Bug 3396

Summary: openssh-8.9_p1 does not accept connections - invalid syscall=414
Product: Portable OpenSSH Reporter: Sylvia <fierevere>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: critical CC: chutzpah, cjwatson, dtucker
Priority: P5    
Version: 8.9p1   
Hardware: ix86   
OS: Linux   
Bug Depends on:    
Bug Blocks: 3395    
Attachments:
Description Flags
Allow ppoll_time64 in seccomp filter none

Description Sylvia 2022-02-26 05:53:38 AEDT 
After updating openssh to version 8.9p1 and restarting sshd it is unable to complete connection/login process:


remote:
debug1: Local version string SSH-2.0-OpenSSH_8.8p1-hpn15v2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1-hpn15v2
debug1: compat_banner: match: OpenSSH_8.9p1-hpn15v2 pat OpenSSH* compat 0x04000000
...
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: REQUESTED MAC.NAME is 'umac-64-etm@openssh.com'
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: zlib@openssh.com
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: REQUESTED MAC.NAME is 'umac-64-etm@openssh.com'
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: zlib@openssh.com
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

disconnect.

local dmesg:
[682483.482239] audit: type=1326 audit(1645779265.254:7): auid=0 uid=22 gid=22 ses=6 pid=6030 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000003 syscall=414 compat=0 ip=0xb7f2d549 code=0x0


Initially reported vs Gentoo bugzilla 
https://bugs.gentoo.org/834019
and been confirmed there (Also you might want to see build environment basic details).


Affected - x86 (i686) architecture.
32 bit kernel+32 bit userland and 64 bit kernel with 32bit userland

64bit (amd64) arch is not affected.
Tested with HPN patch and without it, does not matter - the problem persists.
Comment 1 Patrick McLean 2022-02-26 10:20:46 AEDT 
Created attachment 3574 [details]
Allow ppoll_time64 in seccomp filter

This should fix it, I have no way to test since I am on amd64, which does not seem to be affected.
Comment 2 Colin Watson 2022-02-26 10:25:01 AEDT 
This was also reported as https://bugs.debian.org/1006445, with a very similar patch.  https://bugs.debian.org/1006463 reports that (as I expected) armhf is also affected; I think it'll be on most or all 32-bit Linux architectures.
Comment 3 Darren Tucker 2022-02-26 14:48:18 AEDT 
Thanks for the report.  I have committed the patch and cherry picked it into the V_8_9 branch, so it will be in the next release.

(In reply to Colin Watson from comment #2)
> I think it'll be on most or all 32-bit Linux architectures.

Sigh.  I actually have a 32bit ARM SBC running Debian in the test systems in an attempt to catch this kind of thing, but it didn't. (I suspect it's too old).  Anyway I've added a Debian i386 VM to the test set.
Comment 4 Sylvia 2022-02-26 21:39:13 AEDT 
Patrick's patch suggested above works for me.

Also see https://bugs.gentoo.org/834019#c11
Comment 5 Damien Miller 2022-04-08 12:12:54 AEST 
closing bug resolved during openssh-9.0 release cycle