lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 21 Aug 2015 09:56:31 -0700
From:	Kees Cook <keescook@...omium.org>
To:	Jan Willeke <willeke@...ux.vnet.ibm.com>
Cc:	heicars2@...ux.vnet.ibm.com, Andy Lutomirski <luto@...capital.net>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: Fw: seccomp selftest on s390

On Fri, Aug 21, 2015 at 5:20 AM, Jan Willeke <willeke@...ux.vnet.ibm.com> wrote:
> On Fri, 2015-08-20 at 23:33 , Kees Cook wrote:
>> Hi!
>>
>> I don't have access to s390 running a modern kernel, so I've not been able
>> to meaningfully run the seccomp selftest suite. In a quick review, I think
>> the following is close to the missing pieces, but I can't verify it. :)
>>
>> Can someone let me know if this works, or otherwise check that the
>> tools/testing/selftests/seccomp suite passes on s390?
>>
>> Thanks!
>>
>> -Kees
>>
>> --- seccomp_bpf.c.orig                 2015-08-20 21:13:17.735789007 +0000
>> +++ seccomp_bpf.c              2015-08-20 21:09:49.547879621 +0000
>> @@ -1210,6 +1211,10 @@
>>  # define ARCH_REGS            struct pt_regs
>>  # define SYSCALL_NUM          gpr[0]
>>  # define SYSCALL_RET          gpr[3]
>> +#elif defined(__s390__)
>> +# define ARCH_REGS            s390_regs
>> +# define SYSCALL_NUM          gprs[1]
>> +# define SYSCALL_RET          gprs[2]
>>  #else
>>  # error "Do not know how to find your architecture's registers and
>> syscalls"
>>  #endif
>> @@ -1243,7 +1248,7 @@
>>                ret = ptrace(PTRACE_GETREGSET, tracee, NT_PRSTATUS, &iov);
>>                EXPECT_EQ(0, ret);
>>
>> -#if defined(__x86_64__) || defined(__i386__) || defined(__aarch64__) ||
>> defined(__powerpc__)
>> +#if defined(__x86_64__) || defined(__i386__) || defined(__aarch64__) ||
>> defined(__powerpc__) || defined(__s390__)
>>                {
>>                                regs.SYSCALL_NUM = syscall;
>>                }
>>
>> --
>> Kees Cook
>> Chrome OS Security
>>
>>
>
>
> Hi Kees,
> to compile the code warning free I added:
>
> @@ -1409,6 +1413,8 @@ TEST_F(TRACE_syscall, syscall_dropped)
>  #  define __NR_seccomp 277
>  # elif defined(__powerpc__)
>  #  define __NR_seccomp 358
> +# elif defined(__s390__)
> +#  define __NR_seccomp 348
>  # else
>  #  warning "seccomp syscall number unknown for this architecture"
>  #  define __NR_seccomp 0xffff

Ah, yes. Whoops that got left off my cut/paste. :)

>
> than I run the testcase on the linux next kernel, result:
>
> ./seccomp_bpf
> [==========] Running 48 tests from 1 test cases.
> ...
> [       OK ] TRACE_syscall.syscall_allowed
> [ RUN      ] TRACE_syscall.syscall_redirected
> seccomp_bpf.c:1386:TRACE_syscall.syscall_redirected:Expected
> self->parent (2774548873216) == syscall(20) (686)
> seccomp_bpf.c:1387:TRACE_syscall.syscall_redirected:Expected self->mypid
> (2946347565056) != syscall(20) (686)
> [     FAIL ] TRACE_syscall.syscall_redirected
> [ RUN      ] TRACE_syscall.syscall_dropped
> [       OK ] TRACE_syscall.syscall_dropped
> ...
> [ RUN      ] TSYNC.two_siblings_not_under_filter
> [       OK ] TSYNC.two_siblings_not_under_filter
> [ RUN      ] global.syscall_restart
> seccomp_bpf.c:2063:global.syscall_restart:Expected 168 (721554505728) ==
> get_syscall(_metadata, child_pid) (14965540365812105216)
> seccomp_bpf.c:2104:global.syscall_restart:Expected 7 (30064771072) ==
> ret (18446744072899020716)
> [     FAIL ] global.syscall_restart
> [==========] 46 / 48 tests passed.
> [  FAILED  ]
>
> I hope that helps you.

It does, thanks! 46 of 48 is very close. :) I'll study this output to
see if I can figure out what's needed next.

-Kees

>
> regards Jan
>
> Linux on z Systems Development
> ----------------------------------------------------
> IBM Deutschland Research & Development GmbH, Vorsitzende des
> Aufsichtsrats:
> Martina Koederitz, Geschäftsführung: Dirk WittkoppSitz der Gesellschaft:
> Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294
>



-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ