Revision tags: v6.6.30, v6.6.29, v6.6.28, v6.6.27, v6.6.26, v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14 |
|
#
612fbf65 |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
commit ecaaa55c9fa5e8058445a8b891070b12208cdb6d upstream.
unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the CONFIG_PI
selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
commit ecaaa55c9fa5e8058445a8b891070b12208cdb6d upstream.
unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the CONFIG_PID_NS option enabled.
Add a check on these calls to skip the test if we receive EINVAL.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-2-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
f4b1e2cc |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: Change the syscall used in KILL_THREAD test
commit 471dbc547612adeaa769e48498ef591c6c95a57a upstream.
The Bionic version of pthread_create used on Android calls the prctl functio
selftests/seccomp: Change the syscall used in KILL_THREAD test
commit 471dbc547612adeaa769e48498ef591c6c95a57a upstream.
The Bionic version of pthread_create used on Android calls the prctl function to give the stack and thread local storage a useful name. This will cause the KILL_THREAD test to fail as it will kill the thread as soon as it is created.
change the test to use getpid instead of prctl.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-3-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
003af8c2 |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: user_notification_addfd check nextfd is available
commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 upstream.
Currently the user_notification_addfd test checks what the next expect
selftests/seccomp: user_notification_addfd check nextfd is available
commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 upstream.
Currently the user_notification_addfd test checks what the next expected file descriptor will be by incrementing a variable nextfd. This does not account for file descriptors that may already be open before the test is started and will cause the test to fail if any exist.
Replace nextfd++ with a function get_next_fd which will check and return the next available file descriptor.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-4-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
Revision tags: v6.6.30, v6.6.29, v6.6.28, v6.6.27, v6.6.26, v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14 |
|
#
612fbf65 |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
commit ecaaa55c9fa5e8058445a8b891070b12208cdb6d upstream.
unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the CONFIG_PI
selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
commit ecaaa55c9fa5e8058445a8b891070b12208cdb6d upstream.
unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the CONFIG_PID_NS option enabled.
Add a check on these calls to skip the test if we receive EINVAL.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-2-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
f4b1e2cc |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: Change the syscall used in KILL_THREAD test
commit 471dbc547612adeaa769e48498ef591c6c95a57a upstream.
The Bionic version of pthread_create used on Android calls the prctl functio
selftests/seccomp: Change the syscall used in KILL_THREAD test
commit 471dbc547612adeaa769e48498ef591c6c95a57a upstream.
The Bionic version of pthread_create used on Android calls the prctl function to give the stack and thread local storage a useful name. This will cause the KILL_THREAD test to fail as it will kill the thread as soon as it is created.
change the test to use getpid instead of prctl.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-3-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
003af8c2 |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: user_notification_addfd check nextfd is available
commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 upstream.
Currently the user_notification_addfd test checks what the next expect
selftests/seccomp: user_notification_addfd check nextfd is available
commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 upstream.
Currently the user_notification_addfd test checks what the next expected file descriptor will be by incrementing a variable nextfd. This does not account for file descriptors that may already be open before the test is started and will cause the test to fail if any exist.
Replace nextfd++ with a function get_next_fd which will check and return the next available file descriptor.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-4-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
Revision tags: v6.6.30, v6.6.29, v6.6.28, v6.6.27, v6.6.26, v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14 |
|
#
612fbf65 |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
commit ecaaa55c9fa5e8058445a8b891070b12208cdb6d upstream.
unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the CONFIG_PI
selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
commit ecaaa55c9fa5e8058445a8b891070b12208cdb6d upstream.
unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the CONFIG_PID_NS option enabled.
Add a check on these calls to skip the test if we receive EINVAL.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-2-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
f4b1e2cc |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: Change the syscall used in KILL_THREAD test
commit 471dbc547612adeaa769e48498ef591c6c95a57a upstream.
The Bionic version of pthread_create used on Android calls the prctl functio
selftests/seccomp: Change the syscall used in KILL_THREAD test
commit 471dbc547612adeaa769e48498ef591c6c95a57a upstream.
The Bionic version of pthread_create used on Android calls the prctl function to give the stack and thread local storage a useful name. This will cause the KILL_THREAD test to fail as it will kill the thread as soon as it is created.
change the test to use getpid instead of prctl.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-3-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
003af8c2 |
| 24-Jan-2024 |
Terry Tritton <terry.tritton@linaro.org> |
selftests/seccomp: user_notification_addfd check nextfd is available
commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 upstream.
Currently the user_notification_addfd test checks what the next expect
selftests/seccomp: user_notification_addfd check nextfd is available
commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 upstream.
Currently the user_notification_addfd test checks what the next expected file descriptor will be by incrementing a variable nextfd. This does not account for file descriptors that may already be open before the test is started and will cause the test to fail if any exist.
Replace nextfd++ with a function get_next_fd which will check and return the next available file descriptor.
Signed-off-by: Terry Tritton <terry.tritton@linaro.org> Link: https://lore.kernel.org/r/20240124141357.1243457-4-terry.tritton@linaro.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
Revision tags: v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43 |
|
#
fbc5d382 |
| 02-Aug-2023 |
Kees Cook <keescook@chromium.org> |
selftests/seccomp: Handle arm32 corner cases better
It turns out arm32 doesn't handle syscall -1 gracefully, so skip testing for that. Additionally skip tests that depend on clone3 when it is not av
selftests/seccomp: Handle arm32 corner cases better
It turns out arm32 doesn't handle syscall -1 gracefully, so skip testing for that. Additionally skip tests that depend on clone3 when it is not available (for example when building the seccomp selftests on an old arm image without clone3 headers). And improve error reporting for when nanosleep fails, as seen on arm32 since v5.15.
Cc: Lecopzer Chen <lecopzer.chen@mediatek.com> Signed-off-by: Kees Cook <keescook@chromium.org>
show more ...
|
Revision tags: v6.1.42, v6.1.41, v6.1.40, v6.1.39, v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35, v6.1.34, v6.1.33, v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28, v6.1.27, v6.1.26, v6.3, v6.1.25, v6.1.24, v6.1.23, v6.1.22, v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16 |
|
#
8feae5ad |
| 08-Mar-2023 |
Andrei Vagin <avagin@google.com> |
selftest/seccomp: add a new test for the sync mode of seccomp_user_notify
Test output: # RUN global.user_notification_sync ... # OK global.user_notification_sync ok 51 glob
selftest/seccomp: add a new test for the sync mode of seccomp_user_notify
Test output: # RUN global.user_notification_sync ... # OK global.user_notification_sync ok 51 global.user_notification_sync
Signed-off-by: Andrei Vagin <avagin@google.com> Acked-by: "Peter Zijlstra (Intel)" <peterz@infradead.org> Link: https://lore.kernel.org/r/20230308073201.3102738-6-avagin@google.com Signed-off-by: Kees Cook <keescook@chromium.org>
show more ...
|
Revision tags: v6.1.15, v6.1.14 |
|
#
eb4071b9 |
| 25-Feb-2023 |
Huacai Chen <chenhuacai@loongson.cn> |
selftests/seccomp: Add LoongArch selftesting support
BPF for LoongArch is supported now, add the selftesting support in seccomp_bpf.c.
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off
selftests/seccomp: Add LoongArch selftesting support
BPF for LoongArch is supported now, add the selftesting support in seccomp_bpf.c.
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
show more ...
|
Revision tags: v6.1.13, v6.2, v6.1.12, v6.1.11, v6.1.10, v6.1.9, v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19 |
|
#
be6c50d3 |
| 11-Jan-2023 |
Michael Schmitz <schmitzmic@gmail.com> |
selftests/seccomp: Add m68k support
Add m68k seccomp definitions to seccomp_bpf self test code.
Tested on ARAnyM.
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com> Reviewed-by: Geert Uytterhoe
selftests/seccomp: Add m68k support
Add m68k seccomp definitions to seccomp_bpf self test code.
Tested on ARAnyM.
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org> Link: https://lore.kernel.org/r/20230112035529.13521-4-schmitzmic@gmail.com Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
show more ...
|
Revision tags: v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14, v6.0.13, v6.1, v6.0.12, v6.0.11, v6.0.10, v5.15.80, v6.0.9, v5.15.79, v6.0.8, v5.15.78, v6.0.7, v5.15.77, v5.15.76, v6.0.6, v6.0.5, v5.15.75, v6.0.4, v6.0.3, v6.0.2, v5.15.74, v5.15.73, v6.0.1, v5.15.72, v6.0, v5.15.71, v5.15.70, v5.15.69, v5.15.68, v5.15.67, v5.15.66, v5.15.65, v5.15.64, v5.15.63, v5.15.62, v5.15.61, v5.15.60, v5.15.59, v5.19 |
|
#
fc1e3980 |
| 31-Jul-2022 |
Gautam Menghani <gautammenghani201@gmail.com> |
selftests/seccomp: Check CAP_SYS_ADMIN capability in the test mode_filter_without_nnp
In the "mode_filter_without_nnp" test in seccomp_bpf, there is currently a TODO which asks to check the capabili
selftests/seccomp: Check CAP_SYS_ADMIN capability in the test mode_filter_without_nnp
In the "mode_filter_without_nnp" test in seccomp_bpf, there is currently a TODO which asks to check the capability CAP_SYS_ADMIN instead of euid. This patch adds support to check if the calling process has the flag CAP_SYS_ADMIN, and also if this flag has CAP_EFFECTIVE set.
Signed-off-by: Gautam Menghani <gautammenghani201@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220731092529.28760-1-gautammenghani201@gmail.com
show more ...
|
Revision tags: v5.15.58, v5.15.57, v5.15.56, v5.15.55, v5.15.54, v5.15.53, v5.15.52, v5.15.51, v5.15.50, v5.15.49, v5.15.48, v5.15.47, v5.15.46, v5.15.45, v5.15.44 |
|
#
3ce4b78f |
| 26-May-2022 |
YiFei Zhu <zhuyifei@google.com> |
selftests/seccomp: Fix compile warning when CC=clang
clang has -Wconstant-conversion by default, and the constant 0xAAAAAAAAA (9 As) being converted to an int, which is generally 32 bits, results in
selftests/seccomp: Fix compile warning when CC=clang
clang has -Wconstant-conversion by default, and the constant 0xAAAAAAAAA (9 As) being converted to an int, which is generally 32 bits, results in the compile warning:
clang -Wl,-no-as-needed -Wall -isystem ../../../../usr/include/ -lpthread seccomp_bpf.c -lcap -o seccomp_bpf seccomp_bpf.c:812:67: warning: implicit conversion from 'long' to 'int' changes value from 45812984490 to -1431655766 [-Wconstant-conversion] int kill = kill_how == KILL_PROCESS ? SECCOMP_RET_KILL_PROCESS : 0xAAAAAAAAA; ~~~~ ^~~~~~~~~~~ 1 warning generated.
-1431655766 is the expected truncation, 0xAAAAAAAA (8 As), so use this directly in the code to avoid the warning.
Fixes: 3932fcecd962 ("selftests/seccomp: Add test for unknown SECCOMP_RET kill behavior") Signed-off-by: YiFei Zhu <zhuyifei@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220526223407.1686936-1-zhuyifei@google.com
show more ...
|
Revision tags: v5.15.43, v5.15.42, v5.18, v5.15.41, v5.15.40, v5.15.39, v5.15.38 |
|
#
5e91d2a4 |
| 04-May-2022 |
Colin Ian King <colin.i.king@gmail.com> |
selftests/seccomp: Fix spelling mistake "Coud" -> "Could"
There is a spelling mistake in an error message. Fix it.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Kees Cook <k
selftests/seccomp: Fix spelling mistake "Coud" -> "Could"
There is a spelling mistake in an error message. Fix it.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220504155535.239180-1-colin.i.king@gmail.com
show more ...
|
#
3b96a9c5 |
| 03-May-2022 |
Sargun Dhillon <sargun@sargun.me> |
selftests/seccomp: Add test for wait killable notifier
This verifies that if a filter is set up with the wait killable feature that it obeys the semantics that non-fatal signals are ignored during a
selftests/seccomp: Add test for wait killable notifier
This verifies that if a filter is set up with the wait killable feature that it obeys the semantics that non-fatal signals are ignored during a notification after the notification is received.
Cases tested: * Non-fatal signal prior to receive * Non-fatal signal during receive * Fatal signal after receive
The normal signal handling is tested in user_notification_signal. That behaviour remains unchanged.
On an unsupported kernel, these tests will immediately bail as it relies on a new seccomp flag.
Signed-off-by: Sargun Dhillon <sargun@sargun.me> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220503080958.20220-4-sargun@sargun.me
show more ...
|
#
922a1b52 |
| 03-May-2022 |
Sargun Dhillon <sargun@sargun.me> |
selftests/seccomp: Refactor get_proc_stat to split out file reading code
This splits up the get_proc_stat function to make it so we can use it as a generic helper to read the nth field from multiple
selftests/seccomp: Refactor get_proc_stat to split out file reading code
This splits up the get_proc_stat function to make it so we can use it as a generic helper to read the nth field from multiple different files, versus replicating the logic in multiple places.
Signed-off-by: Sargun Dhillon <sargun@sargun.me> Cc: linux-kselftest@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220503080958.20220-3-sargun@sargun.me
show more ...
|
Revision tags: v5.15.37 |
|
#
662340ef |
| 27-Apr-2022 |
Sargun Dhillon <sargun@sargun.me> |
selftests/seccomp: Ensure that notifications come in FIFO order
When multiple notifications are waiting, ensure they show up in order, as defined by the (predictable) seccomp notification ID. This e
selftests/seccomp: Ensure that notifications come in FIFO order
When multiple notifications are waiting, ensure they show up in order, as defined by the (predictable) seccomp notification ID. This ensures FIFO ordering of notification delivery as notification ids are monitonic and decided when the notification is generated (as opposed to received).
Signed-off-by: Sargun Dhillon <sargun@sargun.me> Cc: linux-kselftest@vger.kernel.org Acked-by: Tycho Andersen <tycho@tycho.pizza> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220428015447.13661-2-sargun@sargun.me
show more ...
|
Revision tags: v5.15.36, v5.15.35, v5.15.34, v5.15.33 |
|
#
95a126d9 |
| 29-Mar-2022 |
Yang Guang <yang.guang5@zte.com.cn> |
selftests/seccomp: Add SKIP for failed unshare()
Running the seccomp tests under the kernel with "defconfig" shouldn't fail. Because the CONFIG_USER_NS is not supported in "defconfig". Skipping this
selftests/seccomp: Add SKIP for failed unshare()
Running the seccomp tests under the kernel with "defconfig" shouldn't fail. Because the CONFIG_USER_NS is not supported in "defconfig". Skipping this case instead of failing it is better.
Signed-off-by: Yang Guang <yang.guang5@zte.com.cn> Signed-off-by: David Yang <davidcomponentone@gmail.com> Reviewed-by: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/7f7687696a5c0a2d040a24474616e945c7cf2bb5.1648599460.git.yang.guang5@zte.com.cn
show more ...
|
Revision tags: v5.15.32, v5.15.31, v5.17, v5.15.30 |
|
#
d250a3e4 |
| 18-Mar-2022 |
Jann Horn <jannh@google.com> |
selftests/seccomp: Test PTRACE_O_SUSPEND_SECCOMP without CAP_SYS_ADMIN
Add a test to check that PTRACE_O_SUSPEND_SECCOMP can't be set without CAP_SYS_ADMIN through PTRACE_SEIZE or PTRACE_SETOPTIONS.
selftests/seccomp: Test PTRACE_O_SUSPEND_SECCOMP without CAP_SYS_ADMIN
Add a test to check that PTRACE_O_SUSPEND_SECCOMP can't be set without CAP_SYS_ADMIN through PTRACE_SEIZE or PTRACE_SETOPTIONS.
Signed-off-by: Jann Horn <jannh@google.com> Co-developed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>
show more ...
|
#
2bfed7d2 |
| 18-Mar-2022 |
Jann Horn <jannh@google.com> |
selftests/seccomp: Don't call read() on TTY from background pgrp
Since commit 92d25637a3a4 ("kselftest: signal all child processes"), tests are executed in background process groups. This means that
selftests/seccomp: Don't call read() on TTY from background pgrp
Since commit 92d25637a3a4 ("kselftest: signal all child processes"), tests are executed in background process groups. This means that trying to read from stdin now throws SIGTTIN when stdin is a TTY, which breaks some seccomp selftests that try to use read(0, NULL, 0) as a dummy syscall.
The simplest way to fix that is probably to just use -1 instead of 0 as the dummy read()'s FD.
Fixes: 92d25637a3a4 ("kselftest: signal all child processes") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220319010011.1374622-1-jannh@google.com
show more ...
|
Revision tags: v5.15.29, v5.15.28, v5.15.27, v5.15.26, v5.15.25, v5.15.24, v5.15.23, v5.15.22, v5.15.21, v5.15.20, v5.15.19, v5.15.18, v5.15.17, v5.4.173, v5.15.16, v5.15.15, v5.16, v5.15.10, v5.15.9, v5.15.8, v5.15.7, v5.15.6, v5.15.5, v5.15.4, v5.15.3, v5.15.2, v5.15.1 |
|
#
1e6d69c7 |
| 03-Nov-2021 |
Kees Cook <keescook@chromium.org> |
selftests/seccomp: Report event mismatches more clearly
When running under tracer, more explicitly report the status and event mismatches to help with debugging. Additionally add an "immediate kill"
selftests/seccomp: Report event mismatches more clearly
When running under tracer, more explicitly report the status and event mismatches to help with debugging. Additionally add an "immediate kill" test when under tracing to verify that fatal SIGSYS behaves the same under ptrace or seccomp tracing.
Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> Cc: linux-kselftest@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Link: https://lore.kernel.org/r/20211103163039.2104830-3-keescook@chromium.org
show more ...
|
#
48d5fd06 |
| 03-Nov-2021 |
Kees Cook <keescook@chromium.org> |
selftests/seccomp: Stop USER_NOTIF test if kcmp() fails
If kcmp() fails during the USER_NOTIF test, the test is likely to hang, so switch from EXPECT to ASSERT.
Cc: Andy Lutomirski <luto@amacapital
selftests/seccomp: Stop USER_NOTIF test if kcmp() fails
If kcmp() fails during the USER_NOTIF test, the test is likely to hang, so switch from EXPECT to ASSERT.
Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> Cc: linux-kselftest@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Link: https://lore.kernel.org/r/20211103163039.2104830-2-keescook@chromium.org
show more ...
|
Revision tags: v5.15 |
|
#
3e7ed9ce |
| 25-Oct-2021 |
Ilya Leoshkevich <iii@linux.ibm.com> |
selftests/seccomp: Use __BYTE_ORDER__
Use the compiler-defined __BYTE_ORDER__ instead of the libc-defined __BYTE_ORDER for consistency.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-of
selftests/seccomp: Use __BYTE_ORDER__
Use the compiler-defined __BYTE_ORDER__ instead of the libc-defined __BYTE_ORDER for consistency.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20211026010831.748682-6-iii@linux.ibm.com
show more ...
|