Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

samples/seccomp: fix dependencies on arch macros

This change fixes the compilation error triggered here for
i386 allmodconfig in linux-next:
  http://kisskb.ellerman.id.au/kisskb/buildresult/6123842/

Logic attempting to predict the host architecture has been
removed from the Makefile.  Instead, the bpf-direct sample
should now compile on any architecture, but if the architecture
is not supported, it will compile a minimal main() function.

This change also ensures the samples are not compiled when
there is no seccomp filter support.

(Note, I wasn't able to reproduce the error locally, but
 the existing approach was clearly flawed.  This tweak
 should resolve your issue and avoid other future weirdness.)

Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
  • Loading branch information...
commit 561381a146a31ff91d7a2370c10871b02ac7343c 1 parent 389da25
@redpig redpig authored James Morris committed
Showing with 19 additions and 11 deletions.
  1. +3 −9 samples/seccomp/Makefile
  2. +16 −2 samples/seccomp/bpf-direct.c
View
12 samples/seccomp/Makefile
@@ -1,27 +1,21 @@
# kbuild trick to avoid linker error. Can be omitted if a module is built.
obj- := dummy.o
-hostprogs-$(CONFIG_SECCOMP) := bpf-fancy dropper
-bpf-fancy-objs := bpf-fancy.o bpf-helper.o
+hostprogs-$(CONFIG_SECCOMP_FILTER) := bpf-fancy dropper bpf-direct
HOSTCFLAGS_bpf-fancy.o += -I$(objtree)/usr/include
HOSTCFLAGS_bpf-fancy.o += -idirafter $(objtree)/include
HOSTCFLAGS_bpf-helper.o += -I$(objtree)/usr/include
HOSTCFLAGS_bpf-helper.o += -idirafter $(objtree)/include
+bpf-fancy-objs := bpf-fancy.o bpf-helper.o
HOSTCFLAGS_dropper.o += -I$(objtree)/usr/include
HOSTCFLAGS_dropper.o += -idirafter $(objtree)/include
dropper-objs := dropper.o
-# bpf-direct.c is x86-only.
-ifeq ($(SRCARCH),x86)
-# List of programs to build
-hostprogs-$(CONFIG_SECCOMP) += bpf-direct
-bpf-direct-objs := bpf-direct.o
-endif
-
HOSTCFLAGS_bpf-direct.o += -I$(objtree)/usr/include
HOSTCFLAGS_bpf-direct.o += -idirafter $(objtree)/include
+bpf-direct-objs := bpf-direct.o
# Try to match the kernel target.
ifeq ($(CONFIG_64BIT),)
View
18 samples/seccomp/bpf-direct.c
@@ -8,6 +8,11 @@
* and can serve as a starting point for developing
* applications using prctl(PR_SET_SECCOMP, 2, ...).
*/
+#if defined(__i386__) || defined(__x86_64__)
+#define SUPPORTED_ARCH 1
+#endif
+
+#if defined(SUPPORTED_ARCH)
#define __USE_GNU 1
#define _GNU_SOURCE 1
@@ -43,8 +48,6 @@
#define REG_ARG3 REG_R10
#define REG_ARG4 REG_R8
#define REG_ARG5 REG_R9
-#else
-#error Unsupported platform
#endif
#ifndef PR_SET_NO_NEW_PRIVS
@@ -174,3 +177,14 @@ int main(int argc, char **argv)
payload("Error message going to STDERR\n"));
return 0;
}
+#else /* SUPPORTED_ARCH */
+/*
+ * This sample is x86-only. Since kernel samples are compiled with the
+ * host toolchain, a non-x86 host will result in using only the main()
+ * below.
+ */
+int main(void)
+{
+ return 1;
+}
+#endif /* SUPPORTED_ARCH */
Please sign in to comment.
Something went wrong with that request. Please try again.