6.6-stable patches

added patches: selftests-seccomp-change-the-syscall-used-in-kill_thread-test.patch selftests-seccomp-handle-einval-on-unshare-clone_newpid.patch selftests-seccomp-user_notification_addfd-check-nextfd-is-available.patch
author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-04-29 13:07:47 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-04-29 13:07:47 +0200
commit: 7e6bfa52323e060cadeb5a3df5876c11ef623546 (patch)
tree: 095a9d7b77c30d65a007c78d31eed282b2671ea5
parent: 187695329699f58c98a261b2b478c9d8c08ebbdc (diff)
download: stable-queue-7e6bfa52323e060cadeb5a3df5876c11ef623546.tar.gz
4 files changed, 200 insertions, 0 deletions
diff --git a/queue-6.6/selftests-seccomp-change-the-syscall-used-in-kill_thread-test.patch b/queue-6.6/selftests-seccomp-change-the-syscall-used-in-kill_thread-test.patch
new file mode 100644
index 0000000000..a92efed459
--- /dev/null
+++ b/queue-6.6/selftests-seccomp-change-the-syscall-used-in-kill_thread-test.patch
@@ -0,0 +1,58 @@
+From 471dbc547612adeaa769e48498ef591c6c95a57a Mon Sep 17 00:00:00 2001
+From: Terry Tritton <terry.tritton@linaro.org>
+Date: Wed, 24 Jan 2024 14:13:56 +0000
+Subject: selftests/seccomp: Change the syscall used in KILL_THREAD test
+
+From: Terry Tritton <terry.tritton@linaro.org>
+
+commit 471dbc547612adeaa769e48498ef591c6c95a57a upstream.
+
+The Bionic version of pthread_create used on Android calls the prctl
+function to give the stack and thread local storage a useful name. This
+will cause the KILL_THREAD test to fail as it will kill the thread as
+soon as it is created.
+
+change the test to use getpid instead of prctl.
+
+Signed-off-by: Terry Tritton <terry.tritton@linaro.org>
+Link: https://lore.kernel.org/r/20240124141357.1243457-3-terry.tritton@linaro.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/seccomp/seccomp_bpf.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
++++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
+@@ -784,7 +784,7 @@ void *kill_thread(void *data)
+ 	bool die = (bool)data;
+ 
+ 	if (die) {
+-		prctl(PR_GET_SECCOMP, 0, 0, 0, 0);
++		syscall(__NR_getpid);
+ 		return (void *)SIBLING_EXIT_FAILURE;
+ 	}
+ 
+@@ -803,11 +803,11 @@ void kill_thread_or_group(struct __test_
+ {
+ 	pthread_t thread;
+ 	void *status;
+-	/* Kill only when calling __NR_prctl. */
++	/* Kill only when calling __NR_getpid. */
+ 	struct sock_filter filter_thread[] = {
+ 		BPF_STMT(BPF_LD|BPF_W|BPF_ABS,
+ 			offsetof(struct seccomp_data, nr)),
+-		BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_prctl, 0, 1),
++		BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_getpid, 0, 1),
+ 		BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_KILL_THREAD),
+ 		BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+ 	};
+@@ -819,7 +819,7 @@ void kill_thread_or_group(struct __test_
+ 	struct sock_filter filter_process[] = {
+ 		BPF_STMT(BPF_LD|BPF_W|BPF_ABS,
+ 			offsetof(struct seccomp_data, nr)),
+-		BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_prctl, 0, 1),
++		BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_getpid, 0, 1),
+ 		BPF_STMT(BPF_RET|BPF_K, kill),
+ 		BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+ 	};
diff --git a/queue-6.6/selftests-seccomp-handle-einval-on-unshare-clone_newpid.patch b/queue-6.6/selftests-seccomp-handle-einval-on-unshare-clone_newpid.patch
new file mode 100644
index 0000000000..87b8819233
--- /dev/null
+++ b/queue-6.6/selftests-seccomp-handle-einval-on-unshare-clone_newpid.patch
@@ -0,0 +1,47 @@
+From ecaaa55c9fa5e8058445a8b891070b12208cdb6d Mon Sep 17 00:00:00 2001
+From: Terry Tritton <terry.tritton@linaro.org>
+Date: Wed, 24 Jan 2024 14:13:55 +0000
+Subject: selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
+
+From: Terry Tritton <terry.tritton@linaro.org>
+
+commit ecaaa55c9fa5e8058445a8b891070b12208cdb6d upstream.
+
+unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the
+CONFIG_PID_NS option enabled.
+
+Add a check on these calls to skip the test if we receive EINVAL.
+
+Signed-off-by: Terry Tritton <terry.tritton@linaro.org>
+Link: https://lore.kernel.org/r/20240124141357.1243457-2-terry.tritton@linaro.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/seccomp/seccomp_bpf.c |    9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
++++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
+@@ -3709,7 +3709,12 @@ TEST(user_notification_sibling_pid_ns)
+ 	ASSERT_GE(pid, 0);
+ 
+ 	if (pid == 0) {
+-		ASSERT_EQ(unshare(CLONE_NEWPID), 0);
++		ASSERT_EQ(unshare(CLONE_NEWPID), 0) {
++			if (errno == EPERM)
++				SKIP(return, "CLONE_NEWPID requires CAP_SYS_ADMIN");
++			else if (errno == EINVAL)
++				SKIP(return, "CLONE_NEWPID is invalid (missing CONFIG_PID_NS?)");
++		}
+ 
+ 		pid2 = fork();
+ 		ASSERT_GE(pid2, 0);
+@@ -3727,6 +3732,8 @@ TEST(user_notification_sibling_pid_ns)
+ 	ASSERT_EQ(unshare(CLONE_NEWPID), 0) {
+ 		if (errno == EPERM)
+ 			SKIP(return, "CLONE_NEWPID requires CAP_SYS_ADMIN");
++		else if (errno == EINVAL)
++			SKIP(return, "CLONE_NEWPID is invalid (missing CONFIG_PID_NS?)");
+ 	}
+ 	ASSERT_EQ(errno, 0);
+ 
diff --git a/queue-6.6/selftests-seccomp-user_notification_addfd-check-nextfd-is-available.patch b/queue-6.6/selftests-seccomp-user_notification_addfd-check-nextfd-is-available.patch
new file mode 100644
index 0000000000..c39af4d613
--- /dev/null
+++ b/queue-6.6/selftests-seccomp-user_notification_addfd-check-nextfd-is-available.patch
@@ -0,0 +1,92 @@
+From 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 Mon Sep 17 00:00:00 2001
+From: Terry Tritton <terry.tritton@linaro.org>
+Date: Wed, 24 Jan 2024 14:13:57 +0000
+Subject: selftests/seccomp: user_notification_addfd check nextfd is available
+
+From: Terry Tritton <terry.tritton@linaro.org>
+
+commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 upstream.
+
+Currently the user_notification_addfd test checks what the next expected
+file descriptor will be by incrementing a variable nextfd. This does not
+account for file descriptors that may already be open before the test is
+started and will cause the test to fail if any exist.
+
+Replace nextfd++ with a function get_next_fd which will check and return
+the next available file descriptor.
+
+Signed-off-by: Terry Tritton <terry.tritton@linaro.org>
+Link: https://lore.kernel.org/r/20240124141357.1243457-4-terry.tritton@linaro.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/seccomp/seccomp_bpf.c |   24 +++++++++++++++++++-----
+ 1 file changed, 19 insertions(+), 5 deletions(-)
+
+--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
++++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
+@@ -4037,6 +4037,16 @@ TEST(user_notification_filter_empty_thre
+ 	EXPECT_GT((pollfd.revents & POLLHUP) ?: 0, 0);
+ }
+ 
++
++int get_next_fd(int prev_fd)
++{
++	for (int i = prev_fd + 1; i < FD_SETSIZE; ++i) {
++		if (fcntl(i, F_GETFD) == -1)
++			return i;
++	}
++	_exit(EXIT_FAILURE);
++}
++
+ TEST(user_notification_addfd)
+ {
+ 	pid_t pid;
+@@ -4053,7 +4063,7 @@ TEST(user_notification_addfd)
+ 	/* There may be arbitrary already-open fds at test start. */
+ 	memfd = memfd_create("test", 0);
+ 	ASSERT_GE(memfd, 0);
+-	nextfd = memfd + 1;
++	nextfd = get_next_fd(memfd);
+ 
+ 	ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+ 	ASSERT_EQ(0, ret) {
+@@ -4064,7 +4074,8 @@ TEST(user_notification_addfd)
+ 	/* Check that the basic notification machinery works */
+ 	listener = user_notif_syscall(__NR_getppid,
+ 				      SECCOMP_FILTER_FLAG_NEW_LISTENER);
+-	ASSERT_EQ(listener, nextfd++);
++	ASSERT_EQ(listener, nextfd);
++	nextfd = get_next_fd(nextfd);
+ 
+ 	pid = fork();
+ 	ASSERT_GE(pid, 0);
+@@ -4119,14 +4130,16 @@ TEST(user_notification_addfd)
+ 
+ 	/* Verify we can set an arbitrary remote fd */
+ 	fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);
+-	EXPECT_EQ(fd, nextfd++);
++	EXPECT_EQ(fd, nextfd);
++	nextfd = get_next_fd(nextfd);
+ 	EXPECT_EQ(filecmp(getpid(), pid, memfd, fd), 0);
+ 
+ 	/* Verify we can set an arbitrary remote fd with large size */
+ 	memset(&big, 0x0, sizeof(big));
+ 	big.addfd = addfd;
+ 	fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD_BIG, &big);
+-	EXPECT_EQ(fd, nextfd++);
++	EXPECT_EQ(fd, nextfd);
++	nextfd = get_next_fd(nextfd);
+ 
+ 	/* Verify we can set a specific remote fd */
+ 	addfd.newfd = 42;
+@@ -4164,7 +4177,8 @@ TEST(user_notification_addfd)
+ 	 * Child has earlier "low" fds and now 42, so we expect the next
+ 	 * lowest available fd to be assigned here.
+ 	 */
+-	EXPECT_EQ(fd, nextfd++);
++	EXPECT_EQ(fd, nextfd);
++	nextfd = get_next_fd(nextfd);
+ 	ASSERT_EQ(filecmp(getpid(), pid, memfd, fd), 0);
+ 
+ 	/*
diff --git a/queue-6.6/series b/queue-6.6/series
index 6788759beb..a56a14339f 100644
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -104,3 +104,6 @@ mm-treewide-introduce-nr_page_orders.patch
 drm-ttm-stop-pooling-cached-numa-pages-v2.patch
 squashfs-convert-to-new-timestamp-accessors.patch
 squashfs-check-the-inode-number-is-not-the-invalid-v.patch
+selftests-seccomp-user_notification_addfd-check-nextfd-is-available.patch
+selftests-seccomp-change-the-syscall-used-in-kill_thread-test.patch
+selftests-seccomp-handle-einval-on-unshare-clone_newpid.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-04-29 13:07:47 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-04-29 13:07:47 +0200
commit	7e6bfa52323e060cadeb5a3df5876c11ef623546 (patch)
tree	095a9d7b77c30d65a007c78d31eed282b2671ea5
parent	187695329699f58c98a261b2b478c9d8c08ebbdc (diff)
download	stable-queue-7e6bfa52323e060cadeb5a3df5876c11ef623546.tar.gz