[GIT PULL] security: seccomp changes for v4.21
Tycho Andersen
tycho at tycho.ws
Mon Jan 7 21:53:19 UTC 2019
Hi,
On Mon, Jan 07, 2019 at 01:09:09PM -0800, Kees Cook wrote:
> On Mon, Jan 7, 2019 at 2:15 AM Ingo Molnar <mingo at kernel.org> wrote:
> >
> >
> > * James Morris <jmorris at namei.org> wrote:
> >
> > > From Kees:
> > >
> > > "- Add SECCOMP_RET_USER_NOTIF
> > >
> > > - seccomp fixes for sparse warnings and s390 build (Tycho)"
> > >
> > >
> > >
> > > The following changes since commit 1072bd678547f8663cfb81a22fdb50c589e4976e:
> > >
> > > security: fs: make inode explicitly non-modular (2018-12-12 14:58:51 -0800)
> > >
> > > are available in the Git repository at:
> > >
> > > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-seccomp
> > >
> > > for you to fetch changes up to 55b8cbe470d103b44104c64dbf89e5cad525d4e0:
> > >
> > > Merge tag 'seccomp-next-part2' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next-seccomp (2018-12-17 11:36:26 -0800)
> > >
> > > ----------------------------------------------------------------
> > > James Morris (2):
> > > Merge tag 'seccomp-next' of https://git.kernel.org/.../kees/linux into next-seccomp
> > > Merge tag 'seccomp-next-part2' of https://git.kernel.org/.../kees/linux into next-seccomp
> > >
> > > Tycho Andersen (6):
> > > seccomp: hoist struct seccomp_data recalculation higher
> > > seccomp: switch system call argument type to void *
> > > seccomp: add a return code to trap to userspace
> > > samples: add an example of seccomp user trap
> > > seccomp: fix poor type promotion
> > > seccomp, s390: fix build for syscall type change
> > >
> > > Documentation/ioctl/ioctl-number.txt | 1 +
> > > Documentation/userspace-api/seccomp_filter.rst | 84 +++++
> > > arch/s390/kernel/compat_wrapper.c | 2 +-
> > > include/linux/seccomp.h | 9 +-
> > > include/linux/syscalls.h | 2 +-
> > > include/uapi/linux/seccomp.h | 40 ++-
> > > kernel/seccomp.c | 467 ++++++++++++++++++++++++-
> > > samples/seccomp/.gitignore | 1 +
> > > samples/seccomp/Makefile | 7 +-
> > > samples/seccomp/user-trap.c | 375 ++++++++++++++++++++
> > > tools/testing/selftests/seccomp/seccomp_bpf.c | 447 ++++++++++++++++++++++-
> > > 11 files changed, 1411 insertions(+), 24 deletions(-)
> > > create mode 100644 samples/seccomp/user-trap.c
> >
> > 32-bit x86 allyesconfig doesn't build:
> >
> > /usr/bin/ld: i386:x86-64 architecture of input file `samples/seccomp/user-trap.o' is incompatible with i386 output
> > /usr/bin/ld: samples/seccomp/user-trap.o: file class ELFCLASS64 incompatible with ELFCLASS32
> > /usr/bin/ld: final link failed: File in wrong format
> > collect2: error: ld returned 1 exit status
> > scripts/Makefile.host:99: recipe for target 'samples/seccomp/user-trap' failed
> > make[2]: *** [samples/seccomp/user-trap] Error 1
> >
> > Is this a known regression?
>
> That looks like something is busted in the samples Makefile? Tycho,
> are you able to reproduce this?
Given that the samples build only happens when CROSS_COMPILE is not
set, I'll see about digging up a 32-bit box. But I think the patch
below should fix it, I'll send it out when I actually get it tested.
Sorry for the breakage!
Tycho
>From b53b390ab554ef6e5b995ac050718fd62ed0803e Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Mon, 7 Jan 2019 14:46:34 -0700
Subject: [PATCH] samples/seccomp: fix 32-bit build
Both the .o and the actual executable need to be built with -m32 in order
to link correctly.
Signed-off-by: Tycho Andersen <tycho at tycho.ws>
Reported-by: Ingo Molnar <mingo at kernel.org>
---
samples/seccomp/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/samples/seccomp/Makefile b/samples/seccomp/Makefile
index 4920903c8009..a5607668a5c7 100644
--- a/samples/seccomp/Makefile
+++ b/samples/seccomp/Makefile
@@ -37,6 +37,7 @@ HOSTCFLAGS_bpf-fancy.o += $(MFLAG)
HOSTLDLIBS_bpf-direct += $(MFLAG)
HOSTLDLIBS_bpf-fancy += $(MFLAG)
HOSTLDLIBS_dropper += $(MFLAG)
+HOSTLDLIBS_user-trap.o += $(MFLAG)
HOSTLDLIBS_user-trap += $(MFLAG)
endif
always := $(hostprogs-m)
--
2.19.1
More information about the Linux-security-module-archive
mailing list