coverletter explanation as sent to kernel-team list:
In bionic, all archs provided by Ubuntu either define __NR_pkey_mprotect
(arm/x86) or define __IGNORE_pkey_mprotect (powerpc/s390). This value was
used, until libseccomp was updated via bug 1815415, to instead (if
__NR_pkey_mprotect was not defined by the kernel headers) define it as a
negative error value:
+#define __PNR_pkey_mprotect -10201
+#ifndef __NR_pkey_mprotect
+#define __NR_pkey_mprotect __PNR_pkey_mprotect
+#endif /* __NR_pkey_mprotect */
systemd, the next time it was built against libseccomp, pulled that
__NR_pkey_mprotect value and started using it for ppc64el, though it was
a negative error value, so it would not actually work as a syscall number.
This caused the systemd test-seccomp autopkgtest to start failing, as
the systemd function it tested only issued the pkey_mprotect syscall if
__NR_pkey_mprotect was defined.
After these patches are applied to bionic, both libseccomp and systemd will
need to be rebuilt - libseccomp rebuilt against the kernel headers, and
systemd against the libseccomp headers.
Note this is not only a fix to allow a test to pass, this actually
provides the syscall number for the functionality on ppc64el on bionic,
which would have failed before (on ppc64el on bionic, but not x86/arm
on bionic); specifically one example is the systemd usage
MemoryDenyWriteExecution as shown in bug 1725348.
Also note that s390x also defines __IGNORE_pkey_mprotect, but the systemd
test only expects its test case to pass for select archs, and s390x is not
one of them, so it has always expected a failure there. It appears s390x
still does not support pkey_mprotect (it defined pkey_* starting at
commit b41c51c8e194c0bdfb4b1778a137aea8246c86cd, but appears to still
not support them).
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1821625
Title:
systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-
seccomp)
Status in libseccomp package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Invalid
Status in libseccomp source package in Bionic:
New
Status in linux source package in Bionic:
New
Status in systemd source package in Bionic:
Invalid
Bug description:
Starting with systemd 237-3ubuntu10.14, the testcase test-seccomp is
failing on Bionic on ppc64el with the error messages:
Operating on architecture: ppc
Failed to add n/a() rule for architecture ppc, skipping: Bad address
Operating on architecture: ppc64
Failed to add n/a() rule for architecture ppc64, skipping: Bad address
Operating on architecture: ppc64-le
Failed to add n/a() rule for architecture ppc64-le, skipping: Numerical argument out of domain
Assertion 'p == MAP_FAILED' failed at ../src/test/test-seccomp.c:413, function test_memory_deny_write_execute_mmap(). Aborting.
memoryseccomp-mmap terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("memoryseccomp-mmap", pid, WAIT_LOG) == EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:427, function test_memory_deny_write_execute_mmap(). Aborting.
Aborted (core dumped)
FAIL: test-seccomp (code: 134)
Full logs at:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/ppc64el/s/systemd/20190302_025135_d0e38@/log.gz
The testcase passed with systemd version 237-3ubuntu10.13 running on the same 4.15.0-45 kernel on ppc64el:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/ppc64el/s/systemd/20190228_154406_6b12f@/log.gz
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1821625/+subscriptions