Message ID | 20220822113919.196953-4-tudor.cretu@arm.com |
---|---|
State | Accepted |
Headers | show |
Series | syscalls: Fix various syscall tests when compiled with Musl | expand |
Hi Tudor, > Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork > implementation. To successfully call fork, rt_sigprocmask must be allowed > as well in the filter. When tested on lastest update Alpine with 1.2.3 it in both cases fails: prctl04.c:205: TPASS: SECCOMP_MODE_FILTER doesn't permit exit() prctl04.c:207: TFAIL: SECCOMP_MODE_FILTER doesn't permit exit() What can be wrong? @Yang Xu: Also this test (written in new API) should use tst_reinit() https://lore.kernel.org/ltp/70476626-2c7a-fcd6-4cf4-de7cbd572f99@fujitsu.com/T/#mb3e34713dd15f2050ec2dc01615fefb7ee66c880 Kind regards, Petr
Hi! > > Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork > > implementation. To successfully call fork, rt_sigprocmask must be allowed > > as well in the filter. > > When tested on lastest update Alpine with 1.2.3 it in both cases fails: > > prctl04.c:205: TPASS: SECCOMP_MODE_FILTER doesn't permit exit() > prctl04.c:207: TFAIL: SECCOMP_MODE_FILTER doesn't permit exit() > > What can be wrong? And does the test work without the patch? As far as I can tell the change to the bpf is correct and shouldn't affect anything, it just allows one more syscall to be called.
Hi Petr, On 23-08-2022 10:41, Petr Vorel wrote: > Hi Tudor, > >> Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork >> implementation. To successfully call fork, rt_sigprocmask must be allowed >> as well in the filter. > > When tested on lastest update Alpine with 1.2.3 it in both cases fails: > > prctl04.c:205: TPASS: SECCOMP_MODE_FILTER doesn't permit exit() > prctl04.c:207: TFAIL: SECCOMP_MODE_FILTER doesn't permit exit() Sorry, I am not sure I understand. Which are the both cases in which the test fails? I am also using Musl 1.2.3 and the test passes for me on BusyBox (both x86_64 and AArch64). I don't have an Alpine environment, and I am having issues with docker and seccomp, so I am not able to test on Alpine yet. Kind regards, Tudor > > What can be wrong? > > @Yang Xu: Also this test (written in new API) should use tst_reinit() > https://lore.kernel.org/ltp/70476626-2c7a-fcd6-4cf4-de7cbd572f99@fujitsu.com/T/#mb3e34713dd15f2050ec2dc01615fefb7ee66c880 > > Kind regards, > Petr IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Tudor, all, > Hi Petr, > On 23-08-2022 10:41, Petr Vorel wrote: > > Hi Tudor, > > > Some libcs (e.g. Musl) call rt_sigprocmask as part of their fork > > > implementation. To successfully call fork, rt_sigprocmask must be allowed > > > as well in the filter. > > When tested on lastest update Alpine with 1.2.3 it in both cases fails: > > prctl04.c:205: TPASS: SECCOMP_MODE_FILTER doesn't permit exit() > > prctl04.c:207: TFAIL: SECCOMP_MODE_FILTER doesn't permit exit() > Sorry, I am not sure I understand. Which are the both cases in which the > test fails? I am also using Musl 1.2.3 and the test passes for me on > BusyBox (both x86_64 and AArch64). I don't have an Alpine environment, > and I am having issues with docker and seccomp, so I am not able to test > on Alpine yet. I'm sorry I wasn't clear: on Alpine distro (which uses musl libc) it fails without this patch *and* with it (i.e. patch does not fixes it). But as you report that it fixes it on musl 1.2.3, I guess it's some Alpine specific bug, I merged it. Thanks! Kind regards, Petr > Kind regards, > Tudor
diff --git a/testcases/kernel/syscalls/prctl/prctl04.c b/testcases/kernel/syscalls/prctl/prctl04.c index 1cc19bbd3..2f7e9a1ac 100644 --- a/testcases/kernel/syscalls/prctl/prctl04.c +++ b/testcases/kernel/syscalls/prctl/prctl04.c @@ -45,6 +45,7 @@ static const struct sock_filter strict_filter[] = { BPF_STMT(BPF_LD | BPF_W | BPF_ABS, (offsetof(struct seccomp_data, nr))), + BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_rt_sigprocmask, 6, 0), BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_close, 5, 0), BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_exit, 4, 0), BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_wait4, 3, 0),