diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-04-13 21:39:40 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-05-05 16:30:44 +0300 |
commit | 82c905dc58a36aeae40b1b273a12f63fb1973cf4 (patch) | |
tree | 38caf00263451b5036435cdc36e035b25d32e623 /poky/meta/recipes-devtools/pseudo/files/seccomp.patch | |
parent | 83ecb75644b3d677c274188f9ac0b2374d6f6925 (diff) | |
download | openbmc-82c905dc58a36aeae40b1b273a12f63fb1973cf4.tar.xz |
meta-openembedded and poky: subtree updates
Squash of the following due to dependencies among them
and OpenBMC changes:
meta-openembedded: subtree update:d0748372d2..9201611135
meta-openembedded: subtree update:9201611135..17fd382f34
poky: subtree update:9052e5b32a..2e11d97b6c
poky: subtree update:2e11d97b6c..a8544811d7
The change log was too large for the jenkins plugin
to handle therefore it has been removed. Here is
the first and last commit of each subtree:
meta-openembedded:d0748372d2
cppzmq: bump to version 4.6.0
meta-openembedded:17fd382f34
mpv: Remove X11 dependency
poky:9052e5b32a
package_ipk: Remove pointless comment to trigger rebuild
poky:a8544811d7
pbzip2: Fix license warning
Change-Id: If0fc6c37629642ee207a4ca2f7aa501a2c673cd6
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta/recipes-devtools/pseudo/files/seccomp.patch')
-rw-r--r-- | poky/meta/recipes-devtools/pseudo/files/seccomp.patch | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/pseudo/files/seccomp.patch b/poky/meta/recipes-devtools/pseudo/files/seccomp.patch new file mode 100644 index 000000000..283f99794 --- /dev/null +++ b/poky/meta/recipes-devtools/pseudo/files/seccomp.patch @@ -0,0 +1,137 @@ +Pseudo changes the syscall access patterns which makes it incompatible with +seccomp. Therefore intercept the seccomp syscall and alter it, pretending that +seccomp was setup when in fact we do nothing. If we error as unsupported, +utilities like file will exit with errors so we can't just disable it. + +Upstream-Status: Pending +RP 2020/4/3 +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +It fails to compile pseudo-native on centos 7: + +| ports/linux/pseudo_wrappers.c: In function ‘prctl’: +| ports/linux/pseudo_wrappers.c:129:14: error: ‘SECCOMP_SET_MODE_FILTER’ undeclared (first use in this function) +| if (cmd == SECCOMP_SET_MODE_FILTER) { +| ^ + +Add macro guard for seccomp to avoid the failure. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Index: git/ports/linux/pseudo_wrappers.c +=================================================================== +--- git.orig/ports/linux/pseudo_wrappers.c ++++ git/ports/linux/pseudo_wrappers.c +@@ -57,6 +57,7 @@ int pseudo_capset(cap_user_header_t hdrp + long + syscall(long number, ...) { + long rc = -1; ++ va_list ap; + + if (!pseudo_check_wrappers() || !real_syscall) { + /* rc was initialized to the "failure" value */ +@@ -77,6 +78,20 @@ syscall(long number, ...) { + (void) number; + #endif + ++#ifdef SYS_seccomp ++ /* pseudo and seccomp are incompatible as pseudo uses different syscalls ++ * so pretend to enable seccomp but really do nothing */ ++ if (number == SYS_seccomp) { ++ unsigned long cmd; ++ va_start(ap, number); ++ cmd = va_arg(ap, unsigned long); ++ va_end(ap); ++ if (cmd == SECCOMP_SET_MODE_FILTER) { ++ return 0; ++ } ++ } ++#endif ++ + /* gcc magic to attempt to just pass these args to syscall. we have to + * guess about the number of args; the docs discuss calling conventions + * up to 7, so let's try that? +@@ -92,3 +108,44 @@ static long wrap_syscall(long nr, va_lis + (void) ap; + return -1; + } ++ ++int ++prctl(int option, ...) { ++ int rc = -1; ++ va_list ap; ++ ++ if (!pseudo_check_wrappers() || !real_prctl) { ++ /* rc was initialized to the "failure" value */ ++ pseudo_enosys("prctl"); ++ return rc; ++ } ++ ++#ifdef SECCOMP_SET_MODE_FILTER ++ /* pseudo and seccomp are incompatible as pseudo uses different syscalls ++ * so pretend to enable seccomp but really do nothing */ ++ if (option == PR_SET_SECCOMP) { ++ unsigned long cmd; ++ va_start(ap, option); ++ cmd = va_arg(ap, unsigned long); ++ va_end(ap); ++ if (cmd == SECCOMP_SET_MODE_FILTER) { ++ return 0; ++ } ++ } ++#endif ++ ++ /* gcc magic to attempt to just pass these args to prctl. we have to ++ * guess about the number of args; the docs discuss calling conventions ++ * up to 5, so let's try that? ++ */ ++ void *res = __builtin_apply((void (*)()) real_prctl, __builtin_apply_args(), sizeof(long) * 5); ++ __builtin_return(res); ++} ++ ++/* unused. ++ */ ++static int wrap_prctl(int option, va_list ap) { ++ (void) option; ++ (void) ap; ++ return -1; ++} +Index: git/ports/linux/guts/prctl.c +=================================================================== +--- /dev/null ++++ git/ports/linux/guts/prctl.c +@@ -0,0 +1,15 @@ ++/* ++ * Copyright (c) 2020 Richard Purdie ++ * ++ * SPDX-License-Identifier: LGPL-2.1-only ++ * ++ * int prctl(int option, ...) ++ * int rc = -1; ++ */ ++ ++ /* we should never get here, prctl is hand-wrapped */ ++ rc = -1; ++ ++/* return rc; ++ * } ++ */ +Index: git/ports/linux/portdefs.h +=================================================================== +--- git.orig/ports/linux/portdefs.h ++++ git/ports/linux/portdefs.h +@@ -32,3 +32,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.0); + + #include <linux/capability.h> + #include <sys/syscall.h> ++#include <sys/prctl.h> ++#include <linux/seccomp.h> +Index: git/ports/linux/wrapfuncs.in +=================================================================== +--- git.orig/ports/linux/wrapfuncs.in ++++ git/ports/linux/wrapfuncs.in +@@ -56,3 +56,4 @@ int getgrent_r(struct group *gbuf, char + int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /* real_func=pseudo_capset */ + long syscall(long nr, ...); /* hand_wrapped=1 */ + int renameat2(int olddirfd, const char *oldpath, int newdirfd, const char *newpath, unsigned int flags); /* flags=AT_SYMLINK_NOFOLLOW */ ++int prctl(int option, ...); /* hand_wrapped=1 */ |