Re: selftests: seccomp_bpf failure on 5.15

From: Kees Cook
Date: Wed Nov 03 2021 - 12:14:52 EST

Next message: Terry Bowman: "[PATCH v2 0/4] Watchdog: sp5100_tco: Replace watchdog cd6h/cd7h port I/O accesses with MMIO accesses"
Previous message: butt3rflyh4ck: "A kernel-infoleak bug in pppoe_getname() in drivers/net/ppp/pppoe.c"
In reply to: Eric W. Biederman: "Re: selftests: seccomp_bpf failure on 5.15"
Next in thread: Eric W. Biederman: "Re: selftests: seccomp_bpf failure on 5.15"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 02, 2021 at 01:22:19PM -0500, Eric W. Biederman wrote:
> Kees Cook <keescook@xxxxxxxxxxxx> writes:
>
> > On Thu, Oct 28, 2021 at 05:06:53PM -0500, Eric W. Biederman wrote:
> >> Kees Cook <keescook@xxxxxxxxxxxx> writes:
> >>
> >> > On Thu, Oct 28, 2021 at 12:26:26PM -0500, Eric W. Biederman wrote:
> >>
> >> Is it a problem that the debugger can see the signal if the process does
> >> not?
> >
> > Right, I'm trying to understand that too. However, my neighbor just lost
> > power. :|
> >
> > What I was in the middle of checking was what ptrace "sees" going
> > through a fatal SIGSYS; my initial debugging attempts were weird.
>
> Kees have you regained power and had a chance to see my SA_IMMUTABLE
> patch?

Apologies; I got busy with other stuff, but I've tested this now. It's
happy and I see the expected behaviors again. Note that I used the patch
with this change:

-#define SA_IMMUTABLE 0x008000000
+#define SA_IMMUTABLE 0x00800000

Tested-by: Kees Cook <keescook@xxxxxxxxxxxx>

Thanks!

-Kees

--
Kees Cook

Next message: Terry Bowman: "[PATCH v2 0/4] Watchdog: sp5100_tco: Replace watchdog cd6h/cd7h port I/O accesses with MMIO accesses"
Previous message: butt3rflyh4ck: "A kernel-infoleak bug in pppoe_getname() in drivers/net/ppp/pppoe.c"
In reply to: Eric W. Biederman: "Re: selftests: seccomp_bpf failure on 5.15"
Next in thread: Eric W. Biederman: "Re: selftests: seccomp_bpf failure on 5.15"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]