selftests: seccomp: fix compile error seccomp_bpf

Message ID 20180105163118.22598-1-anders.roxell@linaro.org
State Accepted
Commit 912ec316686df352028afb6efec59e47a958a24d
Headers show
Series
  • selftests: seccomp: fix compile error seccomp_bpf
Related show

Commit Message

Anders Roxell Jan. 5, 2018, 4:31 p.m.
aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall
    -lpthread seccomp_bpf.c -o seccomp_bpf
seccomp_bpf.c: In function 'tracer_ptrace':
seccomp_bpf.c:1720:12: error: '__NR_open' undeclared
    (first use in this function)
  if (nr == __NR_open)
            ^~~~~~~~~
seccomp_bpf.c:1720:12: note: each undeclared identifier is reported
    only once for each function it appears in
In file included from seccomp_bpf.c:48:0:
seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':
seccomp_bpf.c:1795:39: error: '__NR_open' undeclared
    (first use in this function)
  EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
                                       ^
open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.
Thus new architectures in the kernel, such as arm64, don't implement
these legacy syscalls.

Signed-off-by: Anders Roxell <anders.roxell@linaro.org>

---
 tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.11.0

Comments

Naresh Kamboju Jan. 6, 2018, 2:29 a.m. | #1
On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote:
> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall

>     -lpthread seccomp_bpf.c -o seccomp_bpf

> seccomp_bpf.c: In function 'tracer_ptrace':

> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared

>     (first use in this function)

>   if (nr == __NR_open)

>             ^~~~~~~~~

> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported

>     only once for each function it appears in

> In file included from seccomp_bpf.c:48:0:

> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':

> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared

>     (first use in this function)

>   EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>                                        ^

> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.

> Thus new architectures in the kernel, such as arm64, don't implement

> these legacy syscalls.

>

> Signed-off-by: Anders Roxell <anders.roxell@linaro.org>


Thanks for the patch Anders.
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>


> ---

>  tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++--

>  1 file changed, 2 insertions(+), 2 deletions(-)

>

> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c

> index 24dbf634e2dd..0b457e8e0f0c 100644

> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c

> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c

> @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,

>

>         if (nr == __NR_getpid)

>                 change_syscall(_metadata, tracee, __NR_getppid);

> -       if (nr == __NR_open)

> +       if (nr == __NR_openat)

>                 change_syscall(_metadata, tracee, -1);

>  }

>

> @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped)

>                                            true);

>

>         /* Tracer should skip the open syscall, resulting in EPERM. */

> -       EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

> +       EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat));

>  }

>

>  TEST_F(TRACE_syscall, syscall_allowed)

> --

> 2.11.0

>
Kees Cook Jan. 9, 2018, 11:07 p.m. | #2
On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju
<naresh.kamboju@linaro.org> wrote:
> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote:

>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall

>>     -lpthread seccomp_bpf.c -o seccomp_bpf

>> seccomp_bpf.c: In function 'tracer_ptrace':

>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared

>>     (first use in this function)

>>   if (nr == __NR_open)

>>             ^~~~~~~~~

>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported

>>     only once for each function it appears in

>> In file included from seccomp_bpf.c:48:0:

>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':

>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared

>>     (first use in this function)

>>   EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>>                                        ^

>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.

>> Thus new architectures in the kernel, such as arm64, don't implement

>> these legacy syscalls.

>>

>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org>

>

> Thanks for the patch Anders.

> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>


Did something change recently? This has built fine on arm64 for a
while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build
and pass on arm64").

-Kees

>

>> ---

>>  tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++--

>>  1 file changed, 2 insertions(+), 2 deletions(-)

>>

>> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c

>> index 24dbf634e2dd..0b457e8e0f0c 100644

>> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c

>> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c

>> @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,

>>

>>         if (nr == __NR_getpid)

>>                 change_syscall(_metadata, tracee, __NR_getppid);

>> -       if (nr == __NR_open)

>> +       if (nr == __NR_openat)

>>                 change_syscall(_metadata, tracee, -1);

>>  }

>>

>> @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped)

>>                                            true);

>>

>>         /* Tracer should skip the open syscall, resulting in EPERM. */

>> -       EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>> +       EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat));

>>  }

>>

>>  TEST_F(TRACE_syscall, syscall_allowed)

>> --

>> 2.11.0

>>




-- 
Kees Cook
Pixel Security
Kees Cook Jan. 9, 2018, 11:24 p.m. | #3
On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote:
> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju

> <naresh.kamboju@linaro.org> wrote:

>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote:

>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall

>>>     -lpthread seccomp_bpf.c -o seccomp_bpf

>>> seccomp_bpf.c: In function 'tracer_ptrace':

>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared

>>>     (first use in this function)

>>>   if (nr == __NR_open)

>>>             ^~~~~~~~~

>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported

>>>     only once for each function it appears in

>>> In file included from seccomp_bpf.c:48:0:

>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':

>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared

>>>     (first use in this function)

>>>   EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>>>                                        ^

>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.

>>> Thus new architectures in the kernel, such as arm64, don't implement

>>> these legacy syscalls.

>>>

>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org>

>>

>> Thanks for the patch Anders.

>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>

>

> Did something change recently? This has built fine on arm64 for a

> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build

> and pass on arm64").


Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this
please, with this tag added:

Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")

Thanks!

-Kees

>

> -Kees

>

>>

>>> ---

>>>  tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++--

>>>  1 file changed, 2 insertions(+), 2 deletions(-)

>>>

>>> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c

>>> index 24dbf634e2dd..0b457e8e0f0c 100644

>>> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c

>>> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c

>>> @@ -1717,7 +1717,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,

>>>

>>>         if (nr == __NR_getpid)

>>>                 change_syscall(_metadata, tracee, __NR_getppid);

>>> -       if (nr == __NR_open)

>>> +       if (nr == __NR_openat)

>>>                 change_syscall(_metadata, tracee, -1);

>>>  }

>>>

>>> @@ -1792,7 +1792,7 @@ TEST_F(TRACE_syscall, ptrace_syscall_dropped)

>>>                                            true);

>>>

>>>         /* Tracer should skip the open syscall, resulting in EPERM. */

>>> -       EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>>> +       EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat));

>>>  }

>>>

>>>  TEST_F(TRACE_syscall, syscall_allowed)

>>> --

>>> 2.11.0

>>>

>

>

>

> --

> Kees Cook

> Pixel Security




-- 
Kees Cook
Pixel Security
Kees Cook Jan. 9, 2018, 11:25 p.m. | #4
On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <keescook@chromium.org> wrote:
> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote:

>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju

>> <naresh.kamboju@linaro.org> wrote:

>>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote:

>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall

>>>>     -lpthread seccomp_bpf.c -o seccomp_bpf

>>>> seccomp_bpf.c: In function 'tracer_ptrace':

>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared

>>>>     (first use in this function)

>>>>   if (nr == __NR_open)

>>>>             ^~~~~~~~~

>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported

>>>>     only once for each function it appears in

>>>> In file included from seccomp_bpf.c:48:0:

>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':

>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared

>>>>     (first use in this function)

>>>>   EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>>>>                                        ^

>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.

>>>> Thus new architectures in the kernel, such as arm64, don't implement

>>>> these legacy syscalls.

>>>>

>>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org>

>>>

>>> Thanks for the patch Anders.

>>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>

>>

>> Did something change recently? This has built fine on arm64 for a

>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build

>> and pass on arm64").

>

> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this

> please, with this tag added:

>

> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")


And Cc to stable, as this was broken in 4.14...

Cc: stable@vger.kernel.org

-Kees

-- 
Kees Cook
Pixel Security
shuah Jan. 9, 2018, 11:37 p.m. | #5
On 01/09/2018 04:25 PM, Kees Cook wrote:
> On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <keescook@chromium.org> wrote:

>> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote:

>>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju

>>> <naresh.kamboju@linaro.org> wrote:

>>>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote:

>>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall

>>>>>     -lpthread seccomp_bpf.c -o seccomp_bpf

>>>>> seccomp_bpf.c: In function 'tracer_ptrace':

>>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared

>>>>>     (first use in this function)

>>>>>   if (nr == __NR_open)

>>>>>             ^~~~~~~~~

>>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported

>>>>>     only once for each function it appears in

>>>>> In file included from seccomp_bpf.c:48:0:

>>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':

>>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared

>>>>>     (first use in this function)

>>>>>   EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>>>>>                                        ^

>>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.

>>>>> Thus new architectures in the kernel, such as arm64, don't implement

>>>>> these legacy syscalls.

>>>>>

>>>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org>

>>>>

>>>> Thanks for the patch Anders.

>>>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>

>>>

>>> Did something change recently? This has built fine on arm64 for a

>>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build

>>> and pass on arm64").

>>

>> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this

>> please, with this tag added:

>>

>> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")

> 

> And Cc to stable, as this was broken in 4.14...

> 

> Cc: stable@vger.kernel.org

> 

> -Kees

> 


Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your
Acked-by I assume.

thanks,
-- Shuah
Kees Cook Jan. 9, 2018, 11:46 p.m. | #6
On Tue, Jan 9, 2018 at 3:37 PM, Shuah Khan <shuah@kernel.org> wrote:
> On 01/09/2018 04:25 PM, Kees Cook wrote:

>> On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <keescook@chromium.org> wrote:

>>> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote:

>>>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju

>>>> <naresh.kamboju@linaro.org> wrote:

>>>>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote:

>>>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall

>>>>>>     -lpthread seccomp_bpf.c -o seccomp_bpf

>>>>>> seccomp_bpf.c: In function 'tracer_ptrace':

>>>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared

>>>>>>     (first use in this function)

>>>>>>   if (nr == __NR_open)

>>>>>>             ^~~~~~~~~

>>>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported

>>>>>>     only once for each function it appears in

>>>>>> In file included from seccomp_bpf.c:48:0:

>>>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':

>>>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared

>>>>>>     (first use in this function)

>>>>>>   EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>>>>>>                                        ^

>>>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.

>>>>>> Thus new architectures in the kernel, such as arm64, don't implement

>>>>>> these legacy syscalls.

>>>>>>

>>>>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org>

>>>>>

>>>>> Thanks for the patch Anders.

>>>>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>

>>>>

>>>> Did something change recently? This has built fine on arm64 for a

>>>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build

>>>> and pass on arm64").

>>>

>>> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this

>>> please, with this tag added:

>>>

>>> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")

>>

>> And Cc to stable, as this was broken in 4.14...

>>

>> Cc: stable@vger.kernel.org

>>

>> -Kees

>>

>

> Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your

> Acked-by I assume.


Yes, thanks! Here it is all together:

Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")
Cc: stable@vger.kernel.org
Acked-by: Kees Cook <keescook@chromium.org>



-Kees

-- 
Kees Cook
Pixel Security
shuah Jan. 10, 2018, 5:04 p.m. | #7
On 01/09/2018 04:46 PM, Kees Cook wrote:
> On Tue, Jan 9, 2018 at 3:37 PM, Shuah Khan <shuah@kernel.org> wrote:

>> On 01/09/2018 04:25 PM, Kees Cook wrote:

>>> On Tue, Jan 9, 2018 at 3:24 PM, Kees Cook <keescook@chromium.org> wrote:

>>>> On Tue, Jan 9, 2018 at 3:07 PM, Kees Cook <keescook@chromium.org> wrote:

>>>>> On Fri, Jan 5, 2018 at 6:29 PM, Naresh Kamboju

>>>>> <naresh.kamboju@linaro.org> wrote:

>>>>>> On 5 January 2018 at 22:01, Anders Roxell <anders.roxell@linaro.org> wrote:

>>>>>>> aarch64-linux-gnu-gcc -Wl,-no-as-needed -Wall

>>>>>>>     -lpthread seccomp_bpf.c -o seccomp_bpf

>>>>>>> seccomp_bpf.c: In function 'tracer_ptrace':

>>>>>>> seccomp_bpf.c:1720:12: error: '__NR_open' undeclared

>>>>>>>     (first use in this function)

>>>>>>>   if (nr == __NR_open)

>>>>>>>             ^~~~~~~~~

>>>>>>> seccomp_bpf.c:1720:12: note: each undeclared identifier is reported

>>>>>>>     only once for each function it appears in

>>>>>>> In file included from seccomp_bpf.c:48:0:

>>>>>>> seccomp_bpf.c: In function 'TRACE_syscall_ptrace_syscall_dropped':

>>>>>>> seccomp_bpf.c:1795:39: error: '__NR_open' undeclared

>>>>>>>     (first use in this function)

>>>>>>>   EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));

>>>>>>>                                        ^

>>>>>>> open(2) is a legacy syscall, replaced with openat(2) since 2.6.16.

>>>>>>> Thus new architectures in the kernel, such as arm64, don't implement

>>>>>>> these legacy syscalls.

>>>>>>>

>>>>>>> Signed-off-by: Anders Roxell <anders.roxell@linaro.org>

>>>>>>

>>>>>> Thanks for the patch Anders.

>>>>>> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>

>>>>>

>>>>> Did something change recently? This has built fine on arm64 for a

>>>>> while -- at least since commit 256d0afb11d6 ("selftests/seccomp: build

>>>>> and pass on arm64").

>>>>

>>>> Ah, found it. I broke it in a33b2d0359a0! :) Shuah, can you take this

>>>> please, with this tag added:

>>>>

>>>> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")

>>>

>>> And Cc to stable, as this was broken in 4.14...

>>>

>>> Cc: stable@vger.kernel.org

>>>

>>> -Kees

>>>

>>

>> Thanks Kees. Yes I will get this into 4.16-rc1. Okay to add your

>> Acked-by I assume.

> 

> Yes, thanks! Here it is all together:

> 

> Fixes: a33b2d0359a0 ("selftests/seccomp: Add tests for basic ptrace actions")

> Cc: stable@vger.kernel.org

> Acked-by: Kees Cook <keescook@chromium.org>

> 

> 

> -Kees

> 


Applied to linux-kselftest next for 4.16-rc1

thanks,
-- Shuah

Patch

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 24dbf634e2dd..0b457e8e0f0c 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -1717,7 +1717,7 @@  void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,
 
 	if (nr == __NR_getpid)
 		change_syscall(_metadata, tracee, __NR_getppid);
-	if (nr == __NR_open)
+	if (nr == __NR_openat)
 		change_syscall(_metadata, tracee, -1);
 }
 
@@ -1792,7 +1792,7 @@  TEST_F(TRACE_syscall, ptrace_syscall_dropped)
 					   true);
 
 	/* Tracer should skip the open syscall, resulting in EPERM. */
-	EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
+	EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_openat));
 }
 
 TEST_F(TRACE_syscall, syscall_allowed)