Commit Graph

16 Commits

Author SHA1 Message Date
Kees Cook
58d0a862f5 seccomp: add tests for ptrace hole
One problem with seccomp was that ptrace could be used to change a
syscall after seccomp filtering had completed. This was a well documented
limitation, and it was recommended to block ptrace when defining a filter
to avoid this problem. This can be quite a limitation for containers or
other places where ptrace is desired even under seccomp filters.

This adds tests for both SECCOMP_RET_TRACE and PTRACE_SYSCALL manipulations.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
2016-06-14 10:54:38 -07:00
Helge Deller
64e2a42bca parisc: Add ARCH_TRACEHOOK and regset support
By adding TRACEHOOK support we now get a clean user interface to access
registers via PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and
PTRACE_SETFPREGS.

The user-visible regset struct user_regs_struct and user_fp_struct are
modelled similiar to x86 and can be accessed via PTRACE_GETREGSET.

Signed-off-by: Helge Deller <deller@gmx.de>
2016-05-22 21:39:13 +02:00
Matt Redfearn
0ce105bf97 selftests/seccomp: add MIPS self-test support
This adds self-test support on MIPS, based on RFC patch from Kees Cook.
Modifications from the RFC:
- support the O32 syscall which passes the real syscall number in a0.
- Use PTRACE_{GET,SET}REGS
- Because SYSCALL_NUM and SYSCALL_RET are the same register, it is not
  possible to test modifying the syscall return value when skipping,
  since both would need to set the same register. Therefore modify that
  test case to just detect the skipped test.
Tested on MIPS32r2 / MIPS64r2 with O32, N32 and N64 userlands.

Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Will Drewry <wad@chromium.org>
Cc: IMG-MIPSLinuxKerneldevelopers@imgtec.com
Cc: linux-kernel@vger.kernel.org
Cc: linux-kselftest@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/12977/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2016-05-13 14:02:00 +02:00
Mickaël Salaün
505ce68c6d selftest/seccomp: Fix the seccomp(2) signature
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2016-03-29 13:01:36 -06:00
Mickaël Salaün
6c045d07bb selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
Rename SECCOMP_FLAG_FILTER_TSYNC to SECCOMP_FILTER_FLAG_TSYNC to match
the UAPI.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2016-03-29 13:01:28 -06:00
Bamvor Jian Zhang
8c749ce93e selftests: create test-specific kconfig fragments
Create the config file in each directory of testcase which need
more kernel configuration than the default defconfig. User could
use these configs with merge_config.sh script:

Enable config for specific testcase:
(export ARCH=xxx #for cross compiling)
./scripts/kconfig/merge_config.sh .config \
		tools/testing/selftests/xxx/config

Enable configs for all testcases:
(export ARCH=xxx #for cross compiling)
./scripts/kconfig/merge_config.sh .config \
		tools/testing/selftests/*/config

Signed-off-by: Bamvor Jian Zhang <bamvor.zhangjian@linaro.org>
Reviewed-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2016-02-25 09:47:52 -07:00
Linus Torvalds
12768c1e2c linux-kselftest-4.5-rc1
This 14 patch update:
 
 - adds a new test for intel_pstate driver
 - adds empty string and async test cases to
   firmware class tests
 - fixes and cleans up several existing tests
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWmVN1AAoJEAsCRMQNDUMcZk4QAMCJFy4z5d7yuS9yLiIzNwrJ
 QVitTu82EwTpFD0FLDbv2E2ENseu7LHC99AyP0rlKtDwU8SWo4ZH1WYIjeZQ8O/M
 VRqJY0dENbha0oD/JyMGa0nsRTBpu0cPuV+IoazjcIvg8582WD+VgI/0uwj0pjgm
 H5XDTYNE3qe24Izgv7nKWLATpI6+naC7Za8Of/3bvDUoAhIlPHeNazKIbfI4tWT5
 i6x3gN3mKarqxWimCFYJVdZ2ldlarlKdkCMoRK/fCo9mq3qd6EH1LO4CqQqZ9axZ
 MC6h7Cdf4kdCcl2j59nKg8lNfFcMCMCAG48tLA+F76YJedhazXASs4uoN0ggypPz
 W1Spw8PAgQp5A7c2/2ZygbdmGFPY0j7G6sXZfv5i8mwe3oArseyPk8s0C0tUIDW5
 vTjKQssjs2K6XonUMSw/i/Cz/dWijgoudXxr1WlxXtmq64jHQcE53b3ybkkkXCRY
 Z8Qifuw6RnpCeuUU3DFX6X4dJxQCwzRQ1VzKktrY/dMwFBflSQLVH3tuGEZuUltq
 EpT86baPJBDPLujx+v7PB6xh1tz2LwpSDq52c12FsBaeHpX1NzshnHVB27Pml5VS
 x4M6zucLkR5fWeZgSG75RPhus7aQ656BE6cESyRU9nvLdxibnAZeH5DNMWKIC/1f
 iK2AO+QMeBK4Y9cnxUyk
 =Vt32
 -----END PGP SIGNATURE-----

Merge tag 'linux-kselftest-4.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest

Pull kselftest updates from Shuah Khan:
 "This 14 patch update:

   - adds a new test for intel_pstate driver
   - adds empty string and async test cases to firmware class tests
   - fixes and cleans up several existing tests"

* tag 'linux-kselftest-4.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
  selftests: firmware: add empty string and async tests
  firmware: actually return NULL on failed request_firmware_nowait()
  test: firmware_class: add asynchronous request trigger
  test: firmware_class: use kstrndup() where appropriate
  test: firmware_class: report errors properly on failure
  selftests/seccomp: fix 32-bit build warnings
  add breakpoints/.gitignore
  add ptrace/.gitignore
  update .gitignore in selftests/timers
  update .gitignore in selftests/vm
  tools, testing, add test for intel_pstate driver
  selftest/ipc: actually test it
  selftests/capabilities: actually test it
  selftests/capabilities: clean up for Makefile
2016-01-17 13:31:50 -08:00
Mickaël Salaün
4a0b880704 selftests/seccomp: Remove the need for HAVE_ARCH_TRACEHOOK
Some architectures do not implement PTRACE_GETREGSET nor
PTRACE_SETREGSET (required by HAVE_ARCH_TRACEHOOK) but only implement
PTRACE_GETREGS and PTRACE_SETREGS (e.g. User-mode Linux).

This improve seccomp selftest portability for architectures without
HAVE_ARCH_TRACEHOOK support by defining a new trigger HAVE_GETREGS. For
now, this is only enabled for i386 and x86_64 architectures. This is
required to be able to run this tests on User-mode Linux.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Meredydd Luff <meredydd@senatehouse.org>
Cc: David Drysdale <drysdale@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Kees Cook <keescook@chromium.org>
2016-01-10 21:49:49 +01:00
Kees Cook
b5bb6d3068 selftests/seccomp: fix 32-bit build warnings
The casting was done incorrectly for 32-bit builds. Fixed to use uintptr_t.

Reported-by: Eric Adams <adamse@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2016-01-07 13:40:20 -07:00
Bamvor Jian Zhang
2ce47b44b2 selftests/seccomp: Get page size from sysconf
The commit fd88d16c58 ("selftests/seccomp: Be more precise with
syscall arguments.") use PAGE_SIZE directly which lead to build
failure on arm64.

Replace it with generic interface(sysconf(_SC_PAGESIZE)) to fix this
failure.

Build and test successful on x86_64 and arm64.

Signed-off-by: Bamvor Jian Zhang <bamvor.zhangjian@linaro.org>
Acked-by: Kees Cook <keescook@chromium.org>
Tested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2015-11-18 16:56:53 -07:00
Robert Sesek
fd88d16c58 selftests/seccomp: Be more precise with syscall arguments.
Certain syscall emulation layers strictly check that the number of
arguments match what the syscall handler expects. The KILL_one_arg_one and
KILL_one_arg_six tests passed more parameters than expected to various
syscalls, causing failures in this emulation mode. Instead, test using
syscalls that take the appropriate number of arguments.

Signed-off-by: Robert Sesek <rsesek@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2015-11-02 14:41:02 -07:00
Kees Cook
256d0afb11 selftests/seccomp: build and pass on arm64
Changing arm64 syscalls is done via a specific register set, more like s390
than like arm (specific ptrace call) and x86 (part of general registers).
Since (restarting) poll doesn't exist on arm64, switch to using nanosleep
for testing restart_syscall. And since it looks like the syscall ABI is
inconsistent on arm-compat, so we must work around it (and document it) in
the test.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2015-10-15 20:06:27 -06:00
Kees Cook
b623c4daad selftests/seccomp: add support for s390
This adds support for s390 to the seccomp selftests. Some improvements
were made to enhance the accuracy of failure reporting, and additional
tests were added to validate assumptions about the currently traced
syscall. Also adds early asserts for running on older kernels to avoid
noise when the seccomp syscall is not implemented.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2015-09-14 16:41:37 -06:00
Michael Ellerman
5d83c2b37d selftests/seccomp: Add powerpc support
Wire up the syscall number and regs so the tests work on powerpc.

With the powerpc kernel support just merged, all tests pass on ppc64,
ppc64 (compat), ppc64le, ppc, ppc64e and ppc64e (compat).

Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-07-30 14:35:36 +10:00
Michael Ellerman
c385d0db30 selftests/seccomp: Make seccomp tests work on big endian
The seccomp_bpf test uses BPF_LD|BPF_W|BPF_ABS to load 32-bit values
from seccomp_data->args. On big endian machines this will load the high
word of the argument, which is not what the test wants.

Borrow a hack from samples/seccomp/bpf-helper.h which changes the offset
on big endian to account for this.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Acked-by: Kees Cook <keescook@chromium.org>
2015-07-30 14:35:36 +10:00
Kees Cook
c99ee51a9d selftests: add seccomp suite
This imports the existing seccomp test suite into the kernel's selftests
tree. It contains extensive testing of seccomp features and corner cases.
There remain additional tests to move into the kernel tree, but they have
not yet been ported to all the architectures seccomp supports:
https://github.com/redpig/seccomp/tree/master/tests

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
2015-06-17 17:12:32 -06:00