So, s390x ptrace does allow to set the syscall and return code as long as it sets the return code at exit time.
However, when using seccomp SECCOMP_RET_TRACE, there is no possibility to change it at exit time (by doing a ptrace after SECCOMP_RET_TRACE stops the process). It only happens at entry time. Then, either the syscall or return value could be set. This is aggravated by the fact that when seccomp checks for an invalid syscall in order to skip executing it, it checks for int_code, which cannot be changed by ptrace. This is probably something that could be reviewed, however. Without the code change that led to this test regression, the test sets gpr[2] twice, once for the syscall number, then for the return value. That return value was being used later on as the return code as it was an invalid syscall number, which made the test accidentally work. Now, instead, ENOSYS is returned, and the test fails. One regression, however, that this patch causes (but not on 4.15), is that when seccomp returns failure because of a signal, the signal_restart should not be skipped, but it is. This causes a test (that we don't currently run) to fail on 5.4, but that is not a regression and has been like that on 5.4 since forever. Upstream has changed the entry code for a common code, which should not have this bug. That needs to be verified, though. Then, a different fix should be applied to our earlier kernels, like this one: @@ -905,7 +905,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) sd.args[5] = regs->gprs[7] & mask; if (__secure_computing(&sd) == -1) - goto skip; + return -1; } #endif /* CONFIG_SECCOMP */ Then, seccomp_bpf can be run just fine on 5.8, for example. 5.4 possibly needs one small fix for s390x to work, instead of the very large patchset I thought was needed. That would be: commit 4bae85b620dc1f7aa4d2338b923d9d9b394b58c4 Author: Sven Schnelle <sv...@linux.ibm.com> Date: Mon Mar 9 16:56:53 2020 +0100 selftests/seccomp: s390 shares the syscall and return value register s390 cannot set syscall number and reture code at the same time, so set the appropriate flag to indicate it. Signed-off-by: Sven Schnelle <sv...@linux.ibm.com> Signed-off-by: Vasily Gorbik <g...@linux.ibm.com> Which is the same that is likely needed for 4.15 to skip these tests. Cascardo. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1928522 Title: seccomp_bpf from ubuntu_kernel_selftests.seccomp in linux ADT test failure with linux/4.15.0-144.148 Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: New Status in linux source package in Focal: New Status in linux source package in Groovy: New Status in linux source package in Hirsute: Fix Released Status in linux source package in Impish: Fix Released Bug description: This is a scripted bug report about ADT failures while running linux tests for linux/4.15.0-144.148 on bionic. Whether this is caused by the dep8 tests of the tested source or the kernel has yet to be determined. Testing failed on: s390x: https://autopkgtest.ubuntu.com/results/autopkgtest-bionic/bionic/s390x/l/linux/20210514_022345_e6f3c@/log.gz To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928522/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp