Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Hi Am 21.08.20 um 10:18 schrieb Aurelien Jarno: > Please note that a modified patch with #ifdef hackery to support older > libseccomp versions has been merged upstream. Just seen that. Thanks for the heads up. Will pull that into the next upload (probably later today) Regards, Michael signature.asc Description: OpenPGP digital signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
On 2020-03-20 19:35, Michael Biebl wrote: > Am 20.03.20 um 19:21 schrieb Michael Biebl: > > Am 20.03.20 um 17:49 schrieb Aurelien Jarno: > >> So you were right that there are way more things to change than my > >> initial patch. I came up with the attached patch. With it I confirm that > > > > Thanks. I've forwarded it as > > https://github.com/systemd/systemd/pull/15176 > > > > Hm, CI is not too happy about this change: > > E.g. > > https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic-upstream-systemd-ci-systemd-ci/bionic/amd64/s/systemd-upstream/20200320_182434_e119c@/log.gz > > > ../src/shared/seccomp-util.c: In function ‘seccomp_arch_to_string’: > ../src/shared/seccomp-util.c:136:14: error: ‘SCMP_ARCH_RISCV64’ > undeclared (first use in this function); did you mean ‘SCMP_ARCH_PARISC64’? > case SCMP_ARCH_RISCV64: > ^ > > I guess we need a libseccomp >= 2.4.0 > meson.build currently has 2.3.1 as min version. Please note that a modified patch with #ifdef hackery to support older libseccomp versions has been merged upstream. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net signature.asc Description: PGP signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Hi, On 2020-04-02 12:10, Michael Biebl wrote: > Control: retitle -1 Enable seccomp support on riscv64 > Control: severity -1 wishlist > > Hi Aurelien, > > I decided to disable seccomp support again for riscv64 for the time > being. This will make backports easier. > Once we have a libseccomp in stable which does have support for riscv64, > I'll re-enable support for it (which means bullseye+1), I'll re-enable > support. Retitling the bug report accordingly. Thanks, that make sense and will avoid to have to clutter the upstream patch with #ifdef. There is no urgency in getting libseccomp support on in systemd for riscv64, my goal was mostly to fix the FTBFS. At least we learned that it works, or rather that it is not completely broken. > By then, we should have an official libseccomp release with riscv64 > support and your patch might have a chance to be applied upstream. libseccomp releases are not really predictable, but it seems there are currently people working towards a release, so it might happens in the next months. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net signature.asc Description: PGP signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Control: retitle -1 Enable seccomp support on riscv64 Control: severity -1 wishlist Hi Aurelien, I decided to disable seccomp support again for riscv64 for the time being. This will make backports easier. Once we have a libseccomp in stable which does have support for riscv64, I'll re-enable support for it (which means bullseye+1), I'll re-enable support. Retitling the bug report accordingly. By then, we should have an official libseccomp release with riscv64 support and your patch might have a chance to be applied upstream. Regards, Michael signature.asc Description: OpenPGP digital signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
On 2020-03-20 19:40, Michael Biebl wrote: > Am 20.03.20 um 19:35 schrieb Michael Biebl: > > ../src/shared/seccomp-util.c: In function ‘seccomp_arch_to_string’: > > ../src/shared/seccomp-util.c:136:14: error: ‘SCMP_ARCH_RISCV64’ > > undeclared (first use in this function); did you mean ‘SCMP_ARCH_PARISC64’? > > case SCMP_ARCH_RISCV64: > > ^ > > > > I guess we need a libseccomp >= 2.4.0 > > meson.build currently has 2.3.1 as min version. > > Hm, actually looking at #952386, it appears there is no official > libseccomp release yet, which contains riscv64 support. Indeed, the patch has been merged upstream, but no version have been released yet. The Debian package contains a backport of the patch. -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net signature.asc Description: PGP signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Am 20.03.20 um 19:35 schrieb Michael Biebl: > ../src/shared/seccomp-util.c: In function ‘seccomp_arch_to_string’: > ../src/shared/seccomp-util.c:136:14: error: ‘SCMP_ARCH_RISCV64’ > undeclared (first use in this function); did you mean ‘SCMP_ARCH_PARISC64’? > case SCMP_ARCH_RISCV64: > ^ > > I guess we need a libseccomp >= 2.4.0 > meson.build currently has 2.3.1 as min version. Hm, actually looking at #952386, it appears there is no official libseccomp release yet, which contains riscv64 support. signature.asc Description: OpenPGP digital signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Am 20.03.20 um 19:21 schrieb Michael Biebl: > Am 20.03.20 um 17:49 schrieb Aurelien Jarno: >> So you were right that there are way more things to change than my >> initial patch. I came up with the attached patch. With it I confirm that > > Thanks. I've forwarded it as > https://github.com/systemd/systemd/pull/15176 > Hm, CI is not too happy about this change: E.g. https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic-upstream-systemd-ci-systemd-ci/bionic/amd64/s/systemd-upstream/20200320_182434_e119c@/log.gz ../src/shared/seccomp-util.c: In function ‘seccomp_arch_to_string’: ../src/shared/seccomp-util.c:136:14: error: ‘SCMP_ARCH_RISCV64’ undeclared (first use in this function); did you mean ‘SCMP_ARCH_PARISC64’? case SCMP_ARCH_RISCV64: ^ I guess we need a libseccomp >= 2.4.0 meson.build currently has 2.3.1 as min version. Regards, Michael signature.asc Description: OpenPGP digital signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Am 20.03.20 um 17:49 schrieb Aurelien Jarno: > So you were right that there are way more things to change than my > initial patch. I came up with the attached patch. With it I confirm that Thanks. I've forwarded it as https://github.com/systemd/systemd/pull/15176 signature.asc Description: OpenPGP digital signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
On 2020-03-20 08:47, Aurelien Jarno wrote: > On 2020-03-20 01:35, Michael Biebl wrote: > > Am 20.03.20 um 01:32 schrieb Michael Biebl: > > > Have you tested, that seccomp is working on riscv64 with 5.5? > > > Something like this should lead to a blocked ping: > > > > Indeed that test doesn't work, I mean seccomp is ineffective and the > ping succeed. It looks like that I should also update the patch you > pointed, I'll work on that and keep you updated. So you were right that there are way more things to change than my initial patch. I came up with the attached patch. With it I confirm that the test ping service you send fails correctly when running with a 5.5 kernel: | # systemctl status test | * test.service - test seccomp filter | Loaded: loaded (/etc/systemd/system/test.service; static; vendor preset: enabled) | Active: failed (Result: signal) since Fri 2020-03-20 17:45:38 CET; 6s ago | Process: 771 ExecStart=/bin/ping -c 1 www.debian.org (code=killed, signal=SYS) |Main PID: 771 (code=killed, signal=SYS) | | Mar 20 17:45:38 riscv64 systemd[1]: Started test seccomp filter. | Mar 20 17:45:38 riscv64 systemd[1]: test.service: Main process exited, code=killed, status=31/SYS | Mar 20 17:45:38 riscv64 systemd[1]: test.service: Failed with result 'signal'. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net From 9bf8b4f3ce9582170c610e57d9dd341ca84ad881 Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Fri, 20 Mar 2020 17:41:42 +0100 Subject: [PATCH] seccomp: add support for riscv64 This patch adds seccomp support to the riscv64 architecture. seccomp support is available in the riscv64 kernel since version 5.5, and it has just been added to the libseccomp library. riscv64 uses generic syscalls like aarch64, so I used that architecture as a reference to find which code has to be modified. With this patch, the testsuite passes successfully, including the test-seccomp test. The system boots and works fine with kernel 5.4 (i.e. without seccomp support) and kernel 5.5 (i.e. with seccomp support). I have also verified that the "SystemCallFilter=~socket" option prevents a service to use the ping utility when running on kernel 5.5. --- src/nspawn/nspawn-oci.c | 1 + src/shared/seccomp-util.c | 16 src/test/test-seccomp.c | 1 + 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c index 782c03c539..e0d42eb6e7 100644 --- a/src/nspawn/nspawn-oci.c +++ b/src/nspawn/nspawn-oci.c @@ -1694,6 +1694,7 @@ static int oci_seccomp_arch_from_string(const char *name, uint32_t *ret) { { "SCMP_ARCH_PPC", SCMP_ARCH_PPC }, { "SCMP_ARCH_PPC64", SCMP_ARCH_PPC64 }, { "SCMP_ARCH_PPC64LE", SCMP_ARCH_PPC64LE }, +{ "SCMP_ARCH_RISCV64", SCMP_ARCH_RISCV64 }, { "SCMP_ARCH_S390",SCMP_ARCH_S390}, { "SCMP_ARCH_S390X", SCMP_ARCH_S390X }, { "SCMP_ARCH_X32", SCMP_ARCH_X32 }, diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index eeca17f341..da7e46ac5b 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -85,6 +85,8 @@ const uint32_t seccomp_local_archs[] = { SCMP_ARCH_PPC64LE, /* native */ #elif defined(__powerpc__) SCMP_ARCH_PPC, +#elif defined(__riscv) && __riscv_xlen == 64 +SCMP_ARCH_RISCV64, #elif defined(__s390x__) SCMP_ARCH_S390, SCMP_ARCH_S390X, /* native */ @@ -131,6 +133,8 @@ const char* seccomp_arch_to_string(uint32_t c) { return "ppc64"; case SCMP_ARCH_PPC64LE: return "ppc64-le"; +case SCMP_ARCH_RISCV64: +return "riscv64"; case SCMP_ARCH_S390: return "s390"; case SCMP_ARCH_S390X: @@ -176,6 +180,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { *ret = SCMP_ARCH_PPC64; else if (streq(n, "ppc64-le")) *ret = SCMP_ARCH_PPC64LE; +else if (streq(n, "riscv64")) +*ret = SCMP_ARCH_RISCV64; else if (streq(n, "s390")) *ret = SCMP_ARCH_S390; else if (streq(n, "s390x")) @@ -1253,7 +1259,7 @@ int seccomp_protect_sysctl(void) { log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); -if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) +if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64, SCMP_ARCH_RISCV64)) /* No _sysctl syscall */ continue; @@ -1337,6 +1343,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { case SCMP_ARCH_MIPS64N32:
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
On 2020-03-20 01:35, Michael Biebl wrote: > Am 20.03.20 um 01:32 schrieb Michael Biebl: > > Have you tested, that seccomp is working on riscv64 with 5.5? > > Something like this should lead to a blocked ping: > Indeed that test doesn't work, I mean seccomp is ineffective and the ping succeed. It looks like that I should also update the patch you pointed, I'll work on that and keep you updated. Thanks, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net signature.asc Description: PGP signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Am 20.03.20 um 01:32 schrieb Michael Biebl: > Have you tested, that seccomp is working on riscv64 with 5.5? > Something like this should lead to a blocked ping: Here is a better test: # cat test.service [Unit] Description=test seccomp filter [Service] ExecStart=ping -c 1 www.debian.org SystemCallFilter=~socket # systemctl status test ● test.service - test seccomp filter Loaded: loaded (/etc/systemd/system/test.service; static; vendor preset: enabled) Active: failed (Result: signal) since Fri 2020-03-20 01:33:52 CET; 3s ago Process: 351106 ExecStart=/bin/ping -c 1 www.debian.org (code=killed, signal=SYS) Main PID: 351106 (code=killed, signal=SYS) Mär 20 01:33:52 pluto systemd[1]: Started test seccomp filter. Mär 20 01:33:52 pluto systemd[1]: test.service: Main process exited, code=killed, status=31/SYS Mär 20 01:33:52 pluto systemd[1]: test.service: Failed with result 'signal'. signature.asc Description: OpenPGP digital signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Am 20.03.20 um 00:23 schrieb Aurelien Jarno: > It happens that upstream systemd doesn't support yet riscv64. I came > with a very simple patch to fix that issue: > > --- systemd-245.2.orig/src/test/test-seccomp.c > +++ systemd-245.2/src/test/test-seccomp.c > @@ -72,6 +72,7 @@ static void test_architecture_table(void > "ppc\0" > "ppc64\0" > "ppc64-le\0" > + "riscv64\0" > "s390\0" > "s390x\0") { > uint32_t c; > > With this patch, test-seccomp pass successfully and the build succeed. > I have also tested that after installing the resulting seccomp package > the systemd boots and works fine with kernel 5.4 (i.e. without seccomp > support) and kernel 5.5 (i.e. with seccomp support). It looks like src/shared/seccomp-util.c would need an update too. Have you tested, that seccomp is working on riscv64 with 5.5? Something like this should lead to a blocked ping: [Unit] Description=test seccomp filter [Service] ExecStart=ping -c 1 www.debian.org RestrictAddressFamilies=AF_UNIX ● test.service - test seccomp filter Loaded: loaded (/etc/systemd/system/test.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2020-03-20 01:31:16 CET; 3s ago Process: 350981 ExecStart=/bin/ping -c 1 www.debian.org (code=exited, status=2) Main PID: 350981 (code=exited, status=2) Mär 20 01:31:16 pluto systemd[1]: Started test seccomp filter. Mär 20 01:31:16 pluto ping[350981]: /bin/ping: socket: Die Adressfamilie wird von der Protokollfamilie nicht unterstützt Mär 20 01:31:16 pluto systemd[1]: test.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Mär 20 01:31:16 pluto systemd[1]: test.service: Failed with result 'exit-code'. Regards, Michael signature.asc Description: OpenPGP digital signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Thanks Aurelien. I'd like to forward this patch to upstream. For that it would be great if it was git am formatted, so it is properly attributed to you. Would you mind sending me such an updated patch? Regards, Michael signature.asc Description: OpenPGP digital signature
Bug#954312: systemd: FTBFS on riscv64: test-seccomp fails: Assertion 'name' failed at src/test/test-seccomp.c:49
Package: systemd Version: 245.2-1 Severity: normal Tags: patch Dear maintainer, The latest version of systemd enabled seccomp support on riscv64. Thanks for doing that. However it now fails to build due to the test test-seccomp failing: | 321/486 test-seccompFAIL 0.09 s (killed by signal 6 SIGABRT) | | --- command --- | 08:37:44 PATH='/<>/build-deb:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' SYSTEMD_KBD_MODEL_MAP='/<>/src/locale/kbd-model-map' SYSTEMD_LANGUAGE_FALLBACK_MAP='/<>/src/locale/language-fallback-map' /<>/build-deb/test-seccomp | --- stderr --- | Failed to read $container of PID 1, ignoring: Permission denied | Found container virtualization none. | /* test_seccomp_arch_to_string */ | Assertion 'name' failed at src/test/test-seccomp.c:49, function test_seccomp_arch_to_string(). Aborting. | --- The full build log is available there: https://buildd.debian.org/status/fetch.php?pkg=systemd=riscv64=245.2-1=1584607125=0 It happens that upstream systemd doesn't support yet riscv64. I came with a very simple patch to fix that issue: --- systemd-245.2.orig/src/test/test-seccomp.c +++ systemd-245.2/src/test/test-seccomp.c @@ -72,6 +72,7 @@ static void test_architecture_table(void "ppc\0" "ppc64\0" "ppc64-le\0" + "riscv64\0" "s390\0" "s390x\0") { uint32_t c; With this patch, test-seccomp pass successfully and the build succeed. I have also tested that after installing the resulting seccomp package the systemd boots and works fine with kernel 5.4 (i.e. without seccomp support) and kernel 5.5 (i.e. with seccomp support). Therefore, would it be possible to add this patch in the next upload? Thanks, Aurelien -- Package-specific info: -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-3-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled - no debconf information