Re: [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matt Redfearn <matt.redfearn@imgtec.com>
To: Kees Cook <keescook@chromium.org>
Cc: Linux MIPS Mailing List <linux-mips@linux-mips.org>,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@amacapital.net>,
	LKML <linux-kernel@vger.kernel.org>,
	Shuah Khan <shuahkh@osg.samsung.com>,
	Eric B Munson <emunson@akamai.com>,
	James Hogan <james.hogan@imgtec.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-kselftest@vger.kernel.org,
	linux-arch <linux-arch@vger.kernel.org>,
	Markos Chandras <markos.chandras@imgtec.com>,
	Amanieu d'Antras <amanieu@gmail.com>,
	Ralf Baechle <ralf@linux-mips.org>,
	Alex Smith <alex.smith@imgtec.com>,
	Paul Burton <paul.burton@imgtec.com>,
	Will Drewry <wad@chromium.org>
Subject: Re: [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups
Date: Thu, 31 Mar 2016 09:57:33 +0100	[thread overview]
Message-ID: <56FCE67D.70800@imgtec.com> (raw)
In-Reply-To: <CAGXu5jLJEHzB3ST63g0fApVP4-OWwCT5UcqguAMNoGy-aQXgew@mail.gmail.com>



On 30/03/16 06:06, Kees Cook wrote:
> On Tue, Mar 29, 2016 at 1:35 AM, Matt Redfearn <matt.redfearn@imgtec.com> wrote:
>> These patches imporve seccomp support on MIPS.
>>
>> Firstly support is added for building the seccomp_bpf self test for
>> MIPS. The
>> initial results of these tests were:
>>
>> 32bit kernel O32 userspace before: 48 / 48 pass
>> 64bit kernel O32 userspace before: 47 / 48 pass
>>   Failures: TRAP.Handler
>> 64bit kernel N32 userspace before: 44 / 48 pass
>>   Failures: global.mode_strict_support, TRAP.handler,
>> TRACE_syscall.syscall_redirected, TRACE_syscall.syscall_dropped
>> 64bit kernel N64 userspace before: 46 / 48 pass
>>   Failures: TRACE_syscall.syscall_redirected,
>> TRACE_syscall.syscall_dropped
>>
>> The subsequent patches fix issues that were causing the above tests to
>> fail. With
>> these fixes, the results are:
>> 32bit kernel O32 userspace after: 48 / 48
>> 64bit kernel O32 userspace after: 48 / 48
>> 64bit kernel N32 userspace after: 48 / 48
>> 64bit kernel N64 userspace after: 48 / 48
>>
>> Thanks,
>> Matt
>>
>> Changes in v2:
>> - Tested on additional platforms
>> - Replace __NR_syscall which isn't defined for N32 / N64 ABIs
>>
>> Matt Redfearn (6):
>>    selftests/seccomp: add MIPS self-test support
>>    MIPS: Support sending SIG_SYS to 32bit userspace from 64bit kernel
>>    MIPS: scall: Handle seccomp filters which redirect syscalls
>>    seccomp: Get compat syscalls from asm-generic header
>>    MIPS: seccomp: Support compat with both O32 and N32
>>    secomp: Constify mode1 syscall whitelist
>>
>>   arch/mips/include/asm/seccomp.h               | 47 +++++++++++++++------------
>>   arch/mips/kernel/scall32-o32.S                | 11 +++----
>>   arch/mips/kernel/scall64-64.S                 |  3 +-
>>   arch/mips/kernel/scall64-n32.S                | 14 +++++---
>>   arch/mips/kernel/scall64-o32.S                | 14 +++++---
>>   arch/mips/kernel/signal32.c                   |  6 ++++
>>   include/asm-generic/seccomp.h                 | 14 ++++++++
>>   kernel/seccomp.c                              | 13 ++------
>>   tools/testing/selftests/seccomp/seccomp_bpf.c | 30 +++++++++++++++--
>>   9 files changed, 101 insertions(+), 51 deletions(-)
> Thanks for digging into this! Consider all the seccomp pieces:
>
> Acked-by: Kees Cook <keescook@chromium.org>
>
> Probably best to carry it all in the MIPS tree, but if you want to me
> take pieces of it into my seccomp tree, I can do that. Up to you. :)
>
> -Kees
>
Thanks Kees. Ralf is going to take it via the MIPS tree.

Matt

WARNING: multiple messages have this Message-ID (diff)

From: Matt Redfearn <matt.redfearn@imgtec.com>
To: Kees Cook <keescook@chromium.org>
Cc: Linux MIPS Mailing List <linux-mips@linux-mips.org>,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@amacapital.net>,
	LKML <linux-kernel@vger.kernel.org>,
	Shuah Khan <shuahkh@osg.samsung.com>,
	"Eric B Munson" <emunson@akamai.com>,
	James Hogan <james.hogan@imgtec.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	<linux-kselftest@vger.kernel.org>,
	linux-arch <linux-arch@vger.kernel.org>,
	Markos Chandras <markos.chandras@imgtec.com>,
	Amanieu d'Antras <amanieu@gmail.com>,
	Ralf Baechle <ralf@linux-mips.org>,
	Alex Smith <alex.smith@imgtec.com>,
	Paul Burton <paul.burton@imgtec.com>,
	Will Drewry <wad@chromium.org>
Subject: Re: [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups
Date: Thu, 31 Mar 2016 09:57:33 +0100	[thread overview]
Message-ID: <56FCE67D.70800@imgtec.com> (raw)
In-Reply-To: <CAGXu5jLJEHzB3ST63g0fApVP4-OWwCT5UcqguAMNoGy-aQXgew@mail.gmail.com>



On 30/03/16 06:06, Kees Cook wrote:
> On Tue, Mar 29, 2016 at 1:35 AM, Matt Redfearn <matt.redfearn@imgtec.com> wrote:
>> These patches imporve seccomp support on MIPS.
>>
>> Firstly support is added for building the seccomp_bpf self test for
>> MIPS. The
>> initial results of these tests were:
>>
>> 32bit kernel O32 userspace before: 48 / 48 pass
>> 64bit kernel O32 userspace before: 47 / 48 pass
>>   Failures: TRAP.Handler
>> 64bit kernel N32 userspace before: 44 / 48 pass
>>   Failures: global.mode_strict_support, TRAP.handler,
>> TRACE_syscall.syscall_redirected, TRACE_syscall.syscall_dropped
>> 64bit kernel N64 userspace before: 46 / 48 pass
>>   Failures: TRACE_syscall.syscall_redirected,
>> TRACE_syscall.syscall_dropped
>>
>> The subsequent patches fix issues that were causing the above tests to
>> fail. With
>> these fixes, the results are:
>> 32bit kernel O32 userspace after: 48 / 48
>> 64bit kernel O32 userspace after: 48 / 48
>> 64bit kernel N32 userspace after: 48 / 48
>> 64bit kernel N64 userspace after: 48 / 48
>>
>> Thanks,
>> Matt
>>
>> Changes in v2:
>> - Tested on additional platforms
>> - Replace __NR_syscall which isn't defined for N32 / N64 ABIs
>>
>> Matt Redfearn (6):
>>    selftests/seccomp: add MIPS self-test support
>>    MIPS: Support sending SIG_SYS to 32bit userspace from 64bit kernel
>>    MIPS: scall: Handle seccomp filters which redirect syscalls
>>    seccomp: Get compat syscalls from asm-generic header
>>    MIPS: seccomp: Support compat with both O32 and N32
>>    secomp: Constify mode1 syscall whitelist
>>
>>   arch/mips/include/asm/seccomp.h               | 47 +++++++++++++++------------
>>   arch/mips/kernel/scall32-o32.S                | 11 +++----
>>   arch/mips/kernel/scall64-64.S                 |  3 +-
>>   arch/mips/kernel/scall64-n32.S                | 14 +++++---
>>   arch/mips/kernel/scall64-o32.S                | 14 +++++---
>>   arch/mips/kernel/signal32.c                   |  6 ++++
>>   include/asm-generic/seccomp.h                 | 14 ++++++++
>>   kernel/seccomp.c                              | 13 ++------
>>   tools/testing/selftests/seccomp/seccomp_bpf.c | 30 +++++++++++++++--
>>   9 files changed, 101 insertions(+), 51 deletions(-)
> Thanks for digging into this! Consider all the seccomp pieces:
>
> Acked-by: Kees Cook <keescook@chromium.org>
>
> Probably best to carry it all in the MIPS tree, but if you want to me
> take pieces of it into my seccomp tree, I can do that. Up to you. :)
>
> -Kees
>
Thanks Kees. Ralf is going to take it via the MIPS tree.

Matt

next prev parent reply	other threads:[~2016-03-31  8:57 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-29  8:35 [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Matt Redfearn
2016-03-29  8:35 ` Matt Redfearn
2016-03-29  8:35 ` [PATCH v2 1/6] selftests/seccomp: add MIPS self-test support Matt Redfearn
2016-03-29  8:35   ` Matt Redfearn
2016-03-29  8:35 ` [PATCH v2 2/6] MIPS: Support sending SIG_SYS to 32bit userspace from 64bit kernel Matt Redfearn
2016-03-29  8:35   ` Matt Redfearn
2016-03-29  8:35 ` [PATCH v2 3/6] MIPS: scall: Handle seccomp filters which redirect syscalls Matt Redfearn
2016-03-29  8:35   ` Matt Redfearn
2016-03-29  8:35 ` [PATCH v2 4/6] seccomp: Get compat syscalls from asm-generic header Matt Redfearn
2016-03-29  8:35   ` Matt Redfearn
2016-03-29  8:35 ` [PATCH v2 5/6] MIPS: seccomp: Support compat with both O32 and N32 Matt Redfearn
2016-03-29  8:35   ` Matt Redfearn
2016-03-29  8:35 ` [PATCH v2 6/6] secomp: Constify mode1 syscall whitelist Matt Redfearn
2016-03-29  8:35   ` Matt Redfearn
2016-03-30  5:06 ` [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Kees Cook
2016-03-31  8:57   ` Matt Redfearn [this message]
2016-03-31  8:57     ` Matt Redfearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56FCE67D.70800@imgtec.com \
    --to=matt.redfearn@imgtec.com \
    --cc=akpm@linux-foundation.org \
    --cc=alex.smith@imgtec.com \
    --cc=amanieu@gmail.com \
    --cc=arnd@arndb.de \
    --cc=emunson@akamai.com \
    --cc=james.hogan@imgtec.com \
    --cc=keescook@chromium.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-mips@linux-mips.org \
    --cc=luto@amacapital.net \
    --cc=markos.chandras@imgtec.com \
    --cc=paul.burton@imgtec.com \
    --cc=ralf@linux-mips.org \
    --cc=shuahkh@osg.samsung.com \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.