Ubuntu
linux package

[Ubuntu 15.10] Add seccomp mode 2 to the Ubuntu Power LE kernel

Bug #1458876 reported by bugproxy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Tim Gardner
Wily
Fix Released
Medium
Tim Gardner

Bug Description

seccomp mode 2 involves the parsing of BPF (Berkeley Packet Filter) configuration files to define system call filtering. Mode 2 is not currently supported on Power; this feature covers the addition of this support, which likely includes updates to the kernel and to libseccomp.

bugproxy (bugproxy)
tags: added: architecture-ppc64le bugnameltc-120966 severity-high targetmilestone-inin1510
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1458876/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Brian Murray (brian-murray)
affects: ubuntu → linux (Ubuntu)
Chris J Arges (arges)
Changed in linux (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2015-08-18 21:27 EDT-------
The patches for seccomp mode 2 support are queued for 4.3; as they were developed against 4.2, I would expect them to apply cleanly to the Ubuntu 15.10 kernel. I am willing to help with backporting if they don't, or if other modifications to the Ubuntu kernel cause issues with applying them.

There were 11 patches in the patchset:

[PATCH 01/11] powerpc/kernel: Switch to using MAX_ERRNO
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131601.html

[PATCH 02/11] powerpc/kernel: Change the do_syscall_trace_enter() API
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131602.html

[PATCH 03/11] powerpc: Drop unused syscall_get_error()
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131603.html

[PATCH 04/11] powerpc: Don't negate error in syscall_set_return_value()
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131604.html

[PATCH 05/11] powerpc: Rework syscall_get_arguments() so there is only one loop
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131605.html

[PATCH 06/11] powerpc: Use orig_gpr3 in syscall_get_arguments()
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131606.html

[PATCH 07/11] powerpc: Change syscall_get_nr() to return int
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131607.html

[PATCH 08/11] powerpc/kernel: Add SIG_SYS support for compat tasks
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131608.html

[PATCH 09/11] powerpc/kernel: Enable seccomp filter
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131609.html

[PATCH 10/11] selftests/seccomp: Make seccomp tests work on big endian
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131610.html

[PATCH 11/11] selftests/seccomp: Add powerpc support
https://lists.ozlabs.org/pipermail/linuxppc-dev/2015-July/131611.html

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2015-08-27 13:11 EDT-------
Do the patches made Linus' tree? i just tried for find it bug I didn't find.

Can you post here the commit IDs as soon as you have them?

Thanks

Revision history for this message
Tim Gardner (timg-tpi) wrote :

It'll be at least August 31, 2015 before the 4.3 merge window opens. I expect the relevant seccomp patches for ppc64el will be merged within the first few days as they are already in linux-next.

Changed in linux (Ubuntu Wily):
assignee: nobody → Tim Gardner (timg-tpi)
status: Confirmed → In Progress
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Wily):
status: In Progress → Fix Committed
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2015-09-09 20:34 EDT-------
Here is the list of commit IDs for seccomp support on powerpc.

powerpc/kernel: Switch to using MAX_ERRNO
c3525940cca53cf3568fefd35d169fea4f107f0a

powerpc/kernel: Change the do_syscall_trace_enter() API
d38374142b2560f233961ed3756416c68af6c6cb

powerpc: Drop unused syscall_get_error()
2923e6d503465e97a378d37a588e4e6987009bc7

powerpc: Don't negate error in syscall_set_return_value()
1b1a3702a65c1a6511e4c95ecb3770dfdf235bcf

powerpc: Rework syscall_get_arguments() so there is only one loop
a7657844296e796bf33922192743ddeacbcd4d7a

powerpc: Use orig_gpr3 in syscall_get_arguments()
1cb9839b73e7f2b006a1cc9452c30f15ff8b1748

powerpc: Change syscall_get_nr() to return int
e9fbe6863281b942d7eea44c6ccabc30f46ab44f

powerpc/kernel: Add SIG_SYS support for compat tasks
1b60bab04e03d7ed74826dc20fda9d907d011313

powerpc/kernel: Enable seccomp filter
2449acc5348b94325e9374056b2cc3ed55816e96

selftests/seccomp: Make seccomp tests work on big endian
c385d0db30f3c0bf687a080c38e8088c342116a3

selftests/seccomp: Add powerpc support
5d83c2b37d435b88452bc88a2a47672346efb2b4

Revision history for this message
Breno Leitão (breno-leitao) wrote :

Since the status is fix committed, I understand that these patches will make 15.10 release.

Revision history for this message
Tim Gardner (timg-tpi) wrote :

Yes, linux 4.2.0-9.9

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package linux - 4.2.0-10.11

---------------
linux (4.2.0-10.11) wily; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1495208
  * No change rebuild to avoid issues with leading zero bytes on
    internal module signing key. (see launchpad bug 1494943)

  [ Ming Lei ]

  * [Config] SERIAL_8250_DW=y for arm64

  [ Upstream Kernel Changes ]

  * drm/i915: Move WaBarrierPerformanceFixDisable:skl to skl code from chv
    code
    - LP: #1484486
  * drm/i915/gen8: Add infrastructure to initialize WA batch buffers
    - LP: #1484486
  * drm/i915/gen8: Re-order init pipe_control in lrc mode
    - LP: #1484486
  * drm/i915/gen8: Add WaDisableCtxRestoreArbitration workaround
    - LP: #1484486
  * drm/i915/gen8: Add WaFlushCoherentL3CacheLinesAtContextSwitch
    workaround
    - LP: #1484486
  * drm/i915: Bail out early if WA batch is not available for given Gen
    - LP: #1484486
  * drm/i915/gen8: Add WaClearSlmSpaceAtContextSwitch workaround
    - LP: #1484486
  * drm/i915: Update WaFlushCoherentL3CacheLinesAtContextSwitch
    - LP: #1484486
  * drm/i915/gen9: Implement WaDisableKillLogic for gen 9
    - LP: #1484486
  * drm/i915: Enable WA batch buffers for Gen9
    - LP: #1484486
  * drm/i915/gen9: Add WaDisableCtxRestoreArbitration workaround
    - LP: #1484486
  * drm/i915: Update wa_ctx_emit() macro as per kernel coding guidelines
    - LP: #1484486
  * drm/i915/gen9: Add WaFlushCoherentL3CacheLinesAtContextSwitch
    workaround
    - LP: #1484486
  * drm/i915/gen9: Add
    WaSetDisablePixMaskCammingAndRhwoInCommonSliceChicken
    - LP: #1484486
  * drm/i915:skl: Add WaEnableGapsTsvCreditFix
    - LP: #1484486
  * drm/i915/skl: revert duplicated WaBarrierPerformanceFixDisable:skl
    - LP: #1484486
  * drm/i915/skl: Don't expose the top most plane on gen9 display
    - LP: #1484486
  * drm/i915/skl WaDisableSbeCacheDispatchPortSharing
    - LP: #1484486
  * drm/i915/skl: WaIgnoreDDIAStrap is forever, always init DDI A
    - LP: #1484486
  * drm/i915: reduce indent in i9xx_hpd_irq_handler
    - LP: #1484531
  * drm/i915: reduce duplicate conditions in i9xx_hpd_irq_handler
    - LP: #1484531
  * drm/i915: reduce indent in intel_hpd_irq_handler
    - LP: #1484531
  * drm/i915: group all hotplug related fields into a new struct in
    dev_priv
    - LP: #1484531
  * drm/i915: add for_each_hpd_pin to iterate over hotplug pins
    - LP: #1484531
  * drm/i915: simplify conditions for skipping the 2nd hpd loop iterations
    - LP: #1484531
  * drm/i915: put back the indent in intel_hpd_irq_handler
    - LP: #1484531
  * drm/i915: merge the two hpd loops in intel_hpd_irq_handler to one
    - LP: #1484531
  * drm/i915: simplify condition for digital port
    - LP: #1484531
  * drm/i915: abstract away platform specific parts from hpd handling
    - LP: #1484531
  * drm/i915: Handle HPD when it has actually occurred
    - LP: #1484531
  * drm/i915: Set power domain for DDI-E
    - LP: #1484531
  * drm/i915: Set alternate aux for DDI-E
    - LP: #1484531
  * drm/i915/skl: enable DDI-E hotplug
    - LP: #1484531
  * drm/i915/bxt: fix DDI PHY vswing scale value setting
    - LP: #1494163
  * drm/i915/skl: Buf...

Read more...

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.