2017-09-07 23:32:50

by Kees Cook

[permalink] [raw]
Subject: [PATCH] selftests/seccomp: Support glibc 2.26 siginfo_t.h

The 2.26 release of glibc changed how siginfo_t is defined, and the earlier
work-around to using the kernel definition are no longer needed. The old
way needs to stay around for a while, though.

Reported-by: Seth Forshee <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Will Drewry <[email protected]>
Cc: Shuah Khan <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
Seth, can you double check this to confirm it works for you too? This builds
and tests correctly for me on both Ubuntu 17.10 (-proposed) with glibc 2.26
and with earlier distros with 2.24, etc.
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 73f5ea6778ce..9380c3fc7cfe 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -6,10 +6,18 @@
*/

#include <sys/types.h>
-#include <asm/siginfo.h>
-#define __have_siginfo_t 1
-#define __have_sigval_t 1
-#define __have_sigevent_t 1
+
+/*
+ * glibc 2.26 and later have SIGSYS in siginfo_t. Before that,
+ * we need to use the kernel's siginfo.h file and trick glibc
+ * into accepting it.
+ */
+#if !__GLIBC_PREREQ(2, 26)
+# include <asm/siginfo.h>
+# define __have_siginfo_t 1
+# define __have_sigval_t 1
+# define __have_sigevent_t 1
+#endif

#include <errno.h>
#include <linux/filter.h>
@@ -676,7 +684,7 @@ TEST_F_SIGNAL(TRAP, ign, SIGSYS)
syscall(__NR_getpid);
}

-static struct siginfo TRAP_info;
+static siginfo_t TRAP_info;
static volatile int TRAP_nr;
static void TRAP_action(int nr, siginfo_t *info, void *void_context)
{
--
2.7.4


--
Kees Cook
Pixel Security


2017-09-08 03:19:13

by Seth Forshee

[permalink] [raw]
Subject: Re: [PATCH] selftests/seccomp: Support glibc 2.26 siginfo_t.h

On Thu, Sep 07, 2017 at 04:32:46PM -0700, Kees Cook wrote:
> The 2.26 release of glibc changed how siginfo_t is defined, and the earlier
> work-around to using the kernel definition are no longer needed. The old
> way needs to stay around for a while, though.
>
> Reported-by: Seth Forshee <[email protected]>
> Cc: Andy Lutomirski <[email protected]>
> Cc: Will Drewry <[email protected]>
> Cc: Shuah Khan <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Signed-off-by: Kees Cook <[email protected]>
> ---
> Seth, can you double check this to confirm it works for you too? This builds
> and tests correctly for me on both Ubuntu 17.10 (-proposed) with glibc 2.26
> and with earlier distros with 2.24, etc.

It builds and tests correctly for me too, with both glibc 2.26 and 2.24.

Tested-by: Seth Forshee <[email protected]>

Thanks!

2017-09-08 03:36:04

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH] selftests/seccomp: Support glibc 2.26 siginfo_t.h

On Thu, Sep 7, 2017 at 8:19 PM, Seth Forshee <[email protected]> wrote:
> On Thu, Sep 07, 2017 at 04:32:46PM -0700, Kees Cook wrote:
>> The 2.26 release of glibc changed how siginfo_t is defined, and the earlier
>> work-around to using the kernel definition are no longer needed. The old
>> way needs to stay around for a while, though.
>>
>> Reported-by: Seth Forshee <[email protected]>
>> Cc: Andy Lutomirski <[email protected]>
>> Cc: Will Drewry <[email protected]>
>> Cc: Shuah Khan <[email protected]>
>> Cc: [email protected]
>> Cc: [email protected]
>> Signed-off-by: Kees Cook <[email protected]>
>> ---
>> Seth, can you double check this to confirm it works for you too? This builds
>> and tests correctly for me on both Ubuntu 17.10 (-proposed) with glibc 2.26
>> and with earlier distros with 2.24, etc.
>
> It builds and tests correctly for me too, with both glibc 2.26 and 2.24.
>
> Tested-by: Seth Forshee <[email protected]>

Awesome, thanks!

Shuah, is it possible to land this for v4.14? If it has to wait,
that's probably okay, as I've marked it for -stable, so it'll get
where it needs to be eventually. :)

Thanks!

-Kees

--
Kees Cook
Pixel Security

2017-09-20 22:02:34

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH] selftests/seccomp: Support glibc 2.26 siginfo_t.h

On Thu, Sep 7, 2017 at 8:36 PM, Kees Cook <[email protected]> wrote:
> On Thu, Sep 7, 2017 at 8:19 PM, Seth Forshee <[email protected]> wrote:
>> On Thu, Sep 07, 2017 at 04:32:46PM -0700, Kees Cook wrote:
>>> The 2.26 release of glibc changed how siginfo_t is defined, and the earlier
>>> work-around to using the kernel definition are no longer needed. The old
>>> way needs to stay around for a while, though.
>>>
>>> Reported-by: Seth Forshee <[email protected]>
>>> Cc: Andy Lutomirski <[email protected]>
>>> Cc: Will Drewry <[email protected]>
>>> Cc: Shuah Khan <[email protected]>
>>> Cc: [email protected]
>>> Cc: [email protected]
>>> Signed-off-by: Kees Cook <[email protected]>
>>> ---
>>> Seth, can you double check this to confirm it works for you too? This builds
>>> and tests correctly for me on both Ubuntu 17.10 (-proposed) with glibc 2.26
>>> and with earlier distros with 2.24, etc.
>>
>> It builds and tests correctly for me too, with both glibc 2.26 and 2.24.
>>
>> Tested-by: Seth Forshee <[email protected]>
>
> Awesome, thanks!
>
> Shuah, is it possible to land this for v4.14? If it has to wait,
> that's probably okay, as I've marked it for -stable, so it'll get
> where it needs to be eventually. :)

Friendly ping, Shuah, are you able to take this?

Thanks!

-Kees

--
Kees Cook
Pixel Security

2017-09-20 22:42:40

by Shuah Khan

[permalink] [raw]
Subject: Re: [PATCH] selftests/seccomp: Support glibc 2.26 siginfo_t.h

On 09/20/2017 04:02 PM, Kees Cook wrote:
> On Thu, Sep 7, 2017 at 8:36 PM, Kees Cook <[email protected]> wrote:
>> On Thu, Sep 7, 2017 at 8:19 PM, Seth Forshee <[email protected]> wrote:
>>> On Thu, Sep 07, 2017 at 04:32:46PM -0700, Kees Cook wrote:
>>>> The 2.26 release of glibc changed how siginfo_t is defined, and the earlier
>>>> work-around to using the kernel definition are no longer needed. The old
>>>> way needs to stay around for a while, though.
>>>>
>>>> Reported-by: Seth Forshee <[email protected]>
>>>> Cc: Andy Lutomirski <[email protected]>
>>>> Cc: Will Drewry <[email protected]>
>>>> Cc: Shuah Khan <[email protected]>
>>>> Cc: [email protected]
>>>> Cc: [email protected]
>>>> Signed-off-by: Kees Cook <[email protected]>
>>>> ---
>>>> Seth, can you double check this to confirm it works for you too? This builds
>>>> and tests correctly for me on both Ubuntu 17.10 (-proposed) with glibc 2.26
>>>> and with earlier distros with 2.24, etc.
>>>
>>> It builds and tests correctly for me too, with both glibc 2.26 and 2.24.
>>>
>>> Tested-by: Seth Forshee <[email protected]>
>>
>> Awesome, thanks!
>>
>> Shuah, is it possible to land this for v4.14? If it has to wait,
>> that's probably okay, as I've marked it for -stable, so it'll get
>> where it needs to be eventually. :)
>
> Friendly ping, Shuah, are you able to take this?
>
> Thanks!
>
> -Kees
>

Yes I can this into 4.14-rc2 or rc3. Thanks for the ping.

-- Shuah