* [GIT PULL] seccomp updates for v5.9-rc1
@ 2020-08-03 19:39 Kees Cook
2020-08-04 21:40 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2020-08-03 19:39 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, Aleksa Sarai, Chris Palmer, Christian Brauner,
Christoph Hellwig, Matt Denton, Robert Sesek,
Thadeu Lima de Souza Cascardo, Sargun Dhillon, Shuah Khan,
Tycho Andersen, Will Deacon, Will Drewry, Yonghong Song
Hi Linus,
Please pull these seccomp updates for v5.9-rc1. There are a bunch of
clean ups and selftest improvements along with two major updates to the
SECCOMP_RET_USER_NOTIF filter return: EPOLLHUP support to more easily
detect the death of a monitored process, and being able to inject fds when
intercepting syscalls that expect an fd-opening side-effect (needed by
both container folks and Chrome). The latter continued the refactoring
of __scm_install_fd() started by Christoph, and in the process found
and fixed a handful of bugs in various callers.
Thanks!
-Kees
The following changes since commit b3a9e3b9622ae10064826dccb4f7a52bd88c7407:
Linux 5.8-rc1 (2020-06-14 12:45:04 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.9-rc1
for you to fetch changes up to c97aedc52dce4c87d4c44de4e6af941cd102600c:
selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD (2020-07-14 16:30:22 -0700)
----------------------------------------------------------------
seccomp updates for v5.9-rc1
- Improved selftest coverage, timeouts, and reporting
- Add EPOLLHUP support for SECCOMP_RET_USER_NOTIF (Christian Brauner)
- Refactor __scm_install_fd() into __receive_fd() and fix buggy callers
- Introduce "addfd" command for SECCOMP_RET_USER_NOTIF (Sargun Dhillon)
----------------------------------------------------------------
Christian Brauner (5):
seccomp: rename "usage" to "refs" and document
seccomp: release filter after task is fully dead
seccomp: Lift wait_queue into struct seccomp_filter
seccomp: notify about unused filter
selftests/seccomp: Check for EPOLLHUP for user_notif
Kees Cook (21):
selftests/seccomp: Rename XFAIL to SKIP
selftests/seccomp: Add SKIPs for failed unshare()
selftests/seccomp: Set NNP for TSYNC ESRCH flag test
seccomp: Report number of loaded filters in /proc/$pid/status
selftests/seccomp: Expand benchmark to per-filter measurements
selftests/seccomp: Improve calibration loop
seccomp: Use pr_fmt
selftests/seccomp: Make kcmp() less required
selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall()
seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
seccomp: Use -1 marker for end of mode 1 syscall list
selftests/harness: Clean up kern-doc for fixtures
selftests/seccomp: Refactor to use fixture variants
selftests/seccomp: Check ENOSYS under tracing
net/compat: Add missing sock updates for SCM_RIGHTS
pidfd: Add missing sock updates for pidfd_getfd()
net/scm: Regularize compat handling of scm_detach_fds()
fs: Move __scm_install_fd() to __receive_fd()
fs: Add receive_fd() wrapper for __receive_fd()
pidfd: Replace open-coded receive_fd()
fs: Expand __receive_fd() to accept existing fd
Sargun Dhillon (3):
seccomp: Add find_notification helper
seccomp: Introduce addfd ioctl to seccomp user notifier
selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD
Thadeu Lima de Souza Cascardo (1):
selftests/seccomp: use 90s as timeout
arch/mips/include/asm/seccomp.h | 4 +-
fs/file.c | 61 ++
fs/proc/array.c | 2 +
include/asm-generic/seccomp.h | 2 +-
include/linux/file.h | 19 +
include/linux/seccomp.h | 10 +-
include/net/sock.h | 4 +
include/uapi/linux/seccomp.h | 25 +-
init/init_task.c | 3 +
kernel/exit.c | 1 +
kernel/fork.c | 1 -
kernel/pid.c | 14 +-
kernel/seccomp.c | 376 ++++++++---
net/compat.c | 55 +-
net/core/scm.c | 50 +-
net/core/sock.c | 21 +
tools/testing/selftests/kselftest_harness.h | 15 +-
tools/testing/selftests/seccomp/config | 1 +
.../testing/selftests/seccomp/seccomp_benchmark.c | 80 ++-
tools/testing/selftests/seccomp/seccomp_bpf.c | 708 +++++++++++++++------
tools/testing/selftests/seccomp/settings | 1 +
21 files changed, 1061 insertions(+), 392 deletions(-)
create mode 100644 tools/testing/selftests/seccomp/settings
--
Kees Cook
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GIT PULL] seccomp updates for v5.9-rc1
2020-08-03 19:39 [GIT PULL] seccomp updates for v5.9-rc1 Kees Cook
@ 2020-08-04 21:40 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2020-08-04 21:40 UTC (permalink / raw)
To: Kees Cook
Cc: Linus Torvalds, linux-kernel, Aleksa Sarai, Chris Palmer,
Christian Brauner, Christoph Hellwig, Matt Denton, Robert Sesek,
Thadeu Lima de Souza Cascardo, Sargun Dhillon, Shuah Khan,
Tycho Andersen, Will Deacon, Will Drewry, Yonghong Song
The pull request you sent on Mon, 3 Aug 2020 12:39:30 -0700:
> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.9-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/9ecc6ea491f0c0531ad81ef9466284df260b2227
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-08-04 21:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-03 19:39 [GIT PULL] seccomp updates for v5.9-rc1 Kees Cook
2020-08-04 21:40 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).