On 32-bit musl targets (for example, Alpine i386 / i586), we need to: - use the set of system calls already defined for i686. While Alpine's kernel supports i586 as well (Debian for example doesn't), it's the same architecture, so change i386/i486/i586 machine strings to i686 in seccomp.sh - allow clock_gettime64() as an alternative to clock_gettime() (not just added on top, rather replacing it), because clock_gettime() isn't available as a system call name at all in musl headers (while glibc aliases it to the kernel's clock_gettime64()) - similarly, allow timerfd_gettime64() as a name for timerfd_gettime() - allow timerfd_settime32() as a name for timerfd_settime(), even though there's no such system call declared in Linux kernel headers, as musl uses that name to distinguish it from timerfd_settime64() - unconditionally allow timerfd_settime64(), because musl uses it whenever the 'old' argument is non-NULL and sizeof(time_t) > 4, which happens to be the case in tcp_timer_handler() Reported-by: John D. Rowell Link: https://bugs.passt.top/show_bug.cgi?id=177 Link: https://gitlab.alpinelinux.org/alpine/aports/-/issues/17686 Signed-off-by: Stefano Brivio --- passt.c | 3 ++- seccomp.sh | 1 + tcp.c | 7 ++++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/passt.c b/passt.c index 0b84ac6..5ed88d0 100644 --- a/passt.c +++ b/passt.c @@ -329,7 +329,8 @@ static void passt_worker(void *opaque, int nfds, struct epoll_event *events) * #syscalls bind connect recvfrom sendto shutdown * #syscalls arm:recv ppc64le:recv arm:send ppc64le:send * #syscalls accept4 accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait - * #syscalls clock_gettime arm:clock_gettime64 i686:clock_gettime64 + * #syscalls clock_gettime|clock_gettime64 + * #syscalls arm:clock_gettime64 i686:clock_gettime64 */ int main(int argc, char **argv) { diff --git a/seccomp.sh b/seccomp.sh index ba92b29..60ebe84 100755 --- a/seccomp.sh +++ b/seccomp.sh @@ -21,6 +21,7 @@ IN="$@" [ -z "${ARCH}" ] && ARCH="$(uname -m)" [ -z "${CC}" ] && CC="cc" +case "${ARCH}" in i[345]86) ARCH=i686 ;; esac AUDIT_ARCH="AUDIT_ARCH_$(echo ${ARCH} | tr '[a-z]' '[A-Z]' \ | sed 's/^ARM.*/ARM/' \ diff --git a/tcp.c b/tcp.c index fc986a2..8357c0e 100644 --- a/tcp.c +++ b/tcp.c @@ -566,8 +566,7 @@ static int tcp_epoll_ctl(const struct ctx *c, struct tcp_tap_conn *conn) * tcp_timer_ctl() - Set timerfd based on flags/events, create timerfd if needed * @c: Execution context * @conn: Connection pointer - * - * #syscalls timerfd_create timerfd_settime + * #syscalls timerfd_create timerfd_settime|timerfd_settime32 */ static void tcp_timer_ctl(const struct ctx *c, struct tcp_tap_conn *conn) { @@ -2461,7 +2460,9 @@ cancel: * @c: Execution context * @ref: epoll reference of timer (not connection) * - * #syscalls timerfd_gettime arm:timerfd_gettime64 i686:timerfd_gettime64 + * #syscalls timerfd_gettime|timerfd_gettime64 + * #syscalls arm:timerfd_gettime64 i686:timerfd_gettime64 + * #syscalls arm:timerfd_settime64 i686:timerfd_settime64 */ void tcp_timer_handler(const struct ctx *c, union epoll_ref ref) { -- 2.43.0