On Tue, Aug 8, 2023 at 9:54 PM Xiangyu Chen <[email protected]> wrote: > > Hi Bruce, > > > On 8/9/23 02:30, Bruce Ashfield wrote: > > CAUTION: This email comes from a non Wind River email account! > > Do not click links or open attachments unless you recognize the sender and > > know the content is safe. > > > > In message: [linux-yocto][yocto-kernel-cache][yocto-6.1][PATCH 0/1] > > proposal to disable CONFIG_OABI_COMPAT on arm platform > > on 04/08/2023 Xiangyu Chen wrote: > > > >> From: Xiangyu Chen <[email protected]> > >> > >> > >> Hi Bruce, > >> > >> Recently, we found that the audit tool cannot work correctly on qemuarm > >> platform unless we > >> disable the CONFIG_OABI_COMPAT option. > > What exactly is the issue ? Are some of the syscalls not available ? > > or some structure differences ? > > Yes, it causes syscalls unavailable. > > When the OABI_COMPAT enabled, the CONFIG_HAVE_ARCH_AUDITSYSCALL > > would be disabled due to it depends !OABI_COMPAT on ARM platform[1]. > > This also happens on seccomp filter features, it also required no > OABI_COMPAT[2]. > > > We can do a simple audit test on qemuarm with following steps: > > 1) add IMAGE_INSTALL:append = " audit auditd" to local.conf and build a > image, > > 2) boot up the image with qemu and add some test audit rules to > /etc/audit/audit.rules. > > 3) using "auditctl -R /etc/audit/audit.rules" to apply the rule, it > would return an error. > > Using strace to track the syscalls we can observe that some > command/rules cannot be > > supported by kernel: > > ... log ... > > sendto(3, [{nlmsg_len=1072, nlmsg_type=0x3f3 /* NLMSG_??? */, > nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=10, nlmsg_pid=0}, > "\x04\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00"...], > 1072, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 1072 > poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}]) > > recvfrom(3, [{nlmsg_len=1092, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, > nlmsg_seq=10, nlmsg_pid=529}, {error=-EINVAL, msg=[{nlmsg_len=1072, > nlmsg_type=0x3f3 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, > nlmsg_seq=10, nlmsg_pid=0}, > "\x04\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00"...]}], > 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, > nl_groups=00000000}, [12]) = 1092 > > write(2, "Error sending add rule data requ"..., 54Error sending add rule > data request (Invalid argument)) = 54
Can you send a v2 of the patch with this summary in the long log ? Bruce > > ... end of log ... > > > > [1] > https://github.com/torvalds/linux/commit/7a017721283d3fd011a41884fd8e99beae8fe831 > > [2] > https://github.com/torvalds/linux/commit/9170217510cd280c704966738e7c1660c8fa5cbd > > > Thanks, > > Xiangyu > > > > >> OABI_COMPAT is a backwards compatibility tool intended to support the old > >> Linux ARM ABI. Since > >> more and more platforms turned to EABI and some kernel features like > >> seccomp/audit cannot use > >> under OABI_COMPAT enabled, so proposal that to disable the > >> CONFIG_OABI_COMPAT option by default. > > That being said, I made that OABI change a LONG time ago, when we > > were switching from OABI to EABI. We can safely drop it by default > > at this point. > > > > I'd just like a more detailed log in the commit message, so we can > > track exactly what was breaking. > > > > Bruce > > > >> Thanks, > >> Xiangyu > >> > >> Xiangyu Chen (1): > >> disable CONFIG_OABI_COMPAT on arm platform > >> > >> arch/arm/arm.cfg | 2 -- > >> 1 file changed, 2 deletions(-) > >> > >> -- > >> 2.17.1 > >> > >> > >> -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#12946): https://lists.yoctoproject.org/g/linux-yocto/message/12946 Mute This Topic: https://lists.yoctoproject.org/mt/100541501/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/leave/6687884/21656/624485779/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
