kernel/linux.git/samples/seccomp, branch v6.6.132

samples/seccomp: Adjust sample to also provide kill option

2022-02-11T03:09:12+00:00

As a quick way to test SECCOMP_RET_KILL, have a negative errno mean to kill the process. While we're in here, also swap the arch and syscall arguments so they're ordered more like how seccomp filters order them. Signed-off-by: Kees Cook

samples: seccomp: Use __BYTE_ORDER__

2021-10-26T03:39:42+00:00

Use the compiler-defined __BYTE_ORDER__ instead of the libc-defined __BYTE_ORDER for consistency. Signed-off-by: Ilya Leoshkevich Signed-off-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20211026010831.748682-5-iii@linux.ibm.com

.gitignore: prefix local generated files with a slash

2021-05-01T15:43:35+00:00

The pattern prefixed with '/' matches files in the same directory, but not ones in sub-directories. Signed-off-by: Masahiro Yamada Acked-by: Miguel Ojeda Acked-by: Rob Herring Acked-by: Andra Paraschiv Acked-by: Greg Kroah-Hartman Acked-by: Gabriel Krisman Bertazi

kbuild: introduce hostprogs-always-y and userprogs-always-y

2020-08-09T16:32:59+00:00

To build host programs, you need to add the program names to 'hostprogs' to use the necessary build rule, but it is not enough to build them because there is no dependency. There are two types of host programs: built as the prerequisite of another (e.g. gen_crc32table in lib/Makefile), or always built when Kbuild visits the Makefile (e.g. genksyms in scripts/genksyms/Makefile). The latter is typical in Makefiles under scripts/, which contains host programs globally used during the kernel build. To build them, you need to add them to both 'hostprogs' and 'always-y'. This commit adds hostprogs-always-y as a shorthand. The same applies to user programs. net/bpfilter/Makefile builds bpfilter_umh on demand, hence always-y is unneeded. In contrast, programs under samples/ are added to both 'userprogs' and 'always-y' so they are always built when Kbuild visits the Makefiles. userprogs-always-y works as a shorthand. Signed-off-by: Masahiro Yamada Acked-by: Miguel Ojeda

samples: seccomp: build sample programs for target architecture

2020-05-17T09:52:01+00:00

These userspace programs include UAPI headers exported to usr/include/. 'make headers' always works for the target architecture (i.e. the same architecture as the kernel), so the sample programs should be built for the target as well. Kbuild now supports 'userprogs' for that. I also guarded the CONFIG option by 'depends on CC_CAN_LINK' because $(CC) may not provide libc. The 'ifndef CROSS_COMPILE' is no longer needed. BTW, the -m31 for s390 is left-over code. Commit 5a79859ae0f3 ("s390: remove 31 bit support") killed it. Signed-off-by: Masahiro Yamada Acked-by: Sam Ravnborg

.gitignore: add SPDX License Identifier

2020-03-25T10:50:48+00:00

Add SPDX License Identifier to all .gitignore files. Signed-off-by: Masahiro Yamada Signed-off-by: Greg Kroah-Hartman

kbuild: rename hostprogs-y/always to hostprogs/always-y

2020-02-03T16:53:07+00:00

In old days, the "host-progs" syntax was used for specifying host programs. It was renamed to the current "hostprogs-y" in 2004. It is typically useful in scripts/Makefile because it allows Kbuild to selectively compile host programs based on the kernel configuration. This commit renames like follows: always -> always-y hostprogs-y -> hostprogs So, scripts/Makefile will look like this: always-$(CONFIG_BUILD_BIN2C) += ... always-$(CONFIG_KALLSYMS) += ... ... hostprogs := $(always-y) $(always-m) I think this makes more sense because a host program is always a host program, irrespective of the kernel configuration. We want to specify which ones to compile by CONFIG options, so always-y will be handier. The "always", "hostprogs-y", "hostprogs-m" will be kept for backward compatibility for a while. Signed-off-by: Masahiro Yamada

samples/seccomp: Zero out members based on seccomp_notif_sizes

2020-01-02T21:03:39+00:00

The sizes by which seccomp_notif and seccomp_notif_resp are allocated are based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful extension of these datastructures. If userspace zeroes out the datastructure based on its version, and it is lagging behind the kernel's version, it will end up sending trailing garbage. On the other hand, if it is ahead of the kernel version, it will write extra zero space, and potentially cause corruption. Signed-off-by: Sargun Dhillon Suggested-by: Tycho Andersen Link: https://lore.kernel.org/r/20191230203503.4925-1-sargun@sargun.me Fixes: fec7b6690541 ("samples: add an example of seccomp user trap") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook

samples: guard sub-directories with CONFIG options

2019-05-18T02:29:01+00:00

Do not descend to sub-directories when unneeded. I used subdir-$(CONFIG_...) for hidraw, seccomp, and vfs because they only contain host programs. While we are here, let's add SPDX License tag, and sort the directories alphabetically. Signed-off-by: Masahiro Yamada

samples: seccomp: turn CONFIG_SAMPLE_SECCOMP into a bool option

2019-05-03T14:05:00+00:00

The prompt of CONFIG_SAMPLE_SECCOMP claims this is "loadable module only", which is invalid. samples/seccomp/ only contains host programs, so having it tristate is pointless. Signed-off-by: Masahiro Yamada