[PATCH] filter_seccomp: fix build for no-MMU targets

Mon Oct 7 05:43:16 UTC 2019

Hi Dmitry,

On Fri, Oct 04 2019, Dmitry V. Levin wrote:
> On Fri, Oct 04, 2019 at 10:06:04AM +0300, Baruch Siach wrote:
>> Detect and define NOMMU_SYSTEM correctly to avoid unsupported fork()
>> call on no-MMU Linux systems.
>>
>> Fix strace binary link failure:
>>
>> .../arm-buildroot-uclinux-uclibcgnueabi/bin/ld.real: strace-filter_seccomp.o: in function `check_seccomp_filter':
>> filter_seccomp.c:(.text+0x39a): undefined reference to `fork'
>> collect2: error: ld returned 1 exit status
>> ---
>>  filter_seccomp.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/filter_seccomp.c b/filter_seccomp.c
>> index fc582654b7ac..28b46aabe25e 100644
>> --- a/filter_seccomp.c
>> +++ b/filter_seccomp.c
>> @@ -21,6 +21,11 @@
>>  #include "syscall.h"
>>  #include "scno.h"
>>
>> +#if !defined(HAVE_FORK)
>> +# undef NOMMU_SYSTEM
>> +# define NOMMU_SYSTEM 1
>> +#endif
>> +
>>  bool seccomp_filtering;
>>  bool seccomp_before_sysentry;
>
> Thanks!  What do you think about the following fix instead?  This way
> we disable a similar runtime check in test_ptrace_get_syscall_info().

Heavier #ifdefary doesn't look very nice to me. I verified that it fixes
the no-MMU build issue though.

I build tested commit fa9f1f05bf0 from the ldv/next branch.

Thanks,
baruch

> diff --git a/filter_seccomp.c b/filter_seccomp.c
> index fc582654b..4b4c51fbe 100644
> --- a/filter_seccomp.c
> +++ b/filter_seccomp.c
> @@ -59,9 +59,11 @@ static const struct audit_arch_t audit_arch_vec[SUPPORTED_PERSONALITIES] = {
>  # endif
>  };
>
> -# ifdef ENABLE_COVERAGE_GCOV
> +# ifdef HAVE_FORK
> +
> +#  ifdef ENABLE_COVERAGE_GCOV
>  extern void __gcov_flush(void);
> -# endif
> +#  endif
>
>  static void ATTRIBUTE_NORETURN
>  check_seccomp_order_do_child(void)
> @@ -91,9 +93,9 @@ check_seccomp_order_do_child(void)
>  		perror_func_msg_and_die("PTRACE_TRACEME");
>  	}
>
> -# ifdef ENABLE_COVERAGE_GCOV
> +#  ifdef ENABLE_COVERAGE_GCOV
>  	__gcov_flush();
> -# endif
> +#  endif
>
>  	kill(pid, SIGSTOP);
>  	syscall(__NR_gettid);
> @@ -223,12 +225,15 @@ check_seccomp_order_tracer(int pid)
>
>  	return pid;
>  }
> +# endif /* HAVE_FORK */
>
>  static void
>  check_seccomp_order(void)
>  {
>  	seccomp_filtering = false;
>
> +	/* NOMMU provides no forks necessary for the test.  */
> +# ifdef HAVE_FORK
>  	int pid = fork();
>  	if (pid < 0) {
>  		perror_func_msg("fork");
> @@ -248,6 +253,7 @@ check_seccomp_order(void)
>  			break;
>  		}
>  	}
> +# endif /* HAVE_FORK */
>  }
>
>  static bool
> @@ -340,11 +346,6 @@ check_bpf_program_size(void)
>  static void
>  check_seccomp_filter_properties(void)
>  {
> -	if (NOMMU_SYSTEM) {
> -		seccomp_filtering = false;
> -		return;
> -	}
> -
>  	int rc = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
>  	seccomp_filtering = rc < 0 && errno != EINVAL;
>  	if (!seccomp_filtering)

--
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -