aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
-lpthread seccomp_bpf.c -o seccomp_bpf
seccomp_bpf.c: In function 'tracer_ptrace':
seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
(first use in this function)
if (nr == __NR_open)
^~~~~~~~~
seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
only once for each function it appears in
In file included from seccomp_bpf.c:48:0:
seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
(first use in this function)
EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
^
open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
Thus new architectures in the kernel, such as arm64, don't implement
these legacy syscalls.
Signed-off-by: Anders Roxell <[email protected]>
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 24dbf634e2dd..0b457e8e0f0c 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,
if (nr == __NR_getpid)
change_syscall(_metadata, tracee, __NR_getppid);
- if (nr == __NR_open)
+ if (nr == __NR_openat)
change_syscall(_metadata, tracee, -1);
}
@@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped)
true);
/* Tracer should skip the open syscall, resulting in EPERM. */
- EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
+ EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat));
}
TEST_F(TRACE_syscall, syscall_allowed)
--
2.11.0
On 5 January 2018 at 22:01, Anders Roxell <[email protected]> wrote:
> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
> -lpthread seccomp_bpf.c -o seccomp_bpf
> seccomp_bpf.c: In function 'tracer_ptrace':
> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
> (first use in this function)
> if (nr == __NR_open)
> ^~~~~~~~~
> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
> only once for each function it appears in
> In file included from seccomp_bpf.c:48:0:
> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
> (first use in this function)
> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
> ^
> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
> Thus new architectures in the kernel, such as arm64, don't implement
> these legacy syscalls.
>
> Signed-off-by: Anders Roxell <[email protected]>
Thanks for the patch Anders.
Tested-by: Naresh Kamboju <[email protected]>
> ---
> tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
> index 24dbf634e2dd..0b457e8e0f0c 100644
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,
>
> if (nr == __NR_getpid)
> change_syscall(_metadata, tracee, __NR_getppid);
> - if (nr == __NR_open)
> + if (nr == __NR_openat)
> change_syscall(_metadata, tracee, -1);
> }
>
> @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped)
> true);
>
> /* Tracer should skip the open syscall, resulting in EPERM. */
> - EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
> + EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat));
> }
>
> TEST_F(TRACE_syscall, syscall_allowed)
> --
> 2.11.0
>
On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju
<[email protected]> wrote:
> On 5 January 2018 at 22:01, Anders Roxell <[email protected]> wrote:
>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
>> -lpthread seccomp_bpf.c -o seccomp_bpf
>> seccomp_bpf.c: In function 'tracer_ptrace':
>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
>> (first use in this function)
>> if (nr == __NR_open)
>> ^~~~~~~~~
>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
>> only once for each function it appears in
>> In file included from seccomp_bpf.c:48:0:
>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
>> (first use in this function)
>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
>> ^
>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
>> Thus new architectures in the kernel, such as arm64, don't implement
>> these legacy syscalls.
>>
>> Signed-off-by: Anders Roxell <[email protected]>
>
> Thanks for the patch Anders.
> Tested-by: Naresh Kamboju <[email protected]>
Did something change recently? This has built fine on arm64 for a
while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build
and pass on arm64").
-Kees
>
>> ---
>> tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
>> index 24dbf634e2dd..0b457e8e0f0c 100644
>> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
>> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
>> @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,
>>
>> if (nr == __NR_getpid)
>> change_syscall(_metadata, tracee, __NR_getppid);
>> - if (nr == __NR_open)
>> + if (nr == __NR_openat)
>> change_syscall(_metadata, tracee, -1);
>> }
>>
>> @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped)
>> true);
>>
>> /* Tracer should skip the open syscall, resulting in EPERM. */
>> - EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
>> + EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat));
>> }
>>
>> TEST_F(TRACE_syscall, syscall_allowed)
>> --
>> 2.11.0
>>
--
Kees Cook
Pixel Security
On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <[email protected]> wrote:
> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju
> <[email protected]> wrote:
>> On 5 January 2018 at 22:01, Anders Roxell <[email protected]> wrote:
>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
>>> -lpthread seccomp_bpf.c -o seccomp_bpf
>>> seccomp_bpf.c: In function 'tracer_ptrace':
>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
>>> (first use in this function)
>>> if (nr == __NR_open)
>>> ^~~~~~~~~
>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
>>> only once for each function it appears in
>>> In file included from seccomp_bpf.c:48:0:
>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
>>> (first use in this function)
>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
>>> ^
>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
>>> Thus new architectures in the kernel, such as arm64, don't implement
>>> these legacy syscalls.
>>>
>>> Signed-off-by: Anders Roxell <[email protected]>
>>
>> Thanks for the patch Anders.
>> Tested-by: Naresh Kamboju <[email protected]>
>
> Did something change recently? This has built fine on arm64 for a
> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build
> and pass on arm64").
Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this
please, with this tag added:
Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
Thanks!
-Kees
>
> -Kees
>
>>
>>> ---
>>> tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
>>> index 24dbf634e2dd..0b457e8e0f0c 100644
>>> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
>>> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
>>> @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,
>>>
>>> if (nr == __NR_getpid)
>>> change_syscall(_metadata, tracee, __NR_getppid);
>>> - if (nr == __NR_open)
>>> + if (nr == __NR_openat)
>>> change_syscall(_metadata, tracee, -1);
>>> }
>>>
>>> @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped)
>>> true);
>>>
>>> /* Tracer should skip the open syscall, resulting in EPERM. */
>>> - EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
>>> + EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat));
>>> }
>>>
>>> TEST_F(TRACE_syscall, syscall_allowed)
>>> --
>>> 2.11.0
>>>
>
>
>
> --
> Kees Cook
> Pixel Security
--
Kees Cook
Pixel Security
On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <[email protected]> wrote:
> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <[email protected]> wrote:
>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju
>> <[email protected]> wrote:
>>> On 5 January 2018 at 22:01, Anders Roxell <[email protected]> wrote:
>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
>>>> -lpthread seccomp_bpf.c -o seccomp_bpf
>>>> seccomp_bpf.c: In function 'tracer_ptrace':
>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
>>>> (first use in this function)
>>>> if (nr == __NR_open)
>>>> ^~~~~~~~~
>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
>>>> only once for each function it appears in
>>>> In file included from seccomp_bpf.c:48:0:
>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
>>>> (first use in this function)
>>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
>>>> ^
>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
>>>> Thus new architectures in the kernel, such as arm64, don't implement
>>>> these legacy syscalls.
>>>>
>>>> Signed-off-by: Anders Roxell <[email protected]>
>>>
>>> Thanks for the patch Anders.
>>> Tested-by: Naresh Kamboju <[email protected]>
>>
>> Did something change recently? This has built fine on arm64 for a
>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build
>> and pass on arm64").
>
> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this
> please, with this tag added:
>
> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
And Cc to stable, as this was broken in 4.14...
Cc: [email protected]
-Kees
--
Kees Cook
Pixel Security
On 01/09/2018 04:25 PM, Kees Cook wrote:
> On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <[email protected]> wrote:
>> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <[email protected]> wrote:
>>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju
>>> <[email protected]> wrote:
>>>> On 5 January 2018 at 22:01, Anders Roxell <[email protected]> wrote:
>>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
>>>>> -lpthread seccomp_bpf.c -o seccomp_bpf
>>>>> seccomp_bpf.c: In function 'tracer_ptrace':
>>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
>>>>> (first use in this function)
>>>>> if (nr == __NR_open)
>>>>> ^~~~~~~~~
>>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
>>>>> only once for each function it appears in
>>>>> In file included from seccomp_bpf.c:48:0:
>>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
>>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
>>>>> (first use in this function)
>>>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
>>>>> ^
>>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
>>>>> Thus new architectures in the kernel, such as arm64, don't implement
>>>>> these legacy syscalls.
>>>>>
>>>>> Signed-off-by: Anders Roxell <[email protected]>
>>>>
>>>> Thanks for the patch Anders.
>>>> Tested-by: Naresh Kamboju <[email protected]>
>>>
>>> Did something change recently? This has built fine on arm64 for a
>>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build
>>> and pass on arm64").
>>
>> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this
>> please, with this tag added:
>>
>> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
>
> And Cc to stable, as this was broken in 4.14...
>
> Cc: [email protected]
>
> -Kees
>
Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your
Acked-by I assume.
thanks,
-- Shuah
On Tue, Jan 9, 2018 at 3:37 PM, Shuah Khan <[email protected]> wrote:
> On 01/09/2018 04:25 PM, Kees Cook wrote:
>> On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <[email protected]> wrote:
>>> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <[email protected]> wrote:
>>>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju
>>>> <[email protected]> wrote:
>>>>> On 5 January 2018 at 22:01, Anders Roxell <[email protected]> wrote:
>>>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
>>>>>> -lpthread seccomp_bpf.c -o seccomp_bpf
>>>>>> seccomp_bpf.c: In function 'tracer_ptrace':
>>>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
>>>>>> (first use in this function)
>>>>>> if (nr == __NR_open)
>>>>>> ^~~~~~~~~
>>>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
>>>>>> only once for each function it appears in
>>>>>> In file included from seccomp_bpf.c:48:0:
>>>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
>>>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
>>>>>> (first use in this function)
>>>>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
>>>>>> ^
>>>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
>>>>>> Thus new architectures in the kernel, such as arm64, don't implement
>>>>>> these legacy syscalls.
>>>>>>
>>>>>> Signed-off-by: Anders Roxell <[email protected]>
>>>>>
>>>>> Thanks for the patch Anders.
>>>>> Tested-by: Naresh Kamboju <[email protected]>
>>>>
>>>> Did something change recently? This has built fine on arm64 for a
>>>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build
>>>> and pass on arm64").
>>>
>>> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this
>>> please, with this tag added:
>>>
>>> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
>>
>> And Cc to stable, as this was broken in 4.14...
>>
>> Cc: [email protected]
>>
>> -Kees
>>
>
> Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your
> Acked-by I assume.
Yes, thanks! Here it is all together:
Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
Cc: [email protected]
Acked-by: Kees Cook <[email protected]>
-Kees
--
Kees Cook
Pixel Security
On 01/09/2018 04:46 PM, Kees Cook wrote:
> On Tue, Jan 9, 2018 at 3:37 PM, Shuah Khan <[email protected]> wrote:
>> On 01/09/2018 04:25 PM, Kees Cook wrote:
>>> On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <[email protected]> wrote:
>>>> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <[email protected]> wrote:
>>>>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju
>>>>> <[email protected]> wrote:
>>>>>> On 5 January 2018 at 22:01, Anders Roxell <[email protected]> wrote:
>>>>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
>>>>>>> -lpthread seccomp_bpf.c -o seccomp_bpf
>>>>>>> seccomp_bpf.c: In function 'tracer_ptrace':
>>>>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
>>>>>>> (first use in this function)
>>>>>>> if (nr == __NR_open)
>>>>>>> ^~~~~~~~~
>>>>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
>>>>>>> only once for each function it appears in
>>>>>>> In file included from seccomp_bpf.c:48:0:
>>>>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
>>>>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
>>>>>>> (first use in this function)
>>>>>>> EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
>>>>>>> ^
>>>>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
>>>>>>> Thus new architectures in the kernel, such as arm64, don't implement
>>>>>>> these legacy syscalls.
>>>>>>>
>>>>>>> Signed-off-by: Anders Roxell <[email protected]>
>>>>>>
>>>>>> Thanks for the patch Anders.
>>>>>> Tested-by: Naresh Kamboju <[email protected]>
>>>>>
>>>>> Did something change recently? This has built fine on arm64 for a
>>>>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build
>>>>> and pass on arm64").
>>>>
>>>> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this
>>>> please, with this tag added:
>>>>
>>>> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
>>>
>>> And Cc to stable, as this was broken in 4.14...
>>>
>>> Cc: [email protected]
>>>
>>> -Kees
>>>
>>
>> Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your
>> Acked-by I assume.
>
> Yes, thanks! Here it is all together:
>
> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
> Cc: [email protected]
> Acked-by: Kees Cook <[email protected]>
>
>
> -Kees
>
Applied to linux-kselftest next for 4.16-rc1
thanks,
-- Shuah