Bugzilla – Attachment 2927 Details for
Bug 2142
Make seccomp-bpf sandbox work for Linux/X32
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Work around clock_gettime kernel bug on Linux x32
0001-Work-around-clock_gettime-kernel-bug-on-Linux-x32.patch (text/plain), 1.09 KB, created by
Colin Watson
on 2017-01-04 01:48:31 AEDT
(
hide
)
Description:
Work around clock_gettime kernel bug on Linux x32
Filename:
MIME Type:
Creator:
Colin Watson
Created:
2017-01-04 01:48:31 AEDT
Size:
1.09 KB
patch
obsolete
>From e60388551d4e219673f2d90e749bf1fa63c93383 Mon Sep 17 00:00:00 2001 >From: Colin Watson <cjwatson@debian.org> >Date: Tue, 3 Jan 2017 14:01:56 +0000 >Subject: [PATCH] Work around clock_gettime kernel bug on Linux x32 > >On Linux x32, the clock_gettime VDSO currently falls back to the x86-64 >syscall, so allow that as well as its x32 sibling. >--- > sandbox-seccomp-filter.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c >index 2e1ed2c..62c578d 100644 >--- a/sandbox-seccomp-filter.c >+++ b/sandbox-seccomp-filter.c >@@ -137,6 +137,15 @@ static const struct sock_filter preauth_insns[] = { > #endif > #ifdef __NR_clock_gettime > SC_ALLOW(clock_gettime), >+# if defined(__x86_64__) && defined(__ILP32__) >+ /* On Linux x32, the clock_gettime VDSO currently falls back to the >+ * x86-64 syscall (see https://bugs.debian.org/849923), so allow >+ * that too. >+ */ >+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, >+ __NR_clock_gettime & ~__X32_SYSCALL_BIT, 0, 1), >+ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), >+# endif > #endif > #ifdef __NR_close > SC_ALLOW(close), >-- >2.7.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2927">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2142
:
2328
|
2563
|
2927
|
2962