| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
A typo was causing the return value from arch_fitler_rewrite() to be
ignored in cases where -EDOM was returned.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
| |
The test tool only has = for comparison, not ==. The latter is accepted
by bash and other shells, but is not in POSIX.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
| |
I'm still not quite sure why this was shared in the first place.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add support for other modes for LD/LDX operations
(even though they are rare in seccomp BPF programs),
specifically BPF_IMM, BPF_IND, BPF_LEN and BPF_MSH.
Signed-off-by: David Drysdale <drysdale@google.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generate a rough program flowchart when '-d' option specified.
This output can be converted into a graph with the Dot tool:
% tests/02-sim-basic -b | tools/scmp_bpf_disasm -d | dot -Tpdf > out.pdf
Details:
- Add '-d' option to generate Dot output rather than listing.
- Convert bpf_decode_op() to return string rather than printing,
to allow re-use.
- Encapsulate action string generation in bpf_decode_action() to
allow re-use.
Signed-off-by: David Drysdale <drysdale@google.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
| |
As suggested by Nikos Mavrogiannopoulos.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
| |
The only update this time around is "switch_endian" for ppc.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |\
| |
| |
| |
| |
| | |
Mike Strosaker <strosake@linux.vnet.ibm.com> reports that the
working-ppc64 branch is working for both 'make check' and './regression
-T live'.
|
| | |
| |
| |
| |
| | |
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
[PM: slight reordering of ppc/ppc64 in header files and makefiles]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Sent against working-ppc64.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We didn't correctly take into account the __powerpc64__ define when
generating the ppc64 syscall table. This patch also updates the
syscall table to match Linux v3.19.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Otherwise The live tests will fail with
"ERROR arch ppc64 not supported"
Send against the working-ppc64 branch.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
[PM: added ppc64le]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When merging bfac175ac1222ca59045eeecd8d27df9dd7bab4d ("tests: fix
sequence number generation") I mistakenly removed a line from the
patch which kept us from linking miniseq with the various libseccomp
libraries.
Mathias did it correctly, I screwed it up; this patch should put
things right.
Reported-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit bca4e115715174a64c7b5f56430a51f3e676c34a.
Now, since we're using a sane sequence number generator, we can
re-enable the problematic test.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Because of incorrect number sequence generation by seq(1) on at least 32
bit ARM systems using coreutils v8.23/v8.24 we provide a minimal seq(1)
implementation that fits our needs.
This fixes the bug mentioned in the following mailing thread:
https://groups.google.com/forum/#!topic/libseccomp/VtrClkXxLGA
Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: subject line, build locations, and vertical whitespace tweaks]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 7932b4fa24c1add0d7a315de8387d216334fbcf7)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
See the mailing list thread below:
-> https://groups.google.com/forum/#!topic/libseccomp/VtrClkXxLGA
... unfortunately the 32-bit ARM userspace has problems with this
particular test so we need to disable it for the time being. It is
important to note that this is only a problem with the test and not
with libseccomp in general.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also correct some typos in the existing CHANGELOG entries.
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit d7a29fefb03d9c3658854ea7b3cb6a8f082cfb90)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the masked compare is a tautology we don't need to generate
instructions for the runtime test. It'll always be true.
This patch handles the case for 32 bit arches and partially for 64 bit
arches. The cases where either the upper half or the lower half is a
tautology is still TODO.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: minor function name changes to better match existing style]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the mask is 0 and we do a masked compare we shouldn't "optimize" this
case to a compare against zero. "(arg & 0) eq 0" != "(arg & ~0) eq 0".
The former is a tautology while the latter depends on the value of "arg".
Just mask "datum" instead to fix this bug. We'll do an unnecessary runtime
test for the tautology in this case but follow up patches will take care
of this.
This fixes the failing test cases of 12-sim-basic_masked_ops with 64 bit
argument values.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add test vectors with bits set in the upper half of the syscall argument.
They trigger a bug with mask values having the upper half set to 0. We
accidentally emit a test for 0 in this case when we should not test the
upper half at all.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
No need to use unsigned int here, use the enum instead.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Also do some minor cleanup while we are touching the file.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The symbols are prefixed with __ARM_NR_, not __NR_. We still shoehorn
the symbols into the __NR_ format for libseccomp though. Doing so keeps
SCMP_SYS simple.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Test 28-sim-arch_x86 points out a flaw in the x32 arch handling as we
wrongly jump to the next architecture check while we should jump to the
bad_arch handling instruction instead. See below:
$ ./tests/28-sim-arch_x86 -b | ./tools/scmp_bpf_disasm
line OP JT JF K
=================================
0000: 0x20 0x00 0x00 0x00000004 ld $data[4]
0001: 0x15 0x00 0x03 0xc000003e jeq 3221225534 true:0002 false:0005
0002: 0x20 0x00 0x00 0x00000000 ld $data[0]
0003: 0x35 0x01 0x00 0x40000000 jge 1073741824 true:0005 false:0004
0004: 0x15 0x04 0x03 0x00000003 jeq 3 true:0009 false:0008
0005: 0x15 0x00 0x04 0x40000003 jeq 1073741827 true:0006 false:0010
0006: 0x20 0x00 0x00 0x00000000 ld $data[0]
0007: 0x15 0x01 0x00 0x00000006 jeq 6 true:0009 false:0008
0008: 0x06 0x00 0x00 0x7fff0000 ret ALLOW
0009: 0x06 0x00 0x00 0x00050001 ret ERRNO(1)
0010: 0x06 0x00 0x00 0x00000000 ret KILL
When we reach the test at 0003 the accumulator register was changed
from holding the audit architecture to contain the syscall number
instead. This is needed to actually test for the x32 sub-architecture
as it, unfortunately, got no dedicated audit arch value. However, if
that test succeeds, we end up jumping to the next architecture check
at 0005 which is wrong. We should jump to the bad_arch handling at
0010 instead as x32 is an unsupported architecture for that test
program. Even worse, the next architecture check now operates on the
wrong data as it's no longer testing the audit arch but the syscall
number instead. As it happen to be, the syscall number for x32's
close() is 0x40000003. That exactly matches the audit arch value for
the x86 architecture. So what this filter does is allowing the x32
close() call while it should not.
As we already successfully checked the arch to be SCMP_ARCH_X86_64 in
0001 it cannot have a different value. Testing for other values just
makes no sense. So instead of reloading the accumulator register on a
successful x32 test fix this by jumping to the bad_arch handling block
instead.
The generated BPF program now looks as follows:
$ ./tests/28-sim-arch_x86 -b | ./tools/scmp_bpf_disasm
line OP JT JF K
=================================
0000: 0x20 0x00 0x00 0x00000004 ld $data[4]
0001: 0x15 0x00 0x03 0xc000003e jeq 3221225534 true:0002 false:0005
0002: 0x20 0x00 0x00 0x00000000 ld $data[0]
0003: 0x35 0x06 0x00 0x40000000 jge 1073741824 true:0010 false:0004
0004: 0x15 0x04 0x03 0x00000003 jeq 3 true:0009 false:0008
0005: 0x15 0x00 0x04 0x40000003 jeq 1073741827 true:0006 false:0010
0006: 0x20 0x00 0x00 0x00000000 ld $data[0]
0007: 0x15 0x01 0x00 0x00000006 jeq 6 true:0009 false:0008
0008: 0x06 0x00 0x00 0x7fff0000 ret ALLOW
0009: 0x06 0x00 0x00 0x00050001 ret ERRNO(1)
0010: 0x06 0x00 0x00 0x00000000 ret KILL
It now correctly jumps to the bad_arch handling at 0010 when the x32
test in 0003 succeeds.
This fixes test 28-sim-arch_x86.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: subject tweak, renamed 'bad_arch_hash' to 'bad_arch_hsh']
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We currently allow calling close() on the x32 architecture when we're
generating a blacklist filter for x86 and x86_64, i.e. one with an
ALLOW policy. We shouldn't as the default handling for unsupported
architectures should be defined by the bad_arch handling -- not the
default policy.
The reason for the faulty behaviour is the wrong jump target for the
x32 architecture test. It should jump to the KILL label, not the next
architecture test instruction. That one won't test the architecture
any more as the accumulator register was already overwritten with the
syscall number for the x32 test.
This test generates a filter that should return ERRNO(1) on calls to
close() for supported architectures or KILL on unsupported ones. But,
currently, does not do so for x32 and ALLOWs the syscall instead.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: added a python version of the test]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
See https://github.com/cgwalters/build-api/blob/master/build-api.md
Signed-off-by: Colin Walters <walters@verbum.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Using any of the socket related syscalls is always problematic, use
a generic syscall number for this test since it isn't syscall
specific.
Reported-by: Jan Willeke <willeke@linux.vnet.ibm.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit f506e0844372b2c404baa482defb62f6846d0e3e)
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | | |
Reported-by: Brian Cain <brian.cain@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On some really old systems the ELF and or Audit ABI/arch defines are
missing, this patch provides our own #defines in these cases.
Reported-by: Vincent.Riera@imgtec.com
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Retrieving attributes using the Python bindings fails on some platforms.
The attributes are encoded in a 32-bit mask. Python variables are
usually larger (64 bits); Cython is not capable of recognizing that it
should only use a 32-bit number on every platform. This patch ensures
that the variable used to store the value of the attribute is only 32 bits.
Signed-off-by: Michael Strosaker <strosake@linux.vnet.ibm.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the following syscalls to the ARM arch/ABI and update the syscall
validation script.
* breakpoint()
* cacheflush()
* usr26()
* usr32()
* set_tls()
Reported-by: Purcareata Bogdan <b43198@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The 32-bit ARM syscall table mistakenly included syscall definitions
for the syscalls below. This patch redefines those syscalls to
libseccomp's pseudo-syscall numbers and corrects the
arch-syscall-validate to correctly list the 32-bit ARM syscalls.
* time
* umount
* stime
* alarm
* utime
* getrlimit
* select
* readdir
* mmap
* socketcall
* syscall
* ipc
Reported-by: Andreas Farber <afaerber@suse.de>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
