passt/seccomp.sh, branch 2023_02_27.c538ee8 Plug A Simple Socket Transport cppcheck: Avoid errors due to zeroes in bitwise ORs 2022-09-29T10:22:37+00:00 David Gibson david@gibson.dropbear.id.au 2022-09-28T04:33:34+00:00 5beb3472ed4cf92be1fe1f27668dc0f1284bb2a8 Recent versions of cppcheck give warnings if using a bitwise OR (|) where some of the arguments are zero. We're triggering these warnings in our generated seccomp.h header, because BPF_LD and BPF_W are zero-valued. However putting these defines in makes the generate code clearer, even though they could be left out without changing the values. So, add cppcheck suppressions to the generated code. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Recent versions of cppcheck give warnings if using a bitwise OR (|) where
some of the arguments are zero.  We're triggering these warnings in our
generated seccomp.h header, because BPF_LD and BPF_W are zero-valued.
However putting these defines in makes the generate code clearer, even
though they could be left out without changing the values.  So, add
cppcheck suppressions to the generated code.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Makefile: Avoid using wildcard sources 2022-06-18T07:06:00+00:00 David Gibson david@gibson.dropbear.id.au 2022-06-14T05:12:21+00:00 08007d0b25a8175bf6f663fd12b25e4e4eea4d17 The passt/pasta Makefile makes fairly heavy use of GNU make's $(wildcard) function to locate the sources and headers to build. Using wildcards for the things to compile is usually a bad idea though: if somehow you end up with a .c or .h file in your tree you didn't expect it can misbuild in an exceedingly confusing way. In particular this can sometimes happen if switching between releases / branches where files have been added or removed without 100% cleaning the tree. It also makes life a bit complicated if building multiple different binaries in the same tree: we already have some rather awkward $(filter-out) constructions to avoid including qrap.c in the passt build. Replace use of $(wildcard) with the more idiomatic approach of defining variables listing all the relevant source files then using that throughout. In the rule for seccomp.h there was also a bare "*.c" which caused make to always rebuild that target. Fix that as well. Similarly, seccomp.sh uses a wildcard to locate the sources, which is unwise for the same reasons. Make it take the sources to examine on the command line instead, and have the Makefile pass them in from the same variables. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
The passt/pasta Makefile makes fairly heavy use of GNU make's $(wildcard)
function to locate the sources and headers to build.  Using wildcards for
the things to compile is usually a bad idea though: if somehow you end up
with a .c or .h file in your tree you didn't expect it can misbuild in an
exceedingly confusing way.  In particular this can sometimes happen if
switching between releases / branches where files have been added or
removed without 100% cleaning the tree.

It also makes life a bit complicated if building multiple different
binaries in the same tree: we already have some rather awkward
$(filter-out) constructions to avoid including qrap.c in the passt build.

Replace use of $(wildcard) with the more idiomatic approach of defining
variables listing all the relevant source files then using that throughout.
In the rule for seccomp.h there was also a bare "*.c" which caused make to
always rebuild that target.  Fix that as well.

Similarly, seccomp.sh uses a wildcard to locate the sources, which is
unwise for the same reasons.  Make it take the sources to examine on the
command line instead, and have the Makefile pass them in from the same
variables.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
test, seccomp, Makefile: Switch to valgrind runs for passt functional tests 2022-03-29T13:35:38+00:00 Stefano Brivio sbrivio@redhat.com 2022-03-15T19:16:13+00:00 66a95e331ec930e72bc06c54b283ea88b30ecbaa Pass to seccomp.sh a list of additional syscalls valgrind needs as EXTRA_SYSCALLS in a new 'valgrind' make target, and add corresponding support in seccomp.sh itself. In test setup functions, start passt with valgrind, but not for performance tests. Add tests checking that valgrind exits without errors after all the other tests in the group are done. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Pass to seccomp.sh a list of additional syscalls valgrind needs as
EXTRA_SYSCALLS in a new 'valgrind' make target, and add corresponding
support in seccomp.sh itself.

In test setup functions, start passt with valgrind, but not for
performance tests.

Add tests checking that valgrind exits without errors after all the
other tests in the group are done.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
seccomp.sh: Handle syscall number defines in the (x + y) form 2022-02-26T22:32:02+00:00 Stefano Brivio sbrivio@redhat.com 2022-02-26T22:29:18+00:00 601f7ee78ece7d54a12cf9191d23a3ec516d8948 This is the case at least for current glibc headers on armv6l and armv7l. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This is the case at least for current glibc headers on armv6l and
armv7l.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
seccomp: Introduce mechanism to allow per-arch syscalls 2022-01-26T15:29:34+00:00 Stefano Brivio sbrivio@redhat.com 2022-01-25T18:21:31+00:00 daf8d057cebf4b304c11b10cd6e6c98e19710630 Some C library functions are commonly implemented by different syscalls on different architectures. Add a mechanism to allow selected syscalls for a single architecture, syntax in #syscalls comment is: #syscalls <arch>:<name> e.g. s390x:socketcall, given that socketcall() is commonly used there instead of socket(). This is now implemented by a compiler probe for syscall numbers, auditd tools (ausyscall) are not required anymore as a result. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Some C library functions are commonly implemented by different syscalls
on different architectures. Add a mechanism to allow selected syscalls
for a single architecture, syntax in #syscalls comment is:

	#syscalls <arch>:<name>

e.g. s390x:socketcall, given that socketcall() is commonly used there
instead of socket().

This is now implemented by a compiler probe for syscall numbers,
auditd tools (ausyscall) are not required anymore as a result.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Makefile, seccomp: Fix build for i386, ppc64, ppc64le 2022-01-26T06:57:09+00:00 Stefano Brivio sbrivio@redhat.com 2022-01-25T18:07:05+00:00 fa7e2e7016e45c3cf98ba92e0af30d9adc0f691f On some distributions, on ppc64, ulimit -s returns 'unlimited': add a reasonable default, and also make sure ulimit is invoked using the default shell, which should ensure ulimit is actually implemented. Also note that AUDIT_ARCH doesn't follow closely the naming reported by 'uname -m': convert for i386 and ppc as needed. While at it, move inclusion of seccomp.h after util.h, the former is less generic (cosmetic/clang-tidy only). Older kernel headers might lack a definition for AUDIT_ARCH_PPC64LE: define that explicitly if it's not available. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
On some distributions, on ppc64, ulimit -s returns 'unlimited': add a
reasonable default, and also make sure ulimit is invoked using the
default shell, which should ensure ulimit is actually implemented.

Also note that AUDIT_ARCH doesn't follow closely the naming reported
by 'uname -m': convert for i386 and ppc as needed.

While at it, move inclusion of seccomp.h after util.h, the former is
less generic (cosmetic/clang-tidy only).

Older kernel headers might lack a definition for AUDIT_ARCH_PPC64LE:
define that explicitly if it's not available.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
seccomp.sh: Handle missing ausyscall(8) or unknown syscall number 2021-10-20T23:21:26+00:00 Stefano Brivio sbrivio@redhat.com 2021-10-20T23:21:26+00:00 819d13bb92b8e0430e57039f82b75e982f2a728e ...try sourcing it with the compiler from <sys/syscalls.h> before giving up. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
...try sourcing it with the compiler from <sys/syscalls.h> before
giving up.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
passt, pasta: Add seccomp support 2021-10-14T11:15:46+00:00 Stefano Brivio sbrivio@redhat.com 2021-10-13T20:25:03+00:00 66d5930ec77caed942404ceef4829f2c4ca431bd List of allowed syscalls comes from comments in the form: #syscalls <list> for syscalls needed both in passt and pasta mode, and: #syscalls:pasta <list> #syscalls:passt <list> for syscalls specifically needed in pasta or passt mode only. seccomp.sh builds a list of BPF statements from those comments, prefixed by a binary search tree to keep lookup fast. While at it, clean up a bit the Makefile using wildcards. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
List of allowed syscalls comes from comments in the form:
	#syscalls <list>

for syscalls needed both in passt and pasta mode, and:
	#syscalls:pasta <list>
	#syscalls:passt <list>

for syscalls specifically needed in pasta or passt mode only.

seccomp.sh builds a list of BPF statements from those comments,
prefixed by a binary search tree to keep lookup fast.

While at it, clean up a bit the Makefile using wildcards.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>