From: Paul Moore <pmoore@redhat.com>
To: Andrew Jones <drjones@redhat.com>
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
"Marcus Meissner" <meissner@suse.de>,
"Karl-Philipp Richter" <krichter722@aol.de>,
"Patch Tracking" <patches@linaro.org>,
"Riku Voipio" <riku.voipio@iki.fi>,
"Alexander Graf" <agraf@suse.de>,
"QEMU Developers" <qemu-devel@nongnu.org>,
"Eduardo Otubo" <eduardo.otubo@profitbricks.com>,
"Andreas Färber" <afaerber@suse.de>
Subject: Re: [Qemu-devel] [PATCH for-2.3] Revert seccomp tests that allow it to be used on non-x86 architectures
Date: Wed, 01 Jul 2015 13:08:58 -0400 [thread overview]
Message-ID: <2360688.WSXcfaFilj@sifl> (raw)
In-Reply-To: <20150701120749.GA2940@hawk.localdomain>
On Wednesday, July 01, 2015 02:07:49 PM Andrew Jones wrote:
> On Tue, Jun 30, 2015 at 01:18:49PM -0400, Paul Moore wrote:
> > On Tuesday, June 30, 2015 06:07:40 PM Peter Maydell wrote:
> > > On 30 June 2015 at 18:01, Paul Moore <pmoore@redhat.com> wrote:
> > > > I'm starting to wonder if the 32-bit ARM build system didn't have
> > > > __NR_cacheflush defined in the system headers; that might explain some
> > > > of
> > > > the behavior. Could you check your system to see if it has
> > > > __NR_cacheflush defined (try /usr/include/asm/unistd.h)?
> > >
> > > The constant name is __ARM_NR_cacheflush, not __NR_cacheflush
> > > (all the ARM-specific syscalls are __ARM_NR_*). See
> > > http://lxr.free-electrons.com/source/arch/arm/include/uapi/asm/unistd.h#
> > > L418>
> > /me smacks his forehead
> >
> > Of course it is. We already work around that in arch-syscall-validate.
> > D'oh!
> >
> > Good news though, I think we just found the bug ;)
> >
> > I'm currently trying to put out another fire in a different project; as
> > soon as I've got that done I'll fix this. However, if somebody wants to
> > play, I'm always happy to accept patches :)
>
> Sent: https://groups.google.com/forum/#!topic/libseccomp/RD9RTmc2Lxo
Applied, thanks.
> I'll send the patch for qemu to add cacheflush to the whitelist shortly.
--
paul moore
security @ redhat
prev parent reply other threads:[~2015-07-01 17:09 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-10 12:58 [Qemu-devel] [PATCH for-2.3] Revert seccomp tests that allow it to be used on non-x86 architectures Peter Maydell
2015-06-16 13:12 ` Andrew Jones
2015-06-16 13:16 ` Peter Maydell
2015-06-26 16:03 ` Andrew Jones
2015-06-26 20:26 ` Paul Moore
2015-06-29 7:50 ` Andrew Jones
2015-06-29 14:53 ` Paul Moore
2015-06-29 17:47 ` Andrew Jones
2015-06-29 20:24 ` Paul Moore
2015-06-30 8:39 ` Andrew Jones
2015-06-30 17:01 ` Paul Moore
2015-06-30 17:07 ` Peter Maydell
2015-06-30 17:18 ` Paul Moore
2015-07-01 12:07 ` Andrew Jones
2015-07-01 17:08 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2360688.WSXcfaFilj@sifl \
--to=pmoore@redhat.com \
--cc=afaerber@suse.de \
--cc=agraf@suse.de \
--cc=drjones@redhat.com \
--cc=eduardo.otubo@profitbricks.com \
--cc=krichter722@aol.de \
--cc=meissner@suse.de \
--cc=patches@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=riku.voipio@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).