lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jK8_yFogWUp96Pq8C7S1j-nuezxA-dYBsUmvgRaoThUqQ@mail.gmail.com>
Date:	Wed, 6 Jul 2016 13:55:55 -0400
From:	Kees Cook <keescook@...omium.org>
To:	Olof Johansson <olof@...om.net>
Cc:	Will Drewry <wad@...omium.org>,
	Andy Lutomirski <luto@...capital.net>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] samples/seccomp: Add standalone config option

On Wed, Jul 6, 2016 at 2:53 AM, Olof Johansson <olof@...om.net> wrote:
> Add a separate Kconfig option for SAMPLES_SECCOMP.
>
> Main reason for this is that, just like other samples, it's forced to be a module.
>
> Without this, since the sample is a target only controlled by
> CONFIG_SECCOMP_FILTER, the samples will be built before include files are
> put in place properly. For example, from an arm64 allmodconfig built with
> "make -sk -j 32" (without specific target), the following happens:
>
> samples/seccomp/bpf-fancy.c:13:27: fatal error: linux/seccomp.h: No such file or directory
> samples/seccomp/bpf-helper.h:20:50: fatal error: linux/seccomp.h: No such file or directory
> samples/seccomp/dropper.c:20:27: fatal error: linux/seccomp.h: No such file or directory
> samples/seccomp/bpf-direct.c:21:27: fatal error: linux/seccomp.h: No such file or directory

Ah-ha! Yes, that's ugly.

> So, just stick to the same format as other samples.

Agreed, that makes sense to me.

>
> Signed-off-by: Olof Johansson <olof@...om.net>
> ---
>  samples/Kconfig          | 7 +++++++
>  samples/seccomp/Makefile | 2 +-
>  2 files changed, 8 insertions(+), 1 deletion(-)
>
>
> Hi Kees,
>
> This has been showing up for a while on my builder, and I finally had
> a bit of time to sit down and look at it.
>
> It'd be nice to see this in 4.7, but please consider for 4.8 at the least.
>
>
> Thanks!
>
> -Olof
>
> diff --git a/samples/Kconfig b/samples/Kconfig
> index 559a58b..ccc50be 100644
> --- a/samples/Kconfig
> +++ b/samples/Kconfig
> @@ -85,4 +85,11 @@ config SAMPLE_CONNECTOR
>           with it.
>           See also Documentation/connector/connector.txt
>
> +config SAMPLE_SECCOMP
> +       tristate "Build seccomp sample code -- loadable modules only"
> +       depends on SECCOMP_FILTER && m
> +       help
> +         Build samples of seccomp filters using various methods of
> +         BPF filter construction.
> +
>  endif # SAMPLES
> diff --git a/samples/seccomp/Makefile b/samples/seccomp/Makefile
> index 1b4e4b8..ae7ff6f 100644
> --- a/samples/seccomp/Makefile
> +++ b/samples/seccomp/Makefile
> @@ -1,7 +1,7 @@
>  # kbuild trick to avoid linker error. Can be omitted if a module is built.
>  obj- := dummy.o

Can the above two lines be dropped now since it'll always be a module?

>
> -hostprogs-$(CONFIG_SECCOMP_FILTER) := bpf-fancy dropper bpf-direct
> +hostprogs-$(CONFIG_SAMPLE_SECCOMP) := bpf-fancy dropper bpf-direct
>
>  HOSTCFLAGS_bpf-fancy.o += -I$(objtree)/usr/include
>  HOSTCFLAGS_bpf-fancy.o += -idirafter $(objtree)/include
> --
> 2.8.0.rc3.29.gb552ff8
>

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ