[PATCH v13 0/3] Add kernel seccomp support for m68k

[PATCH v13 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Previous version of patch 1 did overwrite a syscall return
value that was changed by ptrace or seccomp (in regs->d0)
by -ENOSYS when skipping a syscall. Branch directly to
ret_from_syscall instead of falling through to badsys (which
must set -ENOSYS). I'm sure this can be done more elegantly.

Patch 3 used the wrong struct definition for ARCH_REGS - the
kernel ptrace code copies 19 registers (from syscall stack
and switch_stack, pt_regs only contains the 14 from the
syscall stack). Stack overflow ensues.

With these changes, 79 of 94 seccomp_bpf tests now succeed.

Cheers,

   Michael

[PATCH v13 1/3] m68k/kernel - check syscall_trace_enter() return code on m68k

[Michael Schmitz]

Check return code of syscall_trace_enter(), and skip syscall
if -1. Return code will be left at what had been set by
ptrace or seccomp (in regs->d0).

No regression seen in testing with strace on ARAnyM.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>

--
Changes from v12:

- prevent overwriting the syscall return value after change
  by ptrace or seccomp on 68020+

Changes from v7:

Al Viro:
- split return code checks from switch to syscall_trace_enter()

Changes from v6:

Geert Uytterhoeven:
- add syscall_trace_enter() return code check for 68000
  and coldfire

Changes from v5:

- add comment to explain optimization

Changes from v4:

Andreas Schwab:
- optimize return code test (addql #1,%d0 for cmpil #-1,%d0)
- spelling fix in commit message

Changes from v3:

- change syscall_trace_enter return code test from !=0 to ==-1
---
 arch/m68k/68000/entry.S    | 2 ++
 arch/m68k/coldfire/entry.S | 2 ++
 arch/m68k/kernel/entry.S   | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/arch/m68k/68000/entry.S b/arch/m68k/68000/entry.S
index 997b54933015..7d63e2f1555a 100644
--- a/arch/m68k/68000/entry.S
+++ b/arch/m68k/68000/entry.S
@@ -45,6 +45,8 @@ do_trace:
 	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	addql	#1,%d0
+	jeq	ret_from_exception
 	movel	%sp@(PT_OFF_ORIG_D0),%d1
 	movel	#-ENOSYS,%d0
 	cmpl	#NR_syscalls,%d1
diff --git a/arch/m68k/coldfire/entry.S b/arch/m68k/coldfire/entry.S
index 9f337c70243a..35104c5417ff 100644
--- a/arch/m68k/coldfire/entry.S
+++ b/arch/m68k/coldfire/entry.S
@@ -90,6 +90,8 @@ ENTRY(system_call)
 	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	addql	#1,%d0
+	jeq	ret_from_exception
 	movel	%d3,%a0
 	jbsr	%a0@
 	movel	%d0,%sp@(PT_OFF_D0)		/* save the return value */
diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 18f278bdbd21..42879e6eb651 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -184,9 +184,12 @@ do_trace_entry:
 	jbsr	syscall_trace_enter
 	RESTORE_SWITCH_STACK
 	addql	#4,%sp
+	addql	#1,%d0			| optimization for cmpil #-1,%d0
+	jeq	ret_from_syscall
 	movel	%sp@(PT_OFF_ORIG_D0),%d0
 	cmpl	#NR_syscalls,%d0
 	jcs	syscall
+	jra	ret_from_syscall
 badsys:
 	movel	#-ENOSYS,%sp@(PT_OFF_D0)
 	jra	ret_from_syscall
-- 
2.17.1

[PATCH v13 2/3] m68k: add kernel seccomp support

[Michael Schmitz]

Add secure_computing() call to syscall_trace_enter to actually
filter system calls.

Add necessary arch Kconfig options, define TIF_SECCOMP trace
flag and provide basic seccomp filter support in asm/syscall.h

syscall_get_nr currently uses the syscall nr stored in orig_d0
because we change d0 to a default return code before starting a
syscall trace. This may be inconsistent with syscall_rollback
copying orig_d0 to d0 (which we never check upon return from
trace). We use d0 for the return code from syscall_trace_enter
in entry.S currently, and could perhaps expand that to store
a new syscall number returned by the seccomp filter before
executing the syscall. This clearly needs some discussion.

seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>

--
Changes from v10:

- fix merge conflicts

Changes from v9:

- add test for TIF_SECCOMP bit to call syscall_trace_enter()
  if seccomp syscall filtering is active

Changes from v6:

Geert Uytterhoeven:
- add syscall_get_error(), syscall_get_return_value(), and
  syscall_set_arguments() (not needed to compile!)

Changes from v5:

Geert Uytterhoeven:
- correct wrong offset for d1-d5 register copy
- update Documentation/features/seccomp/seccomp-filter/arch-support.txt

add syscall_get_error(), syscall_get_return_value(), syscall_set_arguments()
---
 .../seccomp/seccomp-filter/arch-support.txt   |  2 +-
 arch/m68k/Kconfig                             |  2 +
 arch/m68k/include/asm/seccomp.h               | 11 ++++
 arch/m68k/include/asm/syscall.h               | 56 +++++++++++++++++++
 arch/m68k/include/asm/thread_info.h           |  2 +
 arch/m68k/kernel/entry.S                      |  3 +
 arch/m68k/kernel/ptrace.c                     |  6 +-
 7 files changed, 80 insertions(+), 2 deletions(-)
 create mode 100644 arch/m68k/include/asm/seccomp.h

diff --git a/Documentation/features/seccomp/seccomp-filter/arch-support.txt b/Documentation/features/seccomp/seccomp-filter/arch-support.txt
index dc71bf7b1a7e..3a7237b989cd 100644
--- a/Documentation/features/seccomp/seccomp-filter/arch-support.txt
+++ b/Documentation/features/seccomp/seccomp-filter/arch-support.txt
@@ -14,7 +14,7 @@
     |     hexagon: | TODO |
     |        ia64: | TODO |
     |   loongarch: |  ok  |
-    |        m68k: | TODO |
+    |        m68k: |  ok  |
     |  microblaze: | TODO |
     |        mips: |  ok  |
     |       nios2: | TODO |
diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig
index 7bff88118507..82154952e574 100644
--- a/arch/m68k/Kconfig
+++ b/arch/m68k/Kconfig
@@ -18,6 +18,8 @@ config M68K
 	select GENERIC_CPU_DEVICES
 	select GENERIC_IOMAP
 	select GENERIC_IRQ_SHOW
+	select HAVE_ARCH_SECCOMP
+	select HAVE_ARCH_SECCOMP_FILTER
 	select HAVE_ASM_MODVERSIONS
 	select HAVE_DEBUG_BUGVERBOSE
 	select HAVE_EFFICIENT_UNALIGNED_ACCESS if !CPU_HAS_NO_UNALIGNED
diff --git a/arch/m68k/include/asm/seccomp.h b/arch/m68k/include/asm/seccomp.h
new file mode 100644
index 000000000000..de8a94e1fb3f
--- /dev/null
+++ b/arch/m68k/include/asm/seccomp.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef _ASM_SECCOMP_H
+#define _ASM_SECCOMP_H
+
+#include <asm-generic/seccomp.h>
+
+#define SECCOMP_ARCH_NATIVE		AUDIT_ARCH_M68K
+#define SECCOMP_ARCH_NATIVE_NR		NR_syscalls
+#define SECCOMP_ARCH_NATIVE_NAME	"m68k"
+
+#endif /* _ASM_SECCOMP_H */
diff --git a/arch/m68k/include/asm/syscall.h b/arch/m68k/include/asm/syscall.h
index 465ac039be09..2b49ad725655 100644
--- a/arch/m68k/include/asm/syscall.h
+++ b/arch/m68k/include/asm/syscall.h
@@ -4,6 +4,62 @@
 
 #include <uapi/linux/audit.h>
 
+#include <asm/unistd.h>
+
+extern const unsigned long sys_call_table[];
+
+static inline int syscall_get_nr(struct task_struct *task,
+				 struct pt_regs *regs)
+{
+	return regs->orig_d0;
+}
+
+static inline void syscall_rollback(struct task_struct *task,
+				    struct pt_regs *regs)
+{
+	regs->d0 = regs->orig_d0;
+}
+
+static inline long syscall_get_error(struct task_struct *task,
+				     struct pt_regs *regs)
+{
+	unsigned long error = regs->d0;
+	return IS_ERR_VALUE(error) ? error : 0;
+}
+
+static inline long syscall_get_return_value(struct task_struct *task,
+					    struct pt_regs *regs)
+{
+	return regs->d0;
+}
+
+static inline void syscall_set_return_value(struct task_struct *task,
+					    struct pt_regs *regs,
+					    int error, long val)
+{
+	regs->d0 = (long) error ? error : val;
+}
+
+static inline void syscall_get_arguments(struct task_struct *task,
+					 struct pt_regs *regs,
+					 unsigned long *args)
+{
+	args[0] = regs->orig_d0;
+	args++;
+
+	memcpy(args, &regs->d1, 5 * sizeof(args[0]));
+}
+
+static inline void syscall_set_arguments(struct task_struct *task,
+					 struct pt_regs *regs,
+					 unsigned long *args)
+{
+	regs->orig_d0 = args[0];
+	args++;
+
+	memcpy(&regs->d1, args, 5 * sizeof(args[0]));
+}
+
 static inline int syscall_get_arch(struct task_struct *task)
 {
 	return AUDIT_ARCH_M68K;
diff --git a/arch/m68k/include/asm/thread_info.h b/arch/m68k/include/asm/thread_info.h
index c952658ba792..31be2ad999ca 100644
--- a/arch/m68k/include/asm/thread_info.h
+++ b/arch/m68k/include/asm/thread_info.h
@@ -61,6 +61,7 @@ static inline struct thread_info *current_thread_info(void)
 #define TIF_NOTIFY_RESUME	5	/* callback before returning to user */
 #define TIF_SIGPENDING		6	/* signal pending */
 #define TIF_NEED_RESCHED	7	/* rescheduling necessary */
+#define TIF_SECCOMP		13	/* seccomp syscall filtering active */
 #define TIF_DELAYED_TRACE	14	/* single step a syscall */
 #define TIF_SYSCALL_TRACE	15	/* syscall trace active */
 #define TIF_MEMDIE		16	/* is terminating due to OOM killer */
@@ -69,6 +70,7 @@ static inline struct thread_info *current_thread_info(void)
 #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
 #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
 #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
+#define _TIF_SECCOMP		(1 << TIF_SECCOMP)
 #define _TIF_DELAYED_TRACE	(1 << TIF_DELAYED_TRACE)
 #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
 #define _TIF_MEMDIE		(1 << TIF_MEMDIE)
diff --git a/arch/m68k/kernel/entry.S b/arch/m68k/kernel/entry.S
index 42879e6eb651..4dd2fd7acba9 100644
--- a/arch/m68k/kernel/entry.S
+++ b/arch/m68k/kernel/entry.S
@@ -214,6 +214,9 @@ ENTRY(system_call)
 	| syscall trace?
 	tstb	%a1@(TINFO_FLAGS+2)
 	jmi	do_trace_entry
+	| seccomp filter active?
+	btst	#5,%a1@(TINFO_FLAGS+2)
+	bnes	do_trace_entry
 	cmpl	#NR_syscalls,%d0
 	jcc	badsys
 syscall:
diff --git a/arch/m68k/kernel/ptrace.c b/arch/m68k/kernel/ptrace.c
index 0a4184a37461..cd0172d29430 100644
--- a/arch/m68k/kernel/ptrace.c
+++ b/arch/m68k/kernel/ptrace.c
@@ -21,7 +21,7 @@
 #include <linux/signal.h>
 #include <linux/regset.h>
 #include <linux/elf.h>
-
+#include <linux/seccomp.h>
 #include <linux/uaccess.h>
 #include <asm/page.h>
 #include <asm/processor.h>
@@ -278,6 +278,10 @@ asmlinkage int syscall_trace_enter(void)
 
 	if (test_thread_flag(TIF_SYSCALL_TRACE))
 		ret = ptrace_report_syscall_entry(task_pt_regs(current));
+
+	if (secure_computing() == -1)
+		return -1;
+
 	return ret;
 }
 
-- 
2.17.1

[PATCH v13 3/3] tools/testing - seccomp test fixes for m68k

[Michael Schmitz]

Add m68k seccomp definitions to seccomp_bpf self test code.

Tested on ARAnyM.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>

--
Changes from v12:

Michael Karcher:
- use correct definition of ARCH_REGS (use of struct pt_regs
  cause stack overflow on passing register set to user space
  due to size mismatch, and has some register offsets wrong)
---
 tools/testing/selftests/seccomp/seccomp_bpf.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 9c2f448bb3a9..e222dc113c4b 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -138,6 +138,8 @@ struct seccomp_data {
 #  define __NR_seccomp 337
 # elif defined(__sh__)
 #  define __NR_seccomp 372
+# elif defined(__mc68000__)
+#  define __NR_seccomp 380
 # else
 #  warning "seccomp syscall number unknown for this architecture"
 #  define __NR_seccomp 0xffff
@@ -1838,6 +1840,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
 # define ARCH_REGS		struct pt_regs
 # define SYSCALL_NUM(_regs)	(_regs).regs[3]
 # define SYSCALL_RET(_regs)	(_regs).regs[0]
+#elif defined(__mc68000__)
+# define ARCH_REGS	struct user_regs_struct
+# define SYSCALL_NUM(_regs)	(_regs).orig_d0
+# define SYSCALL_RET(_regs)	(_regs).d0
 #else
 # error "Do not know how to find your architecture's registers and syscalls"
 #endif
@@ -1902,7 +1908,7 @@ const bool ptrace_entry_set_syscall_ret =
  * Use PTRACE_GETREGS and PTRACE_SETREGS when available. This is useful for
  * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
  */
-#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__i386__) || defined(__mips__) || defined(__mc68000__)
 # define ARCH_GETREGS(_regs)	ptrace(PTRACE_GETREGS, tracee, 0, &(_regs))
 # define ARCH_SETREGS(_regs)	ptrace(PTRACE_SETREGS, tracee, 0, &(_regs))
 #else
-- 
2.17.1

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Minor correction - it's 81 tests that succeed. Most of the improvement 
due to changes to patch 3. Correcting patch 1 only added two more.

The remainder may well be due to my use of an old m68k cross tool chain 
and old ARAnyM userland. Building the self test against a current system 
version is certainly recommended, Adrian!

Cheers,

	Michael


Am 12.01.2023 um 16:55 schrieb Michael Schmitz:
> Previous version of patch 1 did overwrite a syscall return
> value that was changed by ptrace or seccomp (in regs->d0)
> by -ENOSYS when skipping a syscall. Branch directly to
> ret_from_syscall instead of falling through to badsys (which
> must set -ENOSYS). I'm sure this can be done more elegantly.
>
> Patch 3 used the wrong struct definition for ARCH_REGS - the
> kernel ptrace code copies 19 registers (from syscall stack
> and switch_stack, pt_regs only contains the 14 from the
> syscall stack). Stack overflow ensues.
>
> With these changes, 79 of 94 seccomp_bpf tests now succeed.
>
> Cheers,
>
>    Michael
>
>

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[John Paul Adrian Glaubitz]

Hi!

On 1/12/23 04:55, Michael Schmitz wrote:
> Previous version of patch 1 did overwrite a syscall return
> value that was changed by ptrace or seccomp (in regs->d0)
> by -ENOSYS when skipping a syscall. Branch directly to
> ret_from_syscall instead of falling through to badsys (which
> must set -ENOSYS). I'm sure this can be done more elegantly.
> 
> Patch 3 used the wrong struct definition for ARCH_REGS - the
> kernel ptrace code copies 19 registers (from syscall stack
> and switch_stack, pt_regs only contains the 14 from the
> syscall stack). Stack overflow ensues.
> 
> With these changes, 79 of 94 seccomp_bpf tests now succeed.

I have also opened a PR now to add m68k support to libseccomp [1].

Unfortunately, libseccomp fails to build after I updated the syscalls.csv file
after adding m68k support. It seems that the problem are a number of syscalls
that exist on m68k only:

   CC       libseccomp_la-syscalls.perf.lo
syscalls.perf:152:70: error: '__PNR_getpagesize' undeclared here (not in a function)
   152 | getpagesize,119,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,166,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF
       |                                                                      ^~~~~~~~~~~~~~~~~
syscalls.perf:45:69: error: '__PNR_atomic_cmpxchg_32' undeclared here (not in a function)
    45 | atomic_cmpxchg_32,12,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,335,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF,__PNR_atomic_cmpxchg_32,SCMP_KV_UNDEF
       |                                                                     ^~~~~~~~~~~~~~~~~~~~~~~
syscalls.perf:44:69: error: '__PNR_atomic_barrier' undeclared here (not in a function)
    44 | atomic_barrier,11,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,336,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF,__PNR_atomic_barrier,SCMP_KV_UNDEF
       |                                                                     ^~~~~~~~~~~~~~~~~~~~
make[3]: *** [Makefile:903: libseccomp_la-syscalls.perf.lo] Error 1
make[2]: *** [Makefile:922: all-recursive] Error 1
make[1]: *** [Makefile:524: all-recursive] Error 1
make: *** [Makefile:433: all] Error 2

Adrian

> [1] https://github.com/seccomp/libseccomp/pull/397

-- 
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Hi Adrian,


Am 14.01.2023 um 06:29 schrieb John Paul Adrian Glaubitz:
> Hi!
>
> On 1/12/23 04:55, Michael Schmitz wrote:
>> Previous version of patch 1 did overwrite a syscall return
>> value that was changed by ptrace or seccomp (in regs->d0)
>> by -ENOSYS when skipping a syscall. Branch directly to
>> ret_from_syscall instead of falling through to badsys (which
>> must set -ENOSYS). I'm sure this can be done more elegantly.
>>
>> Patch 3 used the wrong struct definition for ARCH_REGS - the
>> kernel ptrace code copies 19 registers (from syscall stack
>> and switch_stack, pt_regs only contains the 14 from the
>> syscall stack). Stack overflow ensues.
>>
>> With these changes, 79 of 94 seccomp_bpf tests now succeed.
>
> I have also opened a PR now to add m68k support to libseccomp [1].
>
> Unfortunately, libseccomp fails to build after I updated the
> syscalls.csv file
> after adding m68k support. It seems that the problem are a number of
> syscalls
> that exist on m68k only:
>
>   CC       libseccomp_la-syscalls.perf.lo
> syscalls.perf:152:70: error: '__PNR_getpagesize' undeclared here (not in
> a function)
>   152 |
> getpagesize,119,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,166,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF

That one also exists on alpha and sparc. The other two are indeed unique 
to m68k.

There must have been other cases of novel syscalls added to libseccomp 
before?

Cheers,

	Michael

>
> |
> ^~~~~~~~~~~~~~~~~~~~
> make[3]: *** [Makefile:903: libseccomp_la-syscalls.perf.lo] Error 1
> make[2]: *** [Makefile:922: all-recursive] Error 1
> make[1]: *** [Makefile:524: all-recursive] Error 1
> make: *** [Makefile:433: all] Error 2
>
> Adrian
>
>> [1] https://github.com/seccomp/libseccomp/pull/397
>

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[John Paul Adrian Glaubitz]

Hi Michael!

On 1/14/23 01:00, Michael Schmitz wrote:
>> Unfortunately, libseccomp fails to build after I updated the
>> syscalls.csv file
>> after adding m68k support. It seems that the problem are a number of
>> syscalls
>> that exist on m68k only:
>>
>>   CC       libseccomp_la-syscalls.perf.lo
>> syscalls.perf:152:70: error: '__PNR_getpagesize' undeclared here (not in
>> a function)
>>   152 |
>> getpagesize,119,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,166,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF
> 
> That one also exists on alpha and sparc. The other two are indeed unique to m68k.
> 
> There must have been other cases of novel syscalls added to libseccomp before?

Neither alpha nor sparc are supported by libseccomp, so I think that's not an argument.

Adrian

-- 
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Hi Adrian,

Am 16.01.2023 um 22:12 schrieb John Paul Adrian Glaubitz:
> Hi Michael!
>
> On 1/14/23 01:00, Michael Schmitz wrote:
>>> Unfortunately, libseccomp fails to build after I updated the
>>> syscalls.csv file
>>> after adding m68k support. It seems that the problem are a number of
>>> syscalls
>>> that exist on m68k only:
>>>
>>>   CC       libseccomp_la-syscalls.perf.lo
>>> syscalls.perf:152:70: error: '__PNR_getpagesize' undeclared here (not in
>>> a function)
>>>   152 |
>>> getpagesize,119,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,166,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF,__PNR_getpagesize,SCMP_KV_UNDEF
>>>
>>
>> That one also exists on alpha and sparc. The other two are indeed
>> unique to m68k.
>>
>> There must have been other cases of novel syscalls added to libseccomp
>> before?
>
> Neither alpha nor sparc are supported by libseccomp, so I think that's
> not an argument.

Explains why getpagesize still is not handled by libseccomp, then.

Now do any of the other architectures recently added to libseccomp have 
non-standard syscalls? (Trying to work out what commits might hold the 
secret to adding support for new syscalls...)

Cheers,

	Michael

>
> Adrian
>

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[John Paul Adrian Glaubitz]

Hi Michael!

On 1/17/23 03:15, Michael Schmitz wrote:
>>> That one also exists on alpha and sparc. The other two are indeed
>>> unique to m68k.
>>>
>>> There must have been other cases of novel syscalls added to libseccomp
>>> before?
>>
>> Neither alpha nor sparc are supported by libseccomp, so I think that's
>> not an argument.
> 
> Explains why getpagesize still is not handled by libseccomp, then.
> 
> Now do any of the other architectures recently added to libseccomp have non-standard
> syscalls? (Trying to work out what commits might hold the secret to adding support for
> new syscalls...)

This interactive arch-wide chart table should be helpful for finding this out:

> https://marcin.juszkiewicz.com.pl/download/tables/syscalls.html

Adrian

-- 
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Hi Adrian,


On 17/01/23 21:08, John Paul Adrian Glaubitz wrote:
> Hi Michael!
>
> On 1/17/23 03:15, Michael Schmitz wrote:
>>>> That one also exists on alpha and sparc. The other two are indeed
>>>> unique to m68k.
>>>>
>>>> There must have been other cases of novel syscalls added to libseccomp
>>>> before?
>>>
>>> Neither alpha nor sparc are supported by libseccomp, so I think that's
>>> not an argument.
>>
>> Explains why getpagesize still is not handled by libseccomp, then.
>>
>> Now do any of the other architectures recently added to libseccomp 
>> have non-standard
>> syscalls? (Trying to work out what commits might hold the secret to 
>> adding support for
>> new syscalls...)
>
> This interactive arch-wide chart table should be helpful for finding 
> this out:
>
>> https://marcin.juszkiewicz.com.pl/download/tables/syscalls.html

Look at include/seccomp-syscalls.h - I'd add the missing syscalls after 
this one:

#define __PNR_memfd_secret                      -10244

(pseudo syscall numbers for the other architectures)

plus appropriate boilerplate such as this:

#ifdef __NR_memfd_secret
#define __SNR_memfd_secret              __NR_memfd_secret
#else
#define __SNR_memfd_secret              __PNR_memfd_secret
#endif

(actual syscall numbers from our arch/m68k/include/uapi/asm/unistd-32.h 
used).

Just looked at the source, didn't try to build anything so I may be 
missing something crucial here...

Cheers,

     Michael


>
> Adrian
>

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[John Paul Adrian Glaubitz]

Hi Michael

On 1/18/23 00:25, Michael Schmitz wrote:
> Look at include/seccomp-syscalls.h - I'd add the missing syscalls after this one:
> 
> #define __PNR_memfd_secret                      -10244
> 
> (pseudo syscall numbers for the other architectures)
> 
> plus appropriate boilerplate such as this:
> 
> #ifdef __NR_memfd_secret
> #define __SNR_memfd_secret              __NR_memfd_secret
> #else
> #define __SNR_memfd_secret              __PNR_memfd_secret
> #endif
> 
> (actual syscall numbers from our arch/m68k/include/uapi/asm/unistd-32.h used).
> 
> Just looked at the source, didn't try to build anything so I may be missing something crucial here...

Good catch, thank you! I added the missing definitions and it builds fine now.

Will test against a kernel with your patches now.

Adrian

-- 
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[John Paul Adrian Glaubitz]

[-- Attachment #1: Type: text/plain, Size: 483 bytes --]

Hi Michael!

On 1/18/23 09:30, John Paul Adrian Glaubitz wrote:
> Good catch, thank you! I added the missing definitions and it builds fine now.
> 
> Will test against a kernel with your patches now.

libseccomp testsuite now fully passes on m68k, see attached.

@Geert: Any chance you can approve the seccomp patches?

Thanks,
Adrian

-- 
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

[-- Attachment #2: seccomp-m68k-20230118.log.gz --]
[-- Type: application/gzip, Size: 17871 bytes --]

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

Hi Adrian,

On 18/01/23 22:43, John Paul Adrian Glaubitz wrote:
> Hi Michael!
>
> On 1/18/23 09:30, John Paul Adrian Glaubitz wrote:
>> Good catch, thank you! I added the missing definitions and it builds 
>> fine now.
>>
>> Will test against a kernel with your patches now.
>
> libseccomp testsuite now fully passes on m68k, see attached.

Great - you haven't had a chance to compile the kernel selftest suite 
for seccomp though?

I wonder whether some of the 'architecture difference' skipped tests are 
related to the remaining seccomp_bpf self test faults??

>
> @Geert: Any chance you can approve the seccomp patches?

Now that we have m68k support for libseccomp, getting this merged is no 
longer purely academic.

Both Al Viro and Andreas Schwab had provided feedback and improvements - 
could you perhaps review the latest version again (v13) if that's what 
is holding this up?

Cheers,

     Michael


>
> Thanks,
> Adrian
>

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[John Paul Adrian Glaubitz]

Hi!

On 1/18/23 23:21, Michael Schmitz wrote:
>> libseccomp testsuite now fully passes on m68k, see attached.
> 
> Great - you haven't had a chance to compile the kernel selftest suite for seccomp though?

I haven't looked into this yet.

> I wonder whether some of the 'architecture difference' skipped tests are related to the remaining seccomp_bpf self test faults??

I actually forgot to enable some tests on m68k in libseccomp.

After my most recent changes, there is a large number of tests being run now without errors.

> https://github.com/glaubitz/libseccomp/tree/m68k

>> @Geert: Any chance you can approve the seccomp patches?
> 
> Now that we have m68k support for libseccomp, getting this merged is no longer purely academic.
> 
> Both Al Viro and Andreas Schwab had provided feedback and improvements - could you perhaps review
> the latest version again (v13) if that's what is holding this up?

@Andreas: Please use my Github branch if you want to test libseccomp as well.

Thanks,
Adrian

-- 
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[John Paul Adrian Glaubitz]

Hi!

On 1/19/23 10:18, John Paul Adrian Glaubitz wrote:
>> Now that we have m68k support for libseccomp, getting this merged is no longer purely academic.
>>
>> Both Al Viro and Andreas Schwab had provided feedback and improvements - could you perhaps review
>> the latest version again (v13) if that's what is holding this up?
> 
> @Andreas: Please use my Github branch if you want to test libseccomp as well.

libseccomp upstream is now waiting for the kernel patches to be merged, see [1].

Adrian

> [1] https://github.com/seccomp/libseccomp/pull/397

-- 
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH v13 1/3] m68k/kernel - check syscall_trace_enter() return code on m68k

[Geert Uytterhoeven]

On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Check return code of syscall_trace_enter(), and skip syscall
> if -1. Return code will be left at what had been set by
> ptrace or seccomp (in regs->d0).
>
> No regression seen in testing with strace on ARAnyM.
>
> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>
> --
> Changes from v12:
>
> - prevent overwriting the syscall return value after change
>   by ptrace or seccomp on 68020+

Thanks for the update!
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
i.e. will queue in renesas-devel for v6.3.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v13 1/3] m68k/kernel - check syscall_trace_enter() return code on m68k

[Geert Uytterhoeven]

On Sun, Jan 22, 2023 at 5:35 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> > Check return code of syscall_trace_enter(), and skip syscall
> > if -1. Return code will be left at what had been set by
> > ptrace or seccomp (in regs->d0).
> >
> > No regression seen in testing with strace on ARAnyM.
> >
> > Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
> >
> > --
> > Changes from v12:
> >
> > - prevent overwriting the syscall return value after change
> >   by ptrace or seccomp on 68020+
>
> Thanks for the update!
> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
> i.e. will queue in renesas-devel for v6.3.

Doh...

Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
i.e. will queue in the m68k for-v6.3 branch.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v13 2/3] m68k: add kernel seccomp support

[Geert Uytterhoeven]

On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Add secure_computing() call to syscall_trace_enter to actually
> filter system calls.
>
> Add necessary arch Kconfig options, define TIF_SECCOMP trace
> flag and provide basic seccomp filter support in asm/syscall.h
>
> syscall_get_nr currently uses the syscall nr stored in orig_d0
> because we change d0 to a default return code before starting a
> syscall trace. This may be inconsistent with syscall_rollback
> copying orig_d0 to d0 (which we never check upon return from
> trace). We use d0 for the return code from syscall_trace_enter
> in entry.S currently, and could perhaps expand that to store
> a new syscall number returned by the seccomp filter before
> executing the syscall. This clearly needs some discussion.
>
> seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.
>
> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>

Thanks for your patch!

Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
i.e. will queue in the m68k for-v6.3 branch.

> --- a/arch/m68k/include/asm/syscall.h
> +++ b/arch/m68k/include/asm/syscall.h

> +static inline void syscall_set_return_value(struct task_struct *task,
> +                                           struct pt_regs *regs,
> +                                           int error, long val)
> +{
> +       regs->d0 = (long) error ? error : val;

I'll change this to "(long)error ?: val" while applying.

> +}
> +

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v13 2/3] m68k: add kernel seccomp support

[John Paul Adrian Glaubitz]

On 1/22/23 17:37, Geert Uytterhoeven wrote:
> On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
> 
> Thanks for your patch!
> 
> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
> i.e. will queue in the m68k for-v6.3 branch.

Very cool to see this finally getting merged.

Adrian

-- 
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH v13 3/3] tools/testing - seccomp test fixes for m68k

[Geert Uytterhoeven]

CC linux-kselftest

On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> Add m68k seccomp definitions to seccomp_bpf self test code.
>
> Tested on ARAnyM.
>
> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
>
> --
> Changes from v12:
>
> Michael Karcher:
> - use correct definition of ARCH_REGS (use of struct pt_regs
>   cause stack overflow on passing register set to user space
>   due to size mismatch, and has some register offsets wrong)

Thanks for the update!
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
i.e. will queue in the m68k for-v6.3 branch.

> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -138,6 +138,8 @@ struct seccomp_data {
>  #  define __NR_seccomp 337
>  # elif defined(__sh__)
>  #  define __NR_seccomp 372
> +# elif defined(__mc68000__)
> +#  define __NR_seccomp 380
>  # else
>  #  warning "seccomp syscall number unknown for this architecture"
>  #  define __NR_seccomp 0xffff
> @@ -1838,6 +1840,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
>  # define ARCH_REGS             struct pt_regs
>  # define SYSCALL_NUM(_regs)    (_regs).regs[3]
>  # define SYSCALL_RET(_regs)    (_regs).regs[0]
> +#elif defined(__mc68000__)
> +# define ARCH_REGS     struct user_regs_struct
> +# define SYSCALL_NUM(_regs)    (_regs).orig_d0
> +# define SYSCALL_RET(_regs)    (_regs).d0
>  #else
>  # error "Do not know how to find your architecture's registers and syscalls"
>  #endif
> @@ -1902,7 +1908,7 @@ const bool ptrace_entry_set_syscall_ret =
>   * Use PTRACE_GETREGS and PTRACE_SETREGS when available. This is useful for
>   * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
>   */
> -#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
> +#if defined(__x86_64__) || defined(__i386__) || defined(__mips__) || defined(__mc68000__)
>  # define ARCH_GETREGS(_regs)   ptrace(PTRACE_GETREGS, tracee, 0, &(_regs))
>  # define ARCH_SETREGS(_regs)   ptrace(PTRACE_SETREGS, tracee, 0, &(_regs))
>  #else

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v13 2/3] m68k: add kernel seccomp support

[Michael Schmitz]

Thanks Geert,

On 23/01/23 05:37, Geert Uytterhoeven wrote:
> On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
>> Add secure_computing() call to syscall_trace_enter to actually
>> filter system calls.
>>
>> Add necessary arch Kconfig options, define TIF_SECCOMP trace
>> flag and provide basic seccomp filter support in asm/syscall.h
>>
>> syscall_get_nr currently uses the syscall nr stored in orig_d0
>> because we change d0 to a default return code before starting a
>> syscall trace. This may be inconsistent with syscall_rollback
>> copying orig_d0 to d0 (which we never check upon return from
>> trace). We use d0 for the return code from syscall_trace_enter
>> in entry.S currently, and could perhaps expand that to store
>> a new syscall number returned by the seccomp filter before
>> executing the syscall. This clearly needs some discussion.
>>
>> seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.
>>
>> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
> Thanks for your patch!
>
> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
> i.e. will queue in the m68k for-v6.3 branch.
>
>> --- a/arch/m68k/include/asm/syscall.h
>> +++ b/arch/m68k/include/asm/syscall.h
>> +static inline void syscall_set_return_value(struct task_struct *task,
>> +                                           struct pt_regs *regs,
>> +                                           int error, long val)
>> +{
>> +       regs->d0 = (long) error ? error : val;
> I'll change this to "(long)error ?: val" while applying.

Sure - could you also update the commit message that I forgot to change? 
It's 81 out of 94 tests now.

Many thanks also to Adrian for his libseccomp port work!

Cheers,

     Michael


>> +}
>> +
> Gr{oetje,eeting}s,
>
>                          Geert
>
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
>
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                  -- Linus Torvalds

Re: [PATCH v13 2/3] m68k: add kernel seccomp support

[Geert Uytterhoeven]

Hi Michael,

On Sun, Jan 22, 2023 at 7:12 PM Michael Schmitz <schmitzmic@gmail.com> wrote:
> On 23/01/23 05:37, Geert Uytterhoeven wrote:
> > On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@gmail.com> wrote:
> >> Add secure_computing() call to syscall_trace_enter to actually
> >> filter system calls.
> >>
> >> Add necessary arch Kconfig options, define TIF_SECCOMP trace
> >> flag and provide basic seccomp filter support in asm/syscall.h
> >>
> >> syscall_get_nr currently uses the syscall nr stored in orig_d0
> >> because we change d0 to a default return code before starting a
> >> syscall trace. This may be inconsistent with syscall_rollback
> >> copying orig_d0 to d0 (which we never check upon return from
> >> trace). We use d0 for the return code from syscall_trace_enter
> >> in entry.S currently, and could perhaps expand that to store
> >> a new syscall number returned by the seccomp filter before
> >> executing the syscall. This clearly needs some discussion.
> >>
> >> seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.
> >>
> >> Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
> > Thanks for your patch!
> >
> > Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
> > i.e. will queue in the m68k for-v6.3 branch.
> >
> >> --- a/arch/m68k/include/asm/syscall.h
> >> +++ b/arch/m68k/include/asm/syscall.h
> >> +static inline void syscall_set_return_value(struct task_struct *task,
> >> +                                           struct pt_regs *regs,
> >> +                                           int error, long val)
> >> +{
> >> +       regs->d0 = (long) error ? error : val;
> > I'll change this to "(long)error ?: val" while applying.
>
> Sure - could you also update the commit message that I forgot to change?
> It's 81 out of 94 tests now.

Np, will do so (tomorrow).

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[Kees Cook]

On Thu, Jan 12, 2023 at 04:55:26PM +1300, Michael Schmitz wrote:
> Previous version of patch 1 did overwrite a syscall return
> value that was changed by ptrace or seccomp (in regs->d0)
> by -ENOSYS when skipping a syscall. Branch directly to
> ret_from_syscall instead of falling through to badsys (which
> must set -ENOSYS). I'm sure this can be done more elegantly.
> 
> Patch 3 used the wrong struct definition for ARCH_REGS - the
> kernel ptrace code copies 19 registers (from syscall stack
> and switch_stack, pt_regs only contains the 14 from the
> syscall stack). Stack overflow ensues.

Hi,

Thanks for expanding seccomp support to m68k! I happened to see this
land in Linus's tree, but it was news to me that it was under
development. Please use scripts/get_maintainers.pl in the future:

SECURE COMPUTING
M:      Kees Cook <keescook@chromium.org>
R:      Andy Lutomirski <luto@amacapital.net>
R:      Will Drewry <wad@chromium.org>
S:      Supported
T:      git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/seccomp
F:      Documentation/userspace-api/seccomp_filter.rst
F:      include/linux/seccomp.h
F:      include/uapi/linux/seccomp.h
F:      kernel/seccomp.c
F:      tools/testing/selftests/kselftest_harness.h
F:      tools/testing/selftests/seccomp/*
K:      \bsecure_computing
K:      \bTIF_SECCOMP\b

> With these changes, 79 of 94 seccomp_bpf tests now succeed.

I'm curious which tests are not passing?

Thanks!

-Kees

-- 
Kees Cook

Re: [PATCH v13 0/3] Add kernel seccomp support for m68k

[Michael Schmitz]

[-- Attachment #1: Type: text/plain, Size: 2377 bytes --]

Hi Kees,

Am 28.02.2023 um 09:45 schrieb Kees Cook:
> On Thu, Jan 12, 2023 at 04:55:26PM +1300, Michael Schmitz wrote:
>> Previous version of patch 1 did overwrite a syscall return
>> value that was changed by ptrace or seccomp (in regs->d0)
>> by -ENOSYS when skipping a syscall. Branch directly to
>> ret_from_syscall instead of falling through to badsys (which
>> must set -ENOSYS). I'm sure this can be done more elegantly.
>>
>> Patch 3 used the wrong struct definition for ARCH_REGS - the
>> kernel ptrace code copies 19 registers (from syscall stack
>> and switch_stack, pt_regs only contains the 14 from the
>> syscall stack). Stack overflow ensues.
>
> Hi,
>
> Thanks for expanding seccomp support to m68k! I happened to see this
> land in Linus's tree, but it was news to me that it was under
> development. Please use scripts/get_maintainers.pl in the future:

This has been slowly progressed over the past three years, following a 
nudge from Adrian. Most everything was contained in arch/m68k, and I 
don't need get_maintainers.pl to find out Geert's address :-) The 
selftest patches were an afterthought, should have kept you in the loop 
there.

>
> SECURE COMPUTING
> M:      Kees Cook <keescook@chromium.org>
> R:      Andy Lutomirski <luto@amacapital.net>
> R:      Will Drewry <wad@chromium.org>
> S:      Supported
> T:      git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/seccomp
> F:      Documentation/userspace-api/seccomp_filter.rst
> F:      include/linux/seccomp.h
> F:      include/uapi/linux/seccomp.h
> F:      kernel/seccomp.c
> F:      tools/testing/selftests/kselftest_harness.h
> F:      tools/testing/selftests/seccomp/*
> K:      \bsecure_computing
> K:      \bTIF_SECCOMP\b
>
>> With these changes, 79 of 94 seccomp_bpf tests now succeed.
>
> I'm curious which tests are not passing?

See attached log - it's actually 81 tests passing in the merged version. 
The test system isn't up to date with libraries and stuff in any real 
sense, and I had to disable a few of the tests. Either may well explain 
a few of the failing tests.

Any hints on how to address the remaining failures welcome, of course.

Adrian did report all libseccomp tests passed (see 
https://github.com/seccomp/libseccomp/pull/397), and he may have run the 
kernel selftests on a current system.

Cheers,

	Michael


>
> Thanks!
>
> -Kees
>

[-- Attachment #2: seccomp-6.2rc3-v12-saverc.out --]
[-- Type: text/plain, Size: 17382 bytes --]

TAP version 13
1..94
# Starting 94 tests from 8 test cases.
#  RUN           TRAP.dfl ...
#            OK  TRAP.dfl
ok 1 TRAP.dfl
#  RUN           TRAP.ign ...
#            OK  TRAP.ign
ok 2 TRAP.ign
#  RUN           TRAP.handler ...
#            OK  TRAP.handler
ok 3 TRAP.handler
#  RUN           precedence.allow_ok ...
#            OK  precedence.allow_ok
ok 4 precedence.allow_ok
#  RUN           precedence.kill_is_highest ...
#            OK  precedence.kill_is_highest
ok 5 precedence.kill_is_highest
#  RUN           precedence.kill_is_highest_in_any_order ...
#            OK  precedence.kill_is_highest_in_any_order
ok 6 precedence.kill_is_highest_in_any_order
#  RUN           precedence.trap_is_second ...
#            OK  precedence.trap_is_second
ok 7 precedence.trap_is_second
#  RUN           precedence.trap_is_second_in_any_order ...
#            OK  precedence.trap_is_second_in_any_order
ok 8 precedence.trap_is_second_in_any_order
#  RUN           precedence.errno_is_third ...
#            OK  precedence.errno_is_third
ok 9 precedence.errno_is_third
#  RUN           precedence.errno_is_third_in_any_order ...
#            OK  precedence.errno_is_third_in_any_order
ok 10 precedence.errno_is_third_in_any_order
#  RUN           precedence.trace_is_fourth ...
#            OK  precedence.trace_is_fourth
ok 11 precedence.trace_is_fourth
#  RUN           precedence.trace_is_fourth_in_any_order ...
#            OK  precedence.trace_is_fourth_in_any_order
ok 12 precedence.trace_is_fourth_in_any_order
#  RUN           precedence.log_is_fifth ...
#            OK  precedence.log_is_fifth
ok 13 precedence.log_is_fifth
#  RUN           precedence.log_is_fifth_in_any_order ...
#            OK  precedence.log_is_fifth_in_any_order
ok 14 precedence.log_is_fifth_in_any_order
#  RUN           TRACE_poke.read_has_side_effects ...
#            OK  TRACE_poke.read_has_side_effects
ok 15 TRACE_poke.read_has_side_effects
#  RUN           TRACE_poke.getpid_runs_normally ...
#            OK  TRACE_poke.getpid_runs_normally
ok 16 TRACE_poke.getpid_runs_normally
#  RUN           TRACE_syscall.ptrace.negative_ENOSYS ...
#            OK  TRACE_syscall.ptrace.negative_ENOSYS
ok 17 TRACE_syscall.ptrace.negative_ENOSYS
#  RUN           TRACE_syscall.ptrace.syscall_allowed ...
#            OK  TRACE_syscall.ptrace.syscall_allowed
ok 18 TRACE_syscall.ptrace.syscall_allowed
#  RUN           TRACE_syscall.ptrace.syscall_redirected ...
#            OK  TRACE_syscall.ptrace.syscall_redirected
ok 19 TRACE_syscall.ptrace.syscall_redirected
#  RUN           TRACE_syscall.ptrace.syscall_errno ...
#            OK  TRACE_syscall.ptrace.syscall_errno
ok 20 TRACE_syscall.ptrace.syscall_errno
#  RUN           TRACE_syscall.ptrace.syscall_faked ...
#            OK  TRACE_syscall.ptrace.syscall_faked
ok 21 TRACE_syscall.ptrace.syscall_faked
#  RUN           TRACE_syscall.ptrace.kill_immediate ...
#            OK  TRACE_syscall.ptrace.kill_immediate
ok 22 TRACE_syscall.ptrace.kill_immediate
#  RUN           TRACE_syscall.ptrace.skip_after ...
#            OK  TRACE_syscall.ptrace.skip_after
ok 23 TRACE_syscall.ptrace.skip_after
#  RUN           TRACE_syscall.ptrace.kill_after ...
#            OK  TRACE_syscall.ptrace.kill_after
ok 24 TRACE_syscall.ptrace.kill_after
#  RUN           TRACE_syscall.seccomp.negative_ENOSYS ...
#            OK  TRACE_syscall.seccomp.negative_ENOSYS
ok 25 TRACE_syscall.seccomp.negative_ENOSYS
#  RUN           TRACE_syscall.seccomp.syscall_allowed ...
#            OK  TRACE_syscall.seccomp.syscall_allowed
ok 26 TRACE_syscall.seccomp.syscall_allowed
#  RUN           TRACE_syscall.seccomp.syscall_redirected ...
#            OK  TRACE_syscall.seccomp.syscall_redirected
ok 27 TRACE_syscall.seccomp.syscall_redirected
#  RUN           TRACE_syscall.seccomp.syscall_errno ...
#            OK  TRACE_syscall.seccomp.syscall_errno
ok 28 TRACE_syscall.seccomp.syscall_errno
#  RUN           TRACE_syscall.seccomp.syscall_faked ...
#            OK  TRACE_syscall.seccomp.syscall_faked
ok 29 TRACE_syscall.seccomp.syscall_faked
#  RUN           TRACE_syscall.seccomp.kill_immediate ...
#            OK  TRACE_syscall.seccomp.kill_immediate
ok 30 TRACE_syscall.seccomp.kill_immediate
#  RUN           TRACE_syscall.seccomp.skip_after ...
#            OK  TRACE_syscall.seccomp.skip_after
ok 31 TRACE_syscall.seccomp.skip_after
#  RUN           TRACE_syscall.seccomp.kill_after ...
#            OK  TRACE_syscall.seccomp.kill_after
ok 32 TRACE_syscall.seccomp.kill_after
#  RUN           TSYNC.siblings_fail_prctl ...
#            OK  TSYNC.siblings_fail_prctl
ok 33 TSYNC.siblings_fail_prctl
#  RUN           TSYNC.two_siblings_with_ancestor ...
# seccomp_bpf.c:2710:two_siblings_with_ancestor:Expected 0x0 (0) == (long)status (195935983)
# seccomp_bpf.c:2712:two_siblings_with_ancestor:Expected 0x0 (0) == (long)status (195935983)
# two_siblings_with_ancestor: Test failed at step #8
#          FAIL  TSYNC.two_siblings_with_ancestor
not ok 34 TSYNC.two_siblings_with_ancestor
#  RUN           TSYNC.two_sibling_want_nnp ...
#            OK  TSYNC.two_sibling_want_nnp
ok 35 TSYNC.two_sibling_want_nnp
#  RUN           TSYNC.two_siblings_with_no_filter ...
# seccomp_bpf.c:2776:two_siblings_with_no_filter:Expected 0x0 (0) == (long)status (195952365)
# seccomp_bpf.c:2778:two_siblings_with_no_filter:Expected 0x0 (0) == (long)status (195952365)
# two_siblings_with_no_filter: Test failed at step #7
#          FAIL  TSYNC.two_siblings_with_no_filter
not ok 36 TSYNC.two_siblings_with_no_filter
#  RUN           TSYNC.two_siblings_with_one_divergence ...
# seccomp_bpf.c:2808:two_siblings_with_one_divergence:Expected self->sibling[0].system_tid (2733) == ret (0)
# seccomp_bpf.c:2809:two_siblings_with_one_divergence:Did not fail on diverged sibling.
# two_siblings_with_one_divergence: Test terminated unexpectedly by signal 9
#          FAIL  TSYNC.two_siblings_with_one_divergence
not ok 37 TSYNC.two_siblings_with_one_divergence
#  RUN           TSYNC.two_siblings_with_one_divergence_no_tid_in_err ...
# seccomp_bpf.c:2854:two_siblings_with_one_divergence_no_tid_in_err:Expected ESRCH (3) == errno (0)
# seccomp_bpf.c:2855:two_siblings_with_one_divergence_no_tid_in_err:Did not return ESRCH for diverged sibling.
# two_siblings_with_one_divergence_no_tid_in_err: Test terminated unexpectedly by signal 9
#          FAIL  TSYNC.two_siblings_with_one_divergence_no_tid_in_err
not ok 38 TSYNC.two_siblings_with_one_divergence_no_tid_in_err
#  RUN           TSYNC.two_siblings_not_under_filter ...
# seccomp_bpf.c:2910:two_siblings_not_under_filter:Expected ret (0) == self->sibling[0].system_tid (2743)
# seccomp_bpf.c:2911:two_siblings_not_under_filter:Did not fail on diverged sibling.
# two_siblings_not_under_filter: Test terminated unexpectedly by signal 9
#          FAIL  TSYNC.two_siblings_not_under_filter
not ok 39 TSYNC.two_siblings_not_under_filter
#  RUN           O_SUSPEND_SECCOMP.setoptions ...
#      SKIP      Kernel does not support PTRACE_O_SUSPEND_SECCOMP (missing CONFIG_CHECKPOINT_RESTORE?)
#            OK  O_SUSPEND_SECCOMP.setoptions
ok 40 # SKIP Kernel does not support PTRACE_O_SUSPEND_SECCOMP (missing CONFIG_CHECKPOINT_RESTORE?)
#  RUN           O_SUSPEND_SECCOMP.seize ...
#      SKIP      Kernel does not support PTRACE_O_SUSPEND_SECCOMP (missing CONFIG_CHECKPOINT_RESTORE?)
#            OK  O_SUSPEND_SECCOMP.seize
ok 41 # SKIP Kernel does not support PTRACE_O_SUSPEND_SECCOMP (missing CONFIG_CHECKPOINT_RESTORE?)
#  RUN           global.kcmp ...
# seccomp_bpf.c:329:kcmp:Expected ret (-1) == 0 (0)
#      SKIP      Kernel does not support kcmp() (missing CONFIG_KCMP?)
#            OK  global.kcmp
ok 42 # SKIP Kernel does not support kcmp() (missing CONFIG_KCMP?)
#  RUN           global.mode_strict_support ...
#            OK  global.mode_strict_support
ok 43 global.mode_strict_support
#  RUN           global.mode_strict_cannot_call_prctl ...
#            OK  global.mode_strict_cannot_call_prctl
ok 44 global.mode_strict_cannot_call_prctl
#  RUN           global.no_new_privs_support ...
#            OK  global.no_new_privs_support
ok 45 global.no_new_privs_support
#  RUN           global.mode_filter_support ...
#            OK  global.mode_filter_support
ok 46 global.mode_filter_support
#  RUN           global.filter_size_limits ...
#            OK  global.filter_size_limits
ok 47 global.filter_size_limits
#  RUN           global.filter_chain_limits ...
#            OK  global.filter_chain_limits
ok 48 global.filter_chain_limits
#  RUN           global.mode_filter_cannot_move_to_strict ...
#            OK  global.mode_filter_cannot_move_to_strict
ok 49 global.mode_filter_cannot_move_to_strict
#  RUN           global.mode_filter_get_seccomp ...
#            OK  global.mode_filter_get_seccomp
ok 50 global.mode_filter_get_seccomp
#  RUN           global.ALLOW_all ...
#            OK  global.ALLOW_all
ok 51 global.ALLOW_all
#  RUN           global.empty_prog ...
#            OK  global.empty_prog
ok 52 global.empty_prog
#  RUN           global.log_all ...
#            OK  global.log_all
ok 53 global.log_all
#  RUN           global.unknown_ret_is_kill_inside ...
#            OK  global.unknown_ret_is_kill_inside
ok 54 global.unknown_ret_is_kill_inside
#  RUN           global.unknown_ret_is_kill_above_allow ...
#            OK  global.unknown_ret_is_kill_above_allow
ok 55 global.unknown_ret_is_kill_above_allow
#  RUN           global.KILL_all ...
#            OK  global.KILL_all
ok 56 global.KILL_all
#  RUN           global.KILL_one ...
#            OK  global.KILL_one
ok 57 global.KILL_one
#  RUN           global.KILL_one_arg_one ...
# seccomp_bpf.c:693:KILL_one_arg_one:Expected 0 (0) == syscall(__NR_times, &fatal_address) (43917)
# KILL_one_arg_one: Test exited normally instead of by signal (code: 3)
#          FAIL  global.KILL_one_arg_one
not ok 58 global.KILL_one_arg_one
#  RUN           global.KILL_one_arg_six ...
# seccomp_bpf.c:738:KILL_one_arg_six:Expected MAP_FAILED (4294967295) != map1 (4294967295)
# KILL_one_arg_six: Test exited normally instead of by signal (code: 5)
#          FAIL  global.KILL_one_arg_six
not ok 59 global.KILL_one_arg_six
#  RUN           global.KILL_thread ...
# seccomp_bpf.c:848:KILL_thread:Expected 0 (0) != WIFEXITED(status) (0)
# KILL_thread: Test terminated by assertion
#          FAIL  global.KILL_thread
not ok 60 global.KILL_thread
#  RUN           global.KILL_process ...
#            OK  global.KILL_process
ok 61 global.KILL_process
#  RUN           global.KILL_unknown ...
#            OK  global.KILL_unknown
ok 62 global.KILL_unknown
#  RUN           global.arg_out_of_range ...
#            OK  global.arg_out_of_range
ok 63 global.arg_out_of_range
#  RUN           global.ERRNO_valid ...
#            OK  global.ERRNO_valid
ok 64 global.ERRNO_valid
#  RUN           global.ERRNO_zero ...
#            OK  global.ERRNO_zero
ok 65 global.ERRNO_zero
#  RUN           global.ERRNO_capped ...
#            OK  global.ERRNO_capped
ok 66 global.ERRNO_capped
#  RUN           global.ERRNO_order ...
#            OK  global.ERRNO_order
ok 67 global.ERRNO_order
#  RUN           global.negative_ENOSYS ...
#            OK  global.negative_ENOSYS
ok 68 global.negative_ENOSYS
#  RUN           global.seccomp_syscall ...
#            OK  global.seccomp_syscall
ok 69 global.seccomp_syscall
#  RUN           global.seccomp_syscall_mode_lock ...
#            OK  global.seccomp_syscall_mode_lock
ok 70 global.seccomp_syscall_mode_lock
#  RUN           global.detect_seccomp_filter_flags ...
#            OK  global.detect_seccomp_filter_flags
ok 71 global.detect_seccomp_filter_flags
#  RUN           global.TSYNC_first ...
#            OK  global.TSYNC_first
ok 72 global.TSYNC_first
#  RUN           global.syscall_restart ...
#            OK  global.syscall_restart
ok 73 global.syscall_restart
#  RUN           global.filter_flag_log ...
#            OK  global.filter_flag_log
ok 74 global.filter_flag_log
#  RUN           global.get_action_avail ...
#            OK  global.get_action_avail
ok 75 global.get_action_avail
#  RUN           global.get_metadata ...
# seccomp_bpf.c:3285:get_metadata:Expected sizeof(md) (16) == ret (-1)
#      SKIP      Kernel does not support PTRACE_SECCOMP_GET_METADATA (missing CONFIG_CHECKPOINT_RESTORE?)
#            OK  global.get_metadata
ok 76 # SKIP Kernel does not support PTRACE_SECCOMP_GET_METADATA (missing CONFIG_CHECKPOINT_RESTORE?)
#  RUN           global.user_notification_basic ...
#            OK  global.user_notification_basic
ok 77 global.user_notification_basic
#  RUN           global.user_notification_with_tsync ...
#            OK  global.user_notification_with_tsync
ok 78 global.user_notification_with_tsync
#  RUN           global.user_notification_kill_in_middle ...
#            OK  global.user_notification_kill_in_middle
ok 79 global.user_notification_kill_in_middle
#  RUN           global.user_notification_signal ...
#            OK  global.user_notification_signal
ok 80 global.user_notification_signal
#  RUN           global.user_notification_closed_listener ...
#            OK  global.user_notification_closed_listener
ok 81 global.user_notification_closed_listener
#  RUN           global.user_notification_child_pid_ns ...
# seccomp_bpf.c:3620:user_notification_child_pid_ns:Expected unshare(CLONE_NEWUSER | CLONE_NEWPID) (-1) == 0 (0)
#      SKIP      kernel missing CLONE_NEWUSER support
#            OK  global.user_notification_child_pid_ns
ok 82 # SKIP kernel missing CLONE_NEWUSER support
#  RUN           global.user_notification_sibling_pid_ns ...
# seccomp_bpf.c:3688:user_notification_sibling_pid_ns:Expected unshare(CLONE_NEWPID) (-1) == 0 (0)
# user_notification_sibling_pid_ns: Test terminated by assertion
# seccomp_bpf.c:3673:user_notification_sibling_pid_ns:Expected unshare(CLONE_NEWPID) (-1) == 0 (0)
#          FAIL  global.user_notification_sibling_pid_ns
not ok 83 global.user_notification_sibling_pid_ns
#  RUN           global.user_notification_fault_recv ...
# seccomp_bpf.c:3731:user_notification_fault_recv:Expected unshare(CLONE_NEWUSER) (-1) == 0 (0)
#      SKIP      kernel missing CLONE_NEWUSER support
#            OK  global.user_notification_fault_recv
ok 84 # SKIP kernel missing CLONE_NEWUSER support
#  RUN           global.seccomp_get_notif_sizes ...
#            OK  global.seccomp_get_notif_sizes
ok 85 global.seccomp_get_notif_sizes
#  RUN           global.user_notification_continue ...
# seccomp_bpf.c:3805:user_notification_continue:kcmp() syscall missing (test is less accurate)
#            OK  global.user_notification_continue
ok 86 global.user_notification_continue
#  RUN           global.user_notification_filter_empty ...
#            OK  global.user_notification_filter_empty
ok 87 global.user_notification_filter_empty
#  RUN           global.user_notification_filter_empty_threaded ...
# user_notification_filter_empty_threaded: Test terminated by timeout
#          FAIL  global.user_notification_filter_empty_threaded
not ok 88 global.user_notification_filter_empty_threaded
#  RUN           global.user_notification_addfd ...
# seccomp_bpf.c:4020:user_notification_addfd:Expected listener (3) == nextfd++ (1)
# user_notification_addfd: Test terminated by assertion
#          FAIL  global.user_notification_addfd
not ok 89 global.user_notification_addfd
#  RUN           global.user_notification_addfd_rlimit ...
# seccomp_bpf.c:4195:user_notification_addfd_rlimit:Expected ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd) (4) == -1 (-1)
# seccomp_bpf.c:4196:user_notification_addfd_rlimit:Expected errno (0) == EMFILE (24)
# seccomp_bpf.c:4199:user_notification_addfd_rlimit:Expected ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd) (5) == -1 (-1)
# seccomp_bpf.c:4200:user_notification_addfd_rlimit:Expected errno (0) == EMFILE (24)
# seccomp_bpf.c:4205:user_notification_addfd_rlimit:Expected errno (2) == EBADF (9)
# seccomp_bpf.c:4211:user_notification_addfd_rlimit:Expected ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp) (-1) == 0 (0)
# seccomp_bpf.c:4216:user_notification_addfd_rlimit:Expected 0 (0) == WEXITSTATUS(status) (1)
# user_notification_addfd_rlimit: Test failed at step #6
#          FAIL  global.user_notification_addfd_rlimit
not ok 90 global.user_notification_addfd_rlimit
#  RUN           global.user_notification_fifo ...
#            OK  global.user_notification_fifo
ok 91 global.user_notification_fifo
#  RUN           global.user_notification_wait_killable_pre_notification ...
# seccomp_bpf.c:4290:user_notification_wait_killable_pre_notification:Expected f (0) != NULL (0)
# seccomp_bpf.c:4291:user_notification_wait_killable_pre_notification:Could not open /proc/2902/syscall: No such file or directory
# user_notification_wait_killable_pre_notification: Test terminated by assertion
#          FAIL  global.user_notification_wait_killable_pre_notification
not ok 92 global.user_notification_wait_killable_pre_notification
#  RUN           global.user_notification_wait_killable ...
#            OK  global.user_notification_wait_killable
ok 93 global.user_notification_wait_killable
#  RUN           global.user_notification_wait_killable_fatal ...
#            OK  global.user_notification_wait_killable_fatal
ok 94 global.user_notification_wait_killable_fatal
# FAILED: 81 / 94 tests passed.
# Totals: pass:75 fail:13 xfail:0 xpass:0 skip:6 error:0