user/sven/linux.git/tools/testing/selftests/seccomp, branch v4.9.2

seccomp: add tests for ptrace hole

2016-06-14T17:54:38Z

One problem with seccomp was that ptrace could be used to change a syscall after seccomp filtering had completed. This was a well documented limitation, and it was recommended to block ptrace when defining a filter to avoid this problem. This can be quite a limitation for containers or other places where ptrace is desired even under seccomp filters. This adds tests for both SECCOMP_RET_TRACE and PTRACE_SYSCALL manipulations. Signed-off-by: Kees Cook Cc: Andy Lutomirski

parisc: Add ARCH_TRACEHOOK and regset support

2016-05-22T19:39:13Z

By adding TRACEHOOK support we now get a clean user interface to access registers via PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS. The user-visible regset struct user_regs_struct and user_fp_struct are modelled similiar to x86 and can be accessed via PTRACE_GETREGSET. Signed-off-by: Helge Deller

selftests/seccomp: add MIPS self-test support

2016-05-13T12:02:00Z

This adds self-test support on MIPS, based on RFC patch from Kees Cook. Modifications from the RFC: - support the O32 syscall which passes the real syscall number in a0. - Use PTRACE_{GET,SET}REGS - Because SYSCALL_NUM and SYSCALL_RET are the same register, it is not possible to test modifying the syscall return value when skipping, since both would need to set the same register. Therefore modify that test case to just detect the skipped test. Tested on MIPS32r2 / MIPS64r2 with O32, N32 and N64 userlands. Signed-off-by: Matt Redfearn Acked-by: Kees Cook Cc: Andy Lutomirski Cc: Shuah Khan Cc: Will Drewry Cc: IMG-MIPSLinuxKerneldevelopers@imgtec.com Cc: linux-kernel@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/12977/ Signed-off-by: Ralf Baechle

selftest/seccomp: Fix the seccomp(2) signature

2016-03-29T19:01:36Z

Signed-off-by: Mickaël Salaün Cc: Andy Lutomirski Cc: Kees Cook Cc: Shuah Khan Cc: Will Drewry Acked-by: Kees Cook Signed-off-by: Shuah Khan

selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC

2016-03-29T19:01:28Z

Rename SECCOMP_FLAG_FILTER_TSYNC to SECCOMP_FILTER_FLAG_TSYNC to match the UAPI. Signed-off-by: Mickaël Salaün Cc: Andy Lutomirski Cc: Kees Cook Cc: Shuah Khan Cc: Will Drewry Acked-by: Kees Cook Signed-off-by: Shuah Khan

selftests: create test-specific kconfig fragments

2016-02-25T16:47:52Z

Create the config file in each directory of testcase which need more kernel configuration than the default defconfig. User could use these configs with merge_config.sh script: Enable config for specific testcase: (export ARCH=xxx #for cross compiling) ./scripts/kconfig/merge_config.sh .config \ tools/testing/selftests/xxx/config Enable configs for all testcases: (export ARCH=xxx #for cross compiling) ./scripts/kconfig/merge_config.sh .config \ tools/testing/selftests/*/config Signed-off-by: Bamvor Jian Zhang Reviewed-by: Shuah Khan Signed-off-by: Shuah Khan

Merge tag 'linux-kselftest-4.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest

2016-01-17T21:31:50Z

Pull kselftest updates from Shuah Khan: "This 14 patch update: - adds a new test for intel_pstate driver - adds empty string and async test cases to firmware class tests - fixes and cleans up several existing tests" * tag 'linux-kselftest-4.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests: firmware: add empty string and async tests firmware: actually return NULL on failed request_firmware_nowait() test: firmware_class: add asynchronous request trigger test: firmware_class: use kstrndup() where appropriate test: firmware_class: report errors properly on failure selftests/seccomp: fix 32-bit build warnings add breakpoints/.gitignore add ptrace/.gitignore update .gitignore in selftests/timers update .gitignore in selftests/vm tools, testing, add test for intel_pstate driver selftest/ipc: actually test it selftests/capabilities: actually test it selftests/capabilities: clean up for Makefile

selftests/seccomp: Remove the need for HAVE_ARCH_TRACEHOOK

2016-01-10T20:49:49Z

Some architectures do not implement PTRACE_GETREGSET nor PTRACE_SETREGSET (required by HAVE_ARCH_TRACEHOOK) but only implement PTRACE_GETREGS and PTRACE_SETREGS (e.g. User-mode Linux). This improve seccomp selftest portability for architectures without HAVE_ARCH_TRACEHOOK support by defining a new trigger HAVE_GETREGS. For now, this is only enabled for i386 and x86_64 architectures. This is required to be able to run this tests on User-mode Linux. Signed-off-by: Mickaël Salaün Cc: Jeff Dike Cc: Richard Weinberger Cc: Kees Cook Cc: Andy Lutomirski Cc: Will Drewry Cc: Shuah Khan Cc: Meredydd Luff Cc: David Drysdale Signed-off-by: Richard Weinberger Acked-by: Kees Cook

selftests/seccomp: fix 32-bit build warnings

2016-01-07T20:40:20Z

The casting was done incorrectly for 32-bit builds. Fixed to use uintptr_t. Reported-by: Eric Adams Signed-off-by: Kees Cook Signed-off-by: Shuah Khan

selftests/seccomp: Get page size from sysconf

2015-11-18T23:56:53Z

The commit fd88d16c58c2 ("selftests/seccomp: Be more precise with syscall arguments.") use PAGE_SIZE directly which lead to build failure on arm64. Replace it with generic interface(sysconf(_SC_PAGESIZE)) to fix this failure. Build and test successful on x86_64 and arm64. Signed-off-by: Bamvor Jian Zhang Acked-by: Kees Cook Tested-by: Michael Ellerman Signed-off-by: Shuah Khan