* [GIT PULL] seccomp updates for v5.5-rc1
@ 2019-11-26 16:25 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2019-11-26 16:25 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, Alexei Starovoitov, David Abdurachmanov,
Paul Walmsley, Andy Lutomirski, Borislav Petkov, bpf,
Christian Brauner, Daniel Borkmann, kernel test robot,
linux-arm-kernel, linux-kselftest, linux-parisc, linux-s390,
linux-um, Martin KaFai Lau, netdev, Oleg Nesterov, Shuah Khan,
Song Liu, Thomas Gleixner, Tycho Andersen, Tyler Hicks,
Will Drewry, x86, Yonghong Song
Hi Linus,
Please pull these seccomp updates for v5.5-rc1. Mostly this is
implementing the new flag SECCOMP_USER_NOTIF_FLAG_CONTINUE, but there
are cleanups as well. Most notably, the secure_computing() prototype
has changed (to remove an unused argument), but this has happened at the
same time as riscv adding seccomp support, so the cleanest merge order
would be to merge riscv first, then seccomp with the following patch for
riscv to handle the change from "seccomp: simplify secure_computing()":
diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c
index 0f84628b9385..407464201b91 100644
--- a/arch/riscv/kernel/ptrace.c
+++ b/arch/riscv/kernel/ptrace.c
@@ -159,7 +159,7 @@ __visible void do_syscall_trace_enter(struct pt_regs *regs)
* If this fails we might have return value in a0 from seccomp
* (via SECCOMP_RET_ERRNO/TRACE).
*/
- if (secure_computing(NULL) == -1) {
+ if (secure_computing() == -1) {
syscall_set_nr(current, regs, -1);
return;
}
Thanks!
-Kees
The following changes since commit da0c9ea146cbe92b832f1b0f694840ea8eb33cce:
Linux 5.4-rc2 (2019-10-06 14:27:30 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.5-rc1
for you to fetch changes up to 23b2c96fad21886c53f5e1a4ffedd45ddd2e85ba:
seccomp: rework define for SECCOMP_USER_NOTIF_FLAG_CONTINUE (2019-10-28 12:29:46 -0700)
----------------------------------------------------------------
seccomp updates for v5.5
- implement SECCOMP_USER_NOTIF_FLAG_CONTINUE (Christian Brauner)
- fixes to selftests (Christian Brauner)
- remove secure_computing() argument (Christian Brauner)
----------------------------------------------------------------
Christian Brauner (6):
seccomp: avoid overflow in implicit constant conversion
seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE
seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE
seccomp: simplify secure_computing()
seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test
seccomp: rework define for SECCOMP_USER_NOTIF_FLAG_CONTINUE
arch/arm/kernel/ptrace.c | 2 +-
arch/arm64/kernel/ptrace.c | 2 +-
arch/parisc/kernel/ptrace.c | 2 +-
arch/s390/kernel/ptrace.c | 2 +-
arch/um/kernel/skas/syscall.c | 2 +-
arch/x86/entry/vsyscall/vsyscall_64.c | 2 +-
include/linux/seccomp.h | 6 +-
include/uapi/linux/seccomp.h | 29 +++++++
kernel/seccomp.c | 28 +++++--
tools/testing/selftests/seccomp/seccomp_bpf.c | 110 +++++++++++++++++++++++++-
10 files changed, 169 insertions(+), 16 deletions(-)
--
Kees Cook
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [GIT PULL] seccomp updates for v5.5-rc1
@ 2019-11-26 16:25 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2019-11-26 16:25 UTC (permalink / raw)
To: Linus Torvalds
Cc: Song Liu, Alexei Starovoitov, linux-kernel, linux-kselftest,
Christian Brauner, Shuah Khan, linux-s390, Tycho Andersen,
Daniel Borkmann, kernel test robot, x86, Yonghong Song,
Borislav Petkov, linux-um, Andy Lutomirski, Paul Walmsley,
Thomas Gleixner, linux-arm-kernel, Will Drewry, linux-parisc,
David Abdurachmanov, netdev, Oleg Nesterov, Tyler Hicks, bpf,
Martin KaFai Lau
Hi Linus,
Please pull these seccomp updates for v5.5-rc1. Mostly this is
implementing the new flag SECCOMP_USER_NOTIF_FLAG_CONTINUE, but there
are cleanups as well. Most notably, the secure_computing() prototype
has changed (to remove an unused argument), but this has happened at the
same time as riscv adding seccomp support, so the cleanest merge order
would be to merge riscv first, then seccomp with the following patch for
riscv to handle the change from "seccomp: simplify secure_computing()":
diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c
index 0f84628b9385..407464201b91 100644
--- a/arch/riscv/kernel/ptrace.c
+++ b/arch/riscv/kernel/ptrace.c
@@ -159,7 +159,7 @@ __visible void do_syscall_trace_enter(struct pt_regs *regs)
* If this fails we might have return value in a0 from seccomp
* (via SECCOMP_RET_ERRNO/TRACE).
*/
- if (secure_computing(NULL) == -1) {
+ if (secure_computing() == -1) {
syscall_set_nr(current, regs, -1);
return;
}
Thanks!
-Kees
The following changes since commit da0c9ea146cbe92b832f1b0f694840ea8eb33cce:
Linux 5.4-rc2 (2019-10-06 14:27:30 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.5-rc1
for you to fetch changes up to 23b2c96fad21886c53f5e1a4ffedd45ddd2e85ba:
seccomp: rework define for SECCOMP_USER_NOTIF_FLAG_CONTINUE (2019-10-28 12:29:46 -0700)
----------------------------------------------------------------
seccomp updates for v5.5
- implement SECCOMP_USER_NOTIF_FLAG_CONTINUE (Christian Brauner)
- fixes to selftests (Christian Brauner)
- remove secure_computing() argument (Christian Brauner)
----------------------------------------------------------------
Christian Brauner (6):
seccomp: avoid overflow in implicit constant conversion
seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE
seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE
seccomp: simplify secure_computing()
seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test
seccomp: rework define for SECCOMP_USER_NOTIF_FLAG_CONTINUE
arch/arm/kernel/ptrace.c | 2 +-
arch/arm64/kernel/ptrace.c | 2 +-
arch/parisc/kernel/ptrace.c | 2 +-
arch/s390/kernel/ptrace.c | 2 +-
arch/um/kernel/skas/syscall.c | 2 +-
arch/x86/entry/vsyscall/vsyscall_64.c | 2 +-
include/linux/seccomp.h | 6 +-
include/uapi/linux/seccomp.h | 29 +++++++
kernel/seccomp.c | 28 +++++--
tools/testing/selftests/seccomp/seccomp_bpf.c | 110 +++++++++++++++++++++++++-
10 files changed, 169 insertions(+), 16 deletions(-)
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [GIT PULL] seccomp updates for v5.5-rc1
2019-11-26 16:25 ` Kees Cook
@ 2019-11-27 0:59 ` Paul Walmsley
-1 siblings, 0 replies; 6+ messages in thread
From: Paul Walmsley @ 2019-11-27 0:59 UTC (permalink / raw)
To: Kees Cook
Cc: Linus Torvalds, linux-kernel, Alexei Starovoitov,
David Abdurachmanov, Andy Lutomirski, Borislav Petkov, bpf,
Christian Brauner, Daniel Borkmann, kernel test robot,
linux-arm-kernel, linux-kselftest, linux-parisc, linux-s390,
linux-um, Martin KaFai Lau, netdev, Oleg Nesterov, Shuah Khan,
Song Liu, Thomas Gleixner, Tycho Andersen, Tyler Hicks,
Will Drewry, x86, Yonghong Song
On Tue, 26 Nov 2019, Kees Cook wrote:
> Most notably, the secure_computing() prototype has changed (to remove an
> unused argument), but this has happened at the same time as riscv adding
> seccomp support, so the cleanest merge order would be to merge riscv
> first, then seccomp with the following patch for riscv to handle the
> change from "seccomp: simplify secure_computing()":
The RISC-V pull request that contains the seccomp change has been sent.
It's here:
https://lore.kernel.org/linux-riscv/alpine.DEB.2.21.9999.1911261311520.23039@viisi.sifive.com/T/#u
- Paul
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [GIT PULL] seccomp updates for v5.5-rc1
@ 2019-11-27 0:59 ` Paul Walmsley
0 siblings, 0 replies; 6+ messages in thread
From: Paul Walmsley @ 2019-11-27 0:59 UTC (permalink / raw)
To: Kees Cook
Cc: Song Liu, Alexei Starovoitov, Oleg Nesterov, linux-kselftest,
Christian Brauner, Shuah Khan, linux-s390, Tycho Andersen,
Daniel Borkmann, kernel test robot, x86, Yonghong Song,
Borislav Petkov, linux-um, Andy Lutomirski, Thomas Gleixner,
linux-arm-kernel, Will Drewry, linux-parisc, David Abdurachmanov,
netdev, linux-kernel, Tyler Hicks, bpf, Linus Torvalds,
Martin KaFai Lau
On Tue, 26 Nov 2019, Kees Cook wrote:
> Most notably, the secure_computing() prototype has changed (to remove an
> unused argument), but this has happened at the same time as riscv adding
> seccomp support, so the cleanest merge order would be to merge riscv
> first, then seccomp with the following patch for riscv to handle the
> change from "seccomp: simplify secure_computing()":
The RISC-V pull request that contains the seccomp change has been sent.
It's here:
https://lore.kernel.org/linux-riscv/alpine.DEB.2.21.9999.1911261311520.23039@viisi.sifive.com/T/#u
- Paul
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [GIT PULL] seccomp updates for v5.5-rc1
2019-11-26 16:25 ` Kees Cook
@ 2019-12-01 1:40 ` pr-tracker-bot
-1 siblings, 0 replies; 6+ messages in thread
From: pr-tracker-bot @ 2019-12-01 1:40 UTC (permalink / raw)
To: Kees Cook
Cc: Linus Torvalds, linux-kernel, Alexei Starovoitov,
David Abdurachmanov, Paul Walmsley, Andy Lutomirski,
Borislav Petkov, bpf, Christian Brauner, Daniel Borkmann,
kernel test robot, linux-arm-kernel, linux-kselftest,
linux-parisc, linux-s390, linux-um, Martin KaFai Lau, netdev,
Oleg Nesterov, Shuah Khan, Song Liu, Thomas Gleixner,
Tycho Andersen, Tyler Hicks, Will Drewry, x86, Yonghong Song
The pull request you sent on Tue, 26 Nov 2019 08:25:28 -0800:
> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.5-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/b94ae8ad9fe79da61231999f347f79645b909bda
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [GIT PULL] seccomp updates for v5.5-rc1
@ 2019-12-01 1:40 ` pr-tracker-bot
0 siblings, 0 replies; 6+ messages in thread
From: pr-tracker-bot @ 2019-12-01 1:40 UTC (permalink / raw)
To: Kees Cook
Cc: Song Liu, Alexei Starovoitov, linux-kernel, linux-kselftest,
Christian Brauner, Shuah Khan, linux-s390, Tycho Andersen,
Daniel Borkmann, kernel test robot, x86, Yonghong Song,
Borislav Petkov, linux-um, Andy Lutomirski, Paul Walmsley,
Thomas Gleixner, linux-arm-kernel, Will Drewry, linux-parisc,
David Abdurachmanov, netdev, Oleg Nesterov, Tyler Hicks, bpf,
Linus Torvalds, Martin KaFai Lau
The pull request you sent on Tue, 26 Nov 2019 08:25:28 -0800:
> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.5-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/b94ae8ad9fe79da61231999f347f79645b909bda
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-12-01 1:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-26 16:25 [GIT PULL] seccomp updates for v5.5-rc1 Kees Cook
2019-11-26 16:25 ` Kees Cook
2019-11-27 0:59 ` Paul Walmsley
2019-11-27 0:59 ` Paul Walmsley
2019-12-01 1:40 ` pr-tracker-bot
2019-12-01 1:40 ` pr-tracker-bot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.