[Bug 1928522] Re: seccomp_bpf from ubuntu_kernel_selftests.seccomp in linux ADT test failure with linux/4.15.0-144.148

2021-05-19 Thread Thadeu Lima de Souza Cascardo 
So, s390x ptrace does allow to set the syscall and return code as long
as it sets the return code at exit time.

However, when using seccomp SECCOMP_RET_TRACE, there is no possibility
to change it at exit time (by doing a ptrace after SECCOMP_RET_TRACE
stops the process). It only happens at entry time. Then, either the
syscall or return value could be set. This is aggravated by the fact
that when seccomp checks for an invalid syscall in order to skip
executing it, it checks for int_code, which cannot be changed by ptrace.
This is probably something that could be reviewed, however.

Without the code change that led to this test regression, the test sets
gpr[2] twice, once for the syscall number, then for the return value.
That return value was being used later on as the return code as it was
an invalid syscall number, which made the test accidentally work.

Now, instead, ENOSYS is returned, and the test fails.

One regression, however, that this patch causes (but not on 4.15), is
that when seccomp returns failure because of a signal, the
signal_restart should not be skipped, but it is. This causes a test
(that we don't currently run) to fail on 5.4, but that is not a
regression and has been like that on 5.4 since forever.

Upstream has changed the entry code for a common code, which should not
have this bug. That needs to be verified, though. Then, a different fix
should be applied to our earlier kernels, like this one:

@@ -905,7 +905,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
sd.args[5] = regs->gprs[7] & mask;
 
if (__secure_computing(&sd) == -1)
-   goto skip;
+   return -1;
}
 #endif /* CONFIG_SECCOMP */

Then, seccomp_bpf can be run just fine on 5.8, for example. 5.4 possibly
needs one small fix for s390x to work, instead of the very large
patchset I thought was needed.

That would be:
commit 4bae85b620dc1f7aa4d2338b923d9d9b394b58c4
Author: Sven Schnelle 
Date:   Mon Mar 9 16:56:53 2020 +0100

selftests/seccomp: s390 shares the syscall and return value register

s390 cannot set syscall number and reture code at the same time,
so set the appropriate flag to indicate it.

Signed-off-by: Sven Schnelle 
Signed-off-by: Vasily Gorbik 

Which is the same that is likely needed for 4.15 to skip these tests.

Cascardo.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928522

Title:
  seccomp_bpf from ubuntu_kernel_selftests.seccomp in linux ADT test
  failure with linux/4.15.0-144.148

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928522/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1928522] Re: seccomp_bpf from ubuntu_kernel_selftests.seccomp in linux ADT test failure with linux/4.15.0-144.148

2021-05-17 Thread Thadeu Lima de Souza Cascardo 
01:54:40 ERROR| [stderr] 
seccomp_bpf.c:1902:TRACE_syscall.syscall_faked:Expected 45000 (45000) == 
syscall(236) (18446744073709551615)
01:54:40 ERROR| [stderr] TRACE_syscall.syscall_faked: Test failed at step #11

This fails after the fix for LP: #1895132. However, this is not a
regression. s390x ptrace does not support changing the syscall return
code and the other way was not expected by strace (so tests for that one
were failing).

We have not been running this test on s390x since after 4.18. After an
effort to get that fixed on ppc64el (because it also has some different
behaviors, like only able to set syscall return code at exit time),
there was some restructure of the test.

Applying that patchset would allow us to get s390x test back to work on
4.15 kernels, and also start running it on 5.4 and later kernels.

Cascardo.

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Groovy)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Hirsute)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Impish)
   Importance: Undecided
   Status: Incomplete

** Changed in: linux (Ubuntu Impish)
   Status: Incomplete => Fix Released

** Changed in: linux (Ubuntu Hirsute)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928522

Title:
  seccomp_bpf from ubuntu_kernel_selftests.seccomp in linux ADT test
  failure with linux/4.15.0-144.148

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928522/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs