Commit 6eb115965e0e9db98c6a9143559b719996480b0b - libseccomp

Cherry-pick patch from the 2.5 branch to fix test error on mips Felix Geyer 3 years ago

3 changed file(s) with 173 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all

-0

debian/changelog less more

	0	libseccomp (2.5.0-3) UNRELEASED; urgency=medium
	1
	2	* Cherry-pick patch from the 2.5 branch to fix test error on mips:
	3	- arch_ensure_we_dont_munge_pseudo_syscall_numbers.patch
	4
	5	-- Felix Geyer <fgeyer@debian.org> Sun, 08 Nov 2020 18:16:17 +0100
	6
0	7	libseccomp (2.5.0-2) unstable; urgency=medium
1	8
2	9	* Upload to unstable.

+165

-0

debian/patches/arch_ensure_we_dont_munge_pseudo_syscall_numbers.patch less more

	0	From d1482eaf5a3643f73bc7f599876e7000c502b3d5 Mon Sep 17 00:00:00 2001
	1	From: Paul Moore <paul@paul-moore.com>
	2	Date: Sun, 16 Aug 2020 09:56:36 -0400
	3	Subject: [PATCH] arch: ensure we don't "munge" pseudo syscall numbers
	4
	5	A number of arches/ABIs have either syscall offsets (the MIPS
	6	family) or specific bits (x32) which are applied to their normal
	7	syscall numbers. We generally handle that via "munging" in
	8	libseccomp, and it works reasonably well. Unfortunately we were
	9	applying this munging process to the negative pseudo syscall
	10	numbers as well and this was causing problems.
	11
	12	This patch fixes the various offset/bit arches/ABIs by not applying
	13	the munging to the negative pseudo syscall numbers.
	14
	15	This resolves GH issue #284:
	16	* https://github.com/seccomp/libseccomp/issues/284
	17
	18	Reported-by: Harald van Dijk <harald@gigawatt.nl>
	19	Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
	20	Signed-off-by: Paul Moore <paul@paul-moore.com>
	21	(imported from commit 34cde704979defcbddb8eea64295acf0e477c250)
	22	---
	23	src/arch-arm.c \| 8 ++++++--
	24	src/arch-mips.c \| 8 ++++++--
	25	src/arch-mips64.c \| 8 ++++++--
	26	src/arch-mips64n32.c \| 8 ++++++--
	27	src/arch-x32.c \| 8 ++++++--
	28	5 files changed, 30 insertions(+), 10 deletions(-)
	29
	30	diff --git a/src/arch-arm.c b/src/arch-arm.c
	31	index 4dd4b631..9c9153ae 100644
	32	--- a/src/arch-arm.c
	33	+++ b/src/arch-arm.c
	34	@@ -50,8 +50,9 @@ int arm_syscall_resolve_name_munge(const char *name)
	35	{
	36	int sys;
	37
	38	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	39	sys = arm_syscall_resolve_name(name);
	40	- if (sys == __NR_SCMP_ERROR)
	41	+ if (sys == __NR_SCMP_ERROR \|\| sys < 0)
	42	return sys;
	43
	44	return (sys \| __SCMP_NR_BASE);
	45	@@ -68,7 +69,10 @@ int arm_syscall_resolve_name_munge(const char *name)
	46	*/
	47	const char *arm_syscall_resolve_num_munge(int num)
	48	{
	49	- return arm_syscall_resolve_num(num & (~__SCMP_NR_BASE));
	50	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	51	+ if (num >= 0)
	52	+ num &= ~__SCMP_NR_BASE;
	53	+ return arm_syscall_resolve_num(num);
	54	}
	55
	56	const struct arch_def arch_def_arm = {
	57	diff --git a/src/arch-mips.c b/src/arch-mips.c
	58	index f0e6a143..06741c7f 100644
	59	--- a/src/arch-mips.c
	60	+++ b/src/arch-mips.c
	61	@@ -43,8 +43,9 @@ int mips_syscall_resolve_name_munge(const char *name)
	62	{
	63	int sys;
	64
	65	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	66	sys = mips_syscall_resolve_name(name);
	67	- if (sys == __NR_SCMP_ERROR)
	68	+ if (sys == __NR_SCMP_ERROR \|\| sys < 0)
	69	return sys;
	70
	71	return sys + __SCMP_NR_BASE;
	72	@@ -61,7 +62,10 @@ int mips_syscall_resolve_name_munge(const char *name)
	73	*/
	74	const char *mips_syscall_resolve_num_munge(int num)
	75	{
	76	- return mips_syscall_resolve_num(num - __SCMP_NR_BASE);
	77	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	78	+ if (num >= __SCMP_NR_BASE)
	79	+ num -= __SCMP_NR_BASE;
	80	+ return mips_syscall_resolve_num(num);
	81	}
	82
	83	const struct arch_def arch_def_mips = {
	84	diff --git a/src/arch-mips64.c b/src/arch-mips64.c
	85	index 9707d1c5..342d0d88 100644
	86	--- a/src/arch-mips64.c
	87	+++ b/src/arch-mips64.c
	88	@@ -41,8 +41,9 @@ int mips64_syscall_resolve_name_munge(const char *name)
	89	{
	90	int sys;
	91
	92	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	93	sys = mips64_syscall_resolve_name(name);
	94	- if (sys == __NR_SCMP_ERROR)
	95	+ if (sys == __NR_SCMP_ERROR \|\| sys < 0)
	96	return sys;
	97
	98	return sys + __SCMP_NR_BASE;
	99	@@ -59,7 +60,10 @@ int mips64_syscall_resolve_name_munge(const char *name)
	100	*/
	101	const char *mips64_syscall_resolve_num_munge(int num)
	102	{
	103	- return mips64_syscall_resolve_num(num - __SCMP_NR_BASE);
	104	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	105	+ if (num >= __SCMP_NR_BASE)
	106	+ num -= __SCMP_NR_BASE;
	107	+ return mips64_syscall_resolve_num(num);
	108	}
	109
	110	const struct arch_def arch_def_mips64 = {
	111	diff --git a/src/arch-mips64n32.c b/src/arch-mips64n32.c
	112	index f8088aee..098864be 100644
	113	--- a/src/arch-mips64n32.c
	114	+++ b/src/arch-mips64n32.c
	115	@@ -43,8 +43,9 @@ int mips64n32_syscall_resolve_name_munge(const char *name)
	116	{
	117	int sys;
	118
	119	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	120	sys = mips64n32_syscall_resolve_name(name);
	121	- if (sys == __NR_SCMP_ERROR)
	122	+ if (sys == __NR_SCMP_ERROR \|\| sys < 0)
	123	return sys;
	124
	125	return sys + __SCMP_NR_BASE;
	126	@@ -61,7 +62,10 @@ int mips64n32_syscall_resolve_name_munge(const char *name)
	127	*/
	128	const char *mips64n32_syscall_resolve_num_munge(int num)
	129	{
	130	- return mips64n32_syscall_resolve_num(num - __SCMP_NR_BASE);
	131	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	132	+ if (num >= __SCMP_NR_BASE)
	133	+ num -= __SCMP_NR_BASE;
	134	+ return mips64n32_syscall_resolve_num(num);
	135	}
	136
	137	const struct arch_def arch_def_mips64n32 = {
	138	diff --git a/src/arch-x32.c b/src/arch-x32.c
	139	index 38909681..50c502ee 100644
	140	--- a/src/arch-x32.c
	141	+++ b/src/arch-x32.c
	142	@@ -39,8 +39,9 @@ int x32_syscall_resolve_name_munge(const char *name)
	143	{
	144	int sys;
	145
	146	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	147	sys = x32_syscall_resolve_name(name);
	148	- if (sys == __NR_SCMP_ERROR)
	149	+ if (sys == __NR_SCMP_ERROR \|\| sys < 0)
	150	return sys;
	151
	152	return (sys \| X32_SYSCALL_BIT);
	153	@@ -57,7 +58,10 @@ int x32_syscall_resolve_name_munge(const char *name)
	154	*/
	155	const char *x32_syscall_resolve_num_munge(int num)
	156	{
	157	- return x32_syscall_resolve_num(num & (~X32_SYSCALL_BIT));
	158	+ /* NOTE: we don't want to modify the pseudo-syscall numbers */
	159	+ if (num >= 0)
	160	+ num &= ~X32_SYSCALL_BIT;
	161	+ return x32_syscall_resolve_num(num);
	162	}
	163
	164	const struct arch_def arch_def_x32 = {

-0

debian/patches/series less more

1	1	system_change_our_notification_fd_handling.patch
2	2	build_undefine_mips_to_prevent_build_problems.patch
3	3	tests_use_openat_and_fstat_instead_of_open_and_stat_syscalls.patch
	4	arch_ensure_we_dont_munge_pseudo_syscall_numbers.patch