ubuntu-kernel-tests

Bug #1928522
Comment #3

Comment 3 for bug 1928522

Revision history for this message

Thadeu Lima de Souza Cascardo (cascardo) wrote on 2021-05-20: Re: seccomp_bpf from ubuntu_kernel_selftests.seccomp in linux ADT test failure with linux/4.15.0-144.148

So, s390x ptrace does allow to set the syscall and return code as long as it sets the return code at exit time.

However, when using seccomp SECCOMP_RET_TRACE, there is no possibility to change it at exit time (by doing a ptrace after SECCOMP_RET_TRACE stops the process). It only happens at entry time. Then, either the syscall or return value could be set. This is aggravated by the fact that when seccomp checks for an invalid syscall in order to skip executing it, it checks for int_code, which cannot be changed by ptrace. This is probably something that could be reviewed, however.

Without the code change that led to this test regression, the test sets gpr[2] twice, once for the syscall number, then for the return value. That return value was being used later on as the return code as it was an invalid syscall number, which made the test accidentally work.

Now, instead, ENOSYS is returned, and the test fails.

One regression, however, that this patch causes (but not on 4.15), is that when seccomp returns failure because of a signal, the signal_restart should not be skipped, but it is. This causes a test (that we don't currently run) to fail on 5.4, but that is not a regression and has been like that on 5.4 since forever.

Upstream has changed the entry code for a common code, which should not have this bug. That needs to be verified, though. Then, a different fix should be applied to our earlier kernels, like this one:

@@ -905,7 +905,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
sd.args[5] = regs->gprs[7] & mask;

if (__secure_computing(&sd) == -1)
- goto skip;
+ return -1;
}
#endif /* CONFIG_SECCOMP */

Then, seccomp_bpf can be run just fine on 5.8, for example. 5.4 possibly needs one small fix for s390x to work, instead of the very large patchset I thought was needed.

That would be:
commit 4bae85b620dc1f7aa4d2338b923d9d9b394b58c4
Author: Sven Schnelle <email address hidden>
Date: Mon Mar 9 16:56:53 2020 +0100

selftests/seccomp: s390 shares the syscall and return value register

s390 cannot set syscall number and reture code at the same time,
so set the appropriate flag to indicate it.

Signed-off-by: Sven Schnelle <email address hidden>
Signed-off-by: Vasily Gorbik <email address hidden>

Which is the same that is likely needed for 4.15 to skip these tests.

Cascardo.

So, s390x ptrace does allow to set the syscall and return code as long as it sets the return code at exit time.

Now, instead, ENOSYS is returned, and the test fails.

@@ -905,7 +905,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
                sd.args[5] = regs->gprs[7] & mask;
 
                if (__secure_computing(&sd) == -1)
-                       goto skip;
+                       return -1;
        }
 #endif /* CONFIG_SECCOMP */

Then, seccomp_bpf can be run just fine on 5.8, for example. 5.4 possibly needs one small fix for s390x to work, instead of the very large patchset I thought was needed.

That would be:
commit 4bae85b620dc1f7aa4d2338b923d9d9b394b58c4
Author: Sven Schnelle <svens@linux.ibm.com>
Date:   Mon Mar 9 16:56:53 2020 +0100

selftests/seccomp: s390 shares the syscall and return value register
    
    s390 cannot set syscall number and reture code at the same time,
    so set the appropriate flag to indicate it.
    
    Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
    Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

Which is the same that is likely needed for 4.15 to skip these tests.

Cascardo.