[PATCH] filter_seccomp: fix build for no-MMU targets

Fri Oct 4 12:50:50 UTC 2019

On Fri, Oct 04, 2019 at 10:06:04AM +0300, Baruch Siach wrote:
> Detect and define NOMMU_SYSTEM correctly to avoid unsupported fork()
> call on no-MMU Linux systems.
> 
> Fix strace binary link failure:
> 
> .../arm-buildroot-uclinux-uclibcgnueabi/bin/ld.real: strace-filter_seccomp.o: in function `check_seccomp_filter':
> filter_seccomp.c:(.text+0x39a): undefined reference to `fork'
> collect2: error: ld returned 1 exit status
> ---
>  filter_seccomp.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/filter_seccomp.c b/filter_seccomp.c
> index fc582654b7ac..28b46aabe25e 100644
> --- a/filter_seccomp.c
> +++ b/filter_seccomp.c
> @@ -21,6 +21,11 @@
>  #include "syscall.h"
>  #include "scno.h"
>  
> +#if !defined(HAVE_FORK)
> +# undef NOMMU_SYSTEM
> +# define NOMMU_SYSTEM 1
> +#endif
> +
>  bool seccomp_filtering;
>  bool seccomp_before_sysentry;
>  

Thanks!  What do you think about the following fix instead?  This way
we disable a similar runtime check in test_ptrace_get_syscall_info().

diff --git a/filter_seccomp.c b/filter_seccomp.c
index fc582654b..4b4c51fbe 100644
--- a/filter_seccomp.c
+++ b/filter_seccomp.c
@@ -59,9 +59,11 @@ static const struct audit_arch_t audit_arch_vec[SUPPORTED_PERSONALITIES] = {
 # endif
 };
 
-# ifdef ENABLE_COVERAGE_GCOV
+# ifdef HAVE_FORK
+
+#  ifdef ENABLE_COVERAGE_GCOV
 extern void __gcov_flush(void);
-# endif
+#  endif
 
 static void ATTRIBUTE_NORETURN
 check_seccomp_order_do_child(void)
@@ -91,9 +93,9 @@ check_seccomp_order_do_child(void)
 		perror_func_msg_and_die("PTRACE_TRACEME");
 	}
 
-# ifdef ENABLE_COVERAGE_GCOV
+#  ifdef ENABLE_COVERAGE_GCOV
 	__gcov_flush();
-# endif
+#  endif
 
 	kill(pid, SIGSTOP);
 	syscall(__NR_gettid);
@@ -223,12 +225,15 @@ check_seccomp_order_tracer(int pid)
 
 	return pid;
 }
+# endif /* HAVE_FORK */
 
 static void
 check_seccomp_order(void)
 {
 	seccomp_filtering = false;
 
+	/* NOMMU provides no forks necessary for the test.  */
+# ifdef HAVE_FORK
 	int pid = fork();
 	if (pid < 0) {
 		perror_func_msg("fork");
@@ -248,6 +253,7 @@ check_seccomp_order(void)
 			break;
 		}
 	}
+# endif /* HAVE_FORK */
 }
 
 static bool
@@ -340,11 +346,6 @@ check_bpf_program_size(void)
 static void
 check_seccomp_filter_properties(void)
 {
-	if (NOMMU_SYSTEM) {
-		seccomp_filtering = false;
-		return;
-	}
-
 	int rc = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
 	seccomp_filtering = rc < 0 && errno != EINVAL;
 	if (!seccomp_filtering)

-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20191004/e6b0dab8/attachment.bin>
