- Mar 18, 2025
-
-
Thomas Bettler authored
Signed-off-by:
Thomas Bettler <thomas.bettler@gmail.com> Acked-by:
Tom Hromatka <tom.hromatka@oracle.com> [PM: merge fuzz, subject tweak] Signed-off-by:
Paul Moore <paul@paul-moore.com>
-
Tom Hromatka authored
Signed-off-by:
-
Alyssa Ross authored
*len is the length of the destination buffer, but program->blks is probably not anywhere near that long. It's already been checked above that BPF_PGM_SIZE(program) is less than or equal to *len, so that's the correct value to use here to avoid either reading or writing too much. I noticed this because tests/11-basic-basic_errors started failing on musl after e797591b ("all: add seccomp_precompute() functionality"). Signed-off-by:
Alyssa Ross <hi@alyssa.is> Acked-by:
-
Romain Geissler authored
This was spotted when trying to upgrade the libseccomp fedora package to version 2.6.0 in fedora rawhide. It comes with gcc 15 and LTO enabled by default. When running the test 61-sim-transactions we get plenty of such errors in valgrind: ==265507== Use of uninitialised value of size 8 ==265507== at 0x4096AD: _hsh_add (gen_bpf.c:599) ==265507== by 0x40A557: UnknownInlinedFun (gen_bpf.c:2016) ==265507== by 0x40A557: gen_bpf_generate (gen_bpf.c:2341) ==265507== by 0x400CDE: UnknownInlinedFun (db.c:2685) ==265507== by 0x400CDE: UnknownInlinedFun (db.c:2682) ==265507== by 0x400CDE: UnknownInlinedFun (api.c:756) ==265507== by 0x400CDE: UnknownInlinedFun (util.c:162) ==265507== by 0x400CDE: UnknownInlinedFun (util.c:153) ==265507== by 0x400CDE: main (61-sim-transactions.c:128) ==265507== Uninitialised value was created by a stack allocation ==265507== at 0x409590: _hsh_add (gen_bpf.c:573) Investigating this a bit, it seems that because of LTO the MurMur hash implementation is being inlined in _hsh_add. The two buffers data and blocks to point at the same underlying data, but via incompatible type, which is a strict aliasing violation. Instead, remove the getblock32 function and inline the copy with memcpy. This is reproducible on a "fedora:rawhide" container (gcc 15) and using: export CFLAGS='-O2 -flto=auto -ffat-lto-objects -g' Signed-off-by:
Romain Geissler <romain.geissler@amadeus.com> Reviewed-by:
Sam James <sam@gentoo.org> Acked-by:
-
Kir Kolyshkin authored
Document the fact that both seccomp_transaction_start and seccomp_transaction_commit can return -EINVAL when ctx is invalid. Signed-off-by:
Kir Kolyshkin <kolyshkin@gmail.com> Reviewed-by:
-
- Jan 27, 2025
-
-
Paul Moore authored
We can't reliably run the bpf-sim-fuzz tests on tests which manipulate the filters arch/ABIs unless the filter is safe to run on all arch/ABIs, which is more or less impossible. Remove the bpf-sim-fuzz test section in test #62 to work around this, just as we do with the other similar tests. Signed-off-by:
-
- Jan 25, 2025
-
-
Tom Hromatka authored
Signed-off-by:
-
- Jan 24, 2025
-
-
Paul Moore authored
Signed-off-by: -
Paul Moore authored
Force the creation of the test log and stats files before running the test, this prevents a race condition where the framework attempts to output the test results before the test has had a chance to run. Quiet a grep command in the framework that was resulting in unwanted output in the test terminal. Signed-off-by:
-
- Jan 23, 2025
-
-
Paul Moore authored
Two small tweaks: - Group the GH Action badges together in README.md - Fix some minor list formatting in CHANGELOG Signed-off-by: -
Paul Moore authored
As described in the blog post below, we need to migrate to actions/upload-artifact@v4. https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions Signed-off-by:
-
Paul Moore authored
Signed-off-by: -
Paul Moore authored
It is important to note that there are not changes to the syscall table with this update, it simply updates the header to v6.13 from v6.13-rc3. Signed-off-by:
-
- Jan 18, 2025
-
-
Paul Moore authored
Cleanup all of our regression testing artifacts to keep 'make distcheck' happy. Signed-off-by:
-
- Jan 17, 2025
-
-
Paul Moore authored
Signed-off-by: -
Paul Moore authored
Remove the Travis CI option for the Coverity checks. We can investigate add Coverity to the GitHub Actions in the future, but right now just stick to manual submissions. Signed-off-by: -
Tom Hromatka authored
The package python3-distutils has been deprecated, and we no longer depend upon it. Don't install it during Github Actions automated tests. Signed-off-by:
-
- Dec 18, 2024
-
-
Paul Moore authored
Signed-off-by:
-
- Dec 05, 2024
-
-
Tom Hromatka authored
Add a test to verify the logic at the end of db_col_transaction_commit() properly copies and releases the snapshots from the filter when the filter length doesn't match the snapshot length. Signed-off-by:
-
Paul Moore authored
While libseccomp has internally has transaction support for some time now, it hasn't been accessible to callers through the libseccomp API. This patch adds a transaction API as well as supporting documentation and a new unit regression test. int seccomp_transaction_start(const scmp_filter_ctx ctx) int seccomp_transaction_commit(const scmp_filter_ctx ctx) void seccomp_transaction_reject(const scmp_filter_ctx ctx) Signed-off-by:
-
Paul Moore authored
Fix an off-by-one error that was causing us to leak a db_filter struct at transaction commit time when we removed an arch/ABI in a transaction. Reported-by:
-
Paul Moore authored
It turns out we don't properly handle transaction aborts as we should, this likely broke when we implemented the shadow snapshots but as the transaction concept was not exported via the API, and callers most likely abandoned the filter on error this went unnoticed. This patch ensures that transaction aborts are handled properly by correctly managing the filter's transaction stack. Signed-off-by:
-
- Nov 08, 2024
-
-
WANG Xuerui authored
Due to the addition of fstat & newfstatat to the LoongArch syscall ABI, tests 38 and 55 have to be updated for the changed syscall numbers. As for the PNR additions, normally they are allocated alphabetically for the syscalls introduced between updates of the table, but in the v2.5 release branch -10245 is already assigned to map_shadow_stack in commit 53267af3 ("all: update the syscall table for Linux v6.7-rc3"). While the map_shadow_stack syscall is in fact available across all architectures, for consistency with v2.5.5 and later it is kept in the same position in this update. Signed-off-by:
WANG Xuerui <git@xen0n.name> Signed-off-by:
-
WANG Xuerui authored
The aarch64, loongarch64 and riscv64 architectures have their syscall table sources changed to scripts/syscall.tbl, from the original inclusion of asm-generic/unistd.h. Make the script recognize the new format for these architectures. Signed-off-by:
-
WANG Xuerui authored
Apart from de-duplication of logic, this refactor is also going to help syncing to the Linux 6.11+ definitions, where all architectures are converted to source their syscall definitions from syscall.tbl files. The change is tested on Linux 6.2 sources to not affect the generated syscalls.csv apart from timestamp changes. Signed-off-by:
-
- Sep 20, 2024
-
-
Paul Moore authored
We have maintainer docs regarding our release process, but nothing for normal users. Let's fix that with a small section in our README.md. Signed-off-by:
-
Paul Moore authored
The goal of test 29 is to test bogus negative syscall numbers, unfortunately it appears our choice of syscalls was not bogus on all the architectures we support. This commit fixes that by picking a syscall number well outside the pseudo-syscall/PNR range and removing the sysmips(2) syscall from the test so as to not cause problems at a later date. Signed-off-by:
-
- Sep 05, 2024
-
-
Sam James authored
See https://github.com/seccomp/libseccomp/pull/425 . Punning sys_data_b between uint32_t* and struct* seccomp_data isn't legal, use memcpy to fix the testsuite with Clang 17. Modern compilers recognise this idiom and optimise it out anyway. Signed-off-by:
-
CismonX authored
In ISO C, at least one argument should be specified for the "..." argument of a function-like macro. Signed-off-by:
Cheng Qiao <admin@cismon.net> Acked-by:
-
- Jul 19, 2024
-
-
Heran Yang authored
CI / Codespell found 2 typos and blocks PR merging. This commit fixes them. Signed-off-by:
Heran Yang <heran55@126.com> Signed-off-by:
-
- Apr 18, 2024
-
-
Ali Polatel authored
The kernel returns EINVAL when this flag is passed to seccomp without the new listener flag so we should pass the along as well. Reference on where the check happens in the kernel: https://github.com/torvalds/linux/blob/aea6bf908d730b01bd264a8821159db9463c111c/kernel/seccomp.c#L1926-L1932 Signed-off-by:
Ali Polatel <alip@chesswob.org> Acked-by:
-
Jingyun Hua authored
Signed-off-by:
Jingyun Hua <huajingyun@loongson.cn> Acked-by:
-
- Jan 07, 2024
-
-
Sam James authored
which is not a standard POSIX utility, and indeed, each of these test scripts uses #!/bin/bash as its shebang, so we can use `type -P` which has the same behaviour as `which` for free. (If the tests used POSIX shell, we could do `command -v`, its only caveat is that it'll pick up functions in the user's shell, which doesn't matter 99% of the time anyway.) Distributions like Debian [0] and Gentoo [1] are looking to remove `which` from their base set of packages. [0] https://lwn.net/Articles/874049/ [1] https://bugs.gentoo.org/646588 Signed-off-by:
-
- Dec 01, 2023
-
-
Tom Hromatka authored
Signed-off-by: -
Tom Hromatka authored
Running make distcheck resulted in the following errors: ERROR: files left in build directory after distclean: ./src/python/seccomp.egg-info/SOURCES.txt ./src/python/seccomp.egg-info/PKG-INFO ./src/python/seccomp.egg-info/top_level.txt ./src/python/seccomp.egg-info/dependency_links.txt ./src/python/dist/seccomp-2.5.4-py3.11-linux-x86_64.egg make[1]: *** [Makefile:812: distcleancheck] Error 1 Delete the seccomp.egg-info and dist directories in the clean-local make target. Signed-off-by:
-
- Nov 30, 2023
-
-
Akihiro Suda authored
Fixes: dd5c9c24 ("arch: Add 32-bit Motorola 68000 support") Fixes: c12945db ("arch: Add SuperH 32-bit support") Signed-off-by:
Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> Acked-by:
-
- Oct 18, 2023
-
-
Mayank Mrinal authored
29-sim-pseudo_syscall.c was using `-11001` syscall. Corrected it to `-10001`. Signed-off-by:
Mayank Mrinal <mayank.mrinal@sony.com> Acked-by:
-
Xiaotian Wu authored
Signed-off-by:
Xiaotian Wu <wuxiaotian@loongson.cn> Acked-by:
-
Manabu Sugimoto authored
`seccomp_arch_remove()` for `SCMP_ARCH_SH` is missing, so add it. Signed-off-by:
Manabu Sugimoto <Manabu.Sugimoto@sony.com> Acked-by:
-
- May 09, 2023
-
-
Paul Moore authored
It appears that '--indent-preprocessor' and '--max-instatement-indent' are no longer supported command line options, remove them. Minor tweak to db_col_init() to appease astyle, no functional changes. Signed-off-by:
-
