| Message ID | 20180105163118.22598-1-anders.roxell@linaro.org |
|---|---|
| State | Accepted |
| Commit | 912ec316686df352028afb6efec59e47a958a24d |
| Headers | show |
| Series | selftests: seccomp: fix compile error seccomp_bpf | expand |
On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote: > aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall > -lpthread seccomp_bpf.c -o seccomp_bpf > seccomp_bpf.c: In function 'tracer_ptrace': > seccomp_bpf.c:1720:12: error: '__NR_open' undeclared > (first use in this function) > if (nr == __NR_open) > ^~~~~~~~~ > seccomp_bpf.c:1720:12: note: each undeclared identifier is reported > only once for each function it appears in > In file included from seccomp_bpf.c:48:0: > seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped': > seccomp_bpf.c:1795:39: error: '__NR_open' undeclared > (first use in this function) > EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); > ^ > open(2) is a legacy syscall, replaced with openat(2) since 2.6.16. > Thus new architectures in the kernel, such as arm64, don't implement > these legacy syscalls. > > Signed-off-by: Anders Roxell <anders.roxell@linaro.org> Thanks for the patch Anders. Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> > --- > tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c > index 24dbf634e2dd..0b457e8e0f0c 100644 > --- a/tools/testing/selftests/seccomp/seccomp_bpf.c > +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c > @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, > > if (nr == __NR_getpid) > change_syscall(_metadata, tracee, __NR_getppid); > - if (nr == __NR_open) > + if (nr == __NR_openat) > change_syscall(_metadata, tracee, -1); > } > > @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped) > true); > > /* Tracer should skip the open syscall, resulting in EPERM. */ > - EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); > + EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat)); > } > > TEST_F(TRACE_syscall, syscall_allowed) > -- > 2.11.0 >
On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju <naresh.kamboju@linaro.org> wrote: > On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote: >> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall >> -lpthread seccomp_bpf.c -o seccomp_bpf >> seccomp_bpf.c: In function 'tracer_ptrace': >> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared >> (first use in this function) >> if (nr == __NR_open) >> ^~~~~~~~~ >> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported >> only once for each function it appears in >> In file included from seccomp_bpf.c:48:0: >> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped': >> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared >> (first use in this function) >> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); >> ^ >> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16. >> Thus new architectures in the kernel, such as arm64, don't implement >> these legacy syscalls. >> >> Signed-off-by: Anders Roxell <anders.roxell@linaro.org> > > Thanks for the patch Anders. > Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> Did something change recently? This has built fine on arm64 for a while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build and pass on arm64"). -Kees > >> --- >> tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c >> index 24dbf634e2dd..0b457e8e0f0c 100644 >> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c >> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c >> @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, >> >> if (nr == __NR_getpid) >> change_syscall(_metadata, tracee, __NR_getppid); >> - if (nr == __NR_open) >> + if (nr == __NR_openat) >> change_syscall(_metadata, tracee, -1); >> } >> >> @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped) >> true); >> >> /* Tracer should skip the open syscall, resulting in EPERM. */ >> - EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); >> + EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat)); >> } >> >> TEST_F(TRACE_syscall, syscall_allowed) >> -- >> 2.11.0 >> -- Kees Cook Pixel Security
On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote: > On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju > <naresh.kamboju@linaro.org> wrote: >> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote: >>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall >>> -lpthread seccomp_bpf.c -o seccomp_bpf >>> seccomp_bpf.c: In function 'tracer_ptrace': >>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared >>> (first use in this function) >>> if (nr == __NR_open) >>> ^~~~~~~~~ >>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported >>> only once for each function it appears in >>> In file included from seccomp_bpf.c:48:0: >>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped': >>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared >>> (first use in this function) >>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); >>> ^ >>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16. >>> Thus new architectures in the kernel, such as arm64, don't implement >>> these legacy syscalls. >>> >>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org> >> >> Thanks for the patch Anders. >> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> > > Did something change recently? This has built fine on arm64 for a > while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build > and pass on arm64"). Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this please, with this tag added: Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions") Thanks! -Kees > > -Kees > >> >>> --- >>> tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c >>> index 24dbf634e2dd..0b457e8e0f0c 100644 >>> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c >>> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c >>> @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, >>> >>> if (nr == __NR_getpid) >>> change_syscall(_metadata, tracee, __NR_getppid); >>> - if (nr == __NR_open) >>> + if (nr == __NR_openat) >>> change_syscall(_metadata, tracee, -1); >>> } >>> >>> @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped) >>> true); >>> >>> /* Tracer should skip the open syscall, resulting in EPERM. */ >>> - EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); >>> + EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat)); >>> } >>> >>> TEST_F(TRACE_syscall, syscall_allowed) >>> -- >>> 2.11.0 >>> > > > > -- > Kees Cook > Pixel Security -- Kees Cook Pixel Security
On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <keescook@chromium.org> wrote: > On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote: >> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju >> <naresh.kamboju@linaro.org> wrote: >>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote: >>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall >>>> -lpthread seccomp_bpf.c -o seccomp_bpf >>>> seccomp_bpf.c: In function 'tracer_ptrace': >>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared >>>> (first use in this function) >>>> if (nr == __NR_open) >>>> ^~~~~~~~~ >>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported >>>> only once for each function it appears in >>>> In file included from seccomp_bpf.c:48:0: >>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped': >>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared >>>> (first use in this function) >>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); >>>> ^ >>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16. >>>> Thus new architectures in the kernel, such as arm64, don't implement >>>> these legacy syscalls. >>>> >>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org> >>> >>> Thanks for the patch Anders. >>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> >> >> Did something change recently? This has built fine on arm64 for a >> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build >> and pass on arm64"). > > Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this > please, with this tag added: > > Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions") And Cc to stable, as this was broken in 4.14... Cc: stable@vger.kernel.org -Kees -- Kees Cook Pixel Security
On 01/09/2018 04:25 PM, Kees Cook wrote: > On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <keescook@chromium.org> wrote: >> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote: >>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju >>> <naresh.kamboju@linaro.org> wrote: >>>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote: >>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall >>>>> -lpthread seccomp_bpf.c -o seccomp_bpf >>>>> seccomp_bpf.c: In function 'tracer_ptrace': >>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared >>>>> (first use in this function) >>>>> if (nr == __NR_open) >>>>> ^~~~~~~~~ >>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported >>>>> only once for each function it appears in >>>>> In file included from seccomp_bpf.c:48:0: >>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped': >>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared >>>>> (first use in this function) >>>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); >>>>> ^ >>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16. >>>>> Thus new architectures in the kernel, such as arm64, don't implement >>>>> these legacy syscalls. >>>>> >>>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org> >>>> >>>> Thanks for the patch Anders. >>>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> >>> >>> Did something change recently? This has built fine on arm64 for a >>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build >>> and pass on arm64"). >> >> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this >> please, with this tag added: >> >> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions") > > And Cc to stable, as this was broken in 4.14... > > Cc: stable@vger.kernel.org > > -Kees > Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your Acked-by I assume. thanks, -- Shuah
On Tue, Jan 9, 2018 at 3:37 PM, Shuah Khan <shuah@kernel.org> wrote: > On 01/09/2018 04:25 PM, Kees Cook wrote: >> On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <keescook@chromium.org> wrote: >>> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote: >>>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju >>>> <naresh.kamboju@linaro.org> wrote: >>>>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote: >>>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall >>>>>> -lpthread seccomp_bpf.c -o seccomp_bpf >>>>>> seccomp_bpf.c: In function 'tracer_ptrace': >>>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared >>>>>> (first use in this function) >>>>>> if (nr == __NR_open) >>>>>> ^~~~~~~~~ >>>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported >>>>>> only once for each function it appears in >>>>>> In file included from seccomp_bpf.c:48:0: >>>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped': >>>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared >>>>>> (first use in this function) >>>>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); >>>>>> ^ >>>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16. >>>>>> Thus new architectures in the kernel, such as arm64, don't implement >>>>>> these legacy syscalls. >>>>>> >>>>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org> >>>>> >>>>> Thanks for the patch Anders. >>>>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> >>>> >>>> Did something change recently? This has built fine on arm64 for a >>>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build >>>> and pass on arm64"). >>> >>> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this >>> please, with this tag added: >>> >>> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions") >> >> And Cc to stable, as this was broken in 4.14... >> >> Cc: stable@vger.kernel.org >> >> -Kees >> > > Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your > Acked-by I assume. Yes, thanks! Here it is all together: Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions") Cc: stable@vger.kernel.org Acked-by: Kees Cook <keescook@chromium.org> -Kees -- Kees Cook Pixel Security
On 01/09/2018 04:46 PM, Kees Cook wrote: > On Tue, Jan 9, 2018 at 3:37 PM, Shuah Khan <shuah@kernel.org> wrote: >> On 01/09/2018 04:25 PM, Kees Cook wrote: >>> On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <keescook@chromium.org> wrote: >>>> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote: >>>>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju >>>>> <naresh.kamboju@linaro.org> wrote: >>>>>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote: >>>>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall >>>>>>> -lpthread seccomp_bpf.c -o seccomp_bpf >>>>>>> seccomp_bpf.c: In function 'tracer_ptrace': >>>>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared >>>>>>> (first use in this function) >>>>>>> if (nr == __NR_open) >>>>>>> ^~~~~~~~~ >>>>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported >>>>>>> only once for each function it appears in >>>>>>> In file included from seccomp_bpf.c:48:0: >>>>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped': >>>>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared >>>>>>> (first use in this function) >>>>>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); >>>>>>> ^ >>>>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16. >>>>>>> Thus new architectures in the kernel, such as arm64, don't implement >>>>>>> these legacy syscalls. >>>>>>> >>>>>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org> >>>>>> >>>>>> Thanks for the patch Anders. >>>>>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> >>>>> >>>>> Did something change recently? This has built fine on arm64 for a >>>>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build >>>>> and pass on arm64"). >>>> >>>> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this >>>> please, with this tag added: >>>> >>>> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions") >>> >>> And Cc to stable, as this was broken in 4.14... >>> >>> Cc: stable@vger.kernel.org >>> >>> -Kees >>> >> >> Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your >> Acked-by I assume. > > Yes, thanks! Here it is all together: > > Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions") > Cc: stable@vger.kernel.org > Acked-by: Kees Cook <keescook@chromium.org> > > > -Kees > Applied to linux-kselftest next for 4.16-rc1 thanks, -- Shuah
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 24dbf634e2dd..0b457e8e0f0c 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, if (nr == __NR_getpid) change_syscall(_metadata, tracee, __NR_getppid); - if (nr == __NR_open) + if (nr == __NR_openat) change_syscall(_metadata, tracee, -1); } @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped) true); /* Tracer should skip the open syscall, resulting in EPERM. */ - EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); + EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat)); } TEST_F(TRACE_syscall, syscall_allowed)
aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall -lpthread seccomp_bpf.c -o seccomp_bpf seccomp_bpf.c: In function 'tracer_ptrace': seccomp_bpf.c:1720:12: error: '__NR_open' undeclared (first use in this function) if (nr == __NR_open) ^~~~~~~~~ seccomp_bpf.c:1720:12: note: each undeclared identifier is reported only once for each function it appears in In file included from seccomp_bpf.c:48:0: seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped': seccomp_bpf.c:1795:39: error: '__NR_open' undeclared (first use in this function) EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open)); ^ open(2) is a legacy syscall, replaced with openat(2) since 2.6.16. Thus new architectures in the kernel, such as arm64, don't implement these legacy syscalls. Signed-off-by: Anders Roxell <anders.roxell@linaro.org> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.11.0