Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.9.12 2020-11-24T12:39:05+00:00 2020-11-24T12:39:05+00:00 Kees Cook keescook@chromium.org 2020-11-17T19:54:43+00:00 urn:sha1:3df0786b823c6e2c5efa38110f7874a08c7b72c0 [ Upstream commit 4c222f31fb1db4d590503a181a6268ced9252379 ] It looks like the seccomp selftests was never actually built for sh. This fixes it, though I don't have an environment to do a runtime test of it yet. Fixes: 0bb605c2c7f2b4b3 ("sh: Add SECCOMP_FILTER") Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Link: https://lore.kernel.org/lkml/a36d7b48-6598-1642-e403-0c77a86f416d@physik.fu-berlin.de Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-11-24T12:39:05+00:00 Kees Cook keescook@chromium.org 2020-11-17T19:33:02+00:00 urn:sha1:a15ac9df36265d4a23475487e51de7bbc832865c [ Upstream commit f5098e34dd4c774c3040e417960f1637e5daade8 ] A typo sneaked into the powerpc selftest. Fix the name so it builds again. Fixes: 46138329faea ("selftests/seccomp: powerpc: Fix seccomp return value testing") Acked-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/lkml/87y2ix2895.fsf@mpe.ellerman.id.au Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-10-29T09:11:07+00:00 Kees Cook keescook@chromium.org 2020-09-12T11:08:17+00:00 urn:sha1:7c7c1d5909dafe2c2a65e78e5ece485aaa16d931 [ Upstream commit 46138329faeac3598f5a4dc991a174386b6de833 ] On powerpc, the errno is not inverted, and depends on ccr.so being set. Add this to a powerpc definition of SYSCALL_RET_SET(). Co-developed-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Link: https://lore.kernel.org/linux-kselftest/20200911181012.171027-1-cascardo@canonical.com/ Fixes: 5d83c2b37d43 ("selftests/seccomp: Add powerpc support") Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/lkml/20200912110820.597135-13-keescook@chromium.org Reviewed-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-10-29T09:11:07+00:00 Kees Cook keescook@chromium.org 2020-09-12T11:08:06+00:00 urn:sha1:c7816e2d6c442e0cc909046e4a927b691fdafd25 [ Upstream commit a6a4d78419a04095221ec2b518edefb080218d55 ] To avoid an xtensa special-case, refactor all arch register macros to take the register variable instead of depending on the macro expanding as a struct member name. Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/lkml/20200912110820.597135-2-keescook@chromium.org Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-10-29T09:11:07+00:00 Kees Cook keescook@chromium.org 2020-09-12T11:08:20+00:00 urn:sha1:73c24c54988a407542ad17df33ed3af0b967ae18 [ Upstream commit 05b52c6625278cc6ed1245a569167f86a971ff86 ] The __NR_mknod syscall doesn't exist on arm64 (only __NR_mknodat). Switch to the modern syscall. Fixes: ad5682184a81 ("selftests/seccomp: Check for EPOLLHUP for user_notif") Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/lkml/20200912110820.597135-16-keescook@chromium.org Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-08-16T01:50:32+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-08-16T01:50:32+00:00 urn:sha1:5bbec3cfe376ed0014d9456a9be11d5ed75d587b Pull arch/sh updates from Rich Felker: "Cleanup, SECCOMP_FILTER support, message printing fixes, and other changes to arch/sh" * tag 'sh-for-5.9' of git://git.libc.org/linux-sh: (34 commits) sh: landisk: Add missing initialization of sh_io_port_base sh: bring syscall_set_return_value in line with other architectures sh: Add SECCOMP_FILTER sh: Rearrange blocks in entry-common.S sh: switch to copy_thread_tls() sh: use the generic dma coherent remap allocator sh: don't allow non-coherent DMA for NOMMU dma-mapping: consolidate the NO_DMA definition in kernel/dma/Kconfig sh: unexport register_trapped_io and match_trapped_io_handler sh: don't include <asm/io_trapped.h> in <asm/io.h> sh: move the ioremap implementation out of line sh: move ioremap_fixed details out of <asm/io.h> sh: remove __KERNEL__ ifdefs from non-UAPI headers sh: sort the selects for SUPERH alphabetically sh: remove -Werror from Makefiles sh: Replace HTTP links with HTTPS ones arch/sh/configs: remove obsolete CONFIG_SOC_CAMERA* sh: stacktrace: Remove stacktrace_ops.stack() sh: machvec: Modernize printing of kernel messages sh: pci: Modernize printing of kernel messages ... 2020-08-15T02:05:19+00:00 Michael Karcher kernel@mkarcher.dialup.fu-berlin.de 2020-07-22T23:13:21+00:00 urn:sha1:0bb605c2c7f2b4b314b91510810b226de7f34fa1 Port sh to use the new SECCOMP_FILTER code. Signed-off-by: Michael Karcher <kernel@mkarcher.dialup.fu-berlin.de> Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Signed-off-by: Rich Felker <dalias@libc.org> 2020-08-06T17:15:28+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-08-06T17:15:28+00:00 urn:sha1:2044513ffe4a9c18e6e2a64f048e05d8b62fa927 Pull arch/csky updates from Guo Ren: "New features: - seccomp-filter - err-injection - top-down&random mmap-layout - irq_work - show_ipi - context-tracking Fixes & Optimizations: - kprobe_on_ftrace - optimize panic print" * tag 'csky-for-linus-5.9-rc1' of https://github.com/c-sky/csky-linux: csky: Add context tracking support csky: Add arch_show_interrupts for IPI interrupts csky: Add irq_work support csky: Fixup warning by EXPORT_SYMBOL(kmap) csky: Set CONFIG_NR_CPU 4 as default csky: Use top-down mmap layout csky: Optimize the trap processing flow csky: Add support for function error injection csky: Fixup kprobes handler couldn't change pc csky: Fixup duplicated restore sp in RESTORE_REGS_FTRACE csky: Add cpu feature register hint for smp csky: Add SECCOMP_FILTER supported csky: remove unusued thread_saved_pc and *_segments functions/macros 2020-08-06T17:07:40+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-08-06T17:07:40+00:00 urn:sha1:bbcf9cd1576752ebe8d618ad8c6500b7e262ffac Pull Xtensa updates from Max Filippov: - add syscall audit support - add seccomp filter support - clean up make rules under arch/xtensa/boot - fix state management for exclusive access opcodes - fix build with PMU enabled * tag 'xtensa-20200805' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: add missing exclusive access state management xtensa: fix xtensa_pmu_setup prototype xtensa: add boot subdirectories build artifacts to 'targets' xtensa: add uImage and xipImage to targets xtensa: move vmlinux.bin[.gz] to boot subdirectory xtensa: initialize_mmu.h: fix a duplicated word selftests/seccomp: add xtensa support xtensa: add seccomp support xtensa: expose syscall through user_pt_regs xtensa: add audit support 2020-08-04T21:11:08+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-08-04T21:11:08+00:00 urn:sha1:9ecc6ea491f0c0531ad81ef9466284df260b2227 Pull seccomp updates from Kees Cook: "There are a bunch of clean ups and selftest improvements along with two major updates to the SECCOMP_RET_USER_NOTIF filter return: EPOLLHUP support to more easily detect the death of a monitored process, and being able to inject fds when intercepting syscalls that expect an fd-opening side-effect (needed by both container folks and Chrome). The latter continued the refactoring of __scm_install_fd() started by Christoph, and in the process found and fixed a handful of bugs in various callers. - Improved selftest coverage, timeouts, and reporting - Add EPOLLHUP support for SECCOMP_RET_USER_NOTIF (Christian Brauner) - Refactor __scm_install_fd() into __receive_fd() and fix buggy callers - Introduce 'addfd' command for SECCOMP_RET_USER_NOTIF (Sargun Dhillon)" * tag 'seccomp-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (30 commits) selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD seccomp: Introduce addfd ioctl to seccomp user notifier fs: Expand __receive_fd() to accept existing fd pidfd: Replace open-coded receive_fd() fs: Add receive_fd() wrapper for __receive_fd() fs: Move __scm_install_fd() to __receive_fd() net/scm: Regularize compat handling of scm_detach_fds() pidfd: Add missing sock updates for pidfd_getfd() net/compat: Add missing sock updates for SCM_RIGHTS selftests/seccomp: Check ENOSYS under tracing selftests/seccomp: Refactor to use fixture variants selftests/harness: Clean up kern-doc for fixtures seccomp: Use -1 marker for end of mode 1 syscall list seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall() selftests/seccomp: Make kcmp() less required seccomp: Use pr_fmt selftests/seccomp: Improve calibration loop selftests/seccomp: use 90s as timeout selftests/seccomp: Expand benchmark to per-filter measurements ...