Message ID | 20190325140318.13059-1-berrange@redhat.com |
---|---|
State | New |
Headers | show |
Series | seccomp: report more useful errors from seccomp | expand |
Hi On Mon, Mar 25, 2019 at 3:07 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > Most of the seccomp functions return errnos as a negative return > value. The code is currently ignoring these and reporting a generic > error message for all seccomp failure scenarios making debugging > painful. Report a more precise error from each failed call and include > errno if it is available. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Is this for 4.0? Eligible imho. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > --- > qemu-seccomp.c | 20 +++++++++++++------- > 1 file changed, 13 insertions(+), 7 deletions(-) > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > index 36d5829831..8daa9e0528 100644 > --- a/qemu-seccomp.c > +++ b/qemu-seccomp.c > @@ -138,21 +138,23 @@ static uint32_t qemu_seccomp_get_kill_action(void) > } > > > -static int seccomp_start(uint32_t seccomp_opts) > +static int seccomp_start(uint32_t seccomp_opts, Error **errp) > { > - int rc = 0; > + int rc = -1; > unsigned int i = 0; > scmp_filter_ctx ctx; > uint32_t action = qemu_seccomp_get_kill_action(); > > ctx = seccomp_init(SCMP_ACT_ALLOW); > if (ctx == NULL) { > - rc = -1; > + error_setg(errp, "failed to initialize seccomp context"); > goto seccomp_return; > } > > rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1); > if (rc != 0) { > + error_setg_errno(errp, -rc, > + "failed to set seccomp thread synchronization"); > goto seccomp_return; > } > > @@ -164,15 +166,21 @@ static int seccomp_start(uint32_t seccomp_opts) > rc = seccomp_rule_add_array(ctx, action, blacklist[i].num, > blacklist[i].narg, blacklist[i].arg_cmp); > if (rc < 0) { > + error_setg_errno(errp, -rc, > + "failed to add seccomp blacklist rules"); > goto seccomp_return; > } > } > > rc = seccomp_load(ctx); > + if (rc < 0) { > + error_setg_errno(errp, -rc, > + "failed to load seccomp syscall filter in kernel"); > + } > > seccomp_return: > seccomp_release(ctx); > - return rc; > + return rc < 0 ? -1 : 0; > } > > #ifdef CONFIG_SECCOMP > @@ -242,9 +250,7 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) > } > } > > - if (seccomp_start(seccomp_opts) < 0) { > - error_setg(errp, "failed to install seccomp syscall filter " > - "in the kernel"); > + if (seccomp_start(seccomp_opts, errp) < 0) { > return -1; > } > } > -- > 2.20.1 > >
On Mon, Mar 25, 2019 at 04:25:19PM +0100, Marc-André Lureau wrote: > Hi > > On Mon, Mar 25, 2019 at 3:07 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > > > Most of the seccomp functions return errnos as a negative return > > value. The code is currently ignoring these and reporting a generic > > error message for all seccomp failure scenarios making debugging > > painful. Report a more precise error from each failed call and include > > errno if it is available. > > > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > > Is this for 4.0? Eligible imho. I don't really mind either way. > > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > > > --- > > qemu-seccomp.c | 20 +++++++++++++------- > > 1 file changed, 13 insertions(+), 7 deletions(-) > > > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > > index 36d5829831..8daa9e0528 100644 > > --- a/qemu-seccomp.c > > +++ b/qemu-seccomp.c > > @@ -138,21 +138,23 @@ static uint32_t qemu_seccomp_get_kill_action(void) > > } > > > > > > -static int seccomp_start(uint32_t seccomp_opts) > > +static int seccomp_start(uint32_t seccomp_opts, Error **errp) > > { > > - int rc = 0; > > + int rc = -1; > > unsigned int i = 0; > > scmp_filter_ctx ctx; > > uint32_t action = qemu_seccomp_get_kill_action(); > > > > ctx = seccomp_init(SCMP_ACT_ALLOW); > > if (ctx == NULL) { > > - rc = -1; > > + error_setg(errp, "failed to initialize seccomp context"); > > goto seccomp_return; > > } > > > > rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1); > > if (rc != 0) { > > + error_setg_errno(errp, -rc, > > + "failed to set seccomp thread synchronization"); > > goto seccomp_return; > > } > > > > @@ -164,15 +166,21 @@ static int seccomp_start(uint32_t seccomp_opts) > > rc = seccomp_rule_add_array(ctx, action, blacklist[i].num, > > blacklist[i].narg, blacklist[i].arg_cmp); > > if (rc < 0) { > > + error_setg_errno(errp, -rc, > > + "failed to add seccomp blacklist rules"); > > goto seccomp_return; > > } > > } > > > > rc = seccomp_load(ctx); > > + if (rc < 0) { > > + error_setg_errno(errp, -rc, > > + "failed to load seccomp syscall filter in kernel"); > > + } > > > > seccomp_return: > > seccomp_release(ctx); > > - return rc; > > + return rc < 0 ? -1 : 0; > > } > > > > #ifdef CONFIG_SECCOMP > > @@ -242,9 +250,7 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) > > } > > } > > > > - if (seccomp_start(seccomp_opts) < 0) { > > - error_setg(errp, "failed to install seccomp syscall filter " > > - "in the kernel"); > > + if (seccomp_start(seccomp_opts, errp) < 0) { > > return -1; > > } > > } > > -- > > 2.20.1 > > > > > > > -- > Marc-André Lureau Regards, Daniel
On 25/03/2019 - 15:52:27, Daniel P. Berrange wrote: > On Mon, Mar 25, 2019 at 04:25:19PM +0100, Marc-André Lureau wrote: > > Hi > > > > On Mon, Mar 25, 2019 at 3:07 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > > > > > Most of the seccomp functions return errnos as a negative return > > > value. The code is currently ignoring these and reporting a generic > > > error message for all seccomp failure scenarios making debugging > > > painful. Report a more precise error from each failed call and include > > > errno if it is available. > > > > > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > > > > Is this for 4.0? Eligible imho. > > I don't really mind either way. Patch looks good. Acked-by: Eduardo Otubo <otubo@redhat.com> > > > > > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > > > > > --- > > > qemu-seccomp.c | 20 +++++++++++++------- > > > 1 file changed, 13 insertions(+), 7 deletions(-) > > > > > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > > > index 36d5829831..8daa9e0528 100644 > > > --- a/qemu-seccomp.c > > > +++ b/qemu-seccomp.c > > > @@ -138,21 +138,23 @@ static uint32_t qemu_seccomp_get_kill_action(void) > > > } > > > > > > > > > -static int seccomp_start(uint32_t seccomp_opts) > > > +static int seccomp_start(uint32_t seccomp_opts, Error **errp) > > > { > > > - int rc = 0; > > > + int rc = -1; > > > unsigned int i = 0; > > > scmp_filter_ctx ctx; > > > uint32_t action = qemu_seccomp_get_kill_action(); > > > > > > ctx = seccomp_init(SCMP_ACT_ALLOW); > > > if (ctx == NULL) { > > > - rc = -1; > > > + error_setg(errp, "failed to initialize seccomp context"); > > > goto seccomp_return; > > > } > > > > > > rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1); > > > if (rc != 0) { > > > + error_setg_errno(errp, -rc, > > > + "failed to set seccomp thread synchronization"); > > > goto seccomp_return; > > > } > > > > > > @@ -164,15 +166,21 @@ static int seccomp_start(uint32_t seccomp_opts) > > > rc = seccomp_rule_add_array(ctx, action, blacklist[i].num, > > > blacklist[i].narg, blacklist[i].arg_cmp); > > > if (rc < 0) { > > > + error_setg_errno(errp, -rc, > > > + "failed to add seccomp blacklist rules"); > > > goto seccomp_return; > > > } > > > } > > > > > > rc = seccomp_load(ctx); > > > + if (rc < 0) { > > > + error_setg_errno(errp, -rc, > > > + "failed to load seccomp syscall filter in kernel"); > > > + } > > > > > > seccomp_return: > > > seccomp_release(ctx); > > > - return rc; > > > + return rc < 0 ? -1 : 0; > > > } > > > > > > #ifdef CONFIG_SECCOMP > > > @@ -242,9 +250,7 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) > > > } > > > } > > > > > > - if (seccomp_start(seccomp_opts) < 0) { > > > - error_setg(errp, "failed to install seccomp syscall filter " > > > - "in the kernel"); > > > + if (seccomp_start(seccomp_opts, errp) < 0) { > > > return -1; > > > } > > > } > > > -- > > > 2.20.1 > > > > > > > > > > > > -- > > Marc-André Lureau > > Regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 36d5829831..8daa9e0528 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -138,21 +138,23 @@ static uint32_t qemu_seccomp_get_kill_action(void) } -static int seccomp_start(uint32_t seccomp_opts) +static int seccomp_start(uint32_t seccomp_opts, Error **errp) { - int rc = 0; + int rc = -1; unsigned int i = 0; scmp_filter_ctx ctx; uint32_t action = qemu_seccomp_get_kill_action(); ctx = seccomp_init(SCMP_ACT_ALLOW); if (ctx == NULL) { - rc = -1; + error_setg(errp, "failed to initialize seccomp context"); goto seccomp_return; } rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1); if (rc != 0) { + error_setg_errno(errp, -rc, + "failed to set seccomp thread synchronization"); goto seccomp_return; } @@ -164,15 +166,21 @@ static int seccomp_start(uint32_t seccomp_opts) rc = seccomp_rule_add_array(ctx, action, blacklist[i].num, blacklist[i].narg, blacklist[i].arg_cmp); if (rc < 0) { + error_setg_errno(errp, -rc, + "failed to add seccomp blacklist rules"); goto seccomp_return; } } rc = seccomp_load(ctx); + if (rc < 0) { + error_setg_errno(errp, -rc, + "failed to load seccomp syscall filter in kernel"); + } seccomp_return: seccomp_release(ctx); - return rc; + return rc < 0 ? -1 : 0; } #ifdef CONFIG_SECCOMP @@ -242,9 +250,7 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) } } - if (seccomp_start(seccomp_opts) < 0) { - error_setg(errp, "failed to install seccomp syscall filter " - "in the kernel"); + if (seccomp_start(seccomp_opts, errp) < 0) { return -1; } }
Most of the seccomp functions return errnos as a negative return value. The code is currently ignoring these and reporting a generic error message for all seccomp failure scenarios making debugging painful. Report a more precise error from each failed call and include errno if it is available. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- qemu-seccomp.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-)