From patchwork Thu Nov 7 03:24:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manoj Iyer X-Patchwork-Id: 1190882 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 477pgJ6pNjz9sPL; Thu, 7 Nov 2019 14:25:00 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1iSYPk-0008Tm-9F; Thu, 07 Nov 2019 03:24:52 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iSYPi-0008T4-D7 for kernel-team@lists.ubuntu.com; Thu, 07 Nov 2019 03:24:50 +0000 Received: from cpe-24-28-20-247.austin.res.rr.com ([24.28.20.247] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iSYPi-00056n-12 for kernel-team@lists.ubuntu.com; Thu, 07 Nov 2019 03:24:50 +0000 From: Manoj Iyer To: kernel-team@lists.ubuntu.com Subject: [PATCH 1/3] seccomp: rework define for SECCOMP_USER_NOTIF_FLAG_CONTINUE Date: Wed, 6 Nov 2019 21:24:38 -0600 Message-Id: <20191107032440.17210-2-manoj.iyer@canonical.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191107032440.17210-1-manoj.iyer@canonical.com> References: <20191107032440.17210-1-manoj.iyer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Christian Brauner Switch from BIT(0) to (1UL << 0). First, there are already two different forms used in the header, so there's no need to add a third. Second, the BIT() macros is kernel internal and afaict not actually exposed to userspace. Maybe there's some magic there I'm missing but it definitely causes issues when compiling a program that tries to use SECCOMP_USER_NOTIF_FLAG_CONTINUE. It currently fails in the following way: # github.com/lxc/lxd/lxd /usr/bin/ld: $WORK/b001/_x003.o: in function `__do_user_notification_continue': lxd/main_checkfeature.go:240: undefined reference to `BIT' collect2: error: ld returned 1 exit status Switching to (1UL << 0) should prevent that and is more in line what is already done in the rest of the header. BugLink: https://bugs.launchpad.net/bugs/1849281 Cc: Kees Cook Cc: Andy Lutomirski Signed-off-by: Christian Brauner Link: https://lore.kernel.org/r/20191024212539.4059-1-christian.brauner@ubuntu.com Signed-off-by: Kees Cook (cherry picked from commit 23b2c96fad21886c53f5e1a4ffedd45ddd2e85ba git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git) Signed-off-by: Manoj Iyer --- include/uapi/linux/seccomp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index e48e2fa2d248..be84d87f1f46 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -103,7 +103,7 @@ struct seccomp_notif { * SECCOMP_USER_NOTIF_FLAG_CONTINUE. Note that SECCOMP_RET_TRACE can equally * be overriden by SECCOMP_USER_NOTIF_FLAG_CONTINUE. */ -#define SECCOMP_USER_NOTIF_FLAG_CONTINUE BIT(0) +#define SECCOMP_USER_NOTIF_FLAG_CONTINUE (1UL << 0) struct seccomp_notif_resp { __u64 id; From patchwork Thu Nov 7 03:24:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Manoj Iyer X-Patchwork-Id: 1190883 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 477pgK01THz9sPT; Thu, 7 Nov 2019 14:25:00 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1iSYPm-0008UE-E9; Thu, 07 Nov 2019 03:24:54 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iSYPk-0008Tg-24 for kernel-team@lists.ubuntu.com; Thu, 07 Nov 2019 03:24:52 +0000 Received: from cpe-24-28-20-247.austin.res.rr.com ([24.28.20.247] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iSYPj-00056y-M8 for kernel-team@lists.ubuntu.com; Thu, 07 Nov 2019 03:24:51 +0000 From: Manoj Iyer To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/3] seccomp: avoid overflow in implicit constant conversion Date: Wed, 6 Nov 2019 21:24:39 -0600 Message-Id: <20191107032440.17210-3-manoj.iyer@canonical.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191107032440.17210-1-manoj.iyer@canonical.com> References: <20191107032440.17210-1-manoj.iyer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Christian Brauner USER_NOTIF_MAGIC is assigned to int variables in this test so set it to INT_MAX to avoid warnings: seccomp_bpf.c: In function ‘user_notification_continue’: seccomp_bpf.c:3088:26: warning: overflow in implicit constant conversion [-Woverflow] #define USER_NOTIF_MAGIC 116983961184613L ^ seccomp_bpf.c:3572:15: note: in expansion of macro ‘USER_NOTIF_MAGIC’ resp.error = USER_NOTIF_MAGIC; ^~~~~~~~~~~~~~~~ BugLink: https://bugs.launchpad.net/bugs/1849281 Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Christian Brauner Reviewed-by: Tyler Hicks Cc: Andy Lutomirski Cc: Will Drewry Cc: Shuah Khan Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Martin KaFai Lau Cc: Song Liu Cc: Yonghong Song Cc: Tycho Andersen Cc: stable@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Cc: netdev@vger.kernel.org Cc: bpf@vger.kernel.org Reviewed-by: Tycho Andersen Link: https://lore.kernel.org/r/20190920083007.11475-3-christian.brauner@ubuntu.com Signed-off-by: Kees Cook (cherry picked from commit 223e660bc7638d126a0e4fbace4f33f2895788c4 git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git) Signed-off-by: Manoj Iyer --- tools/testing/selftests/seccomp/seccomp_bpf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index b4d789c89de4..47d65d9b77f6 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -3082,7 +3083,7 @@ static int user_trap_syscall(int nr, unsigned int flags) return seccomp(SECCOMP_SET_MODE_FILTER, flags, &prog); } -#define USER_NOTIF_MAGIC 116983961184613L +#define USER_NOTIF_MAGIC INT_MAX TEST(user_notification_basic) { pid_t pid; From patchwork Thu Nov 7 03:24:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Manoj Iyer X-Patchwork-Id: 1190881 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 477pgK0pvNz9sPV; Thu, 7 Nov 2019 14:25:00 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1iSYPn-0008Us-Jp; Thu, 07 Nov 2019 03:24:55 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iSYPl-0008Tx-LS for kernel-team@lists.ubuntu.com; Thu, 07 Nov 2019 03:24:53 +0000 Received: from cpe-24-28-20-247.austin.res.rr.com ([24.28.20.247] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iSYPl-000575-9H for kernel-team@lists.ubuntu.com; Thu, 07 Nov 2019 03:24:53 +0000 From: Manoj Iyer To: kernel-team@lists.ubuntu.com Subject: [PATCH 3/3] UBUNTU: SAUCE: seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test Date: Wed, 6 Nov 2019 21:24:40 -0600 Message-Id: <20191107032440.17210-4-manoj.iyer@canonical.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191107032440.17210-1-manoj.iyer@canonical.com> References: <20191107032440.17210-1-manoj.iyer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Christian Brauner The ifndef for SECCOMP_USER_NOTIF_FLAG_CONTINUE was placed under the ifndef for the SECCOMP_FILTER_FLAG_NEW_LISTENER feature. This will not work on systems that do support SECCOMP_FILTER_FLAG_NEW_LISTENER but do not support SECCOMP_USER_NOTIF_FLAG_CONTINUE. So move the latter ifndef out of the former ifndef's scope. 2019-10-20 11:14:01 make run_tests -C seccomp make: Entering directory '/usr/src/perf_selftests-x86_64-rhel-7.6-0eebfed2954f152259cae0ad57b91d3ea92968e8/tools/testing/selftests/seccomp' gcc -Wl,-no-as-needed -Wall seccomp_bpf.c -lpthread -o seccomp_bpf seccomp_bpf.c: In function ‘user_notification_continue’: seccomp_bpf.c:3562:15: error: ‘SECCOMP_USER_NOTIF_FLAG_CONTINUE’ undeclared (first use in this function) resp.flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ seccomp_bpf.c:3562:15: note: each undeclared identifier is reported only once for each function it appears in Makefile:12: recipe for target 'seccomp_bpf' failed make: *** [seccomp_bpf] Error 1 make: Leaving directory '/usr/src/perf_selftests-x86_64-rhel-7.6-0eebfed2954f152259cae0ad57b91d3ea92968e8/tools/testing/selftests/seccomp' BugLink: https://bugs.launchpad.net/bugs/1849281 Reported-by: kernel test robot Fixes: 0eebfed2954f ("seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE") Cc: linux-kselftest@vger.kernel.org Signed-off-by: Christian Brauner Reviewed-by: Tycho Andersen Signed-off-by: Manoj Iyer --- tools/testing/selftests/seccomp/seccomp_bpf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 47d65d9b77f6..5a4fdf11c1b9 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -168,10 +168,6 @@ struct seccomp_metadata { #define SECCOMP_RET_USER_NOTIF 0x7fc00000U -#ifndef SECCOMP_USER_NOTIF_FLAG_CONTINUE -#define SECCOMP_USER_NOTIF_FLAG_CONTINUE 0x00000001 -#endif - #define SECCOMP_IOC_MAGIC '!' #define SECCOMP_IO(nr) _IO(SECCOMP_IOC_MAGIC, nr) #define SECCOMP_IOR(nr, type) _IOR(SECCOMP_IOC_MAGIC, nr, type) @@ -205,6 +201,10 @@ struct seccomp_notif_sizes { }; #endif +#ifndef SECCOMP_USER_NOTIF_FLAG_CONTINUE +#define SECCOMP_USER_NOTIF_FLAG_CONTINUE 0x00000001 +#endif + #ifndef PTRACE_EVENTMSG_SYSCALL_ENTRY #define PTRACE_EVENTMSG_SYSCALL_ENTRY 1 #define PTRACE_EVENTMSG_SYSCALL_EXIT 2