and tested. Tests pass both with the
libseccomp regression suite and my LXC tests.
Is there a specific tree I should send them against, or on another
mailing list? Is there any other reason the patches are not applicable?
[1] https://patchwork.ozlabs.org/patch/440827/
[2] https://patchwork.ozlabs.org/patch/440828/
[3] https://patchwork.ozlabs.org/patch/440829/
[4] git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux.git
Thank you,
Bogdan P.
>> On 18.02.2015 10:16, Bogdan Purcareata wrote:
>>> Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
>>> architectures, and enable this support.
>>>
>>> Testing has been pursued using libseccomp with the latest ppc support patches
>>> [1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
>>> also been tested, courtesy of Mike Strosaker.
>>>
>>> [1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
>>> [2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
>>>
>>> v4:
>>> - rebased on top of 3.19
>>>
>>> v3:
>>> - keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
>>>
>>> v2:
>>> - move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
>>>
>>> Bogdan Purcareata (3):
>>> powerpc: Don't force ENOSYS as error on syscall fail
>>> powerpc: Relax secure computing on syscall entry trace
>>> powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
>>>
>>> arch/powerpc/Kconfig | 1 +
>>> arch/powerpc/kernel/entry_32.S | 7 ++++++-
>>> arch/powerpc/kernel/entry_64.S | 5 +++--
>>> arch/powerpc/kernel/ptrace.c | 8 ++++++--
>>> 4 files changed, 16 insertions(+), 5 deletions(-)
>>>
>
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
@ 2015-03-23 11:44 ` Purcareata Bogdan
0 siblings, 0 replies; 18+ messages in thread
From: Purcareata Bogdan @ 2015-03-23 11:44 UTC (permalink / raw)
To: Benjamin Herrenschmidt, Michael Ellerman
Cc: linux-kernel, pmoore, paulus, Bogdan Purcareata, Scott Wood,
linuxppc-dev, strosake
On 27.02.2015 22:54, Benjamin Herrenschmidt wrote:
> On Fri, 2015-02-27 at 09:28 +0200, Purcareata Bogdan wrote:
>> Ping?
>
> What is the ping for ?
>
> Ben.
Hello Ben,
I just wanted to check with you what's the current status of these
patches. I noticed in patchwork [1][2][3] that the patches are marked as
non-applicable.
As of today, I cloned Michael Ellerman's tree [4], applied the patches
on the master branch, compiled and tested. Tests pass both with the
libseccomp regression suite and my LXC tests.
Is there a specific tree I should send them against, or on another
mailing list? Is there any other reason the patches are not applicable?
[1] https://patchwork.ozlabs.org/patch/440827/
[2] https://patchwork.ozlabs.org/patch/440828/
[3] https://patchwork.ozlabs.org/patch/440829/
[4] git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux.git
Thank you,
Bogdan P.
>> On 18.02.2015 10:16, Bogdan Purcareata wrote:
>>> Add the missing pieces in order to enable SECCOMP_FILTER on PowerPC
>>> architectures, and enable this support.
>>>
>>> Testing has been pursued using libseccomp with the latest ppc support patches
>>> [1][2], on Freescale platforms for both ppc and ppc64. Support on ppc64le has
>>> also been tested, courtesy of Mike Strosaker.
>>>
>>> [1] https://groups.google.com/forum/#!topic/libseccomp/oz42LfMDsxg
>>> [2] https://groups.google.com/forum/#!topic/libseccomp/TQWfCt_nD7c
>>>
>>> v4:
>>> - rebased on top of 3.19
>>>
>>> v3:
>>> - keep setting ENOSYS in syscall entry assembly when syscall tracing is disabled
>>>
>>> v2:
>>> - move setting ENOSYS from syscall entry assembly to do_syscall_trace_enter
>>>
>>> Bogdan Purcareata (3):
>>> powerpc: Don't force ENOSYS as error on syscall fail
>>> powerpc: Relax secure computing on syscall entry trace
>>> powerpc: Enable HAVE_ARCH_SECCOMP_FILTER
>>>
>>> arch/powerpc/Kconfig | 1 +
>>> arch/powerpc/kernel/entry_32.S | 7 ++++++-
>>> arch/powerpc/kernel/entry_64.S | 5 +++--
>>> arch/powerpc/kernel/ptrace.c | 8 ++++++--
>>> 4 files changed, 16 insertions(+), 5 deletions(-)
>>>
>
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
2015-03-23 11:44 ` Purcareata Bogdan
@ 2015-03-25 9:31 ` Michael Ellerman
-1 siblings, 0 replies; 18+ messages in thread
From: Michael Ellerman @ 2015-03-25 9:31 UTC (permalink / raw)
To: Purcareata Bogdan
Cc: Benjamin Herrenschmidt, Bogdan Purcareata, paulus, linuxppc-dev,
linux-kernel, pmoore, strosake, Scott Wood
On Mon, 2015-03-23 at 13:44 +0200, Purcareata Bogdan wrote:
> On 27.02.2015 22:54, Benjamin Herrenschmidt wrote:
> > On Fri, 2015-02-27 at 09:28 +0200, Purcareata Bogdan wrote:
> >> Ping?
> >
> > What is the ping for ?
> >
> > Ben.
>
> Hello Ben,
>
> I just wanted to check with you what's the current status of these
> patches. I noticed in patchwork [1][2][3] that the patches are marked as
> non-applicable.
>
> As of today, I cloned Michael Ellerman's tree [4], applied the patches
> on the master branch, compiled and tested. Tests pass both with the
> libseccomp regression suite and my LXC tests.
>
> Is there a specific tree I should send them against, or on another
> mailing list? Is there any other reason the patches are not applicable?
I just haven't had time to review them properly.
Because you're touching the syscall path for all powerpc platforms it needs
more scrutiny than the average patch.
It should still make 4.1, probably :)
cheers
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support
@ 2015-03-25 9:31 ` Michael Ellerman
0 siblings, 0 replies; 18+ messages in thread
From: Michael Ellerman @ 2015-03-25 9:31 UTC (permalink / raw)
To: Purcareata Bogdan
Cc: linux-kernel, pmoore, paulus, Bogdan Purcareata, Scott Wood,
linuxppc-dev, strosake
On Mon, 2015-03-23 at 13:44 +0200, Purcareata Bogdan wrote:
> On 27.02.2015 22:54, Benjamin Herrenschmidt wrote:
> > On Fri, 2015-02-27 at 09:28 +0200, Purcareata Bogdan wrote:
> >> Ping?
> >
> > What is the ping for ?
> >
> > Ben.
>
> Hello Ben,
>
> I just wanted to check with you what's the current status of these
> patches. I noticed in patchwork [1][2][3] that the patches are marked as
> non-applicable.
>
> As of today, I cloned Michael Ellerman's tree [4], applied the patches
> on the master branch, compiled and tested. Tests pass both with the
> libseccomp regression suite and my LXC tests.
>
> Is there a specific tree I should send them against, or on another
> mailing list? Is there any other reason the patches are not applicable?
I just haven't had time to review them properly.
Because you're touching the syscall path for all powerpc platforms it needs
more scrutiny than the average patch.
It should still make 4.1, probably :)
cheers
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2015-03-25 9:31 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-18 8:16 [PATCH v4 0/3] powerpc: Enable seccomp filter support Bogdan Purcareata
2015-02-18 8:16 ` Bogdan Purcareata
2015-02-18 8:16 ` [PATCH v4 1/3] powerpc: Don't force ENOSYS as error on syscall fail Bogdan Purcareata
2015-02-18 8:16 ` Bogdan Purcareata
2015-02-18 8:16 ` [PATCH v4 2/3] powerpc: Relax secure computing on syscall entry trace Bogdan Purcareata
2015-02-18 8:16 ` Bogdan Purcareata
2015-02-18 8:16 ` [PATCH v4 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER Bogdan Purcareata
2015-02-18 8:16 ` Bogdan Purcareata
2015-02-27 7:28 ` [PATCH v4 0/3] powerpc: Enable seccomp filter support Purcareata Bogdan
2015-02-27 7:28 ` Purcareata Bogdan
2015-02-27 20:54 ` Benjamin Herrenschmidt
2015-02-27 20:54 ` Benjamin Herrenschmidt
2015-03-09 8:26 ` Purcareata Bogdan
2015-03-09 8:26 ` Purcareata Bogdan
2015-03-23 11:44 ` Purcareata Bogdan
2015-03-23 11:44 ` Purcareata Bogdan
2015-03-25 9:31 ` Michael Ellerman
2015-03-25 9:31 ` Michael Ellerman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.