poky/meta/recipes-devtools/pseudo/files/seccomp.patch - stefanberger/openbmc - Gitiles

 Pseudo changes the syscall access patterns which makes it incompatible with
 seccomp. Therefore intercept the seccomp syscall and alter it, pretending that
 seccomp was setup when in fact we do nothing. If we error as unsupported,
 utilities like file will exit with errors so we can't just disable it.

 Upstream-Status: Pending
 RP 2020/4/3
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

 It fails to compile pseudo-native on centos 7:

 | ports/linux/pseudo_wrappers.c: In function ‘prctl’:
 | ports/linux/pseudo_wrappers.c:129:14: error: ‘SECCOMP_SET_MODE_FILTER’ undeclared (first use in this function)
 |    if (cmd == SECCOMP_SET_MODE_FILTER) {
 |               ^

 Add macro guard for seccomp to avoid the failure.

 Signed-off-by: Kai Kang <kai.kang@windriver.com>

 Index: git/ports/linux/pseudo_wrappers.c
 ===================================================================
 --- git.orig/ports/linux/pseudo_wrappers.c
 +++ git/ports/linux/pseudo_wrappers.c
 @@ -57,6 +57,7 @@ int pseudo_capset(cap_user_header_t hdrp
  long
  syscall(long number, ...) {
  	long rc = -1;
 +	va_list ap;

  	if (!pseudo_check_wrappers() || !real_syscall) {
  		/* rc was initialized to the "failure" value */
 @@ -77,6 +78,20 @@ syscall(long number, ...) {
  	(void) number;
  #endif

 +#ifdef SYS_seccomp
 +	/* pseudo and seccomp are incompatible as pseudo uses different syscalls
 +	 * so pretend to enable seccomp but really do nothing */
 +	if (number == SYS_seccomp) {
 +		unsigned long cmd;
 +		va_start(ap, number);
 +		cmd = va_arg(ap, unsigned long);
 +		va_end(ap);
 +		if (cmd == SECCOMP_SET_MODE_FILTER) {
 +		    return 0;
 +		}
 +	}
 +#endif
 +
  	/* gcc magic to attempt to just pass these args to syscall. we have to
  	 * guess about the number of args; the docs discuss calling conventions
  	 * up to 7, so let's try that?
 @@ -92,3 +108,44 @@ static long wrap_syscall(long nr, va_lis
  	(void) ap;
  	return -1;
  }
 +
 +int
 +prctl(int option, ...) {
 +	int rc = -1;
 +	va_list ap;
 +
 +	if (!pseudo_check_wrappers() || !real_prctl) {
 +		/* rc was initialized to the "failure" value */
 +		pseudo_enosys("prctl");
 +		return rc;
 +	}
 +
 +#ifdef SECCOMP_SET_MODE_FILTER
 +	/* pseudo and seccomp are incompatible as pseudo uses different syscalls
 +	 * so pretend to enable seccomp but really do nothing */
 +	if (option == PR_SET_SECCOMP) {
 +		unsigned long cmd;
 +		va_start(ap, option);
 +		cmd = va_arg(ap, unsigned long);
 +		va_end(ap);
 +		if (cmd == SECCOMP_SET_MODE_FILTER) {
 +		    return 0;
 +		}
 +	}
 +#endif
 +
 +	/* gcc magic to attempt to just pass these args to prctl. we have to
 +	 * guess about the number of args; the docs discuss calling conventions
 +	 * up to 5, so let's try that?
 +	 */
 +	void *res = __builtin_apply((void (*)()) real_prctl, __builtin_apply_args(), sizeof(long) * 5);
 +	__builtin_return(res);
 +}
 +
 +/* unused.
 + */
 +static int wrap_prctl(int option, va_list ap) {
 +	(void) option;
 +	(void) ap;
 +	return -1;
 +}
 Index: git/ports/linux/guts/prctl.c
 ===================================================================
 --- /dev/null
 +++ git/ports/linux/guts/prctl.c
 @@ -0,0 +1,15 @@
 +/*
 + * Copyright (c) 2020 Richard Purdie
 + *
 + * SPDX-License-Identifier: LGPL-2.1-only
 + *
 + * int prctl(int option, ...)
 + *	int rc = -1;
 + */
 +
 +	/* we should never get here, prctl is hand-wrapped */
 +	rc = -1;
 +
 +/*	return rc;
 + * }
 + */
 Index: git/ports/linux/portdefs.h
 ===================================================================
 --- git.orig/ports/linux/portdefs.h
 +++ git/ports/linux/portdefs.h
 @@ -32,3 +32,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.0);

  #include <linux/capability.h>
  #include <sys/syscall.h>
 +#include <sys/prctl.h>
 +#include <linux/seccomp.h>
 Index: git/ports/linux/wrapfuncs.in
 ===================================================================
 --- git.orig/ports/linux/wrapfuncs.in
 +++ git/ports/linux/wrapfuncs.in
 @@ -56,3 +56,4 @@ int getgrent_r(struct group *gbuf, char
  int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /* real_func=pseudo_capset */
  long syscall(long nr, ...); /* hand_wrapped=1 */
  int renameat2(int olddirfd, const char *oldpath, int newdirfd, const char *newpath, unsigned int flags); /* flags=AT_SYMLINK_NOFOLLOW */
 +int prctl(int option, ...); /* hand_wrapped=1 */
	Pseudo changes the syscall access patterns which makes it incompatible with
	seccomp. Therefore intercept the seccomp syscall and alter it, pretending that
	seccomp was setup when in fact we do nothing. If we error as unsupported,
	utilities like file will exit with errors so we can't just disable it.

	Upstream-Status: Pending
	RP 2020/4/3
	Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

	It fails to compile pseudo-native on centos 7:

	\| ports/linux/pseudo_wrappers.c: In function ‘prctl’:
	\| ports/linux/pseudo_wrappers.c:129:14: error: ‘SECCOMP_SET_MODE_FILTER’ undeclared (first use in this function)
	\| if (cmd == SECCOMP_SET_MODE_FILTER) {
	\| ^

	Add macro guard for seccomp to avoid the failure.

	Signed-off-by: Kai Kang <kai.kang@windriver.com>

	Index: git/ports/linux/pseudo_wrappers.c
	===================================================================
	--- git.orig/ports/linux/pseudo_wrappers.c
	+++ git/ports/linux/pseudo_wrappers.c
	@@ -57,6 +57,7 @@ int pseudo_capset(cap_user_header_t hdrp
	long
	syscall(long number, ...) {
	long rc = -1;
	+ va_list ap;

	if (!pseudo_check_wrappers() \|\| !real_syscall) {
	/* rc was initialized to the "failure" value */
	@@ -77,6 +78,20 @@ syscall(long number, ...) {
	(void) number;
	#endif

	+#ifdef SYS_seccomp
	+ /* pseudo and seccomp are incompatible as pseudo uses different syscalls
	+ * so pretend to enable seccomp but really do nothing */
	+ if (number == SYS_seccomp) {
	+ unsigned long cmd;
	+ va_start(ap, number);
	+ cmd = va_arg(ap, unsigned long);
	+ va_end(ap);
	+ if (cmd == SECCOMP_SET_MODE_FILTER) {
	+ return 0;
	+ }
	+ }
	+#endif
	+
	/* gcc magic to attempt to just pass these args to syscall. we have to
	* guess about the number of args; the docs discuss calling conventions
	* up to 7, so let's try that?
	@@ -92,3 +108,44 @@ static long wrap_syscall(long nr, va_lis
	(void) ap;
	return -1;
	}
	+
	+int
	+prctl(int option, ...) {
	+ int rc = -1;
	+ va_list ap;
	+
	+ if (!pseudo_check_wrappers() \|\| !real_prctl) {
	+ /* rc was initialized to the "failure" value */
	+ pseudo_enosys("prctl");
	+ return rc;
	+ }
	+
	+#ifdef SECCOMP_SET_MODE_FILTER
	+ /* pseudo and seccomp are incompatible as pseudo uses different syscalls
	+ * so pretend to enable seccomp but really do nothing */
	+ if (option == PR_SET_SECCOMP) {
	+ unsigned long cmd;
	+ va_start(ap, option);
	+ cmd = va_arg(ap, unsigned long);
	+ va_end(ap);
	+ if (cmd == SECCOMP_SET_MODE_FILTER) {
	+ return 0;
	+ }
	+ }
	+#endif
	+
	+ /* gcc magic to attempt to just pass these args to prctl. we have to
	+ * guess about the number of args; the docs discuss calling conventions
	+ * up to 5, so let's try that?
	+ */
	+ void res = __builtin_apply((void ()()) real_prctl, __builtin_apply_args(), sizeof(long) * 5);
	+ __builtin_return(res);
	+}
	+
	+/* unused.
	+ */
	+static int wrap_prctl(int option, va_list ap) {
	+ (void) option;
	+ (void) ap;
	+ return -1;
	+}
	Index: git/ports/linux/guts/prctl.c
	===================================================================
	--- /dev/null
	+++ git/ports/linux/guts/prctl.c
	@@ -0,0 +1,15 @@
	+/*
	+ * Copyright (c) 2020 Richard Purdie
	+ *
	+ * SPDX-License-Identifier: LGPL-2.1-only
	+ *
	+ * int prctl(int option, ...)
	+ * int rc = -1;
	+ */
	+
	+ /* we should never get here, prctl is hand-wrapped */
	+ rc = -1;
	+
	+/* return rc;
	+ * }
	+ */
	Index: git/ports/linux/portdefs.h
	===================================================================
	--- git.orig/ports/linux/portdefs.h
	+++ git/ports/linux/portdefs.h
	@@ -32,3 +32,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.0);

	#include <linux/capability.h>
	#include <sys/syscall.h>
	+#include <sys/prctl.h>
	+#include <linux/seccomp.h>
	Index: git/ports/linux/wrapfuncs.in
	===================================================================
	--- git.orig/ports/linux/wrapfuncs.in
	+++ git/ports/linux/wrapfuncs.in
	@@ -56,3 +56,4 @@ int getgrent_r(struct group *gbuf, char
	int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /* real_func=pseudo_capset */
	long syscall(long nr, ...); /* hand_wrapped=1 */
	int renameat2(int olddirfd, const char oldpath, int newdirfd, const char newpath, unsigned int flags); /* flags=AT_SYMLINK_NOFOLLOW */
	+int prctl(int option, ...); /* hand_wrapped=1 */