[v2,3/4] syscalls/prctl04: Allow rt_sigprocmask in the syscall filter

Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork
implementation. To successfully call fork, rt_sigprocmask must be allowed
as well in the filter.

Signed-off-by: Tudor Cretu <tudor.cretu@arm.com>
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
---
 testcases/kernel/syscalls/prctl/prctl04.c | 1 +
 1 file changed, 1 insertion(+)

Hi Tudor,

> Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork
> implementation. To successfully call fork, rt_sigprocmask must be allowed
> as well in the filter.

When tested on lastest update Alpine with 1.2.3 it in both cases fails:

prctl04.c:205: TPASS: SECCOMP_MODE_FILTER doesn't permit exit()
prctl04.c:207: TFAIL: SECCOMP_MODE_FILTER doesn't permit exit()

What can be wrong?

@Yang Xu: Also this test (written in new API) should use tst_reinit()
https://lore.kernel.org/ltp/70476626-2c7a-fcd6-4cf4-de7cbd572f99@fujitsu.com/T/#mb3e34713dd15f2050ec2dc01615fefb7ee66c880

Kind regards,
Petr

Hi!
> > Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork
> > implementation. To successfully call fork, rt_sigprocmask must be allowed
> > as well in the filter.
> 
> When tested on lastest update Alpine with 1.2.3 it in both cases fails:
> 
> prctl04.c:205: TPASS: SECCOMP_MODE_FILTER doesn't permit exit()
> prctl04.c:207: TFAIL: SECCOMP_MODE_FILTER doesn't permit exit()
>
> What can be wrong?

And does the test work without the patch?

As far as I can tell the change to the bpf is correct and shouldn't
affect anything, it just allows one more syscall to be called.

Hi Petr,

On 23-08-2022 10:41, Petr Vorel wrote:
> Hi Tudor,
>
>> Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork
>> implementation. To successfully call fork, rt_sigprocmask must be allowed
>> as well in the filter.
>
> When tested on lastest update Alpine with 1.2.3 it in both cases fails:
>
> prctl04.c:205: TPASS: SECCOMP_MODE_FILTER doesn't permit exit()
> prctl04.c:207: TFAIL: SECCOMP_MODE_FILTER doesn't permit exit()

Sorry, I am not sure I understand. Which are the both cases in which the
test fails? I am also using Musl 1.2.3 and the test passes for me on
BusyBox (both x86_64 and AArch64). I don't have an Alpine environment,
and I am having issues with docker and seccomp, so I am not able to test
on Alpine yet.

Kind regards,
Tudor

>
> What can be wrong?
>
> @Yang Xu: Also this test (written in new API) should use tst_reinit()
> https://lore.kernel.org/ltp/70476626-2c7a-fcd6-4cf4-de7cbd572f99@fujitsu.com/T/#mb3e34713dd15f2050ec2dc01615fefb7ee66c880
>
> Kind regards,
> Petr
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Hi Tudor, all,

> Hi Petr,

> On 23-08-2022 10:41, Petr Vorel wrote:
> > Hi Tudor,

> > > Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork
> > > implementation. To successfully call fork, rt_sigprocmask must be allowed
> > > as well in the filter.

> > When tested on lastest update Alpine with 1.2.3 it in both cases fails:

> > prctl04.c:205: TPASS: SECCOMP_MODE_FILTER doesn't permit exit()
> > prctl04.c:207: TFAIL: SECCOMP_MODE_FILTER doesn't permit exit()

> Sorry, I am not sure I understand. Which are the both cases in which the
> test fails? I am also using Musl 1.2.3 and the test passes for me on
> BusyBox (both x86_64 and AArch64). I don't have an Alpine environment,
> and I am having issues with docker and seccomp, so I am not able to test
> on Alpine yet.

I'm sorry I wasn't clear: on Alpine distro (which uses musl libc) it fails
without this patch *and* with it (i.e. patch does not fixes it).
But as you report that it fixes it on musl 1.2.3, I guess it's some Alpine
specific bug, I merged it.

Thanks!

Kind regards,
Petr

> Kind regards,
> Tudor