Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp993563lqo; Sat, 11 May 2024 03:02:38 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXiTm6axttblx4j0C6ABapznhxaAzHRloiUrc55ZpvHrgguG6wQIpSa5SdLk8Vfm1k3htkxNN5lGM3tBxzqGOeMwB+REsXJKlHyBYsrUw== X-Google-Smtp-Source: AGHT+IEnI4YsN1g/fiMiIhZ/oaCMTRQlWyvG/AMtJLY0+n9hJ6teBYsI5nkWbCuhmeTXLSxpxYVy X-Received: by 2002:a17:90a:c697:b0:2b4:39cd:250c with SMTP id 98e67ed59e1d1-2b6cc144307mr5078976a91.8.1715421757861; Sat, 11 May 2024 03:02:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715421757; cv=pass; d=google.com; s=arc-20160816; b=OKhb7rzOIgaEPRAqngDLHVmM9eIxF/9NrNUqa8Hfg+SBTEHOA1gJp9FotzuFFOzj0a TPwnxD5yfwIiaZFEoblX+btzH43LBw71vyrTYnpvuSVbaFNqc29dG4UNrq3jKr4DKNi3 Ys8DZi2ey5fYx95EKmlVdvQ8csNkKBZsn2MRX78VRS/FRAZr92QgTRKXu5jZGThKD5om UlGChwqqGTOjhmUiMx/la0FTbXLTrzr7iUPy+9lbBb3Cyhnyd73UMvtmmNFn3YdyAZgY Fmi9EyQb3Awtwx2TbVFPQwjCNQB00mrYm3oc8Xf6/bj8bJSRPRZ94IzkxF7p7Pz3EpRG f1Ag== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=NQUH6RcR0srz6rk9GxnBhzUuDaY/k5zG0MWMwkawoZI=; fh=hegJB2xxyPPuqIuHPNNwY3DqlHZubJrJ3U3w2xnTxIY=; b=YKsKsbZa/f7PBrHbejKZkw+SmLhkkG6imDLcakEMfys6imnH4a/65RTSa1L1f3Tllg hEpuAXcSpY4Nvc58ajy8qzD2Asm40tJ4/y66Aq9Yw+hfSC8ecQrusyc/mKUA03BDJtAg hWS+QiFCZdwqz8/OVhrJxjvjw2Y+xR+w+3IvXBYvcPuJcdtLNdGmWcRRQG1wX24bgIKv APcWnEMimQZAyJv6quJUIuTpfQ4YksG6fxHnW0/BeT4nOiWhx6X2QJHX6h+y7YJDw0Iv NA3iQUdMjzWXzoh1uR/LC+oichwcbj6MekpEwFmHatarcCw8XwF222Z7BSlt6xgjvB4a Ly8Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-176472-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-176472-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2b67158a109si5513523a91.142.2024.05.11.03.02.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 May 2024 03:02:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-176472-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-176472-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-176472-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 4E423B20FDB for ; Sat, 11 May 2024 10:02:32 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 75E505473D; Sat, 11 May 2024 10:02:23 +0000 (UTC) Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDC162D600; Sat, 11 May 2024 10:02:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715421743; cv=none; b=Mk0LmkCIv/Zpp//pJPfBdjYb8HSO7wjh0umMQFZeG0Yc/9sl/39mS5Tzzg4p3eIBVh+qemFgazNEYTN5EErEq+c4z++5Z/mGWEwTfrwhYoqMEJFsMHiqbGPX00VsB7QybnS9vk+NwKajCvFdvA8yM4N+Wv92IN7C2aF9gqGxUPA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715421743; c=relaxed/simple; bh=SFHbHpo72eV/0cisApcS/CTZAxVbNx20NHHUp3VFlGY=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=ngDWR+4ZbvnRXxjfGx9xpIJdJJTfNAtJ/gESjDpsGXPEpMVYlAK2VqgSBXG8i4p9VxFtxpysYwJlPc9z5uwoPOBxZ/EnmUKPFDXr2YdiJ8iUWQKSxpIUKpA6pG+OK6uBqUiFSq2akmpYfCOrrFax9UbUPBJNG8iCP+L/x33J7vk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB8CFC2BBFC; Sat, 11 May 2024 10:02:19 +0000 (UTC) From: Huacai Chen To: Arnd Bergmann , Huacai Chen Cc: loongarch@lists.linux.dev, linux-arch@vger.kernel.org, Xuefeng Li , Guo Ren , Xuerui Wang , Jiaxun Yang , linux-kernel@vger.kernel.org, loongson-kernel@lists.loongnix.cn, Huacai Chen , stable@vger.kernel.org Subject: [PATCH] LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h Date: Sat, 11 May 2024 18:01:57 +0800 Message-ID: <20240511100157.2334539-1-chenhuacai@loongson.cn> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Chromium sandbox apparently wants to deny statx [1] so it could properly inspect arguments after the sandboxed process later falls back to fstat. Because there's currently not a "fd-only" version of statx, so that the sandbox has no way to ensure the path argument is empty without being able to peek into the sandboxed process's memory. For architectures able to do newfstatat though, glibc falls back to newfstatat after getting -ENOSYS for statx, then the respective SIGSYS handler [2] takes care of inspecting the path argument, transforming allowed newfstatat's into fstat instead which is allowed and has the same type of return value. But, as LoongArch is the first architecture to not have fstat nor newfstatat, the LoongArch glibc does not attempt falling back at all when it gets -ENOSYS for statx -- and you see the problem there! Actually, back when the LoongArch port was under review, people were aware of the same problem with sandboxing clone3 [3], so clone was eventually kept. Unfortunately it seemed at that time no one had noticed statx, so besides restoring fstat/newfstatat to LoongArch uapi (and postponing the problem further), it seems inevitable that we would need to tackle seccomp deep argument inspection. However, this is obviously a decision that shouldn't be taken lightly, so we just restore fstat/newfstatat by defining __ARCH_WANT_NEW_STAT in unistd.h. This is the simplest solution for now, and so we hope the community will tackle the long-standing problem of seccomp deep argument inspection in the future [4][5]. More infomation please reading this thread [6]. [1] https://chromium-review.googlesource.com/c/chromium/src/+/2823150 [2] https://chromium.googlesource.com/chromium/src/sandbox/+/c085b51940bd/linux/seccomp-bpf-helpers/sigsys_handlers.cc#355 [3] https://lore.kernel.org/linux-arch/20220511211231.GG7074@brightrain.aerifal.cx/ [4] https://lwn.net/Articles/799557/ [5] https://lpc.events/event/4/contributions/560/attachments/397/640/deep-arg-inspection.pdf [6] https://lore.kernel.org/loongarch/20240226-granit-seilschaft-eccc2433014d@brauner/T/#t Cc: stable@vger.kernel.org Signed-off-by: Huacai Chen --- arch/loongarch/include/uapi/asm/unistd.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/loongarch/include/uapi/asm/unistd.h b/arch/loongarch/include/uapi/asm/unistd.h index fcb668984f03..b344b1f91715 100644 --- a/arch/loongarch/include/uapi/asm/unistd.h +++ b/arch/loongarch/include/uapi/asm/unistd.h @@ -1,4 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#define __ARCH_WANT_NEW_STAT #define __ARCH_WANT_SYS_CLONE #define __ARCH_WANT_SYS_CLONE3 -- 2.43.0