Re: [PATCH 2/4] tst-pkey.c: Handle no permission to alloc memory protection keys

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Mark Wielaard <mark@klomp.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH 2/4] tst-pkey.c: Handle no permission to alloc memory protection keys
Date: Mon, 27 Jun 2022 11:50:19 +0200	[thread overview]
Message-ID: <6fae45d84c7a5cd7e88aab3898c5597809742422.camel@klomp.org> (raw)
In-Reply-To: <87letjnmz6.fsf@mid.deneb.enyo.de>

Hi Florian,

On Sun, 2022-06-26 at 23:17 +0200, Florian Weimer wrote:
> * Mark Wielaard:
> 
> > pkey_alloc might fail with errno EPERM if there is no permission
> > to allocate memory protection keys. Use FAIL_UNSUPPORTED in that
> > case.
> > ---
> >  sysdeps/unix/sysv/linux/tst-pkey.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/sysdeps/unix/sysv/linux/tst-pkey.c
> > b/sysdeps/unix/sysv/linux/tst-pkey.c
> > index df51f695bc..48a20fa3e0 100644
> > --- a/sysdeps/unix/sysv/linux/tst-pkey.c
> > +++ b/sysdeps/unix/sysv/linux/tst-pkey.c
> > @@ -203,6 +203,9 @@ do_test (void)
> >          FAIL_UNSUPPORTED
> >            ("no keys available or kernel does not support memory"
> >             " protection keys");
> > +      if (errno == EPERM)
> > +        FAIL_UNSUPPORTED
> > +          ("no permission to alloc memory protection keys");
> >        FAIL_EXIT1 ("pkey_alloc: %m");
> >      }
> >    TEST_COMPARE (pkey_get (keys[0]), 0);
> 
> It's rather weird to restrict access to a hardening tool.  Is this in
> a container, and is the container tool reasonably up to date?  They
> should all have switchted to ENOSYS for reducing the system call
> profile.

It is reasonably up to date. This is a container based on Fedora 36
packages running under Fedora CoreOS stable (36.20220605.3.0, Release
Date: Jun 20, 2022) with moby-engine20.10.16.

You are thinking of the fix to set errno to ENOSYS for syscalls that
are "unknown". That is a syscall number higher than any syscall number
mentioned in the seccomp filter. But the pkey calls are simply not
mentioned in the default seccomp filter. And newer syscalls are listed.
So this (EPERM) is the default errno returned in such cases till the
pkey calls are in the default seccomp profile.

https://github.com/moby/moby/issues/43481
https://github.com/moby/moby/issues/42871

In general I think if we detect pkey_alloc fails we should not try to
test and/or FAIL the pkey tests but simply mark it as UNSUPPORTED.
Whether we believe the errno value really should be ENOSYS, ENOSPC or
EINVAL. It isn't really that helpful to explicitly FAIL on EPERM. Sadly
this issue will be with us for a long time.

Cheers,

Mark

next prev parent reply	other threads:[~2022-06-27  9:50 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-26 20:59 Handle running make check in a restricted environment Mark Wielaard
2022-06-26 20:59 ` [PATCH 1/4] time/tst-clock2.c: clock_settime CLOCK_MONOTONIC might return EPERM Mark Wielaard
2022-06-26 21:15   ` Florian Weimer
2022-06-27  9:35     ` Mark Wielaard
2022-06-26 20:59 ` [PATCH 2/4] tst-pkey.c: Handle no permission to alloc memory protection keys Mark Wielaard
2022-06-26 21:17   ` Florian Weimer
2022-06-26 21:40     ` Florian Weimer
2022-06-27  9:50     ` Mark Wielaard [this message]
2022-06-27 11:39       ` Florian Weimer
2022-06-27 14:08         ` Mark Wielaard
2022-06-26 20:59 ` [PATCH 3/4] tst-pidfd.c: Test is UNSUPPORTED without PTRACE_MODE_ATTACH_REALCREDS Mark Wielaard
2022-06-26 21:20   ` Florian Weimer
2022-06-27 10:01     ` Mark Wielaard
2022-06-27 11:14       ` Florian Weimer
2022-06-27 11:51         ` Christian Brauner
2022-06-27 14:17           ` Mark Wielaard
2022-06-27 14:21             ` Adhemerval Zanella
2022-06-27 14:25             ` Christian Brauner
2022-06-27 14:42           ` Florian Weimer
2022-06-27 14:57             ` Adhemerval Zanella
2022-06-27 15:08               ` Christian Brauner
2022-06-27 15:14                 ` Adhemerval Zanella
2022-06-27 16:48                   ` Mark Wielaard
2022-06-27 17:03                     ` Adhemerval Zanella
2022-07-01 10:38                       ` Mark Wielaard
2022-06-27 15:03             ` Christian Brauner
2022-06-27 14:23   ` Adhemerval Zanella
2022-06-27 16:36     ` Mark Wielaard
2022-06-26 20:59 ` [PATCH 4/4] tst-personality.c: Handle personality failing with errno EPERM Mark Wielaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6fae45d84c7a5cd7e88aab3898c5597809742422.camel@klomp.org \
    --to=mark@klomp.org \
    --cc=fw@deneb.enyo.de \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).