Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2286438imd; Fri, 2 Nov 2018 08:52:55 -0700 (PDT) X-Google-Smtp-Source: AJdET5cDTYvmRvhYZTAWDPKuW9enRVA8Xazo19cpPVeEtcz8D0WLbRQpRaejqEc5YYgTxPF428ZK X-Received: by 2002:a17:902:9346:: with SMTP id g6-v6mr8281917plp.148.1541173975210; Fri, 02 Nov 2018 08:52:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541173975; cv=none; d=google.com; s=arc-20160816; b=lIRNjxMh+XwpsEqomK1OJAedLfA5DvpWrGPOPAcqYnZESC6n50nik7DdLN774c+A1B xbjQULnybz5q6c2mo15ZB0v1uttgZtREiOig2qTv8sbY8LNOkD6aQl5TOYkqcf90+0j/ l0qYmRT+J50BM9fgh3QjeXRpzwcYHC/lSTw/HX4Cjy6WmD0+G4UIKZe++i5HTShdXqbS VMWGDb7pUa6WOSTZJ0P5vpkefCM1iGAcbMQm8CbTQ08IiLxFgsVZmmocHBynEya6weG/ sE4mNWpB7OJEdR+VFMILY5tjGvUpl2Cf+SzDI01r4sC2OXdBoJ8wOIw0gpub3gNgwQGD WdJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=Qv7IoKjig1gc3J/CUecwIgnlYcDydbRPK8/Q8reJzlI=; b=mHszG3hWZoLs3AH652DvoN0Amgtw4WQWjXrePK07hTpFXjvSUOKqjxwYFEEqwMSDYZ RzeBOzxG8RLqKUEI143tsRCW2aWQgN4X1nHZbq0Dc9eY0/Nek/Uzyk/Wrt1U7zkU7DbJ v4HdJ8NGlUPlyH1NqEyeVhNjGKDq3jh3uoTUbV/2wFbIP84p4jXKakIdynvTcjGrjpFr Ow874mR/z9ynP4NkeNyFocnuVuXRrgylosxgQA0k+aFzRS9BNkdXZop8eHs8j3iqE08E cc90jswDiayqHh5YMtjMiIkUDwZLpmDG9LO6Ovxk/wjK/Qd6Gxj3S26Br1Sf7IFLsZwz utKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=I+7bP+rH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j3-v6si32789730pld.231.2018.11.02.08.52.40; Fri, 02 Nov 2018 08:52:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=I+7bP+rH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727711AbeKCA7d (ORCPT + 99 others); Fri, 2 Nov 2018 20:59:33 -0400 Received: from mail-yw1-f67.google.com ([209.85.161.67]:44254 "EHLO mail-yw1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726713AbeKCA7d (ORCPT ); Fri, 2 Nov 2018 20:59:33 -0400 Received: by mail-yw1-f67.google.com with SMTP id k6-v6so930491ywa.11 for ; Fri, 02 Nov 2018 08:52:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Qv7IoKjig1gc3J/CUecwIgnlYcDydbRPK8/Q8reJzlI=; b=I+7bP+rHeE85DBmu6lxQ5yKDx+DptEnK9WuAdHJufCtjt77t0qTemmKCba9kll7Srj UqZz2Dy4V6WpjNZVN2hV5FfGiUmBC/+BZA7RVp22aCBnW9zQWR2eMsMH4kNOv7EVmnwI QC2Ba3fKhu7AHRKZdL77+iGgt2t3Au1IitAqM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Qv7IoKjig1gc3J/CUecwIgnlYcDydbRPK8/Q8reJzlI=; b=OfJVwmbTYy5eoBkko05QnjJ9unLHarixCedl2HY8/XJKOcbHC8khABtFI6f6QwToln 9mBBSBmfsseVIXzE2GB9DuzE3o5957g5VUzTga9S0YbFzkALYojHWaC1zcwdQWK/b2aX ypg35quBNOJiacmFiP8VV8quX7VBvU0NfybbwR5OtIxCGEQX1vw5YfGyG0REvs4ReiJW C3RBwIvFACdUSTC3ze+dIyUD6sYXVccnZO5SlTuY1HKdRyjlHTHKRGz5wX+7aOAkJZ2U GNRj0/MkL1+t+JEwyOfSZQdbFxbtQTgir+ixhG5vLsX+JEmzuGum1jNgSHeytOAa5wDb DT8A== X-Gm-Message-State: AGRZ1gLKmGc5BUwl7r9X6pWQBpAKOAzeR99aGQ5BcWXLYHfnACdvaO58 Bd7l7fzOtM/g7MTiJOHDZmelx15iYnE= X-Received: by 2002:a81:22c3:: with SMTP id i186-v6mr11262014ywi.43.1541173919337; Fri, 02 Nov 2018 08:51:59 -0700 (PDT) Received: from mail-yw1-f46.google.com (mail-yw1-f46.google.com. [209.85.161.46]) by smtp.gmail.com with ESMTPSA id r18-v6sm17350199ywa.16.2018.11.02.08.51.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Nov 2018 08:51:57 -0700 (PDT) Received: by mail-yw1-f46.google.com with SMTP id j75-v6so934101ywj.10 for ; Fri, 02 Nov 2018 08:51:57 -0700 (PDT) X-Received: by 2002:a0d:e984:: with SMTP id s126-v6mr10100710ywe.47.1541173916399; Fri, 02 Nov 2018 08:51:56 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:3990:0:0:0:0:0 with HTTP; Fri, 2 Nov 2018 08:51:55 -0700 (PDT) In-Reply-To: References: From: Kees Cook Date: Fri, 2 Nov 2018 08:51:55 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] RISC-V: Add support for SECCOMP To: David Abdurachmanov Cc: Palmer Dabbelt , Paul Moore , linux-riscv@lists.infradead.org, Albert Ou , Eric Paris , Andy Lutomirski , Will Drewry , Wesley Terpstra , David Howells , Thomas Gleixner , Philippe Ombredanne , Greg KH , Kate Stewart , LKML , Linux Audit Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 2, 2018 at 6:32 AM, David Abdurachmanov wrote: > On Mon, Oct 29, 2018 at 9:27 PM Palmer Dabbelt wrote: >> >> On Sun, 28 Oct 2018 04:07:55 PDT (-0700), david.abdurachmanov@gmail.com wrote: >> > On Thu, Oct 25, 2018 at 10:36 PM Paul Moore wrote: >> >> >> >> On Thu, Oct 25, 2018 at 2:31 PM David Abdurachmanov >> >> wrote: >> >> > On Wed, Oct 24, 2018 at 10:40 PM Palmer Dabbelt wrote: >> >> > > From: "Wesley W. Terpstra" >> >> >> >> ... >> >> >> >> > Palmer, >> >> > >> >> > Half of the patch seems to touch audit parts. I started working on audit >> >> > support this morning, and I can boot Fedora with audit traces. >> >> > >> >> > [root@fedora-riscv ~]# dmesg | grep audit >> >> > [ 0.312000] audit: initializing netlink subsys (disabled) >> >> > [ 0.316000] audit: type=2000 audit(0.316:1): state=initialized >> >> > audit_enabled=0 res=1 >> >> > [ 7.288000] audit: type=1130 audit(1529665913.772:2): pid=1 uid=0 >> >> > auid=4294967295 ses=4294967295 msg='unit=systemd-remount-fs >> >> > comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? >> >> > terminal=? res=success' >> >> > [ 7.684000] audit: type=1130 audit(1529665914.176:3): pid=1 uid=0 >> >> > auid=4294967295 ses=4294967295 msg='unit=systemd-sysctl comm="systemd" >> >> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? >> >> > res=success' >> >> > [..] >> >> > >> >> > I am still working on audit user-space support for better testing. >> >> > >> >> > I suggest we first implement audit and then seccomp. >> >> >> >> FYI, while small and far from comprehensive, we do have a test suite >> >> we use for basic validation of the audit kernel bits which may be >> >> helpful while you're working on the audit enablement: >> >> >> >> * https://github.com/linux-audit/audit-testsuite >> > >> > Currently I checked the following to work: >> > - /proc/self/loginuid (required by DNF [package manager]) >> > - auditctl (checked several different example rules from internet) >> > - aulast >> > - aulastlog >> > - ausearch >> > - ausyscall >> > - aureport >> > - autrace (compared some syscalls to strace: order and >> > return value/input arguments seems to be correct) >> > >> > I checked audit-testsuite yesterday and it seems to be only for >> > x86-64 / x86-32. After adjusting it (MODE, syscalls) I am at: >> > >> > Failed 4/14 test programs. 19/88 subtests failed. >> > >> > I don't plan to look further in the failure, e.g.: >> > - syscall_socketcall: that's an old stuff and not relevant to >> > new arches >> > - syscall_module: Fedora kernel currently is not compiled >> > with kernel loadable module support >> > - filter_exclude: two tests fail because id -Z doesn't print >> > any categories, but "semanage login -l" output is identical >> > between x86_64 and riscv64 >> > - netfilter_pkt: don't have CONFIG_IP_NF_MANGLE enabled >> > >> > Fedora kernel currently has minimal CONFIG_* options >> > and is built without loadable module support. >> > >> > I will send the patches for review soon. >> >> Thanks! > > I fixed the last issue I see with SECCOMP this morning. Can you CC me on the series? I'd love to take a look. > I also have patch on top of libseccomp-2.3.3. Nice! If you toss it up on github I can review that too. :) -Kees > > Testsuite results for SIM: > > Regression Test Summary > tests run: 4434 > tests skipped: 88 > tests passed: 4434 > tests failed: 0 > tests errored: 0 > > Testsuite results for LIVE: > > Regression Test Summary > tests run: 6 > tests skipped: 0 > tests passed: 6 > tests failed: 0 > tests errored: 0 > > Then tested a couple examples manually w/ and w/o BPF and it > performed the same as on x86_64 (also checked exit codes & > strace output). > > Upstream libseccomp has now more tests. Once I rebase & re-test > with master of libseccomp, I will send both. > > david -- Kees Cook