[PATCH v5 1/2] m68k/kernel - wire up syscall_trace_enter/leave for m68k

[PATCH v5 1/2] m68k/kernel - wire up syscall_trace_enter/leave for m68k

[Michael Schmitz]

m68k (other than Coldfire) uses syscall_trace for both trace entry
and trace exit. Seccomp support requires separate entry points for
trace entry and exit which are already provided for Coldfire.

Replace syscall_trace by syscall_trace_enter and syscall_trace_leave
in preparation for seccomp support. Check return code of
syscall_trace_enter(), and skip syscall if -1. Return code will be
left at what had been set by ptrace or seccomp (in regs->d0).

No regression seen in testing with strace on ARAnyM.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>

--
Changes from v4:

Andreas Schwab:
- optimize return code test (addql #1,%d0 for cmpil #-1,%d0)
- spelling fix in commit message

Changes from v3:

- change syscall_trace_enter return code test from !=0 to ==-1

Andreas: optimize syscall trace return code test
---
 arch/m68k/kernel/entry.S  |  8 +++++---
 arch/m68k/kernel/ptrace.c | 17 -----------------
 2 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 9dd76fb..90c5dcc 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -164,9 +164,11 @@ do_trace_entry:
 	movel	#-ENOSYS,%sp@(PT_OFF_D0)| needed for strace
 	subql	#4,%sp
 	SAVE_SWITCH_STACK
-	jbsr	syscall_trace
+	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	addql	#1,%d0
+	jeq	ret_from_syscall
 	movel	%sp@(PT_OFF_ORIG_D0),%d0
 	cmpl	#NR_syscalls,%d0
 	jcs	syscall
@@ -177,7 +179,7 @@ badsys:
 do_trace_exit:
 	subql	#4,%sp
 	SAVE_SWITCH_STACK
-	jbsr	syscall_trace
+	jbsr	syscall_trace_leave
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
 	jra	.Lret_from_exception
@@ -186,7 +188,7 @@ ENTRY(ret_from_signal)
 	movel	%curptr@(TASK_STACK),%a1
 	tstb	%a1@(TINFO_FLAGS+2)
 	jge	1f
-	jbsr	syscall_trace
+	jbsr	syscall_trace_leave
 1:	RESTORE_SWITCH_STACK
 	addql	#4,%sp
 /* on 68040 complete pending writebacks if any */
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index 94b3b27..74d58a8 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -271,22 +271,6 @@ long arch_ptrace(struct task_struct *child, long request,
 	return -EIO;
 }
 
-asmlinkage void syscall_trace(void)
-{
-	ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
-				 ? 0x80 : 0));
-	/*
-	 * this isn't the same as continuing with a signal, but it will do
-	 * for normal use.  strace only continues with a signal if the
-	 * stopping signal is not SIGTRAP.  -brl
-	 */
-	if (current->exit_code) {
-		send_sig(current->exit_code, current, 1);
-		current->exit_code = 0;
-	}
-}
-
-#if defined(CONFIG_COLDFIRE) || !defined(CONFIG_MMU)
 asmlinkage int syscall_trace_enter(void)
 {
 	int ret = 0;
@@ -301,4 +285,3 @@ asmlinkage void syscall_trace_leave(void)
 	if (test_thread_flag(TIF_SYSCALL_TRACE))
 		tracehook_report_syscall_exit(task_pt_regs(current), 0);
 }
-#endif /* CONFIG_COLDFIRE */
-- 
2.7.4

[PATCH v5 2/2] m68k: add kernel seccomp support

[Michael Schmitz]

Add secure_computing() call to syscall_trace_enter to actually
filter system calls.

Add necessary arch Kconfig options, define TIF_SECCOMP trace
flag and provide basic seccomp filter support in asm/syscall.h

syscall_get_nr currently uses the syscall nr stored in orig_d0
because we change d0 to a default return code before starting a
syscall trace. This may be inconsistent with syscall_rollback
copying orig_d0 to d0 (which we never check upon return from
trace). We use d0 for the return code from syscall_trace_enter
in entry.S currently, and could perhaps expand that to store
a new syscall number returned by the seccomp filter before
executing the syscall. This clearly needs some discussion.

Compiles (for Atari) and boots on ARAnyM, otherwise untested.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
---
 arch/m68k/Kconfig                   |  2 ++
 arch/m68k/include/asm/seccomp.h     | 11 +++++++++++
 arch/m68k/include/asm/syscall.h     | 33 +++++++++++++++++++++++++++++++++
 arch/m68k/include/asm/thread_info.h |  2 ++
 arch/m68k/kernel/ptrace.c           |  5 +++++
 5 files changed, 53 insertions(+)
 create mode 100644 arch/m68k/include/asm/seccomp.h

diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
index 372e4e6..deaea88 100644
--- a/arch/m68k/Kconfig
+++ b/arch/m68k/Kconfig
@@ -19,6 +19,8 @@ config M68K
 	select GENERIC_STRNCPY_FROM_USER if MMU
 	select GENERIC_STRNLEN_USER if MMU
 	select HAVE_AOUT if MMU
+	select HAVE_ARCH_SECCOMP
+	select HAVE_ARCH_SECCOMP_FILTER
 	select HAVE_ASM_MODVERSIONS
 	select HAVE_DEBUG_BUGVERBOSE
 	select HAVE_FUTEX_CMPXCHG if MMU && FUTEX
diff --git a/arch/m68k/include/asm/seccomp.h b/arch/m68k/include/asm/seccomp.h
new file mode 100644
index 0000000..de8a94e
--- /dev/null
+++ b/arch/m68k/include/asm/seccomp.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef _ASM_SECCOMP_H
+#define _ASM_SECCOMP_H
+
+#include <asm-generic/seccomp.h>
+
+#define SECCOMP_ARCH_NATIVE		AUDIT_ARCH_M68K
+#define SECCOMP_ARCH_NATIVE_NR		NR_syscalls
+#define SECCOMP_ARCH_NATIVE_NAME	"m68k"
+
+#endif /* _ASM_SECCOMP_H */
diff --git a/arch/m68k/include/asm/syscall.h b/arch/m68k/include/asm/syscall.h
index 465ac03..87bf69f 100644
--- a/arch/m68k/include/asm/syscall.h
+++ b/arch/m68k/include/asm/syscall.h
@@ -4,6 +4,39 @@
 
 #include <uapi/linux/audit.h>
 
+#include <asm/unistd.h>
+
+extern const unsigned long sys_call_table[];
+
+static inline int syscall_get_nr(struct task_struct *task,
+				 struct pt_regs *regs)
+{
+	return regs->orig_d0;
+}
+
+static inline void syscall_rollback(struct task_struct *task,
+				    struct pt_regs *regs)
+{
+	regs->d0 = regs->orig_d0;
+}
+
+static inline void syscall_set_return_value(struct task_struct *task,
+					    struct pt_regs *regs,
+					    int error, long val)
+{
+	regs->d0 = (long) error ? error : val;
+}
+
+static inline void syscall_get_arguments(struct task_struct *task,
+					 struct pt_regs *regs,
+					 unsigned long *args)
+{
+	args[0] = regs->orig_d0;
+	args++;
+
+	memcpy(args, &regs->d0 + 1, 5 * sizeof(args[0]));
+}
+
 static inline int syscall_get_arch(struct task_struct *task)
 {
 	return AUDIT_ARCH_M68K;
diff --git a/arch/m68k/include/asm/thread_info.h b/arch/m68k/include/asm/thread_info.h
index 15a7570..d813fed 100644
--- a/arch/m68k/include/asm/thread_info.h
+++ b/arch/m68k/include/asm/thread_info.h
@@ -64,6 +64,7 @@ static inline struct thread_info *current_thread_info(void)
 #define TIF_NOTIFY_RESUME	5	/* callback before returning to user */
 #define TIF_SIGPENDING		6	/* signal pending */
 #define TIF_NEED_RESCHED	7	/* rescheduling necessary */
+#define TIF_SECCOMP		13	/* seccomp syscall filtering active */
 #define TIF_DELAYED_TRACE	14	/* single step a syscall */
 #define TIF_SYSCALL_TRACE	15	/* syscall trace active */
 #define TIF_MEMDIE		16	/* is terminating due to OOM killer */
@@ -72,6 +73,7 @@ static inline struct thread_info *current_thread_info(void)
 #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
 #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
 #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
+#define _TIF_SECCOMP		(1 << TIF_SECCOMP)
 #define _TIF_DELAYED_TRACE	(1 << TIF_DELAYED_TRACE)
 #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
 #define _TIF_MEMDIE		(1 << TIF_MEMDIE)
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index 74d58a8..bc2490c 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -19,6 +19,7 @@
 #include <linux/ptrace.h>
 #include <linux/user.h>
 #include <linux/signal.h>
+#include <linux/seccomp.h>
 #include <linux/tracehook.h>
 
 #include <linux/uaccess.h>
@@ -277,6 +278,10 @@ asmlinkage int syscall_trace_enter(void)
 
 	if (test_thread_flag(TIF_SYSCALL_TRACE))
 		ret = tracehook_report_syscall_entry(task_pt_regs(current));
+
+	if (secure_computing() == -1)
+		return -1;
+
 	return ret;
 }
 
-- 
2.7.4

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Geert Uytterhoeven]

Hi Michael,

On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Add secure_computing() call to syscall_trace_enter to actually
> filter system calls.
>
> Add necessary arch Kconfig options, define TIF_SECCOMP trace
> flag and provide basic seccomp filter support in asm/syscall.h
>
> syscall_get_nr currently uses the syscall nr stored in orig_d0
> because we change d0 to a default return code before starting a
> syscall trace. This may be inconsistent with syscall_rollback
> copying orig_d0 to d0 (which we never check upon return from
> trace). We use d0 for the return code from syscall_trace_enter
> in entry.S currently, and could perhaps expand that to store
> a new syscall number returned by the seccomp filter before
> executing the syscall. This clearly needs some discussion.
>
> Compiles (for Atari) and boots on ARAnyM, otherwise untested.
>
> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>

Thanks for your patch!

> --- a/arch/m68k/include/asm/syscall.h
> +++ b/arch/m68k/include/asm/syscall.h
> @@ -4,6 +4,39 @@
>
>  #include <uapi/linux/audit.h>
>
> +#include <asm/unistd.h>
> +
> +extern const unsigned long sys_call_table[];
> +
> +static inline int syscall_get_nr(struct task_struct *task,
> +                                struct pt_regs *regs)
> +{
> +       return regs->orig_d0;
> +}
> +
> +static inline void syscall_rollback(struct task_struct *task,
> +                                   struct pt_regs *regs)
> +{
> +       regs->d0 = regs->orig_d0;
> +}
> +
> +static inline void syscall_set_return_value(struct task_struct *task,
> +                                           struct pt_regs *regs,
> +                                           int error, long val)
> +{
> +       regs->d0 = (long) error ? error : val;
> +}
> +
> +static inline void syscall_get_arguments(struct task_struct *task,
> +                                        struct pt_regs *regs,
> +                                        unsigned long *args)
> +{
> +       args[0] = regs->orig_d0;
> +       args++;
> +
> +       memcpy(args, &regs->d0 + 1, 5 * sizeof(args[0]));

This doesn't look right to me: "&regs->d0 + 1" is "&regs->orig_d0"
again, and there are no registers after that.
Perhaps you meant "&regs->d1"?

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Geert Uytterhoeven]

Hi Michael,

On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Add secure_computing() call to syscall_trace_enter to actually
> filter system calls.
>
> Add necessary arch Kconfig options, define TIF_SECCOMP trace
> flag and provide basic seccomp filter support in asm/syscall.h
>
> syscall_get_nr currently uses the syscall nr stored in orig_d0
> because we change d0 to a default return code before starting a
> syscall trace. This may be inconsistent with syscall_rollback
> copying orig_d0 to d0 (which we never check upon return from
> trace). We use d0 for the return code from syscall_trace_enter
> in entry.S currently, and could perhaps expand that to store
> a new syscall number returned by the seccomp filter before
> executing the syscall. This clearly needs some discussion.
>
> Compiles (for Atari) and boots on ARAnyM, otherwise untested.
>
> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
> ---
>  arch/m68k/Kconfig                   |  2 ++
>  arch/m68k/include/asm/seccomp.h     | 11 +++++++++++
>  arch/m68k/include/asm/syscall.h     | 33 +++++++++++++++++++++++++++++++++
>  arch/m68k/include/asm/thread_info.h |  2 ++
>  arch/m68k/kernel/ptrace.c           |  5 +++++
>  5 files changed, 53 insertions(+)
>  create mode 100644 arch/m68k/include/asm/seccomp.h
>
> diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
> index 372e4e6..deaea88 100644
> --- a/arch/m68k/Kconfig
> +++ b/arch/m68k/Kconfig
> @@ -19,6 +19,8 @@ config M68K
>         select GENERIC_STRNCPY_FROM_USER if MMU
>         select GENERIC_STRNLEN_USER if MMU
>         select HAVE_AOUT if MMU
> +       select HAVE_ARCH_SECCOMP
> +       select HAVE_ARCH_SECCOMP_FILTER

So the status should be changed from "TODO" to "ok" in
Documentation/features/seccomp/seccomp-filter/arch-support.txt

BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/

I kept on up-porting it, but haven't exercised it recently.
Recent version looks like (gmail-whitespace-damaged):

--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -135,6 +135,8 @@ struct seccomp_data {
 #  define __NR_seccomp 337
 # elif defined(__sh__)
 #  define __NR_seccomp 372
+# elif defined(__mc68000__)
+#  define __NR_seccomp 380
 # else
 #  warning "seccomp syscall number unknown for this architecture"
 #  define __NR_seccomp 0xffff
@@ -1815,6 +1817,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
 # define ARCH_REGS             struct pt_regs
 # define SYSCALL_NUM(_regs)    (_regs).regs[3]
 # define SYSCALL_RET(_regs)    (_regs).regs[0]
+#elif defined(__mc68000__)
+# define ARCH_REGS             struct pt_regs
+# define SYSCALL_NUM(_regs)    (_regs).orig_d0
+# define SYSCALL_RET(_regs)    (_regs).d0
 #else
 # error "Do not know how to find your architecture's registers and syscalls"
 #endif
@@ -1879,7 +1885,7 @@ const bool ptrace_entry_set_syscall_ret =
  * Use PTRACE_GETREGS and PTRACE_SETREGS when available. This is useful for
  * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
  */
-#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__i386__) || defined(__mips__) ||
defined(__mc68000)
 # define ARCH_GETREGS(_regs)   ptrace(PTRACE_GETREGS, tracee, 0, &(_regs))
 # define ARCH_SETREGS(_regs)   ptrace(PTRACE_SETREGS, tracee, 0, &(_regs))
 #else

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Michael Schmitz]

Hi Geert,

thanks for reviewing this!

Am 23.06.2021 um 19:26 schrieb Geert Uytterhoeven:
> Hi Michael,
>
> On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> Compiles (for Atari) and boots on ARAnyM, otherwise untested.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>
> Thanks for your patch!
>
>> --- a/arch/m68k/include/asm/syscall.h
>> +++ b/arch/m68k/include/asm/syscall.h
>> @@ -4,6 +4,39 @@
>>
>>  #include <uapi/linux/audit.h>
>>
>> +#include <asm/unistd.h>
>> +
>> +extern const unsigned long sys_call_table[];
>> +
>> +static inline int syscall_get_nr(struct task_struct *task,
>> +                                struct pt_regs *regs)
>> +{
>> +       return regs->orig_d0;
>> +}
>> +
>> +static inline void syscall_rollback(struct task_struct *task,
>> +                                   struct pt_regs *regs)
>> +{
>> +       regs->d0 = regs->orig_d0;
>> +}
>> +
>> +static inline void syscall_set_return_value(struct task_struct *task,
>> +                                           struct pt_regs *regs,
>> +                                           int error, long val)
>> +{
>> +       regs->d0 = (long) error ? error : val;
>> +}
>> +
>> +static inline void syscall_get_arguments(struct task_struct *task,
>> +                                        struct pt_regs *regs,
>> +                                        unsigned long *args)
>> +{
>> +       args[0] = regs->orig_d0;
>> +       args++;
>> +
>> +       memcpy(args, &regs->d0 + 1, 5 * sizeof(args[0]));
>
> This doesn't look right to me: "&regs->d0 + 1" is "&regs->orig_d0"
> again, and there are no registers after that.
> Perhaps you meant "&regs->d1"?

Well spotted - that's a copy&paste error I didn't catch.

I'll look at the patch you referenced in the other mail later - Adrian 
was going to test my patch with his libseccomp version. If I can build a 
simple test case myself, all the better.

Cheers,

	Michael

>
> Gr{oetje,eeting}s,
>
>                         Geert
>

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Michael Schmitz]

Hi Geert, Andeas,
I admit I am no great shakes at libc stuff - how is syscall argument
no. 6 passed in the few syscalls that have this many arguments?
Cheers,
  Michael

On Wed, Jun 23, 2021 at 7:27 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
>
> Hi Michael,
>
> On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> > Add secure_computing() call to syscall_trace_enter to actually
> > filter system calls.
> >
> > Add necessary arch Kconfig options, define TIF_SECCOMP trace
> > flag and provide basic seccomp filter support in asm/syscall.h
> >
> > syscall_get_nr currently uses the syscall nr stored in orig_d0
> > because we change d0 to a default return code before starting a
> > syscall trace. This may be inconsistent with syscall_rollback
> > copying orig_d0 to d0 (which we never check upon return from
> > trace). We use d0 for the return code from syscall_trace_enter
> > in entry.S currently, and could perhaps expand that to store
> > a new syscall number returned by the seccomp filter before
> > executing the syscall. This clearly needs some discussion.
> >
> > Compiles (for Atari) and boots on ARAnyM, otherwise untested.
> >
> > Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>
> Thanks for your patch!
>
> > --- a/arch/m68k/include/asm/syscall.h
> > +++ b/arch/m68k/include/asm/syscall.h
> > @@ -4,6 +4,39 @@
> >
> >  #include <uapi/linux/audit.h>
> >
> > +#include <asm/unistd.h>
> > +
> > +extern const unsigned long sys_call_table[];
> > +
> > +static inline int syscall_get_nr(struct task_struct *task,
> > +                                struct pt_regs *regs)
> > +{
> > +       return regs->orig_d0;
> > +}
> > +
> > +static inline void syscall_rollback(struct task_struct *task,
> > +                                   struct pt_regs *regs)
> > +{
> > +       regs->d0 = regs->orig_d0;
> > +}
> > +
> > +static inline void syscall_set_return_value(struct task_struct *task,
> > +                                           struct pt_regs *regs,
> > +                                           int error, long val)
> > +{
> > +       regs->d0 = (long) error ? error : val;
> > +}
> > +
> > +static inline void syscall_get_arguments(struct task_struct *task,
> > +                                        struct pt_regs *regs,
> > +                                        unsigned long *args)
> > +{
> > +       args[0] = regs->orig_d0;
> > +       args++;
> > +
> > +       memcpy(args, &regs->d0 + 1, 5 * sizeof(args[0]));
>
> This doesn't look right to me: "&regs->d0 + 1" is "&regs->orig_d0"
> again, and there are no registers after that.
> Perhaps you meant "&regs->d1"?
>
> Gr{oetje,eeting}s,
>
>                         Geert
>
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
>
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                 -- Linus Torvalds

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Michael Schmitz]

Hi Geert,

I haven't been able to compile that one using the cross compiler:

m68k-linux-gnu-gcc -Wl,-no-as-needed -Wall  -lpthread seccomp_bpf.c  -o 
/usr/misc/m68k/linux-m68k-git/linux-m68k/tools/testing/selftests/seccomp/seccomp_bpf
seccomp_bpf.c: In function ‘user_notification_addfd’:
seccomp_bpf.c:3968:10: warning: implicit declaration of function 
‘memfd_create’ [-Wimplicit-function-declaration]
   memfd = memfd_create("test", 0);
           ^
/tmp/ccfLGgXj.o: In function `user_notification_addfd':
seccomp_bpf.c:(.text+0x2ab32): undefined reference to `memfd_create'
/tmp/ccfLGgXj.o: In function `user_notification_addfd_rlimit':
seccomp_bpf.c:(.text+0x2c8a2): undefined reference to `memfd_create'
collect2: error: ld returned 1 exit status
../lib.mk:144: recipe for target 
'/usr/misc/m68k/linux-m68k-git/linux-m68k/tools/testing/selftests/seccomp/seccomp_bpf' 
failed

Adding the memfd_create definition found in 
tools/testing/selftests/drivers/dma-buf/udmabuf.c:

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c 
b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 66f5145..231d772 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -266,6 +266,11 @@ struct seccomp_notif_addfd_big {
  #define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4)
  #endif

+static int memfd_create(const char *name, unsigned int flags)
+{
+       return syscall(__NR_memfd_create, name, flags);
+}
+
  #ifndef seccomp
  int seccomp(unsigned int op, unsigned int flags, void *args)
  {

allows the tests to compile.

Running the test cases requires a fairly recent system - seccomp_bpf had 
35 tests pass, 52 fail.

Cheers,

     Michael




On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> Hi Michael,
>
> On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> Compiles (for Atari) and boots on ARAnyM, otherwise untested.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>> ---
>>   arch/m68k/Kconfig                   |  2 ++
>>   arch/m68k/include/asm/seccomp.h     | 11 +++++++++++
>>   arch/m68k/include/asm/syscall.h     | 33 +++++++++++++++++++++++++++++++++
>>   arch/m68k/include/asm/thread_info.h |  2 ++
>>   arch/m68k/kernel/ptrace.c           |  5 +++++
>>   5 files changed, 53 insertions(+)
>>   create mode 100644 arch/m68k/include/asm/seccomp.h
>>
>> diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
>> index 372e4e6..deaea88 100644
>> --- a/arch/m68k/Kconfig
>> +++ b/arch/m68k/Kconfig
>> @@ -19,6 +19,8 @@ config M68K
>>          select GENERIC_STRNCPY_FROM_USER if MMU
>>          select GENERIC_STRNLEN_USER if MMU
>>          select HAVE_AOUT if MMU
>> +       select HAVE_ARCH_SECCOMP
>> +       select HAVE_ARCH_SECCOMP_FILTER
> So the status should be changed from "TODO" to "ok" in
> Documentation/features/seccomp/seccomp-filter/arch-support.txt
>
> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>
> I kept on up-porting it, but haven't exercised it recently.
> Recent version looks like (gmail-whitespace-damaged):
>
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -135,6 +135,8 @@ struct seccomp_data {
>   #  define __NR_seccomp 337
>   # elif defined(__sh__)
>   #  define __NR_seccomp 372
> +# elif defined(__mc68000__)
> +#  define __NR_seccomp 380
>   # else
>   #  warning "seccomp syscall number unknown for this architecture"
>   #  define __NR_seccomp 0xffff
> @@ -1815,6 +1817,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
>   # define ARCH_REGS             struct pt_regs
>   # define SYSCALL_NUM(_regs)    (_regs).regs[3]
>   # define SYSCALL_RET(_regs)    (_regs).regs[0]
> +#elif defined(__mc68000__)
> +# define ARCH_REGS             struct pt_regs
> +# define SYSCALL_NUM(_regs)    (_regs).orig_d0
> +# define SYSCALL_RET(_regs)    (_regs).d0
>   #else
>   # error "Do not know how to find your architecture's registers and syscalls"
>   #endif
> @@ -1879,7 +1885,7 @@ const bool ptrace_entry_set_syscall_ret =
>    * Use PTRACE_GETREGS and PTRACE_SETREGS when available. This is useful for
>    * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
>    */
> -#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
> +#if defined(__x86_64__) || defined(__i386__) || defined(__mips__) ||
> defined(__mc68000)
>   # define ARCH_GETREGS(_regs)   ptrace(PTRACE_GETREGS, tracee, 0, &(_regs))
>   # define ARCH_SETREGS(_regs)   ptrace(PTRACE_SETREGS, tracee, 0, &(_regs))
>   #else
>
> Gr{oetje,eeting}s,
>
>                          Geert
>

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Michael Schmitz]

Hi Geert,

I haven't been able to compile that one using the cross compiler:

m68k-linux-gnu-gcc -Wl,-no-as-needed -Wall  -lpthread seccomp_bpf.c  -o 
/usr/misc/m68k/linux-m68k-git/linux-m68k/tools/testing/selftests/seccomp/seccomp_bpf
seccomp_bpf.c: In function ‘user_notification_addfd’:
seccomp_bpf.c:3968:10: warning: implicit declaration of function 
‘memfd_create’ [-Wimplicit-function-declaration]
   memfd = memfd_create("test", 0);
           ^
/tmp/ccfLGgXj.o: In function `user_notification_addfd':
seccomp_bpf.c:(.text+0x2ab32): undefined reference to `memfd_create'
/tmp/ccfLGgXj.o: In function `user_notification_addfd_rlimit':
seccomp_bpf.c:(.text+0x2c8a2): undefined reference to `memfd_create'
collect2: error: ld returned 1 exit status
../lib.mk:144: recipe for target 
'/usr/misc/m68k/linux-m68k-git/linux-m68k/tools/testing/selftests/seccomp/seccomp_bpf' 
failed

Adding the memfd_create definition found in 
tools/testing/selftests/drivers/dma-buf/udmabuf.c:

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c 
b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 66f5145..231d772 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -266,6 +266,11 @@ struct seccomp_notif_addfd_big {
  #define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4)
  #endif

+static int memfd_create(const char *name, unsigned int flags)
+{
+       return syscall(__NR_memfd_create, name, flags);
+}
+
  #ifndef seccomp
  int seccomp(unsigned int op, unsigned int flags, void *args)
  {

allows the tests to compile.

Running the test cases requires a fairly recent system - seccomp_bpf had 
35 tests pass, 52 fail.

Cheers,

     Michael




On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> Hi Michael,
>
> On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> Compiles (for Atari) and boots on ARAnyM, otherwise untested.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>> ---
>>   arch/m68k/Kconfig                   |  2 ++
>>   arch/m68k/include/asm/seccomp.h     | 11 +++++++++++
>>   arch/m68k/include/asm/syscall.h     | 33 +++++++++++++++++++++++++++++++++
>>   arch/m68k/include/asm/thread_info.h |  2 ++
>>   arch/m68k/kernel/ptrace.c           |  5 +++++
>>   5 files changed, 53 insertions(+)
>>   create mode 100644 arch/m68k/include/asm/seccomp.h
>>
>> diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
>> index 372e4e6..deaea88 100644
>> --- a/arch/m68k/Kconfig
>> +++ b/arch/m68k/Kconfig
>> @@ -19,6 +19,8 @@ config M68K
>>          select GENERIC_STRNCPY_FROM_USER if MMU
>>          select GENERIC_STRNLEN_USER if MMU
>>          select HAVE_AOUT if MMU
>> +       select HAVE_ARCH_SECCOMP
>> +       select HAVE_ARCH_SECCOMP_FILTER
> So the status should be changed from "TODO" to "ok" in
> Documentation/features/seccomp/seccomp-filter/arch-support.txt
>
> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>
> I kept on up-porting it, but haven't exercised it recently.
> Recent version looks like (gmail-whitespace-damaged):
>
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -135,6 +135,8 @@ struct seccomp_data {
>   #  define __NR_seccomp 337
>   # elif defined(__sh__)
>   #  define __NR_seccomp 372
> +# elif defined(__mc68000__)
> +#  define __NR_seccomp 380
>   # else
>   #  warning "seccomp syscall number unknown for this architecture"
>   #  define __NR_seccomp 0xffff
> @@ -1815,6 +1817,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
>   # define ARCH_REGS             struct pt_regs
>   # define SYSCALL_NUM(_regs)    (_regs).regs[3]
>   # define SYSCALL_RET(_regs)    (_regs).regs[0]
> +#elif defined(__mc68000__)
> +# define ARCH_REGS             struct pt_regs
> +# define SYSCALL_NUM(_regs)    (_regs).orig_d0
> +# define SYSCALL_RET(_regs)    (_regs).d0
>   #else
>   # error "Do not know how to find your architecture's registers and syscalls"
>   #endif
> @@ -1879,7 +1885,7 @@ const bool ptrace_entry_set_syscall_ret =
>    * Use PTRACE_GETREGS and PTRACE_SETREGS when available. This is useful for
>    * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
>    */
> -#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
> +#if defined(__x86_64__) || defined(__i386__) || defined(__mips__) ||
> defined(__mc68000)
>   # define ARCH_GETREGS(_regs)   ptrace(PTRACE_GETREGS, tracee, 0, &(_regs))
>   # define ARCH_SETREGS(_regs)   ptrace(PTRACE_SETREGS, tracee, 0, &(_regs))
>   #else
>
> Gr{oetje,eeting}s,
>
>                          Geert
>

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Michael Schmitz]

[-- Attachment #1: Type: text/plain, Size: 465 bytes --]

Hi Geert,

On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>
> I kept on up-porting it, but haven't exercised it recently.

See attached for test results on my ARAnyM image (Laurent's qemu image, 
essentially).

Is that any different from what you got in your earlier tests?

Cheers,

     Michael



[-- Attachment #2: test-benchmark --]
[-- Type: text/plain, Size: 1179 bytes --]

sysctl: cannot stat /proc/sys/net/core/bpf_jit_enable: No such file or directory
sysctl: cannot stat /proc/sys/net/core/bpf_jit_harden: No such file or directory
Current BPF sysctl settings:
Calibrating sample size for 15 seconds worth of syscalls ...
Benchmarking 17652210 syscalls...
15.650000000 - 1.010000000 = 14640000000 (14.6s)
getpid native: 829 ns
73.810000000 - 15.650000000 = 58160000000 (58.2s)
getpid RET_ALLOW 1 filter (bitmap): 3294 ns
131.880000000 - 73.810000000 = 58070000000 (58.1s)
getpid RET_ALLOW 2 filters (bitmap): 3289 ns
189.930000000 - 131.880000000 = 58050000000 (58.0s)
getpid RET_ALLOW 3 filters (full): 3288 ns
247.960000000 - 189.930000000 = 58030000000 (58.0s)
getpid RET_ALLOW 4 filters (full): 3287 ns
Estimated total seccomp overhead for 1 bitmapped filter: 2465 ns
Estimated total seccomp overhead for 2 bitmapped filters: 2460 ns
Estimated total seccomp overhead for 3 full filters: 2459 ns
Estimated total seccomp overhead for 4 full filters: 2458 ns
Estimated seccomp entry overhead: 2470 ns
Estimated seccomp per-filter overhead (last 2 diff): 18446744073709551615 ns
Saw unexpected benchmark result. Try running again with more samples?

[-- Attachment #3: test-bpf --]
[-- Type: text/plain, Size: 21630 bytes --]

TAP version 13
1..87
# Starting 87 tests from 7 test cases.
#  RUN           TRAP.dfl ...
# dfl: Test exited normally instead of by signal (code: 0)
#          FAIL  TRAP.dfl
not ok 1 TRAP.dfl
#  RUN           TRAP.ign ...
# ign: Test exited normally instead of by signal (code: 0)
#          FAIL  TRAP.ign
not ok 2 TRAP.ign
#  RUN           TRAP.handler ...
# seccomp_bpf.c:1130:handler:Expected SIGSYS (31) == test (0)
# seccomp_bpf.c:1141:handler:Expected __NR_getpid (20) == sigsys->_syscall (0)
# seccomp_bpf.c:1143:handler:Expected 0 (0) != sigsys->_arch (0)
# seccomp_bpf.c:1144:handler:Expected 0 (0) != (unsigned long)sigsys->_call_addr (0)
# handler: Test failed at step #5
#          FAIL  TRAP.handler
not ok 3 TRAP.handler
#  RUN           precedence.allow_ok ...
#            OK  precedence.allow_ok
ok 4 precedence.allow_ok
#  RUN           precedence.kill_is_highest ...
# seccomp_bpf.c:1274:kill_is_highest:Expected 0 (0) == res (2034)
# kill_is_highest: Test exited normally instead of by signal (code: 13)
#          FAIL  precedence.kill_is_highest
not ok 5 precedence.kill_is_highest
#  RUN           precedence.kill_is_highest_in_any_order ...
# seccomp_bpf.c:1301:kill_is_highest_in_any_order:Expected 0 (0) == syscall(__NR_getpid) (2035)
# kill_is_highest_in_any_order: Test exited normally instead of by signal (code: 13)
#          FAIL  precedence.kill_is_highest_in_any_order
not ok 6 precedence.kill_is_highest_in_any_order
#  RUN           precedence.trap_is_second ...
# seccomp_bpf.c:1326:trap_is_second:Expected 0 (0) == syscall(__NR_getpid) (2036)
# trap_is_second: Test exited normally instead of by signal (code: 12)
#          FAIL  precedence.trap_is_second
not ok 7 precedence.trap_is_second
#  RUN           precedence.trap_is_second_in_any_order ...
# seccomp_bpf.c:1351:trap_is_second_in_any_order:Expected 0 (0) == syscall(__NR_getpid) (2037)
# trap_is_second_in_any_order: Test exited normally instead of by signal (code: 12)
#          FAIL  precedence.trap_is_second_in_any_order
not ok 8 precedence.trap_is_second_in_any_order
#  RUN           precedence.errno_is_third ...
# seccomp_bpf.c:1373:errno_is_third:Expected 0 (0) == syscall(__NR_getpid) (2038)
# errno_is_third: Test failed at step #11
#          FAIL  precedence.errno_is_third
not ok 9 precedence.errno_is_third
#  RUN           precedence.errno_is_third_in_any_order ...
# seccomp_bpf.c:1395:errno_is_third_in_any_order:Expected 0 (0) == syscall(__NR_getpid) (2039)
# errno_is_third_in_any_order: Test failed at step #11
#          FAIL  precedence.errno_is_third_in_any_order
not ok 10 precedence.errno_is_third_in_any_order
#  RUN           precedence.trace_is_fourth ...
# seccomp_bpf.c:1416:trace_is_fourth:Expected -1 (-1) == syscall(__NR_getpid) (2040)
# trace_is_fourth: Test failed at step #10
#          FAIL  precedence.trace_is_fourth
not ok 11 precedence.trace_is_fourth
#  RUN           precedence.trace_is_fourth_in_any_order ...
# seccomp_bpf.c:1437:trace_is_fourth_in_any_order:Expected -1 (-1) == syscall(__NR_getpid) (2041)
# trace_is_fourth_in_any_order: Test failed at step #10
#          FAIL  precedence.trace_is_fourth_in_any_order
not ok 12 precedence.trace_is_fourth_in_any_order
#  RUN           precedence.log_is_fifth ...
#            OK  precedence.log_is_fifth
ok 13 precedence.log_is_fifth
#  RUN           precedence.log_is_fifth_in_any_order ...
#            OK  precedence.log_is_fifth_in_any_order
ok 14 precedence.log_is_fifth_in_any_order
#  RUN           TRACE_poke.read_has_side_effects ...
# seccomp_bpf.c:1689:read_has_side_effects:Expected 0x1001 (4097) == self->poked (0)
# read_has_side_effects: Test failed at step #5
#          FAIL  TRACE_poke.read_has_side_effects
not ok 15 TRACE_poke.read_has_side_effects
#  RUN           TRACE_poke.getpid_runs_normally ...
#            OK  TRACE_poke.getpid_runs_normally
ok 16 TRACE_poke.getpid_runs_normally
#  RUN           TRACE_syscall.ptrace.negative_ENOSYS ...
# seccomp_bpf.c:1907:negative_ENOSYS:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
#            OK  TRACE_syscall.ptrace.negative_ENOSYS
ok 17 TRACE_syscall.ptrace.negative_ENOSYS
#  RUN           TRACE_syscall.ptrace.syscall_allowed ...
# seccomp_bpf.c:1907:syscall_allowed:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
#            OK  TRACE_syscall.ptrace.syscall_allowed
ok 18 TRACE_syscall.ptrace.syscall_allowed
#  RUN           TRACE_syscall.ptrace.syscall_redirected ...
# seccomp_bpf.c:1907:syscall_redirected:Expected 0 (-1073656156) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2171:syscall_redirected:Expected self->parent (2029) == syscall(__NR_getpid) (2052)
# seccomp_bpf.c:2172:syscall_redirected:Expected self->mypid (2052) != syscall(__NR_getpid) (2052)
# syscall_redirected: Test failed at step #9
#          FAIL  TRACE_syscall.ptrace.syscall_redirected
not ok 19 TRACE_syscall.ptrace.syscall_redirected
#  RUN           TRACE_syscall.ptrace.syscall_errno ...
# seccomp_bpf.c:1907:syscall_errno:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2178:syscall_errno:Expected -(-3) (3) == errno (14)
# syscall_errno: Test failed at step #9
#          FAIL  TRACE_syscall.ptrace.syscall_errno
not ok 20 TRACE_syscall.ptrace.syscall_errno
#  RUN           TRACE_syscall.ptrace.syscall_faked ...
# seccomp_bpf.c:1907:syscall_faked:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2184:syscall_faked:Expected 45000 (45000) == syscall(221) (2056)
# syscall_faked: Test failed at step #9
#          FAIL  TRACE_syscall.ptrace.syscall_faked
not ok 21 TRACE_syscall.ptrace.syscall_faked
#  RUN           TRACE_syscall.ptrace.skip_after ...
# seccomp_bpf.c:1907:skip_after:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2208:skip_after:Expected -1 (-1) == syscall(__NR_getpid) (2058)
# seccomp_bpf.c:2209:skip_after:Expected EPERM (1) == errno (0)
# skip_after: Test failed at step #10
#          FAIL  TRACE_syscall.ptrace.skip_after
not ok 22 TRACE_syscall.ptrace.skip_after
#  RUN           TRACE_syscall.ptrace.kill_after ...
# seccomp_bpf.c:1907:kill_after:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2232:kill_after:Expected self->mypid (2060) != syscall(__NR_getpid) (2060)
# kill_after: Test exited normally instead of by signal (code: 10)
#          FAIL  TRACE_syscall.ptrace.kill_after
not ok 23 TRACE_syscall.ptrace.kill_after
#  RUN           TRACE_syscall.seccomp.negative_ENOSYS ...
#            OK  TRACE_syscall.seccomp.negative_ENOSYS
ok 24 TRACE_syscall.seccomp.negative_ENOSYS
#  RUN           TRACE_syscall.seccomp.syscall_allowed ...
#            OK  TRACE_syscall.seccomp.syscall_allowed
ok 25 TRACE_syscall.seccomp.syscall_allowed
#  RUN           TRACE_syscall.seccomp.syscall_redirected ...
# seccomp_bpf.c:2171:syscall_redirected:Expected self->parent (2029) == syscall(__NR_getpid) (2066)
# seccomp_bpf.c:2172:syscall_redirected:Expected self->mypid (2066) != syscall(__NR_getpid) (2066)
# syscall_redirected: Test failed at step #10
#          FAIL  TRACE_syscall.seccomp.syscall_redirected
not ok 26 TRACE_syscall.seccomp.syscall_redirected
#  RUN           TRACE_syscall.seccomp.syscall_errno ...
# seccomp_bpf.c:2178:syscall_errno:Expected -(-3) (3) == errno (14)
# syscall_errno: Test failed at step #10
#          FAIL  TRACE_syscall.seccomp.syscall_errno
not ok 27 TRACE_syscall.seccomp.syscall_errno
#  RUN           TRACE_syscall.seccomp.syscall_faked ...
# seccomp_bpf.c:2184:syscall_faked:Expected 45000 (45000) == syscall(221) (2070)
# syscall_faked: Test failed at step #10
#          FAIL  TRACE_syscall.seccomp.syscall_faked
not ok 28 TRACE_syscall.seccomp.syscall_faked
#  RUN           TRACE_syscall.seccomp.skip_after ...
# seccomp_bpf.c:2208:skip_after:Expected -1 (-1) == syscall(__NR_getpid) (2072)
# seccomp_bpf.c:2209:skip_after:Expected EPERM (1) == errno (0)
# skip_after: Test failed at step #11
#          FAIL  TRACE_syscall.seccomp.skip_after
not ok 29 TRACE_syscall.seccomp.skip_after
#  RUN           TRACE_syscall.seccomp.kill_after ...
# seccomp_bpf.c:2232:kill_after:Expected self->mypid (2074) != syscall(__NR_getpid) (2074)
# kill_after: Test exited normally instead of by signal (code: 11)
#          FAIL  TRACE_syscall.seccomp.kill_after
not ok 30 TRACE_syscall.seccomp.kill_after
#  RUN           TSYNC.siblings_fail_prctl ...
# seccomp_bpf.c:2636:siblings_fail_prctl:Expected SIBLING_EXIT_FAILURE (195951310) == (long)status (195935983)
# siblings_fail_prctl: Test failed at step #6
#          FAIL  TSYNC.siblings_fail_prctl
not ok 31 TSYNC.siblings_fail_prctl
#  RUN           TSYNC.two_siblings_with_ancestor ...
# seccomp_bpf.c:2678:two_siblings_with_ancestor:Expected 0x0 (0) == (long)status (195935983)
# seccomp_bpf.c:2680:two_siblings_with_ancestor:Expected 0x0 (0) == (long)status (195935983)
# two_siblings_with_ancestor: Test failed at step #7
#          FAIL  TSYNC.two_siblings_with_ancestor
not ok 32 TSYNC.two_siblings_with_ancestor
#  RUN           TSYNC.two_sibling_want_nnp ...
#            OK  TSYNC.two_sibling_want_nnp
ok 33 TSYNC.two_sibling_want_nnp
#  RUN           TSYNC.two_siblings_with_no_filter ...
# seccomp_bpf.c:2744:two_siblings_with_no_filter:Expected 0x0 (0) == (long)status (195935983)
# seccomp_bpf.c:2746:two_siblings_with_no_filter:Expected 0x0 (0) == (long)status (195935983)
# two_siblings_with_no_filter: Test failed at step #6
#          FAIL  TSYNC.two_siblings_with_no_filter
not ok 34 TSYNC.two_siblings_with_no_filter
#  RUN           TSYNC.two_siblings_with_one_divergence ...
#            OK  TSYNC.two_siblings_with_one_divergence
ok 35 TSYNC.two_siblings_with_one_divergence
#  RUN           TSYNC.two_siblings_with_one_divergence_no_tid_in_err ...
#            OK  TSYNC.two_siblings_with_one_divergence_no_tid_in_err
ok 36 TSYNC.two_siblings_with_one_divergence_no_tid_in_err
#  RUN           TSYNC.two_siblings_not_under_filter ...
# seccomp_bpf.c:2923:two_siblings_not_under_filter:Expected 0 (0) == (long)status (195935983)
# two_siblings_not_under_filter: Test failed at step #9
#          FAIL  TSYNC.two_siblings_not_under_filter
not ok 37 TSYNC.two_siblings_not_under_filter
#  RUN           global.kcmp ...
# seccomp_bpf.c:323:kcmp:Expected ret (-1) == 0 (0)
#      SKIP      Kernel does not support kcmp() (missing CONFIG_KCMP?)
#            OK  global.kcmp
ok 38 # SKIP Kernel does not support kcmp() (missing CONFIG_KCMP?)
#  RUN           global.mode_strict_support ...
#            OK  global.mode_strict_support
ok 39 global.mode_strict_support
#  RUN           global.mode_strict_cannot_call_prctl ...
# seccomp_bpf.c:349:mode_strict_cannot_call_prctl:Expected 0 (0) == true (1)
# seccomp_bpf.c:350:mode_strict_cannot_call_prctl:Unreachable!
# mode_strict_cannot_call_prctl: Test exited normally instead of by signal (code: 1)
#          FAIL  global.mode_strict_cannot_call_prctl
not ok 40 global.mode_strict_cannot_call_prctl
#  RUN           global.no_new_privs_support ...
#            OK  global.no_new_privs_support
ok 41 global.no_new_privs_support
#  RUN           global.mode_filter_support ...
#            OK  global.mode_filter_support
ok 42 global.mode_filter_support
#  RUN           global.mode_filter_without_nnp ...
#            OK  global.mode_filter_without_nnp
ok 43 global.mode_filter_without_nnp
#  RUN           global.filter_size_limits ...
#            OK  global.filter_size_limits
ok 44 global.filter_size_limits
#  RUN           global.filter_chain_limits ...
#            OK  global.filter_chain_limits
ok 45 global.filter_chain_limits
#  RUN           global.mode_filter_cannot_move_to_strict ...
#            OK  global.mode_filter_cannot_move_to_strict
ok 46 global.mode_filter_cannot_move_to_strict
#  RUN           global.mode_filter_get_seccomp ...
#            OK  global.mode_filter_get_seccomp
ok 47 global.mode_filter_get_seccomp
#  RUN           global.ALLOW_all ...
#            OK  global.ALLOW_all
ok 48 global.ALLOW_all
#  RUN           global.empty_prog ...
#            OK  global.empty_prog
ok 49 global.empty_prog
#  RUN           global.log_all ...
#            OK  global.log_all
ok 50 global.log_all
#  RUN           global.unknown_ret_is_kill_inside ...
# seccomp_bpf.c:609:unknown_ret_is_kill_inside:Expected 0 (0) == syscall(__NR_getpid) (2110)
# seccomp_bpf.c:610:unknown_ret_is_kill_inside:getpid() shouldn't ever return
# unknown_ret_is_kill_inside: Test exited normally instead of by signal (code: 2)
#          FAIL  global.unknown_ret_is_kill_inside
not ok 51 global.unknown_ret_is_kill_inside
#  RUN           global.unknown_ret_is_kill_above_allow ...
# seccomp_bpf.c:631:unknown_ret_is_kill_above_allow:Expected 0 (0) == syscall(__NR_getpid) (2111)
# seccomp_bpf.c:632:unknown_ret_is_kill_above_allow:getpid() shouldn't ever return
# unknown_ret_is_kill_above_allow: Test exited normally instead of by signal (code: 2)
#          FAIL  global.unknown_ret_is_kill_above_allow
not ok 52 global.unknown_ret_is_kill_above_allow
#  RUN           global.KILL_all ...
# KILL_all: Test exited normally instead of by signal (code: 0)
#          FAIL  global.KILL_all
not ok 53 global.KILL_all
#  RUN           global.KILL_one ...
# seccomp_bpf.c:678:KILL_one:Expected 0 (0) == syscall(__NR_getpid) (2113)
# KILL_one: Test exited normally instead of by signal (code: 2)
#          FAIL  global.KILL_one
not ok 54 global.KILL_one
#  RUN           global.KILL_one_arg_one ...
# seccomp_bpf.c:714:KILL_one_arg_one:Expected 0 (0) == syscall(__NR_times, &fatal_address) (89022)
# KILL_one_arg_one: Test exited normally instead of by signal (code: 2)
#          FAIL  global.KILL_one_arg_one
not ok 55 global.KILL_one_arg_one
#  RUN           global.KILL_one_arg_six ...
# KILL_one_arg_six: Test exited normally instead of by signal (code: 0)
#          FAIL  global.KILL_one_arg_six
not ok 56 global.KILL_one_arg_six
#  RUN           global.KILL_thread ...
# seccomp_bpf.c:844:KILL_thread:Expected SIBLING_EXIT_FAILURE (195951310) != (unsigned long)status (195951310)
# seccomp_bpf.c:869:KILL_thread:Expected 0 (0) != WIFEXITED(status) (0)
# KILL_thread: Test terminated by assertion
#          FAIL  global.KILL_thread
not ok 57 global.KILL_thread
#  RUN           global.KILL_process ...
# seccomp_bpf.c:844:KILL_process:Expected SIBLING_EXIT_FAILURE (195951310) != (unsigned long)status (195951310)
# seccomp_bpf.c:889:KILL_process:Expected SIGSYS (31) == WTERMSIG(status) (6)
# KILL_process: Test terminated by assertion
#          FAIL  global.KILL_process
not ok 58 global.KILL_process
#  RUN           global.KILL_unknown ...
# seccomp_bpf.c:844:KILL_unknown:Expected SIBLING_EXIT_FAILURE (195951310) != (unsigned long)status (195951310)
# seccomp_bpf.c:910:KILL_unknown:Expected SIGSYS (31) == WTERMSIG(status) (6)
# KILL_unknown: Test terminated by assertion
#          FAIL  global.KILL_unknown
not ok 59 global.KILL_unknown
#  RUN           global.arg_out_of_range ...
#            OK  global.arg_out_of_range
ok 60 global.arg_out_of_range
#  RUN           global.ERRNO_valid ...
# seccomp_bpf.c:961:ERRNO_valid:Expected -1 (-1) == read(0, NULL, 0) (0)
# seccomp_bpf.c:962:ERRNO_valid:Expected E2BIG (7) == errno (0)
# ERRNO_valid: Test failed at step #2
#          FAIL  global.ERRNO_valid
not ok 61 global.ERRNO_valid
#  RUN           global.ERRNO_zero ...
#            OK  global.ERRNO_zero
ok 62 global.ERRNO_zero
#  RUN           global.ERRNO_capped ...
# seccomp_bpf.c:1001:ERRNO_capped:Expected -1 (-1) == read(0, NULL, 0) (0)
# seccomp_bpf.c:1002:ERRNO_capped:Expected 4095 (4095) == errno (0)
# ERRNO_capped: Test failed at step #2
#          FAIL  global.ERRNO_capped
not ok 63 global.ERRNO_capped
#  RUN           global.ERRNO_order ...
# seccomp_bpf.c:1032:ERRNO_order:Expected -1 (-1) == read(0, NULL, 0) (0)
# seccomp_bpf.c:1033:ERRNO_order:Expected 12 (12) == errno (0)
# ERRNO_order: Test failed at step #4
#          FAIL  global.ERRNO_order
not ok 64 global.ERRNO_order
#  RUN           global.negative_ENOSYS ...
#            OK  global.negative_ENOSYS
ok 65 global.negative_ENOSYS
#  RUN           global.seccomp_syscall ...
#            OK  global.seccomp_syscall
ok 66 global.seccomp_syscall
#  RUN           global.seccomp_syscall_mode_lock ...
#            OK  global.seccomp_syscall_mode_lock
ok 67 global.seccomp_syscall_mode_lock
#  RUN           global.detect_seccomp_filter_flags ...
#            OK  global.detect_seccomp_filter_flags
ok 68 global.detect_seccomp_filter_flags
#  RUN           global.TSYNC_first ...
#            OK  global.TSYNC_first
ok 69 global.TSYNC_first
#  RUN           global.syscall_restart ...
# syscall_restart: Test terminated by timeout
#          FAIL  global.syscall_restart
not ok 70 global.syscall_restart
#  RUN           global.filter_flag_log ...
# seccomp_bpf.c:3012:syscall_restart:Expected 1 (1) == read(pipefd[0], &buf, 1) (0)
# seccomp_bpf.c:3013:syscall_restart:Failed final read() from parent
# seccomp_bpf.c:3015:syscall_restart:Expected '!' (33) == buf (46)
# seccomp_bpf.c:3016:syscall_restart:Failed to get final data from read()
# seccomp_bpf.c:3167:filter_flag_log:Expected 0 (0) == syscall(__NR_getpid) (2140)
# filter_flag_log: Test exited normally instead of by signal (code: 3)
#          FAIL  global.filter_flag_log
not ok 71 global.filter_flag_log
#  RUN           global.get_action_avail ...
#            OK  global.get_action_avail
ok 72 global.get_action_avail
#  RUN           global.get_metadata ...
# seccomp_bpf.c:3253:get_metadata:Expected sizeof(md) (16) == ret (-1)
#      SKIP      Kernel does not support PTRACE_SECCOMP_GET_METADATA (missing CONFIG_CHECKPOINT_RESTORE?)
#            OK  global.get_metadata
ok 73 # SKIP Kernel does not support PTRACE_SECCOMP_GET_METADATA (missing CONFIG_CHECKPOINT_RESTORE?)
#  RUN           global.user_notification_basic ...
# seccomp_bpf.c:3325:user_notification_basic:Expected 0 (0) == WEXITSTATUS(status) (1)
# user_notification_basic: Test terminated by timeout
#          FAIL  global.user_notification_basic
not ok 74 global.user_notification_basic
#  RUN           global.user_notification_with_tsync ...
#            OK  global.user_notification_with_tsync
ok 75 global.user_notification_with_tsync
#  RUN           global.user_notification_kill_in_middle ...
# user_notification_kill_in_middle: Test terminated by timeout
#          FAIL  global.user_notification_kill_in_middle
not ok 76 global.user_notification_kill_in_middle
#  RUN           global.user_notification_signal ...
# user_notification_signal: Test terminated by timeout
#          FAIL  global.user_notification_signal
not ok 77 global.user_notification_signal
#  RUN           global.user_notification_closed_listener ...
# seccomp_bpf.c:3575:user_notification_closed_listener:Expected 0 (0) == WEXITSTATUS(status) (1)
# user_notification_closed_listener: Test failed at step #3
#          FAIL  global.user_notification_closed_listener
not ok 78 global.user_notification_closed_listener
#  RUN           global.user_notification_child_pid_ns ...
# seccomp_bpf.c:3588:user_notification_child_pid_ns:Expected unshare(CLONE_NEWUSER | CLONE_NEWPID) (-1) == 0 (0)
#      SKIP      kernel missing CLONE_NEWUSER support
#            OK  global.user_notification_child_pid_ns
ok 79 # SKIP kernel missing CLONE_NEWUSER support
#  RUN           global.user_notification_sibling_pid_ns ...
# seccomp_bpf.c:3656:user_notification_sibling_pid_ns:Expected unshare(CLONE_NEWPID) (-1) == 0 (0)
# user_notification_sibling_pid_ns: Test terminated by assertion
#          FAIL  global.user_notification_sibling_pid_ns
not ok 80 global.user_notification_sibling_pid_ns
#  RUN           global.user_notification_fault_recv ...
# seccomp_bpf.c:3641:user_notification_sibling_pid_ns:Expected unshare(CLONE_NEWPID) (-1) == 0 (0)
# seccomp_bpf.c:3699:user_notification_fault_recv:Expected unshare(CLONE_NEWUSER) (-1) == 0 (0)
# user_notification_fault_recv: Test terminated by assertion
#          FAIL  global.user_notification_fault_recv
not ok 81 global.user_notification_fault_recv
#  RUN           global.seccomp_get_notif_sizes ...
#            OK  global.seccomp_get_notif_sizes
ok 82 global.seccomp_get_notif_sizes
#  RUN           global.user_notification_continue ...
# seccomp_bpf.c:3770:user_notification_continue:kcmp() syscall missing (test is less accurate)
# user_notification_continue: Test terminated by timeout
#          FAIL  global.user_notification_continue
not ok 83 global.user_notification_continue
#  RUN           global.user_notification_filter_empty ...
# seccomp_bpf.c:3842:user_notification_filter_empty:Expected pid (-1) >= 0 (0)
# user_notification_filter_empty: Test terminated by assertion
#          FAIL  global.user_notification_filter_empty
not ok 84 global.user_notification_filter_empty
#  RUN           global.user_notification_filter_empty_threaded ...
# seccomp_bpf.c:3896:user_notification_filter_empty_threaded:Expected pid (-1) >= 0 (0)
# user_notification_filter_empty_threaded: Test terminated by assertion
#          FAIL  global.user_notification_filter_empty_threaded
not ok 85 global.user_notification_filter_empty_threaded
#  RUN           global.user_notification_addfd ...
# user_notification_addfd: Test terminated by timeout
#          FAIL  global.user_notification_addfd
not ok 86 global.user_notification_addfd
#  RUN           global.user_notification_addfd_rlimit ...
# user_notification_addfd_rlimit: Test terminated by timeout
#          FAIL  global.user_notification_addfd_rlimit
not ok 87 global.user_notification_addfd_rlimit
# FAILED: 35 / 87 tests passed.
# Totals: pass:32 fail:52 xfail:0 xpass:0 skip:3 error:0

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Geert Uytterhoeven]

Hi Michael,

On Thu, Jun 24, 2021 at 11:20 PM Michael Schmitz <schmitzmic@gmail.com> wrote:
> On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> > BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> > https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
> >
> > I kept on up-porting it, but haven't exercised it recently.
>
> See attached for test results on my ARAnyM image (Laurent's qemu image,
> essentially).
>
> Is that any different from what you got in your earlier tests?

Fortunately lore has a better memory than I do ;-)

https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg/

mine: FAILED: 35 / 86 tests passed
yours: FAILED: 35 / 87 tests passed

So one new test, and it fails?

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Michael Schmitz]

Hi Geert,

Am 25.06.2021 um 19:31 schrieb Geert Uytterhoeven:
> Hi Michael,
>
> On Thu, Jun 24, 2021 at 11:20 PM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
>>> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
>>> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>>>
>>> I kept on up-porting it, but haven't exercised it recently.
>>
>> See attached for test results on my ARAnyM image (Laurent's qemu image,
>> essentially).
>>
>> Is that any different from what you got in your earlier tests?
>
> Fortunately lore has a better memory than I do ;-)
>
> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg/
>
> mine: FAILED: 35 / 86 tests passed
> yours: FAILED: 35 / 87 tests passed
>
> So one new test, and it fails?

Looks like it. I must be missing some mail in my mail archive, can't 
recall ever seeing that one.

There's one new test added after your mail was sent - KILL_unknown. I 
suppose it's that one.

Anyway, both much better than without seccomp support. And going back 
over the archive, I found your patch where you added seccomp.h - and 
added a line in Kbuild as well, which I forgot. Will fix that.

Cheers,

	Michael

>
> Gr{oetje,eeting}s,
>
>                         Geert
>

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Michael Schmitz]

Hi Geert,

Am 26.06.2021 um 06:42 schrieb Michael Schmitz:
> Hi Geert,
>
> Am 25.06.2021 um 19:31 schrieb Geert Uytterhoeven:
>> Hi Michael,
>>
>> On Thu, Jun 24, 2021 at 11:20 PM Michael Schmitz
>> <schmitzmic@gmail.com> wrote:
>>> On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
>>>> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
>>>> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>>>>
>>>>
>>>> I kept on up-porting it, but haven't exercised it recently.
>>>
>>> See attached for test results on my ARAnyM image (Laurent's qemu image,
>>> essentially).
>>>
>>> Is that any different from what you got in your earlier tests?
>>
>> Fortunately lore has a better memory than I do ;-)
>>
>> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg/
>>
>>
>> mine: FAILED: 35 / 86 tests passed
>> yours: FAILED: 35 / 87 tests passed
>>
>> So one new test, and it fails?
>
> Looks like it. I must be missing some mail in my mail archive, can't
> recall ever seeing that one.
>
> There's one new test added after your mail was sent - KILL_unknown. I
> suppose it's that one.
>
> Anyway, both much better than without seccomp support. And going back
> over the archive, I found your patch where you added seccomp.h - and
> added a line in Kbuild as well, which I forgot. Will fix that.

Hmm - after that change, I get:

   SYSHDR  arch/m68k/include/generated/uapi/asm/unistd_32.h
   SYSTBL  arch/m68k/include/generated/asm/syscall_table.h
   UPD     include/config/kernel.release
scripts/Makefile.asm-generic:25: redundant generic-y found in 
arch/m68k/include/asm/Kbuild: seccomp.h
   WRAP    arch/m68k/include/generated/asm/seccomp.h
   UPD     include/generated/utsrelease.h

in the build log.

None of the other archs do add seccomp.h to their include/asm/Kbuild 
script. I'll leave it at v6 then.

Cheers,

	Michael

Re: [PATCH v5 2/2] m68k: add kernel seccomp support

[Geert Uytterhoeven]

Hi Michael,

On Fri, Jun 25, 2021 at 11:15 PM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Am 26.06.2021 um 06:42 schrieb Michael Schmitz:
> > Am 25.06.2021 um 19:31 schrieb Geert Uytterhoeven:
> >> On Thu, Jun 24, 2021 at 11:20 PM Michael Schmitz
> >> <schmitzmic@gmail.com> wrote:
> >>> On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> >>>> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> >>>> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
> >>>>
> >>>>
> >>>> I kept on up-porting it, but haven't exercised it recently.
> >>>
> >>> See attached for test results on my ARAnyM image (Laurent's qemu image,
> >>> essentially).
> >>>
> >>> Is that any different from what you got in your earlier tests?
> >>
> >> Fortunately lore has a better memory than I do ;-)
> >>
> >> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg/
> >>
> >>
> >> mine: FAILED: 35 / 86 tests passed
> >> yours: FAILED: 35 / 87 tests passed
> >>
> >> So one new test, and it fails?
> >
> > Looks like it. I must be missing some mail in my mail archive, can't
> > recall ever seeing that one.
> >
> > There's one new test added after your mail was sent - KILL_unknown. I
> > suppose it's that one.
> >
> > Anyway, both much better than without seccomp support. And going back
> > over the archive, I found your patch where you added seccomp.h - and
> > added a line in Kbuild as well, which I forgot. Will fix that.
>
> Hmm - after that change, I get:
>
>    SYSHDR  arch/m68k/include/generated/uapi/asm/unistd_32.h
>    SYSTBL  arch/m68k/include/generated/asm/syscall_table.h
>    UPD     include/config/kernel.release
> scripts/Makefile.asm-generic:25: redundant generic-y found in
> arch/m68k/include/asm/Kbuild: seccomp.h
>    WRAP    arch/m68k/include/generated/asm/seccomp.h
>    UPD     include/generated/utsrelease.h
>
> in the build log.
>
> None of the other archs do add seccomp.h to their include/asm/Kbuild
> script. I'll leave it at v6 then.

Indeed, not needed.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds