kernel/linux.git/samples/seccomp/Makefile, branch v6.6.131

kbuild: introduce hostprogs-always-y and userprogs-always-y

2020-08-09T16:32:59+00:00

To build host programs, you need to add the program names to 'hostprogs' to use the necessary build rule, but it is not enough to build them because there is no dependency. There are two types of host programs: built as the prerequisite of another (e.g. gen_crc32table in lib/Makefile), or always built when Kbuild visits the Makefile (e.g. genksyms in scripts/genksyms/Makefile). The latter is typical in Makefiles under scripts/, which contains host programs globally used during the kernel build. To build them, you need to add them to both 'hostprogs' and 'always-y'. This commit adds hostprogs-always-y as a shorthand. The same applies to user programs. net/bpfilter/Makefile builds bpfilter_umh on demand, hence always-y is unneeded. In contrast, programs under samples/ are added to both 'userprogs' and 'always-y' so they are always built when Kbuild visits the Makefiles. userprogs-always-y works as a shorthand. Signed-off-by: Masahiro Yamada Acked-by: Miguel Ojeda

samples: seccomp: build sample programs for target architecture

2020-05-17T09:52:01+00:00

These userspace programs include UAPI headers exported to usr/include/. 'make headers' always works for the target architecture (i.e. the same architecture as the kernel), so the sample programs should be built for the target as well. Kbuild now supports 'userprogs' for that. I also guarded the CONFIG option by 'depends on CC_CAN_LINK' because $(CC) may not provide libc. The 'ifndef CROSS_COMPILE' is no longer needed. BTW, the -m31 for s390 is left-over code. Commit 5a79859ae0f3 ("s390: remove 31 bit support") killed it. Signed-off-by: Masahiro Yamada Acked-by: Sam Ravnborg

kbuild: rename hostprogs-y/always to hostprogs/always-y

2020-02-03T16:53:07+00:00

In old days, the "host-progs" syntax was used for specifying host programs. It was renamed to the current "hostprogs-y" in 2004. It is typically useful in scripts/Makefile because it allows Kbuild to selectively compile host programs based on the kernel configuration. This commit renames like follows: always -> always-y hostprogs-y -> hostprogs So, scripts/Makefile will look like this: always-$(CONFIG_BUILD_BIN2C) += ... always-$(CONFIG_KALLSYMS) += ... ... hostprogs := $(always-y) $(always-m) I think this makes more sense because a host program is always a host program, irrespective of the kernel configuration. We want to specify which ones to compile by CONFIG options, so always-y will be handier. The "always", "hostprogs-y", "hostprogs-m" will be kept for backward compatibility for a while. Signed-off-by: Masahiro Yamada

samples: guard sub-directories with CONFIG options

2019-05-18T02:29:01+00:00

Do not descend to sub-directories when unneeded. I used subdir-$(CONFIG_...) for hidraw, seccomp, and vfs because they only contain host programs. While we are here, let's add SPDX License tag, and sort the directories alphabetically. Signed-off-by: Masahiro Yamada

samples: seccomp: turn CONFIG_SAMPLE_SECCOMP into a bool option

2019-05-03T14:05:00+00:00

The prompt of CONFIG_SAMPLE_SECCOMP claims this is "loadable module only", which is invalid. samples/seccomp/ only contains host programs, so having it tristate is pointless. Signed-off-by: Masahiro Yamada

samples/seccomp: Fix 32-bit build

2019-01-08T06:45:01+00:00

Both the .o and the actual executable need to be built with -m32 in order to link correctly. Reported-by: Ingo Molnar Signed-off-by: Tycho Andersen Reviewed-by: Kees Cook Cc: Borislav Petkov Cc: James Morris Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: fec7b6690541 ("samples: add an example of seccomp user trap") Link: http://lkml.kernel.org/r/20190107231631.1849-1-tycho@tycho.ws Signed-off-by: Ingo Molnar

samples: add an example of seccomp user trap

2018-12-12T00:32:11+00:00

The idea here is just to give a demonstration of how one could safely use the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular policy is (as noted in the comment) not very interesting, but it serves to illustrate how one might apply a policy dodging the various TOCTOU issues. Signed-off-by: Tycho Andersen CC: Kees Cook CC: Andy Lutomirski CC: Oleg Nesterov CC: Eric W. Biederman CC: "Serge E. Hallyn" CC: Christian Brauner CC: Tyler Hicks CC: Akihiro Suda Signed-off-by: Kees Cook

kbuild: Rename HOST_LOADLIBES to KBUILD_HOSTLDLIBS

2018-07-17T16:18:05+00:00

In preparation for enabling command line LDLIBS, re-name HOST_LOADLIBES to KBUILD_HOSTLDLIBS as the internal use only flags. Also rename existing usage to HOSTLDLIBS for consistency. This should not have any visible effects. Signed-off-by: Laura Abbott Signed-off-by: Masahiro Yamada

samples/seccomp: do not compile when cross compiled

2018-02-22T17:31:43+00:00

samples/seccomp relies on the host setting which is not suitable for crosscompilation and it actually fails when crosscompiling s390 and powerpc all{yes,mod}config on x86_64 with samples/seccomp/bpf-helper.h:135:2: error: #error __BITS_PER_LONG value unusable. #error __BITS_PER_LONG value unusable. ^ In file included from samples/seccomp/bpf-fancy.c:13:0: samples/seccomp/bpf-fancy.c: In function ‘main’: samples/seccomp/bpf-fancy.c:38:11: error: ‘__NR_exit’ undeclared (first use in this function) SYSCALL(__NR_exit, ALLOW), and many others. I am doing these for compile testing and it's been quite useful to catch issues. Crosscompiling sample code on the other hand doesn't seem all that important so it seems like the easiest way to simply disable samples/seccomp when crosscompiling. Fixing this properly is not that easy as Kees explains: : IIRC, one of the problems is with build ordering problems: the kernel : headers used by the samples aren't available when cross compiling. Signed-off-by: Michal Hocko Signed-off-by: Kees Cook

kbuild: remove all dummy assignments to obj-

2017-11-18T02:46:06+00:00

Now kbuild core scripts create empty built-in.o where necessary. Remove "obj- := dummy.o" tricks. Signed-off-by: Masahiro Yamada