From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org,
Christian Brauner <christian.brauner@ubuntu.com>,
Denis Efremov <efremov@linux.com>, Hulk Robot <hulkci@huawei.com>,
Jann Horn <jannh@google.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Rich Felker <dalias@libc.org>,
Shuah Khan <skhan@linuxfoundation.org>,
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>,
Tycho Andersen <tycho@tycho.pizza>,
YiFei Zhu <yifeifz2@illinois.edu>, Zou Wei <zou_wei@huawei.com>
Subject: [GIT PULL] seccomp updates for v5.10-rc1
Date: Mon, 12 Oct 2020 15:15:32 -0700 [thread overview]
Message-ID: <202010121512.015F57CC@keescook> (raw)
Hi Linus,
Please pull these seccomp updates for v5.10-rc1. The bulk of the changes
are with the seccomp selftests to accommodate some powerpc-specific
behavioral characteristics. Additional cleanups, fixes, and improvements
are also included, noted in the tag description.
Thanks!
-Kees
The following changes since commit e839317900e9f13c83d8711d684de88c625b307a:
seccomp: don't leave dangling ->notif if file allocation fails (2020-09-08 11:30:16 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.10-rc1
for you to fetch changes up to dfe719fef03d752f1682fa8aeddf30ba501c8555:
seccomp: Make duplicate listener detection non-racy (2020-10-08 13:17:47 -0700)
----------------------------------------------------------------
seccomp updates for v5.10-rc1
- heavily refactor seccomp selftests (and clone3 selftests dependency) to
fix powerpc (Kees Cook, Thadeu Lima de Souza Cascardo)
- fix style issue in selftests (Zou Wei)
- upgrade "unknown action" from KILL_THREAD to KILL_PROCESS (Rich Felker)
- replace task_pt_regs(current) with current_pt_regs() (Denis Efremov)
- fix corner-case race in USER_NOTIF (Jann Horn)
- make CONFIG_SECCOMP no longer per-arch (YiFei Zhu)
----------------------------------------------------------------
Denis Efremov (1):
seccomp: Use current_pt_regs() instead of task_pt_regs(current)
Jann Horn (1):
seccomp: Make duplicate listener detection non-racy
Kees Cook (18):
selftests/seccomp: Add test for unknown SECCOMP_RET kill behavior
selftests/seccomp: Use __NR_mknodat instead of __NR_mknod
selftests/seccomp: Refactor arch register macros to avoid xtensa special case
selftests/seccomp: Provide generic syscall setting macro
selftests/seccomp: mips: Define SYSCALL_NUM_SET macro
selftests/seccomp: arm: Define SYSCALL_NUM_SET macro
selftests/seccomp: arm64: Define SYSCALL_NUM_SET macro
selftests/seccomp: mips: Remove O32-specific macro
selftests/seccomp: Remove syscall setting #ifdefs
selftests/seccomp: Convert HAVE_GETREG into ARCH_GETREG/ARCH_SETREG
selftests/seccomp: Convert REGSET calls into ARCH_GETREG/ARCH_SETREG
selftests/seccomp: Avoid redundant register flushes
selftests/seccomp: Remove SYSCALL_NUM_RET_SHARE_REG in favor of SYSCALL_RET_SET
selftests/seccomp: powerpc: Fix seccomp return value testing
selftests/seccomp: Record syscall during ptrace entry
selftests/seccomp: Allow syscall nr and ret value to be set separately
selftests/seccomp: powerpc: Set syscall return during ptrace syscall exit
selftests/clone3: Avoid OS-defined clone_args
Rich Felker (1):
seccomp: kill process instead of thread for unknown actions
YiFei Zhu (1):
seccomp: Move config option SECCOMP to arch/Kconfig
Zou Wei (1):
selftests/seccomp: Use bitwise instead of arithmetic operator for flags
arch/Kconfig | 30 ++
arch/arm/Kconfig | 15 +-
arch/arm64/Kconfig | 13 -
arch/csky/Kconfig | 13 -
arch/microblaze/Kconfig | 18 +-
arch/mips/Kconfig | 17 -
arch/parisc/Kconfig | 16 -
arch/powerpc/Kconfig | 17 -
arch/riscv/Kconfig | 13 -
arch/s390/Kconfig | 17 -
arch/sh/Kconfig | 16 -
arch/sparc/Kconfig | 18 +-
arch/um/Kconfig | 16 -
arch/x86/Kconfig | 16 -
arch/xtensa/Kconfig | 14 -
kernel/seccomp.c | 64 ++-
tools/testing/selftests/clone3/clone3.c | 45 +--
.../clone3/clone3_cap_checkpoint_restore.c | 4 +-
.../selftests/clone3/clone3_clear_sighand.c | 2 +-
tools/testing/selftests/clone3/clone3_selftests.h | 24 +-
tools/testing/selftests/clone3/clone3_set_tid.c | 4 +-
tools/testing/selftests/pidfd/pidfd_setns_test.c | 2 +-
tools/testing/selftests/seccomp/seccomp_bpf.c | 440 +++++++++++++--------
23 files changed, 397 insertions(+), 437 deletions(-)
--
Kees Cook
next reply other threads:[~2020-10-12 22:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-12 22:15 Kees Cook [this message]
2020-10-13 23:49 ` [GIT PULL] seccomp updates for v5.10-rc1 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202010121512.015F57CC@keescook \
--to=keescook@chromium.org \
--cc=cascardo@canonical.com \
--cc=christian.brauner@ubuntu.com \
--cc=dalias@libc.org \
--cc=efremov@linux.com \
--cc=hulkci@huawei.com \
--cc=jannh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpe@ellerman.id.au \
--cc=skhan@linuxfoundation.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho@tycho.pizza \
--cc=yifeifz2@illinois.edu \
--cc=zou_wei@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.