[Trusty][pull-request] LP: #1379020 (seccomp tsync)
Luis Henriques
luis.henriques at canonical.com
Mon Oct 20 14:56:30 UTC 2014
Hi Kees,
On Thu, Oct 09, 2014 at 08:03:43AM -0700, Kees Cook wrote:
> Hi!
>
> This is to backport the seccomp thread-sync (and syscall) interface from
> 3.17. There was some backporting needed in a few areas, as marked in
> []s before my SoB in the series. The most notable is skipping various
> new syscalls (which are wired to sys_ni_syscall).
>
> This has been tested against the seccomp regression test suite on
> x86_64. I don't have a working Ubuntu ARM test environment, so that
> is presently untested. The series is, however, based on the Chrome OS
> backport to 3.14, which builds and works on ARM. In theory it should be
> fine on Ubuntu too! :)
>
I haven't spent any time investigating it yet, but a quick build test
of these patches on armhf is failing with:
/tmp/kernel-henrix-D2RCGTFC/build/arch/arm/kernel/entry-common.S: Assembler messages:
/tmp/kernel-henrix-D2RCGTFC/build/arch/arm/kernel/entry-common.S:105: Error: __NR_syscalls is not equal to the size of the syscall table
make[3]: *** [arch/arm/kernel/entry-common.o] Error 1
make[3]: *** Waiting for unfinished jobs....
All the other archs seem to be building OK.
Cheers,
--
Luís
> Thanks!
>
> -Kees
>
> The following changes since commit 5a08fea5398ad558f2b2ee884ff93ddf6c34108a:
>
> UBUNTU: Ubuntu-3.13.0-37.64 (2014-09-22 15:51:48 -0400)
>
> are available in the git repository at:
>
> git at github.com:kees/linux.git ubuntu-trusty
>
> for you to fetch changes up to 0e61aac09d3c46fcddd3ee4dfa625d5e541ecea4:
>
> seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock (2014-10-08 13:57:11 -0700)
>
> ----------------------------------------------------------------
> Guenter Roeck (1):
> seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock
>
> Kees Cook (11):
> seccomp: create internal mode-setting function
> seccomp: extract check/assign mode helpers
> seccomp: split mode setting routines
> seccomp: add "seccomp" syscall
> ARM: add seccomp syscall
> MIPS: add seccomp syscall
> sched: move no_new_privs into new atomic flags
> seccomp: split filter prep from check and apply
> seccomp: introduce writer locking
> seccomp: allow mode setting across threads
> seccomp: implement SECCOMP_FILTER_FLAG_TSYNC
>
> Rashika Kheria (1):
> UPSTREAM: kernel: Mark function as static in kernel/seccomp.c
>
> Will Deacon (1):
> ARM: 8087/1: ptrace: reload syscall number after secure_computing() check
>
> arch/Kconfig | 1 +
> arch/arm/include/uapi/asm/unistd.h | 4 +
> arch/arm/kernel/calls.S | 4 +
> arch/arm/kernel/ptrace.c | 7 +-
> arch/mips/include/uapi/asm/unistd.h | 24 +++-
> arch/mips/kernel/scall32-o32.S | 4 +
> arch/mips/kernel/scall64-64.S | 4 +
> arch/mips/kernel/scall64-n32.S | 4 +
> arch/mips/kernel/scall64-o32.S | 4 +
> arch/x86/syscalls/syscall_32.tbl | 4 +
> arch/x86/syscalls/syscall_64.tbl | 4 +
> fs/exec.c | 6 +-
> include/linux/sched.h | 18 ++-
> include/linux/seccomp.h | 8 +-
> include/linux/syscalls.h | 2 +
> include/uapi/asm-generic/unistd.h | 10 +-
> include/uapi/linux/seccomp.h | 7 +
> kernel/fork.c | 49 ++++++-
> kernel/seccomp.c | 412 ++++++++++++++++++++++++++++++++++++++++++++++++--------
> kernel/sys.c | 4 +-
> kernel/sys_ni.c | 3 +
> security/apparmor/domain.c | 4 +-
> 22 files changed, 505 insertions(+), 82 deletions(-)
>
>
> --
> Kees Cook
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list