[PATCH v10 0/3] Add kernel seccomp support for m68k

[PATCH v10 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Patch 3 adds the test for TIF_SECCOMP thread info flag to call
into syscall_trace_enter() when seccomp syscall filtering
is active, which was missing from earlier versions (classic
MMU m68k only - need some help with the test for 68000 and
coldfire).

The previous version required the TIF_SYSCALL_TRACE
flag to be set for syscall filtering to work

The rest of the series remains unchanged from v9. 

Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
(33 with the old version).

I hope you didn't waste too much effort on testing v8/v9, Adrian.
Should have a suitably large brown paper bag somewhere yet :-(

Cheers,

   Michael

[PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave for m68k

[Michael Schmitz]

m68k (other than Coldfire) uses syscall_trace for both trace entry
and trace exit. Seccomp support requires separate entry points for
trace entry and exit which are already provided for Coldfire.

Replace syscall_trace by syscall_trace_enter and syscall_trace_leave
in preparation for seccomp support.

No regression seen in testing with strace on ARAnyM.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>

--
Changes from v8:

- adapt ptrace.c patch to recent changes by Eric Biederman

Changes from v7:

Al Viro:
- split first patch to separate the switch to
  syscall_trace_enter/leave() from return code checks

Changes from v6:

Geert Uytterhoeven:
- add syscall_trace_enter() return code check for 68000
  and coldfire

Changes from v5:

- add comment to explain optimization

Changes from v4:

Andreas Schwab:
- optimize return code test (addql #1,%d0 for cmpil #-1,%d0)
- spelling fix in commit message

Changes from v3:

- change syscall_trace_enter return code test from !=0 to ==-1

revert syscall trace return code checks
---
 arch/m68k/kernel/entry.S  | 4 ++--
 arch/m68k/kernel/ptrace.c | 7 -------
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 9434fca68de5..18f278bdbd21 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -181,7 +181,7 @@ do_trace_entry:
 	movel	#-ENOSYS,%sp@(PT_OFF_D0)| needed for strace
 	subql	#4,%sp
 	SAVE_SWITCH_STACK
-	jbsr	syscall_trace
+	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
 	movel	%sp@(PT_OFF_ORIG_D0),%d0
@@ -194,7 +194,7 @@ badsys:
 do_trace_exit:
 	subql	#4,%sp
 	SAVE_SWITCH_STACK
-	jbsr	syscall_trace
+	jbsr	syscall_trace_leave
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
 	jra	.Lret_from_exception
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index aa3a0b8d07e9..74d58a82a135 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -271,12 +271,6 @@ long arch_ptrace(struct task_struct *child, long request,
 	return -EIO;
 }
 
-asmlinkage void syscall_trace(void)
-{
-	ptrace_report_syscall(0);
-}
-
-#if defined(CONFIG_COLDFIRE) || !defined(CONFIG_MMU)
 asmlinkage int syscall_trace_enter(void)
 {
 	int ret = 0;
@@ -291,4 +285,3 @@ asmlinkage void syscall_trace_leave(void)
 	if (test_thread_flag(TIF_SYSCALL_TRACE))
 		tracehook_report_syscall_exit(task_pt_regs(current), 0);
 }
-#endif /* CONFIG_COLDFIRE */
-- 
2.17.1

[PATCH v10 2/3] m68k/kernel - check syscall_trace_enter() return code on m68k

[Michael Schmitz]

Check return code of syscall_trace_enter(), and skip syscall
if -1. Return code will be left at what had been set by
ptrace or seccomp (in regs->d0).

No regression seen in testing with strace on ARAnyM.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>

--
Changes from v7:

Al Viro:
- split return code checks from switch to syscall_trace_enter()

Changes from v6:

Geert Uytterhoeven:
- add syscall_trace_enter() return code check for 68000
  and coldfire

Changes from v5:

- add comment to explain optimization

Changes from v4:

Andreas Schwab:
- optimize return code test (addql #1,%d0 for cmpil #-1,%d0)
- spelling fix in commit message

Changes from v3:

- change syscall_trace_enter return code test from !=0 to ==-1
---
 arch/m68k/68000/entry.S    | 2 ++
 arch/m68k/coldfire/entry.S | 2 ++
 arch/m68k/kernel/entry.S   | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/arch/m68k/68000/entry.S b/arch/m68k/68000/entry.S
index 997b54933015..7d63e2f1555a 100644
--- a/arch/m68k/68000/entry.S
+++ b/arch/m68k/68000/entry.S
@@ -45,6 +45,8 @@ do_trace:
 	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	addql	#1,%d0
+	jeq	ret_from_exception
 	movel	%sp@(PT_OFF_ORIG_D0),%d1
 	movel	#-ENOSYS,%d0
 	cmpl	#NR_syscalls,%d1
diff --git a/arch/m68k/coldfire/entry.S b/arch/m68k/coldfire/entry.S
index 9f337c70243a..35104c5417ff 100644
--- a/arch/m68k/coldfire/entry.S
+++ b/arch/m68k/coldfire/entry.S
@@ -90,6 +90,8 @@ ENTRY(system_call)
 	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	addql	#1,%d0
+	jeq	ret_from_exception
 	movel	%d3,%a0
 	jbsr	%a0@
 	movel	%d0,%sp@(PT_OFF_D0)		/* save the return value */
diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 18f278bdbd21..0d5b7085d76f 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -184,6 +184,8 @@ do_trace_entry:
 	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	addql	#1,%d0			| optimization for cmpil #-1,%d0
+	jeq	ret_from_syscall
 	movel	%sp@(PT_OFF_ORIG_D0),%d0
 	cmpl	#NR_syscalls,%d0
 	jcs	syscall
-- 
2.17.1

[PATCH v10 3/3] m68k: add kernel seccomp support

[Michael Schmitz]

Add secure_computing() call to syscall_trace_enter to actually
filter system calls.

Add necessary arch Kconfig options, define TIF_SECCOMP trace
flag and provide basic seccomp filter support in asm/syscall.h

syscall_get_nr currently uses the syscall nr stored in orig_d0
because we change d0 to a default return code before starting a
syscall trace. This may be inconsistent with syscall_rollback
copying orig_d0 to d0 (which we never check upon return from
trace). We use d0 for the return code from syscall_trace_enter
in entry.S currently, and could perhaps expand that to store
a new syscall number returned by the seccomp filter before
executing the syscall. This clearly needs some discussion.

seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>

--
Changes from v9:

- add test for TIF_SECCOMP bit to call syscall_trace_enter()
  if seccomp syscall filtering is active

Changes from v6:

Geert Uytterhoeven:
- add syscall_get_error(), syscall_get_return_value(), and
  syscall_set_arguments() (not needed to compile!)

Changes from v5:

Geert Uytterhoeven:
- correct wrong offset for d1-d5 register copy
- update Documentation/features/seccomp/seccomp-filter/arch-support.txt

add syscall_get_error(), syscall_get_return_value(), syscall_set_arguments()
---
 .../seccomp/seccomp-filter/arch-support.txt   |  2 +-
 arch/m68k/Kconfig                             |  2 +
 arch/m68k/include/asm/seccomp.h               | 11 ++++
 arch/m68k/include/asm/syscall.h               | 56 +++++++++++++++++++
 arch/m68k/include/asm/thread_info.h           |  2 +
 arch/m68k/kernel/entry.S                      |  3 +
 arch/m68k/kernel/ptrace.c                     |  5 ++
 7 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 arch/m68k/include/asm/seccomp.h

diff --git a/Documentation/features/seccomp/seccomp-filter/arch-support.txt b/Documentation/features/seccomp/seccomp-filter/arch-support.txt
index 26eec58ab819..be71f2066981 100644
--- a/Documentation/features/seccomp/seccomp-filter/arch-support.txt
+++ b/Documentation/features/seccomp/seccomp-filter/arch-support.txt
@@ -14,7 +14,7 @@
     |       h8300: | TODO |
     |     hexagon: | TODO |
     |        ia64: | TODO |
-    |        m68k: | TODO |
+    |        m68k: |  ok  |
     |  microblaze: | TODO |
     |        mips: |  ok  |
     |       nds32: | TODO |
diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
index 936e1803c7c7..c0ef187fb3ed 100644
--- a/arch/m68k/Kconfig
+++ b/arch/m68k/Kconfig
@@ -18,6 +18,8 @@ config M68K
 	select GENERIC_IOMAP
 	select GENERIC_IRQ_SHOW
 	select HAVE_AOUT if MMU
+	select HAVE_ARCH_SECCOMP
+	select HAVE_ARCH_SECCOMP_FILTER
 	select HAVE_ASM_MODVERSIONS
 	select HAVE_DEBUG_BUGVERBOSE
 	select HAVE_EFFICIENT_UNALIGNED_ACCESS if !CPU_HAS_NO_UNALIGNED
diff --git a/arch/m68k/include/asm/seccomp.h b/arch/m68k/include/asm/seccomp.h
new file mode 100644
index 000000000000..de8a94e1fb3f
--- /dev/null
+++ b/arch/m68k/include/asm/seccomp.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef _ASM_SECCOMP_H
+#define _ASM_SECCOMP_H
+
+#include <asm-generic/seccomp.h>
+
+#define SECCOMP_ARCH_NATIVE		AUDIT_ARCH_M68K
+#define SECCOMP_ARCH_NATIVE_NR		NR_syscalls
+#define SECCOMP_ARCH_NATIVE_NAME	"m68k"
+
+#endif /* _ASM_SECCOMP_H */
diff --git a/arch/m68k/include/asm/syscall.h b/arch/m68k/include/asm/syscall.h
index 465ac039be09..2b49ad725655 100644
--- a/arch/m68k/include/asm/syscall.h
+++ b/arch/m68k/include/asm/syscall.h
@@ -4,6 +4,62 @@
 
 #include <uapi/linux/audit.h>
 
+#include <asm/unistd.h>
+
+extern const unsigned long sys_call_table[];
+
+static inline int syscall_get_nr(struct task_struct *task,
+				 struct pt_regs *regs)
+{
+	return regs->orig_d0;
+}
+
+static inline void syscall_rollback(struct task_struct *task,
+				    struct pt_regs *regs)
+{
+	regs->d0 = regs->orig_d0;
+}
+
+static inline long syscall_get_error(struct task_struct *task,
+				     struct pt_regs *regs)
+{
+	unsigned long error = regs->d0;
+	return IS_ERR_VALUE(error) ? error : 0;
+}
+
+static inline long syscall_get_return_value(struct task_struct *task,
+					    struct pt_regs *regs)
+{
+	return regs->d0;
+}
+
+static inline void syscall_set_return_value(struct task_struct *task,
+					    struct pt_regs *regs,
+					    int error, long val)
+{
+	regs->d0 = (long) error ? error : val;
+}
+
+static inline void syscall_get_arguments(struct task_struct *task,
+					 struct pt_regs *regs,
+					 unsigned long *args)
+{
+	args[0] = regs->orig_d0;
+	args++;
+
+	memcpy(args, &regs->d1, 5 * sizeof(args[0]));
+}
+
+static inline void syscall_set_arguments(struct task_struct *task,
+					 struct pt_regs *regs,
+					 unsigned long *args)
+{
+	regs->orig_d0 = args[0];
+	args++;
+
+	memcpy(&regs->d1, args, 5 * sizeof(args[0]));
+}
+
 static inline int syscall_get_arch(struct task_struct *task)
 {
 	return AUDIT_ARCH_M68K;
diff --git a/arch/m68k/include/asm/thread_info.h b/arch/m68k/include/asm/thread_info.h
index c952658ba792..31be2ad999ca 100644
--- a/arch/m68k/include/asm/thread_info.h
+++ b/arch/m68k/include/asm/thread_info.h
@@ -61,6 +61,7 @@ static inline struct thread_info *current_thread_info(void)
 #define TIF_NOTIFY_RESUME	5	/* callback before returning to user */
 #define TIF_SIGPENDING		6	/* signal pending */
 #define TIF_NEED_RESCHED	7	/* rescheduling necessary */
+#define TIF_SECCOMP		13	/* seccomp syscall filtering active */
 #define TIF_DELAYED_TRACE	14	/* single step a syscall */
 #define TIF_SYSCALL_TRACE	15	/* syscall trace active */
 #define TIF_MEMDIE		16	/* is terminating due to OOM killer */
@@ -69,6 +70,7 @@ static inline struct thread_info *current_thread_info(void)
 #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
 #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
 #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
+#define _TIF_SECCOMP		(1 << TIF_SECCOMP)
 #define _TIF_DELAYED_TRACE	(1 << TIF_DELAYED_TRACE)
 #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
 #define _TIF_MEMDIE		(1 << TIF_MEMDIE)
diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 0d5b7085d76f..ee0a905b5f74 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -213,6 +213,9 @@ ENTRY(system_call)
 	| syscall trace?
 	tstb	%a1@(TINFO_FLAGS+2)
 	jmi	do_trace_entry
+	| seccomp filter active?
+	btst	#5,%a1@(TINFO_FLAGS+2)
+	bnes	do_trace_entry
 	cmpl	#NR_syscalls,%d0
 	jcc	badsys
 syscall:
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index 74d58a82a135..bc2490c3fb52 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -19,6 +19,7 @@
 #include <linux/ptrace.h>
 #include <linux/user.h>
 #include <linux/signal.h>
+#include <linux/seccomp.h>
 #include <linux/tracehook.h>
 
 #include <linux/uaccess.h>
@@ -277,6 +278,10 @@ asmlinkage int syscall_trace_enter(void)
 
 	if (test_thread_flag(TIF_SYSCALL_TRACE))
 		ret = tracehook_report_syscall_entry(task_pt_regs(current));
+
+	if (secure_computing() == -1)
+		return -1;
+
 	return ret;
 }
 
-- 
2.17.1

Re: [PATCH v10 0/3] Add kernel seccomp support for m68k

[John Paul Adrian Glaubitz]

Hi Michael!

On 1/27/22 08:41, Michael Schmitz wrote:
> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
> into syscall_trace_enter() when seccomp syscall filtering
> is active, which was missing from earlier versions (classic
> MMU m68k only - need some help with the test for 68000 and
> coldfire).
> 
> The previous version required the TIF_SYSCALL_TRACE
> flag to be set for syscall filtering to work
> 
> The rest of the series remains unchanged from v9. 
> 
> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
> (33 with the old version).
> 
> I hope you didn't waste too much effort on testing v8/v9, Adrian.
> Should have a suitably large brown paper bag somewhere yet :-(

Sorry, I haven't found the time for the tests yet, I'm really busy at the
moment. If you want to test libsecomp, you can check it out from my Github,
then build it and run the testsuite.

See: https://github.com/glaubitz/libseccomp/tree/m68k

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH v10 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Hi Adrian,

not to worry - there is no rush on this. I may have to debug this a 
little more at the kernel level anyway (things like syscall redirection 
does not work yet, and neither does setting a particular errno when 
skipping a syscall). Plain syscall filtering does appear to work 
however, and AFAIR that would be enough for your purpose.

None of my test systems are recent enough to allow compiling current 
user space code, unfortunately.

Outdated user space might conntribute to some of the selftests failing, 
so I could use a little help with that perhaps. I know Geert tried the 
selftests independently some time ago, so I'll post my changes to the 
selftest code and we'll see whether that improves the score.

Cheers,

	Michael

Am 27.01.2022 um 22:09 schrieb John Paul Adrian Glaubitz:
> Hi Michael!
>
> On 1/27/22 08:41, Michael Schmitz wrote:
>> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
>> into syscall_trace_enter() when seccomp syscall filtering
>> is active, which was missing from earlier versions (classic
>> MMU m68k only - need some help with the test for 68000 and
>> coldfire).
>>
>> The previous version required the TIF_SYSCALL_TRACE
>> flag to be set for syscall filtering to work
>>
>> The rest of the series remains unchanged from v9.
>>
>> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
>> (33 with the old version).
>>
>> I hope you didn't waste too much effort on testing v8/v9, Adrian.
>> Should have a suitably large brown paper bag somewhere yet :-(
>
> Sorry, I haven't found the time for the tests yet, I'm really busy at the
> moment. If you want to test libsecomp, you can check it out from my Github,
> then build it and run the testsuite.
>
> See: https://github.com/glaubitz/libseccomp/tree/m68k
>
> Adrian
>

Re: [PATCH v10 0/3] Add kernel seccomp support for m68k

[Eric W. Biederman]

Michael Schmitz <schmitzmic@gmail.com> writes:

> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
> into syscall_trace_enter() when seccomp syscall filtering
> is active, which was missing from earlier versions (classic
> MMU m68k only - need some help with the test for 68000 and
> coldfire).
>
> The previous version required the TIF_SYSCALL_TRACE
> flag to be set for syscall filtering to work
>
> The rest of the series remains unchanged from v9. 
>
> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
> (33 with the old version).
>
> I hope you didn't waste too much effort on testing v8/v9, Adrian.
> Should have a suitably large brown paper bag somewhere yet :-(

Has any progress been made on testing or merging this patch series?

I was just thinking it might be nice if the only callers of
ptrace_report_syscall were ptrace_report_syscall_entry and
ptrace_report_syscall_exit.


Eric

Re: [PATCH v10 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Hi Eric,

Am 04.05.2022 um 09:53 schrieb Eric W. Biederman:
> Michael Schmitz <schmitzmic@gmail.com> writes:
>
>> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
>> into syscall_trace_enter() when seccomp syscall filtering
>> is active, which was missing from earlier versions (classic
>> MMU m68k only - need some help with the test for 68000 and
>> coldfire).
>>
>> The previous version required the TIF_SYSCALL_TRACE
>> flag to be set for syscall filtering to work
>>
>> The rest of the series remains unchanged from v9.
>>
>> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
>> (33 with the old version).
>>
>> I hope you didn't waste too much effort on testing v8/v9, Adrian.
>> Should have a suitably large brown paper bag somewhere yet :-(
>
> Has any progress been made on testing or merging this patch series?

This series totally dropped off my radar, sorry. I had run out of 
options to test, and have been too busy to do much about that.

> I was just thinking it might be nice if the only callers of
> ptrace_report_syscall were ptrace_report_syscall_entry and
> ptrace_report_syscall_exit.

Just merging patch 1 would be enough there AFAICS. Any reason not to do 
that, Geert?

Cheers,

	Michael


>
>
> Eric
>

Re: [PATCH v10 1/3] m68k/kernel - wire up syscall_trace_enter/leave for m68k

[Geert Uytterhoeven]

On Thu, Jan 27, 2022 at 8:42 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> m68k (other than Coldfire) uses syscall_trace for both trace entry
> and trace exit. Seccomp support requires separate entry points for
> trace entry and exit which are already provided for Coldfire.
>
> Replace syscall_trace by syscall_trace_enter and syscall_trace_leave
> in preparation for seccomp support.
>
> No regression seen in testing with strace on ARAnyM.
>
> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>

Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
i.e. will queue in the m68k for-v5.19 branch.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v10 0/3] Add kernel seccomp support for m68k

[Geert Uytterhoeven]

Hi Michael,

On Fri, May 6, 2022 at 10:37 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Am 04.05.2022 um 09:53 schrieb Eric W. Biederman:
> > Michael Schmitz <schmitzmic@gmail.com> writes:
> >> Patch 3 adds the test for TIF_SECCOMP thread info flag to call
> >> into syscall_trace_enter() when seccomp syscall filtering
> >> is active, which was missing from earlier versions (classic
> >> MMU m68k only - need some help with the test for 68000 and
> >> coldfire).
> >>
> >> The previous version required the TIF_SYSCALL_TRACE
> >> flag to be set for syscall filtering to work
> >>
> >> The rest of the series remains unchanged from v9.
> >>
> >> Tested on ARAnyM, 63 out of 89 seccomp_bpf tests now pass
> >> (33 with the old version).
> >>
> >> I hope you didn't waste too much effort on testing v8/v9, Adrian.
> >> Should have a suitably large brown paper bag somewhere yet :-(
> >
> > Has any progress been made on testing or merging this patch series?
>
> This series totally dropped off my radar, sorry. I had run out of
> options to test, and have been too busy to do much about that.
>
> > I was just thinking it might be nice if the only callers of
> > ptrace_report_syscall were ptrace_report_syscall_entry and
> > ptrace_report_syscall_exit.
>
> Just merging patch 1 would be enough there AFAICS. Any reason not to do
> that, Geert?

Indeed no reason. Applied and queued for v5.19.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds