* Re: [PATCH v5 2/2] m68k: add kernel seccomp support
2021-06-23 7:35 ` Geert Uytterhoeven
@ 2021-06-24 2:12 ` Michael Schmitz
2021-06-24 2:13 ` Michael Schmitz
2021-06-24 21:20 ` Michael Schmitz
2 siblings, 0 replies; 13+ messages in thread
From: Michael Schmitz @ 2021-06-24 2:12 UTC (permalink / raw)
To: Geert Uytterhoeven; +Cc: Linux/m68k, John Paul Adrian Glaubitz, Andreas Schwab
Hi Geert,
I haven't been able to compile that one using the cross compiler:
m68k-linux-gnu-gcc -Wl,-no-as-needed -Wall -lpthread seccomp_bpf.c -o
/usr/misc/m68k/linux-m68k-git/linux-m68k/tools/testing/selftests/seccomp/seccomp_bpf
seccomp_bpf.c: In function ‘user_notification_addfd’:
seccomp_bpf.c:3968:10: warning: implicit declaration of function
‘memfd_create’ [-Wimplicit-function-declaration]
memfd = memfd_create("test", 0);
^
/tmp/ccfLGgXj.o: In function `user_notification_addfd':
seccomp_bpf.c:(.text+0x2ab32): undefined reference to `memfd_create'
/tmp/ccfLGgXj.o: In function `user_notification_addfd_rlimit':
seccomp_bpf.c:(.text+0x2c8a2): undefined reference to `memfd_create'
collect2: error: ld returned 1 exit status
../lib.mk:144: recipe for target
'/usr/misc/m68k/linux-m68k-git/linux-m68k/tools/testing/selftests/seccomp/seccomp_bpf'
failed
Adding the memfd_create definition found in
tools/testing/selftests/drivers/dma-buf/udmabuf.c:
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 66f5145..231d772 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -266,6 +266,11 @@ struct seccomp_notif_addfd_big {
#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4)
#endif
+static int memfd_create(const char *name, unsigned int flags)
+{
+ return syscall(__NR_memfd_create, name, flags);
+}
+
#ifndef seccomp
int seccomp(unsigned int op, unsigned int flags, void *args)
{
allows the tests to compile.
Running the test cases requires a fairly recent system - seccomp_bpf had
35 tests pass, 52 fail.
Cheers,
Michael
On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> Hi Michael,
>
> On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> Compiles (for Atari) and boots on ARAnyM, otherwise untested.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>> ---
>> arch/m68k/Kconfig | 2 ++
>> arch/m68k/include/asm/seccomp.h | 11 +++++++++++
>> arch/m68k/include/asm/syscall.h | 33 +++++++++++++++++++++++++++++++++
>> arch/m68k/include/asm/thread_info.h | 2 ++
>> arch/m68k/kernel/ptrace.c | 5 +++++
>> 5 files changed, 53 insertions(+)
>> create mode 100644 arch/m68k/include/asm/seccomp.h
>>
>> diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
>> index 372e4e6..deaea88 100644
>> --- a/arch/m68k/Kconfig
>> +++ b/arch/m68k/Kconfig
>> @@ -19,6 +19,8 @@ config M68K
>> select GENERIC_STRNCPY_FROM_USER if MMU
>> select GENERIC_STRNLEN_USER if MMU
>> select HAVE_AOUT if MMU
>> + select HAVE_ARCH_SECCOMP
>> + select HAVE_ARCH_SECCOMP_FILTER
> So the status should be changed from "TODO" to "ok" in
> Documentation/features/seccomp/seccomp-filter/arch-support.txt
>
> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>
> I kept on up-porting it, but haven't exercised it recently.
> Recent version looks like (gmail-whitespace-damaged):
>
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -135,6 +135,8 @@ struct seccomp_data {
> # define __NR_seccomp 337
> # elif defined(__sh__)
> # define __NR_seccomp 372
> +# elif defined(__mc68000__)
> +# define __NR_seccomp 380
> # else
> # warning "seccomp syscall number unknown for this architecture"
> # define __NR_seccomp 0xffff
> @@ -1815,6 +1817,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
> # define ARCH_REGS struct pt_regs
> # define SYSCALL_NUM(_regs) (_regs).regs[3]
> # define SYSCALL_RET(_regs) (_regs).regs[0]
> +#elif defined(__mc68000__)
> +# define ARCH_REGS struct pt_regs
> +# define SYSCALL_NUM(_regs) (_regs).orig_d0
> +# define SYSCALL_RET(_regs) (_regs).d0
> #else
> # error "Do not know how to find your architecture's registers and syscalls"
> #endif
> @@ -1879,7 +1885,7 @@ const bool ptrace_entry_set_syscall_ret =
> * Use PTRACE_GETREGS and PTRACE_SETREGS when available. This is useful for
> * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
> */
> -#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
> +#if defined(__x86_64__) || defined(__i386__) || defined(__mips__) ||
> defined(__mc68000)
> # define ARCH_GETREGS(_regs) ptrace(PTRACE_GETREGS, tracee, 0, &(_regs))
> # define ARCH_SETREGS(_regs) ptrace(PTRACE_SETREGS, tracee, 0, &(_regs))
> #else
>
> Gr{oetje,eeting}s,
>
> Geert
>
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH v5 2/2] m68k: add kernel seccomp support
2021-06-23 7:35 ` Geert Uytterhoeven
2021-06-24 2:12 ` Michael Schmitz
@ 2021-06-24 2:13 ` Michael Schmitz
2021-06-24 21:20 ` Michael Schmitz
2 siblings, 0 replies; 13+ messages in thread
From: Michael Schmitz @ 2021-06-24 2:13 UTC (permalink / raw)
To: Geert Uytterhoeven; +Cc: Linux/m68k, John Paul Adrian Glaubitz, Andreas Schwab
Hi Geert,
I haven't been able to compile that one using the cross compiler:
m68k-linux-gnu-gcc -Wl,-no-as-needed -Wall -lpthread seccomp_bpf.c -o
/usr/misc/m68k/linux-m68k-git/linux-m68k/tools/testing/selftests/seccomp/seccomp_bpf
seccomp_bpf.c: In function ‘user_notification_addfd’:
seccomp_bpf.c:3968:10: warning: implicit declaration of function
‘memfd_create’ [-Wimplicit-function-declaration]
memfd = memfd_create("test", 0);
^
/tmp/ccfLGgXj.o: In function `user_notification_addfd':
seccomp_bpf.c:(.text+0x2ab32): undefined reference to `memfd_create'
/tmp/ccfLGgXj.o: In function `user_notification_addfd_rlimit':
seccomp_bpf.c:(.text+0x2c8a2): undefined reference to `memfd_create'
collect2: error: ld returned 1 exit status
../lib.mk:144: recipe for target
'/usr/misc/m68k/linux-m68k-git/linux-m68k/tools/testing/selftests/seccomp/seccomp_bpf'
failed
Adding the memfd_create definition found in
tools/testing/selftests/drivers/dma-buf/udmabuf.c:
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 66f5145..231d772 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -266,6 +266,11 @@ struct seccomp_notif_addfd_big {
#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4)
#endif
+static int memfd_create(const char *name, unsigned int flags)
+{
+ return syscall(__NR_memfd_create, name, flags);
+}
+
#ifndef seccomp
int seccomp(unsigned int op, unsigned int flags, void *args)
{
allows the tests to compile.
Running the test cases requires a fairly recent system - seccomp_bpf had
35 tests pass, 52 fail.
Cheers,
Michael
On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> Hi Michael,
>
> On Thu, Jun 17, 2021 at 7:39 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> Compiles (for Atari) and boots on ARAnyM, otherwise untested.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>> ---
>> arch/m68k/Kconfig | 2 ++
>> arch/m68k/include/asm/seccomp.h | 11 +++++++++++
>> arch/m68k/include/asm/syscall.h | 33 +++++++++++++++++++++++++++++++++
>> arch/m68k/include/asm/thread_info.h | 2 ++
>> arch/m68k/kernel/ptrace.c | 5 +++++
>> 5 files changed, 53 insertions(+)
>> create mode 100644 arch/m68k/include/asm/seccomp.h
>>
>> diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
>> index 372e4e6..deaea88 100644
>> --- a/arch/m68k/Kconfig
>> +++ b/arch/m68k/Kconfig
>> @@ -19,6 +19,8 @@ config M68K
>> select GENERIC_STRNCPY_FROM_USER if MMU
>> select GENERIC_STRNLEN_USER if MMU
>> select HAVE_AOUT if MMU
>> + select HAVE_ARCH_SECCOMP
>> + select HAVE_ARCH_SECCOMP_FILTER
> So the status should be changed from "TODO" to "ok" in
> Documentation/features/seccomp/seccomp-filter/arch-support.txt
>
> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>
> I kept on up-porting it, but haven't exercised it recently.
> Recent version looks like (gmail-whitespace-damaged):
>
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -135,6 +135,8 @@ struct seccomp_data {
> # define __NR_seccomp 337
> # elif defined(__sh__)
> # define __NR_seccomp 372
> +# elif defined(__mc68000__)
> +# define __NR_seccomp 380
> # else
> # warning "seccomp syscall number unknown for this architecture"
> # define __NR_seccomp 0xffff
> @@ -1815,6 +1817,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
> # define ARCH_REGS struct pt_regs
> # define SYSCALL_NUM(_regs) (_regs).regs[3]
> # define SYSCALL_RET(_regs) (_regs).regs[0]
> +#elif defined(__mc68000__)
> +# define ARCH_REGS struct pt_regs
> +# define SYSCALL_NUM(_regs) (_regs).orig_d0
> +# define SYSCALL_RET(_regs) (_regs).d0
> #else
> # error "Do not know how to find your architecture's registers and syscalls"
> #endif
> @@ -1879,7 +1885,7 @@ const bool ptrace_entry_set_syscall_ret =
> * Use PTRACE_GETREGS and PTRACE_SETREGS when available. This is useful for
> * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
> */
> -#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
> +#if defined(__x86_64__) || defined(__i386__) || defined(__mips__) ||
> defined(__mc68000)
> # define ARCH_GETREGS(_regs) ptrace(PTRACE_GETREGS, tracee, 0, &(_regs))
> # define ARCH_SETREGS(_regs) ptrace(PTRACE_SETREGS, tracee, 0, &(_regs))
> #else
>
> Gr{oetje,eeting}s,
>
> Geert
>
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH v5 2/2] m68k: add kernel seccomp support
2021-06-23 7:35 ` Geert Uytterhoeven
2021-06-24 2:12 ` Michael Schmitz
2021-06-24 2:13 ` Michael Schmitz
@ 2021-06-24 21:20 ` Michael Schmitz
2021-06-25 7:31 ` Geert Uytterhoeven
2 siblings, 1 reply; 13+ messages in thread
From: Michael Schmitz @ 2021-06-24 21:20 UTC (permalink / raw)
To: Geert Uytterhoeven; +Cc: Linux/m68k, John Paul Adrian Glaubitz, Andreas Schwab
[-- Attachment #1: Type: text/plain, Size: 465 bytes --]
Hi Geert,
On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>
> I kept on up-porting it, but haven't exercised it recently.
See attached for test results on my ARAnyM image (Laurent's qemu image,
essentially).
Is that any different from what you got in your earlier tests?
Cheers,
Michael
[-- Attachment #2: test-benchmark --]
[-- Type: text/plain, Size: 1179 bytes --]
sysctl: cannot stat /proc/sys/net/core/bpf_jit_enable: No such file or directory
sysctl: cannot stat /proc/sys/net/core/bpf_jit_harden: No such file or directory
Current BPF sysctl settings:
Calibrating sample size for 15 seconds worth of syscalls ...
Benchmarking 17652210 syscalls...
15.650000000 - 1.010000000 = 14640000000 (14.6s)
getpid native: 829 ns
73.810000000 - 15.650000000 = 58160000000 (58.2s)
getpid RET_ALLOW 1 filter (bitmap): 3294 ns
131.880000000 - 73.810000000 = 58070000000 (58.1s)
getpid RET_ALLOW 2 filters (bitmap): 3289 ns
189.930000000 - 131.880000000 = 58050000000 (58.0s)
getpid RET_ALLOW 3 filters (full): 3288 ns
247.960000000 - 189.930000000 = 58030000000 (58.0s)
getpid RET_ALLOW 4 filters (full): 3287 ns
Estimated total seccomp overhead for 1 bitmapped filter: 2465 ns
Estimated total seccomp overhead for 2 bitmapped filters: 2460 ns
Estimated total seccomp overhead for 3 full filters: 2459 ns
Estimated total seccomp overhead for 4 full filters: 2458 ns
Estimated seccomp entry overhead: 2470 ns
Estimated seccomp per-filter overhead (last 2 diff): 18446744073709551615 ns
Saw unexpected benchmark result. Try running again with more samples?
[-- Attachment #3: test-bpf --]
[-- Type: text/plain, Size: 21630 bytes --]
TAP version 13
1..87
# Starting 87 tests from 7 test cases.
# RUN TRAP.dfl ...
# dfl: Test exited normally instead of by signal (code: 0)
# FAIL TRAP.dfl
not ok 1 TRAP.dfl
# RUN TRAP.ign ...
# ign: Test exited normally instead of by signal (code: 0)
# FAIL TRAP.ign
not ok 2 TRAP.ign
# RUN TRAP.handler ...
# seccomp_bpf.c:1130:handler:Expected SIGSYS (31) == test (0)
# seccomp_bpf.c:1141:handler:Expected __NR_getpid (20) == sigsys->_syscall (0)
# seccomp_bpf.c:1143:handler:Expected 0 (0) != sigsys->_arch (0)
# seccomp_bpf.c:1144:handler:Expected 0 (0) != (unsigned long)sigsys->_call_addr (0)
# handler: Test failed at step #5
# FAIL TRAP.handler
not ok 3 TRAP.handler
# RUN precedence.allow_ok ...
# OK precedence.allow_ok
ok 4 precedence.allow_ok
# RUN precedence.kill_is_highest ...
# seccomp_bpf.c:1274:kill_is_highest:Expected 0 (0) == res (2034)
# kill_is_highest: Test exited normally instead of by signal (code: 13)
# FAIL precedence.kill_is_highest
not ok 5 precedence.kill_is_highest
# RUN precedence.kill_is_highest_in_any_order ...
# seccomp_bpf.c:1301:kill_is_highest_in_any_order:Expected 0 (0) == syscall(__NR_getpid) (2035)
# kill_is_highest_in_any_order: Test exited normally instead of by signal (code: 13)
# FAIL precedence.kill_is_highest_in_any_order
not ok 6 precedence.kill_is_highest_in_any_order
# RUN precedence.trap_is_second ...
# seccomp_bpf.c:1326:trap_is_second:Expected 0 (0) == syscall(__NR_getpid) (2036)
# trap_is_second: Test exited normally instead of by signal (code: 12)
# FAIL precedence.trap_is_second
not ok 7 precedence.trap_is_second
# RUN precedence.trap_is_second_in_any_order ...
# seccomp_bpf.c:1351:trap_is_second_in_any_order:Expected 0 (0) == syscall(__NR_getpid) (2037)
# trap_is_second_in_any_order: Test exited normally instead of by signal (code: 12)
# FAIL precedence.trap_is_second_in_any_order
not ok 8 precedence.trap_is_second_in_any_order
# RUN precedence.errno_is_third ...
# seccomp_bpf.c:1373:errno_is_third:Expected 0 (0) == syscall(__NR_getpid) (2038)
# errno_is_third: Test failed at step #11
# FAIL precedence.errno_is_third
not ok 9 precedence.errno_is_third
# RUN precedence.errno_is_third_in_any_order ...
# seccomp_bpf.c:1395:errno_is_third_in_any_order:Expected 0 (0) == syscall(__NR_getpid) (2039)
# errno_is_third_in_any_order: Test failed at step #11
# FAIL precedence.errno_is_third_in_any_order
not ok 10 precedence.errno_is_third_in_any_order
# RUN precedence.trace_is_fourth ...
# seccomp_bpf.c:1416:trace_is_fourth:Expected -1 (-1) == syscall(__NR_getpid) (2040)
# trace_is_fourth: Test failed at step #10
# FAIL precedence.trace_is_fourth
not ok 11 precedence.trace_is_fourth
# RUN precedence.trace_is_fourth_in_any_order ...
# seccomp_bpf.c:1437:trace_is_fourth_in_any_order:Expected -1 (-1) == syscall(__NR_getpid) (2041)
# trace_is_fourth_in_any_order: Test failed at step #10
# FAIL precedence.trace_is_fourth_in_any_order
not ok 12 precedence.trace_is_fourth_in_any_order
# RUN precedence.log_is_fifth ...
# OK precedence.log_is_fifth
ok 13 precedence.log_is_fifth
# RUN precedence.log_is_fifth_in_any_order ...
# OK precedence.log_is_fifth_in_any_order
ok 14 precedence.log_is_fifth_in_any_order
# RUN TRACE_poke.read_has_side_effects ...
# seccomp_bpf.c:1689:read_has_side_effects:Expected 0x1001 (4097) == self->poked (0)
# read_has_side_effects: Test failed at step #5
# FAIL TRACE_poke.read_has_side_effects
not ok 15 TRACE_poke.read_has_side_effects
# RUN TRACE_poke.getpid_runs_normally ...
# OK TRACE_poke.getpid_runs_normally
ok 16 TRACE_poke.getpid_runs_normally
# RUN TRACE_syscall.ptrace.negative_ENOSYS ...
# seccomp_bpf.c:1907:negative_ENOSYS:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# OK TRACE_syscall.ptrace.negative_ENOSYS
ok 17 TRACE_syscall.ptrace.negative_ENOSYS
# RUN TRACE_syscall.ptrace.syscall_allowed ...
# seccomp_bpf.c:1907:syscall_allowed:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# OK TRACE_syscall.ptrace.syscall_allowed
ok 18 TRACE_syscall.ptrace.syscall_allowed
# RUN TRACE_syscall.ptrace.syscall_redirected ...
# seccomp_bpf.c:1907:syscall_redirected:Expected 0 (-1073656156) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2171:syscall_redirected:Expected self->parent (2029) == syscall(__NR_getpid) (2052)
# seccomp_bpf.c:2172:syscall_redirected:Expected self->mypid (2052) != syscall(__NR_getpid) (2052)
# syscall_redirected: Test failed at step #9
# FAIL TRACE_syscall.ptrace.syscall_redirected
not ok 19 TRACE_syscall.ptrace.syscall_redirected
# RUN TRACE_syscall.ptrace.syscall_errno ...
# seccomp_bpf.c:1907:syscall_errno:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2178:syscall_errno:Expected -(-3) (3) == errno (14)
# syscall_errno: Test failed at step #9
# FAIL TRACE_syscall.ptrace.syscall_errno
not ok 20 TRACE_syscall.ptrace.syscall_errno
# RUN TRACE_syscall.ptrace.syscall_faked ...
# seccomp_bpf.c:1907:syscall_faked:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2184:syscall_faked:Expected 45000 (45000) == syscall(221) (2056)
# syscall_faked: Test failed at step #9
# FAIL TRACE_syscall.ptrace.syscall_faked
not ok 21 TRACE_syscall.ptrace.syscall_faked
# RUN TRACE_syscall.ptrace.skip_after ...
# seccomp_bpf.c:1907:skip_after:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2208:skip_after:Expected -1 (-1) == syscall(__NR_getpid) (2058)
# seccomp_bpf.c:2209:skip_after:Expected EPERM (1) == errno (0)
# skip_after: Test failed at step #10
# FAIL TRACE_syscall.ptrace.skip_after
not ok 22 TRACE_syscall.ptrace.skip_after
# RUN TRACE_syscall.ptrace.kill_after ...
# seccomp_bpf.c:1907:kill_after:Expected 0 (-1073525222) == ARCH_GETREGS(regs) (0)
# seccomp_bpf.c:2232:kill_after:Expected self->mypid (2060) != syscall(__NR_getpid) (2060)
# kill_after: Test exited normally instead of by signal (code: 10)
# FAIL TRACE_syscall.ptrace.kill_after
not ok 23 TRACE_syscall.ptrace.kill_after
# RUN TRACE_syscall.seccomp.negative_ENOSYS ...
# OK TRACE_syscall.seccomp.negative_ENOSYS
ok 24 TRACE_syscall.seccomp.negative_ENOSYS
# RUN TRACE_syscall.seccomp.syscall_allowed ...
# OK TRACE_syscall.seccomp.syscall_allowed
ok 25 TRACE_syscall.seccomp.syscall_allowed
# RUN TRACE_syscall.seccomp.syscall_redirected ...
# seccomp_bpf.c:2171:syscall_redirected:Expected self->parent (2029) == syscall(__NR_getpid) (2066)
# seccomp_bpf.c:2172:syscall_redirected:Expected self->mypid (2066) != syscall(__NR_getpid) (2066)
# syscall_redirected: Test failed at step #10
# FAIL TRACE_syscall.seccomp.syscall_redirected
not ok 26 TRACE_syscall.seccomp.syscall_redirected
# RUN TRACE_syscall.seccomp.syscall_errno ...
# seccomp_bpf.c:2178:syscall_errno:Expected -(-3) (3) == errno (14)
# syscall_errno: Test failed at step #10
# FAIL TRACE_syscall.seccomp.syscall_errno
not ok 27 TRACE_syscall.seccomp.syscall_errno
# RUN TRACE_syscall.seccomp.syscall_faked ...
# seccomp_bpf.c:2184:syscall_faked:Expected 45000 (45000) == syscall(221) (2070)
# syscall_faked: Test failed at step #10
# FAIL TRACE_syscall.seccomp.syscall_faked
not ok 28 TRACE_syscall.seccomp.syscall_faked
# RUN TRACE_syscall.seccomp.skip_after ...
# seccomp_bpf.c:2208:skip_after:Expected -1 (-1) == syscall(__NR_getpid) (2072)
# seccomp_bpf.c:2209:skip_after:Expected EPERM (1) == errno (0)
# skip_after: Test failed at step #11
# FAIL TRACE_syscall.seccomp.skip_after
not ok 29 TRACE_syscall.seccomp.skip_after
# RUN TRACE_syscall.seccomp.kill_after ...
# seccomp_bpf.c:2232:kill_after:Expected self->mypid (2074) != syscall(__NR_getpid) (2074)
# kill_after: Test exited normally instead of by signal (code: 11)
# FAIL TRACE_syscall.seccomp.kill_after
not ok 30 TRACE_syscall.seccomp.kill_after
# RUN TSYNC.siblings_fail_prctl ...
# seccomp_bpf.c:2636:siblings_fail_prctl:Expected SIBLING_EXIT_FAILURE (195951310) == (long)status (195935983)
# siblings_fail_prctl: Test failed at step #6
# FAIL TSYNC.siblings_fail_prctl
not ok 31 TSYNC.siblings_fail_prctl
# RUN TSYNC.two_siblings_with_ancestor ...
# seccomp_bpf.c:2678:two_siblings_with_ancestor:Expected 0x0 (0) == (long)status (195935983)
# seccomp_bpf.c:2680:two_siblings_with_ancestor:Expected 0x0 (0) == (long)status (195935983)
# two_siblings_with_ancestor: Test failed at step #7
# FAIL TSYNC.two_siblings_with_ancestor
not ok 32 TSYNC.two_siblings_with_ancestor
# RUN TSYNC.two_sibling_want_nnp ...
# OK TSYNC.two_sibling_want_nnp
ok 33 TSYNC.two_sibling_want_nnp
# RUN TSYNC.two_siblings_with_no_filter ...
# seccomp_bpf.c:2744:two_siblings_with_no_filter:Expected 0x0 (0) == (long)status (195935983)
# seccomp_bpf.c:2746:two_siblings_with_no_filter:Expected 0x0 (0) == (long)status (195935983)
# two_siblings_with_no_filter: Test failed at step #6
# FAIL TSYNC.two_siblings_with_no_filter
not ok 34 TSYNC.two_siblings_with_no_filter
# RUN TSYNC.two_siblings_with_one_divergence ...
# OK TSYNC.two_siblings_with_one_divergence
ok 35 TSYNC.two_siblings_with_one_divergence
# RUN TSYNC.two_siblings_with_one_divergence_no_tid_in_err ...
# OK TSYNC.two_siblings_with_one_divergence_no_tid_in_err
ok 36 TSYNC.two_siblings_with_one_divergence_no_tid_in_err
# RUN TSYNC.two_siblings_not_under_filter ...
# seccomp_bpf.c:2923:two_siblings_not_under_filter:Expected 0 (0) == (long)status (195935983)
# two_siblings_not_under_filter: Test failed at step #9
# FAIL TSYNC.two_siblings_not_under_filter
not ok 37 TSYNC.two_siblings_not_under_filter
# RUN global.kcmp ...
# seccomp_bpf.c:323:kcmp:Expected ret (-1) == 0 (0)
# SKIP Kernel does not support kcmp() (missing CONFIG_KCMP?)
# OK global.kcmp
ok 38 # SKIP Kernel does not support kcmp() (missing CONFIG_KCMP?)
# RUN global.mode_strict_support ...
# OK global.mode_strict_support
ok 39 global.mode_strict_support
# RUN global.mode_strict_cannot_call_prctl ...
# seccomp_bpf.c:349:mode_strict_cannot_call_prctl:Expected 0 (0) == true (1)
# seccomp_bpf.c:350:mode_strict_cannot_call_prctl:Unreachable!
# mode_strict_cannot_call_prctl: Test exited normally instead of by signal (code: 1)
# FAIL global.mode_strict_cannot_call_prctl
not ok 40 global.mode_strict_cannot_call_prctl
# RUN global.no_new_privs_support ...
# OK global.no_new_privs_support
ok 41 global.no_new_privs_support
# RUN global.mode_filter_support ...
# OK global.mode_filter_support
ok 42 global.mode_filter_support
# RUN global.mode_filter_without_nnp ...
# OK global.mode_filter_without_nnp
ok 43 global.mode_filter_without_nnp
# RUN global.filter_size_limits ...
# OK global.filter_size_limits
ok 44 global.filter_size_limits
# RUN global.filter_chain_limits ...
# OK global.filter_chain_limits
ok 45 global.filter_chain_limits
# RUN global.mode_filter_cannot_move_to_strict ...
# OK global.mode_filter_cannot_move_to_strict
ok 46 global.mode_filter_cannot_move_to_strict
# RUN global.mode_filter_get_seccomp ...
# OK global.mode_filter_get_seccomp
ok 47 global.mode_filter_get_seccomp
# RUN global.ALLOW_all ...
# OK global.ALLOW_all
ok 48 global.ALLOW_all
# RUN global.empty_prog ...
# OK global.empty_prog
ok 49 global.empty_prog
# RUN global.log_all ...
# OK global.log_all
ok 50 global.log_all
# RUN global.unknown_ret_is_kill_inside ...
# seccomp_bpf.c:609:unknown_ret_is_kill_inside:Expected 0 (0) == syscall(__NR_getpid) (2110)
# seccomp_bpf.c:610:unknown_ret_is_kill_inside:getpid() shouldn't ever return
# unknown_ret_is_kill_inside: Test exited normally instead of by signal (code: 2)
# FAIL global.unknown_ret_is_kill_inside
not ok 51 global.unknown_ret_is_kill_inside
# RUN global.unknown_ret_is_kill_above_allow ...
# seccomp_bpf.c:631:unknown_ret_is_kill_above_allow:Expected 0 (0) == syscall(__NR_getpid) (2111)
# seccomp_bpf.c:632:unknown_ret_is_kill_above_allow:getpid() shouldn't ever return
# unknown_ret_is_kill_above_allow: Test exited normally instead of by signal (code: 2)
# FAIL global.unknown_ret_is_kill_above_allow
not ok 52 global.unknown_ret_is_kill_above_allow
# RUN global.KILL_all ...
# KILL_all: Test exited normally instead of by signal (code: 0)
# FAIL global.KILL_all
not ok 53 global.KILL_all
# RUN global.KILL_one ...
# seccomp_bpf.c:678:KILL_one:Expected 0 (0) == syscall(__NR_getpid) (2113)
# KILL_one: Test exited normally instead of by signal (code: 2)
# FAIL global.KILL_one
not ok 54 global.KILL_one
# RUN global.KILL_one_arg_one ...
# seccomp_bpf.c:714:KILL_one_arg_one:Expected 0 (0) == syscall(__NR_times, &fatal_address) (89022)
# KILL_one_arg_one: Test exited normally instead of by signal (code: 2)
# FAIL global.KILL_one_arg_one
not ok 55 global.KILL_one_arg_one
# RUN global.KILL_one_arg_six ...
# KILL_one_arg_six: Test exited normally instead of by signal (code: 0)
# FAIL global.KILL_one_arg_six
not ok 56 global.KILL_one_arg_six
# RUN global.KILL_thread ...
# seccomp_bpf.c:844:KILL_thread:Expected SIBLING_EXIT_FAILURE (195951310) != (unsigned long)status (195951310)
# seccomp_bpf.c:869:KILL_thread:Expected 0 (0) != WIFEXITED(status) (0)
# KILL_thread: Test terminated by assertion
# FAIL global.KILL_thread
not ok 57 global.KILL_thread
# RUN global.KILL_process ...
# seccomp_bpf.c:844:KILL_process:Expected SIBLING_EXIT_FAILURE (195951310) != (unsigned long)status (195951310)
# seccomp_bpf.c:889:KILL_process:Expected SIGSYS (31) == WTERMSIG(status) (6)
# KILL_process: Test terminated by assertion
# FAIL global.KILL_process
not ok 58 global.KILL_process
# RUN global.KILL_unknown ...
# seccomp_bpf.c:844:KILL_unknown:Expected SIBLING_EXIT_FAILURE (195951310) != (unsigned long)status (195951310)
# seccomp_bpf.c:910:KILL_unknown:Expected SIGSYS (31) == WTERMSIG(status) (6)
# KILL_unknown: Test terminated by assertion
# FAIL global.KILL_unknown
not ok 59 global.KILL_unknown
# RUN global.arg_out_of_range ...
# OK global.arg_out_of_range
ok 60 global.arg_out_of_range
# RUN global.ERRNO_valid ...
# seccomp_bpf.c:961:ERRNO_valid:Expected -1 (-1) == read(0, NULL, 0) (0)
# seccomp_bpf.c:962:ERRNO_valid:Expected E2BIG (7) == errno (0)
# ERRNO_valid: Test failed at step #2
# FAIL global.ERRNO_valid
not ok 61 global.ERRNO_valid
# RUN global.ERRNO_zero ...
# OK global.ERRNO_zero
ok 62 global.ERRNO_zero
# RUN global.ERRNO_capped ...
# seccomp_bpf.c:1001:ERRNO_capped:Expected -1 (-1) == read(0, NULL, 0) (0)
# seccomp_bpf.c:1002:ERRNO_capped:Expected 4095 (4095) == errno (0)
# ERRNO_capped: Test failed at step #2
# FAIL global.ERRNO_capped
not ok 63 global.ERRNO_capped
# RUN global.ERRNO_order ...
# seccomp_bpf.c:1032:ERRNO_order:Expected -1 (-1) == read(0, NULL, 0) (0)
# seccomp_bpf.c:1033:ERRNO_order:Expected 12 (12) == errno (0)
# ERRNO_order: Test failed at step #4
# FAIL global.ERRNO_order
not ok 64 global.ERRNO_order
# RUN global.negative_ENOSYS ...
# OK global.negative_ENOSYS
ok 65 global.negative_ENOSYS
# RUN global.seccomp_syscall ...
# OK global.seccomp_syscall
ok 66 global.seccomp_syscall
# RUN global.seccomp_syscall_mode_lock ...
# OK global.seccomp_syscall_mode_lock
ok 67 global.seccomp_syscall_mode_lock
# RUN global.detect_seccomp_filter_flags ...
# OK global.detect_seccomp_filter_flags
ok 68 global.detect_seccomp_filter_flags
# RUN global.TSYNC_first ...
# OK global.TSYNC_first
ok 69 global.TSYNC_first
# RUN global.syscall_restart ...
# syscall_restart: Test terminated by timeout
# FAIL global.syscall_restart
not ok 70 global.syscall_restart
# RUN global.filter_flag_log ...
# seccomp_bpf.c:3012:syscall_restart:Expected 1 (1) == read(pipefd[0], &buf, 1) (0)
# seccomp_bpf.c:3013:syscall_restart:Failed final read() from parent
# seccomp_bpf.c:3015:syscall_restart:Expected '!' (33) == buf (46)
# seccomp_bpf.c:3016:syscall_restart:Failed to get final data from read()
# seccomp_bpf.c:3167:filter_flag_log:Expected 0 (0) == syscall(__NR_getpid) (2140)
# filter_flag_log: Test exited normally instead of by signal (code: 3)
# FAIL global.filter_flag_log
not ok 71 global.filter_flag_log
# RUN global.get_action_avail ...
# OK global.get_action_avail
ok 72 global.get_action_avail
# RUN global.get_metadata ...
# seccomp_bpf.c:3253:get_metadata:Expected sizeof(md) (16) == ret (-1)
# SKIP Kernel does not support PTRACE_SECCOMP_GET_METADATA (missing CONFIG_CHECKPOINT_RESTORE?)
# OK global.get_metadata
ok 73 # SKIP Kernel does not support PTRACE_SECCOMP_GET_METADATA (missing CONFIG_CHECKPOINT_RESTORE?)
# RUN global.user_notification_basic ...
# seccomp_bpf.c:3325:user_notification_basic:Expected 0 (0) == WEXITSTATUS(status) (1)
# user_notification_basic: Test terminated by timeout
# FAIL global.user_notification_basic
not ok 74 global.user_notification_basic
# RUN global.user_notification_with_tsync ...
# OK global.user_notification_with_tsync
ok 75 global.user_notification_with_tsync
# RUN global.user_notification_kill_in_middle ...
# user_notification_kill_in_middle: Test terminated by timeout
# FAIL global.user_notification_kill_in_middle
not ok 76 global.user_notification_kill_in_middle
# RUN global.user_notification_signal ...
# user_notification_signal: Test terminated by timeout
# FAIL global.user_notification_signal
not ok 77 global.user_notification_signal
# RUN global.user_notification_closed_listener ...
# seccomp_bpf.c:3575:user_notification_closed_listener:Expected 0 (0) == WEXITSTATUS(status) (1)
# user_notification_closed_listener: Test failed at step #3
# FAIL global.user_notification_closed_listener
not ok 78 global.user_notification_closed_listener
# RUN global.user_notification_child_pid_ns ...
# seccomp_bpf.c:3588:user_notification_child_pid_ns:Expected unshare(CLONE_NEWUSER | CLONE_NEWPID) (-1) == 0 (0)
# SKIP kernel missing CLONE_NEWUSER support
# OK global.user_notification_child_pid_ns
ok 79 # SKIP kernel missing CLONE_NEWUSER support
# RUN global.user_notification_sibling_pid_ns ...
# seccomp_bpf.c:3656:user_notification_sibling_pid_ns:Expected unshare(CLONE_NEWPID) (-1) == 0 (0)
# user_notification_sibling_pid_ns: Test terminated by assertion
# FAIL global.user_notification_sibling_pid_ns
not ok 80 global.user_notification_sibling_pid_ns
# RUN global.user_notification_fault_recv ...
# seccomp_bpf.c:3641:user_notification_sibling_pid_ns:Expected unshare(CLONE_NEWPID) (-1) == 0 (0)
# seccomp_bpf.c:3699:user_notification_fault_recv:Expected unshare(CLONE_NEWUSER) (-1) == 0 (0)
# user_notification_fault_recv: Test terminated by assertion
# FAIL global.user_notification_fault_recv
not ok 81 global.user_notification_fault_recv
# RUN global.seccomp_get_notif_sizes ...
# OK global.seccomp_get_notif_sizes
ok 82 global.seccomp_get_notif_sizes
# RUN global.user_notification_continue ...
# seccomp_bpf.c:3770:user_notification_continue:kcmp() syscall missing (test is less accurate)
# user_notification_continue: Test terminated by timeout
# FAIL global.user_notification_continue
not ok 83 global.user_notification_continue
# RUN global.user_notification_filter_empty ...
# seccomp_bpf.c:3842:user_notification_filter_empty:Expected pid (-1) >= 0 (0)
# user_notification_filter_empty: Test terminated by assertion
# FAIL global.user_notification_filter_empty
not ok 84 global.user_notification_filter_empty
# RUN global.user_notification_filter_empty_threaded ...
# seccomp_bpf.c:3896:user_notification_filter_empty_threaded:Expected pid (-1) >= 0 (0)
# user_notification_filter_empty_threaded: Test terminated by assertion
# FAIL global.user_notification_filter_empty_threaded
not ok 85 global.user_notification_filter_empty_threaded
# RUN global.user_notification_addfd ...
# user_notification_addfd: Test terminated by timeout
# FAIL global.user_notification_addfd
not ok 86 global.user_notification_addfd
# RUN global.user_notification_addfd_rlimit ...
# user_notification_addfd_rlimit: Test terminated by timeout
# FAIL global.user_notification_addfd_rlimit
not ok 87 global.user_notification_addfd_rlimit
# FAILED: 35 / 87 tests passed.
# Totals: pass:32 fail:52 xfail:0 xpass:0 skip:3 error:0
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 2/2] m68k: add kernel seccomp support
2021-06-24 21:20 ` Michael Schmitz
@ 2021-06-25 7:31 ` Geert Uytterhoeven
2021-06-25 18:42 ` Michael Schmitz
0 siblings, 1 reply; 13+ messages in thread
From: Geert Uytterhoeven @ 2021-06-25 7:31 UTC (permalink / raw)
To: Michael Schmitz; +Cc: Linux/m68k, John Paul Adrian Glaubitz, Andreas Schwab
Hi Michael,
On Thu, Jun 24, 2021 at 11:20 PM Michael Schmitz <schmitzmic@gmail.com> wrote:
> On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> > BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> > https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
> >
> > I kept on up-porting it, but haven't exercised it recently.
>
> See attached for test results on my ARAnyM image (Laurent's qemu image,
> essentially).
>
> Is that any different from what you got in your earlier tests?
Fortunately lore has a better memory than I do ;-)
https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg/
mine: FAILED: 35 / 86 tests passed
yours: FAILED: 35 / 87 tests passed
So one new test, and it fails?
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 2/2] m68k: add kernel seccomp support
2021-06-25 7:31 ` Geert Uytterhoeven
@ 2021-06-25 18:42 ` Michael Schmitz
2021-06-25 21:15 ` Michael Schmitz
0 siblings, 1 reply; 13+ messages in thread
From: Michael Schmitz @ 2021-06-25 18:42 UTC (permalink / raw)
To: Geert Uytterhoeven; +Cc: Linux/m68k, John Paul Adrian Glaubitz, Andreas Schwab
Hi Geert,
Am 25.06.2021 um 19:31 schrieb Geert Uytterhoeven:
> Hi Michael,
>
> On Thu, Jun 24, 2021 at 11:20 PM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
>>> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
>>> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>>>
>>> I kept on up-porting it, but haven't exercised it recently.
>>
>> See attached for test results on my ARAnyM image (Laurent's qemu image,
>> essentially).
>>
>> Is that any different from what you got in your earlier tests?
>
> Fortunately lore has a better memory than I do ;-)
>
> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg/
>
> mine: FAILED: 35 / 86 tests passed
> yours: FAILED: 35 / 87 tests passed
>
> So one new test, and it fails?
Looks like it. I must be missing some mail in my mail archive, can't
recall ever seeing that one.
There's one new test added after your mail was sent - KILL_unknown. I
suppose it's that one.
Anyway, both much better than without seccomp support. And going back
over the archive, I found your patch where you added seccomp.h - and
added a line in Kbuild as well, which I forgot. Will fix that.
Cheers,
Michael
>
> Gr{oetje,eeting}s,
>
> Geert
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 2/2] m68k: add kernel seccomp support
2021-06-25 18:42 ` Michael Schmitz
@ 2021-06-25 21:15 ` Michael Schmitz
2021-06-28 7:18 ` Geert Uytterhoeven
0 siblings, 1 reply; 13+ messages in thread
From: Michael Schmitz @ 2021-06-25 21:15 UTC (permalink / raw)
To: Geert Uytterhoeven; +Cc: Linux/m68k, John Paul Adrian Glaubitz, Andreas Schwab
Hi Geert,
Am 26.06.2021 um 06:42 schrieb Michael Schmitz:
> Hi Geert,
>
> Am 25.06.2021 um 19:31 schrieb Geert Uytterhoeven:
>> Hi Michael,
>>
>> On Thu, Jun 24, 2021 at 11:20 PM Michael Schmitz
>> <schmitzmic@gmail.com> wrote:
>>> On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
>>>> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
>>>> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
>>>>
>>>>
>>>> I kept on up-porting it, but haven't exercised it recently.
>>>
>>> See attached for test results on my ARAnyM image (Laurent's qemu image,
>>> essentially).
>>>
>>> Is that any different from what you got in your earlier tests?
>>
>> Fortunately lore has a better memory than I do ;-)
>>
>> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg/
>>
>>
>> mine: FAILED: 35 / 86 tests passed
>> yours: FAILED: 35 / 87 tests passed
>>
>> So one new test, and it fails?
>
> Looks like it. I must be missing some mail in my mail archive, can't
> recall ever seeing that one.
>
> There's one new test added after your mail was sent - KILL_unknown. I
> suppose it's that one.
>
> Anyway, both much better than without seccomp support. And going back
> over the archive, I found your patch where you added seccomp.h - and
> added a line in Kbuild as well, which I forgot. Will fix that.
Hmm - after that change, I get:
SYSHDR arch/m68k/include/generated/uapi/asm/unistd_32.h
SYSTBL arch/m68k/include/generated/asm/syscall_table.h
UPD include/config/kernel.release
scripts/Makefile.asm-generic:25: redundant generic-y found in
arch/m68k/include/asm/Kbuild: seccomp.h
WRAP arch/m68k/include/generated/asm/seccomp.h
UPD include/generated/utsrelease.h
in the build log.
None of the other archs do add seccomp.h to their include/asm/Kbuild
script. I'll leave it at v6 then.
Cheers,
Michael
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 2/2] m68k: add kernel seccomp support
2021-06-25 21:15 ` Michael Schmitz
@ 2021-06-28 7:18 ` Geert Uytterhoeven
0 siblings, 0 replies; 13+ messages in thread
From: Geert Uytterhoeven @ 2021-06-28 7:18 UTC (permalink / raw)
To: Michael Schmitz; +Cc: Linux/m68k, John Paul Adrian Glaubitz, Andreas Schwab
Hi Michael,
On Fri, Jun 25, 2021 at 11:15 PM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Am 26.06.2021 um 06:42 schrieb Michael Schmitz:
> > Am 25.06.2021 um 19:31 schrieb Geert Uytterhoeven:
> >> On Thu, Jun 24, 2021 at 11:20 PM Michael Schmitz
> >> <schmitzmic@gmail.com> wrote:
> >>> On 23/06/21 7:35 pm, Geert Uytterhoeven wrote:
> >>>> BTW, there was also "[PATCH] [WIP] selftests/seccomp: Add m68k support"
> >>>> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261315050.25325@ramsan.of.borg/
> >>>>
> >>>>
> >>>> I kept on up-porting it, but haven't exercised it recently.
> >>>
> >>> See attached for test results on my ARAnyM image (Laurent's qemu image,
> >>> essentially).
> >>>
> >>> Is that any different from what you got in your earlier tests?
> >>
> >> Fortunately lore has a better memory than I do ;-)
> >>
> >> https://lore.kernel.org/linux-m68k/alpine.DEB.2.21.2008261612360.2926@ramsan.of.borg/
> >>
> >>
> >> mine: FAILED: 35 / 86 tests passed
> >> yours: FAILED: 35 / 87 tests passed
> >>
> >> So one new test, and it fails?
> >
> > Looks like it. I must be missing some mail in my mail archive, can't
> > recall ever seeing that one.
> >
> > There's one new test added after your mail was sent - KILL_unknown. I
> > suppose it's that one.
> >
> > Anyway, both much better than without seccomp support. And going back
> > over the archive, I found your patch where you added seccomp.h - and
> > added a line in Kbuild as well, which I forgot. Will fix that.
>
> Hmm - after that change, I get:
>
> SYSHDR arch/m68k/include/generated/uapi/asm/unistd_32.h
> SYSTBL arch/m68k/include/generated/asm/syscall_table.h
> UPD include/config/kernel.release
> scripts/Makefile.asm-generic:25: redundant generic-y found in
> arch/m68k/include/asm/Kbuild: seccomp.h
> WRAP arch/m68k/include/generated/asm/seccomp.h
> UPD include/generated/utsrelease.h
>
> in the build log.
>
> None of the other archs do add seccomp.h to their include/asm/Kbuild
> script. I'll leave it at v6 then.
Indeed, not needed.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 13+ messages in thread