From b18306df1c6e9a805bb2c4ddc0e36835c0938417 Mon Sep 17 00:00:00 2001 From: David Korth Date: Tue, 12 Nov 2024 19:58:06 -0500 Subject: [PATCH] [librpsecure] Whitelist statx() to fix amiiboc on armhf on Ubuntu 24.04 and later. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On armhf (glibc-2.39), amiiboc ends up calling statx() indirectly through the fgets() function: Program received signal SIGSYS, Bad system call. __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47 warning: 47 ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S: No such file or directory (gdb) bt =0 __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47 =1 0xb6d2ea0a in fstatat64_time64_statx (flag=4096, buf=0xbefff690, file=0xb6d91c18 "", fd=3) at ../sysdeps/unix/sysv/linux/fstatat64.c:50 =2 __GI___fstatat64_time64 (fd=3, file=0xb6d91c18 "", buf=0xbefff690, flag=4096) at ../sysdeps/unix/sysv/linux/fstatat64.c:150 =3 0xb6cdaae4 in __GI__IO_file_doallocate (fp=0x414f60) at libioP.h:1030 =4 0xb6ce5518 in __GI__IO_doallocbuf (fp=0x414f60) at libioP.h:1030 =5 __GI__IO_doallocbuf (fp=fp@entry=0x414f60) at genops.c:342 =6 0xb6ce3e86 in _IO_new_file_underflow (fp=0x414f60) at fileops.c:486 =7 0xb6ce557a in __GI__IO_default_uflow (fp=0x414f60) at libioP.h:1030 =8 0xb6cdc03e in __GI__IO_getline_info (fp=fp@entry=0x414f60, buf=buf@entry=0xbefff804 "ƀ㶫7\357Z\234\370\377\276\004\323\375\266\330\354\377\266\001", n=n@entry=255, delim=delim@entry=10, extract_delim=extract_delim@entry=1, eof=eof@entry=0x0) at iogetline.c:60 =9 0xb6cdc0c8 in __GI__IO_getline (fp=fp@entry=0x414f60, buf=buf@entry=0xbefff804 "ƀ㶫7\357Z\234\370\377\276\004\323\375\266\330\354\377\266\001", n=n@entry=255, delim=delim@entry=10, extract_delim=extract_delim@entry=1) at iogetline.c:34 =10 0xb6cdb288 in _IO_fgets ( buf=buf@entry=0xbefff804 "ƀ㶫7\357Z\234\370\377\276\004\323\375\266\330\354\377\266\001", n=n@entry=256, fp=fp@entry=0x414f60) at iofgets.c:53 =11 0x004019e8 in fgets (__stream=0x414f60, __n=256, __s=0xbefff804 "ƀ㶫7\357Z\234\370\377\276\004\323\375\266\330\354\377\266\001") at /usr/include/arm-linux-gnueabihf/bits/stdio2.h:200 =12 main (argc=, argv=0xbefffaa4) at rom-properties/src/amiibo-data/amiiboc.cpp:204 --- debian/changelog | 6 ++++++ src/amiibo-data/amiiboc.cpp | 3 +-- src/gtk/thumbnailer-dbus/rptsecure.c | 7 ------- src/librpbase/tests/gtest_init.cpp | 7 ------- src/librpsecure/os-secure_linux.c | 10 ++++++++++ src/rp-download/rp-download.cpp | 7 ------- src/rp-stub/rp-stub_secure.c | 7 ------- src/rpcli/rpcli_secure.c | 7 ------- 8 files changed, 17 insertions(+), 37 deletions(-) diff --git a/debian/changelog b/debian/changelog index de7aeb619..69f39fd9c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rom-properties (2.4-1ppa6~oracular5) oracular; urgency=medium + + * Add statx() to syscall whitelist to fix SIGSYS in amiiboc on armhf. + + -- David Korth Tue, 12 Nov 2024 19:57:50 -0500 + rom-properties (2.4-1ppa6~oracular4) oracular; urgency=medium * rom-properties-gtk4: Depend on libromdata5, not libromdata2. diff --git a/src/amiibo-data/amiiboc.cpp b/src/amiibo-data/amiiboc.cpp index c32aed44d..5950ccf98 100644 --- a/src/amiibo-data/amiiboc.cpp +++ b/src/amiibo-data/amiiboc.cpp @@ -126,8 +126,7 @@ static int set_security_options(void) #elif defined(HAVE_SECCOMP) static constexpr int syscall_wl[] = { // Syscalls used by amiiboc. - SCMP_SYS(close), SCMP_SYS(fstat), SCMP_SYS(fstat64), // __GI___fxstat() [printf()] - SCMP_SYS(fstatat64), SCMP_SYS(newfstatat), // Ubuntu 19.10 (32-bit) + SCMP_SYS(close), SCMP_SYS(gettimeofday), // 32-bit only? SCMP_SYS(lseek), SCMP_SYS(_llseek), SCMP_SYS(open), // Ubuntu 16.04 diff --git a/src/gtk/thumbnailer-dbus/rptsecure.c b/src/gtk/thumbnailer-dbus/rptsecure.c index 2334c86bc..8b769f9cc 100644 --- a/src/gtk/thumbnailer-dbus/rptsecure.c +++ b/src/gtk/thumbnailer-dbus/rptsecure.c @@ -36,8 +36,6 @@ int rpt_do_security_options(void) SCMP_SYS(close), SCMP_SYS(dup), // gzdopen() SCMP_SYS(fcntl), SCMP_SYS(fcntl64), // gcc profiling - SCMP_SYS(fstat), SCMP_SYS(fstat64), // __GI___fxstat() [printf()] - SCMP_SYS(fstatat64), SCMP_SYS(newfstatat), // Ubuntu 19.10 (32-bit) SCMP_SYS(ftruncate), // LibRpBase::RpFile::truncate() [from LibRpBase::RpPngWriterPrivate ctors] SCMP_SYS(ftruncate64), SCMP_SYS(futex), // iconv_open(), dlopen() @@ -66,11 +64,6 @@ int rpt_do_security_options(void) // NOTE: Only seems to get triggered on PowerPC... SCMP_SYS(clock_gettime), SCMP_SYS(clock_gettime64), -#if defined(__SNR_statx) || defined(__NR_statx) - SCMP_SYS(getcwd), // called by glibc's statx() - SCMP_SYS(statx), -#endif /* __SNR_statx || __NR_statx */ - // glibc ncsd // TODO: Restrict connect() to AF_UNIX. SCMP_SYS(connect), SCMP_SYS(recvmsg), SCMP_SYS(sendto), diff --git a/src/librpbase/tests/gtest_init.cpp b/src/librpbase/tests/gtest_init.cpp index 11fe21698..129e708d3 100644 --- a/src/librpbase/tests/gtest_init.cpp +++ b/src/librpbase/tests/gtest_init.cpp @@ -49,8 +49,6 @@ int RP_C_API _tmain(int argc, TCHAR *argv[]) SCMP_SYS(clock_gettime64), #endif /* __SNR_clock_gettime64 || __NR_clock_gettime64 */ SCMP_SYS(fcntl), SCMP_SYS(fcntl64), // gcc profiling - SCMP_SYS(fstat), SCMP_SYS(fstat64), // __GI___fxstat() [printf()] - SCMP_SYS(fstatat64), SCMP_SYS(newfstatat), // Ubuntu 19.10 (32-bit) SCMP_SYS(futex), // iconv_open() SCMP_SYS(gettimeofday), // 32-bit only? [testing::internal::GetTimeInMillis()] SCMP_SYS(mmap), // iconv_open() @@ -89,11 +87,6 @@ int RP_C_API _tmain(int argc, TCHAR *argv[]) // TODO: Restrict connect() to AF_UNIX. SCMP_SYS(connect), SCMP_SYS(recvmsg), SCMP_SYS(sendto), -#if defined(__SNR_statx) || defined(__NR_statx) - //SCMP_SYS(getcwd), // called by glibc's statx() [referenced above] - SCMP_SYS(statx), -#endif /* __SNR_statx || __NR_statx */ - // for posix_fadvise() SCMP_SYS(fadvise64), SCMP_SYS(fadvise64_64), SCMP_SYS(arm_fadvise64_64), // CPU-specific syscall for Linux on 32-bit ARM diff --git a/src/librpsecure/os-secure_linux.c b/src/librpsecure/os-secure_linux.c index eab441eb2..98f81cf34 100644 --- a/src/librpsecure/os-secure_linux.c +++ b/src/librpsecure/os-secure_linux.c @@ -85,6 +85,16 @@ int rp_secure_enable(rp_secure_param_t param) __NR_faccessat2 // Required for Gentoo's sandbox (amiiboc) #endif /* __SNR_faccessat2 || __NR_faccessat2 */ + // stat() + SCMP_SYS(fstat), SCMP_SYS(fstat64), // __GI___fxstat() [printf()] + SCMP_SYS(fstatat64), SCMP_SYS(newfstatat), // Ubuntu 19.10 (32-bit) + +#if defined(__SNR_statx) || defined(__NR_statx) + // statx() + SCMP_SYS(getcwd), // called by glibc's statx() + SCMP_SYS(statx), +#endif /* __SNR_statx || __NR_statx */ + // restart_syscall() is called by glibc to restart // certain syscalls if they're interrupted. SCMP_SYS(restart_syscall), diff --git a/src/rp-download/rp-download.cpp b/src/rp-download/rp-download.cpp index 4f9997b5e..0cab3cafc 100644 --- a/src/rp-download/rp-download.cpp +++ b/src/rp-download/rp-download.cpp @@ -255,8 +255,6 @@ int RP_C_API _tmain(int argc, TCHAR *argv[]) SCMP_SYS(close), SCMP_SYS(fcntl), SCMP_SYS(fcntl64), // gcc profiling SCMP_SYS(fsetxattr), - SCMP_SYS(fstat), SCMP_SYS(fstat64), // __GI___fxstat() [printf()] - SCMP_SYS(fstatat64), SCMP_SYS(newfstatat), // Ubuntu 19.10 (32-bit) SCMP_SYS(futex), SCMP_SYS(getdents), SCMP_SYS(getdents64), SCMP_SYS(getppid), // for bubblewrap verification @@ -279,11 +277,6 @@ int RP_C_API _tmain(int argc, TCHAR *argv[]) SCMP_SYS(unlink), // to delete expired cache files SCMP_SYS(utimensat), -#if defined(__SNR_statx) || defined(__NR_statx) - SCMP_SYS(getcwd), // called by glibc's statx() - SCMP_SYS(statx), -#endif /* __SNR_statx || __NR_statx */ - // glibc ncsd // TODO: Restrict connect() to AF_UNIX. SCMP_SYS(connect), SCMP_SYS(recvmsg), SCMP_SYS(sendto), diff --git a/src/rp-stub/rp-stub_secure.c b/src/rp-stub/rp-stub_secure.c index 3b56d93c9..45cc74e6b 100644 --- a/src/rp-stub/rp-stub_secure.c +++ b/src/rp-stub/rp-stub_secure.c @@ -47,8 +47,6 @@ int rp_stub_do_security_options(bool config) // dlopen() SCMP_SYS(fcntl), SCMP_SYS(fcntl64), // gcc profiling - SCMP_SYS(fstat), SCMP_SYS(fstat64), // __GI___fxstat() [printf()] - SCMP_SYS(fstatat64), SCMP_SYS(newfstatat), // Ubuntu 19.10 (32-bit) SCMP_SYS(gettimeofday), // 32-bit only? SCMP_SYS(mmap), SCMP_SYS(mmap2), // might only be needed on i386... @@ -78,11 +76,6 @@ int rp_stub_do_security_options(bool config) SCMP_SYS(getppid), // dll-search.c: walk_proc_tree() -#if defined(__SNR_statx) || defined(__NR_statx) - SCMP_SYS(getcwd), // called by glibc's statx() - SCMP_SYS(statx), -#endif /* __SNR_statx || __NR_statx */ - // ConfReader checks timestamps between rpcli runs. // NOTE: Only seems to get triggered on PowerPC... SCMP_SYS(clock_gettime), SCMP_SYS(clock_gettime64), diff --git a/src/rpcli/rpcli_secure.c b/src/rpcli/rpcli_secure.c index 2c97d392e..b1c8b61a1 100644 --- a/src/rpcli/rpcli_secure.c +++ b/src/rpcli/rpcli_secure.c @@ -36,8 +36,6 @@ int rpcli_do_security_options(void) SCMP_SYS(close), SCMP_SYS(dup), // gzdopen() SCMP_SYS(fcntl), SCMP_SYS(fcntl64), // gcc profiling - SCMP_SYS(fstat), SCMP_SYS(fstat64), // __GI___fxstat() [printf()] - SCMP_SYS(fstatat64), SCMP_SYS(newfstatat), // Ubuntu 19.10 (32-bit) SCMP_SYS(ftruncate), // LibRpBase::RpFile::truncate() [from LibRpBase::RpPngWriterPrivate ctors] SCMP_SYS(ftruncate64), SCMP_SYS(futex), @@ -69,11 +67,6 @@ int rpcli_do_security_options(void) __NR_clock_gettime64, #endif /* __SNR_clock_gettime64 || __NR_clock_gettime64 */ -#if defined(__SNR_statx) || defined(__NR_statx) - SCMP_SYS(getcwd), // called by glibc's statx() - SCMP_SYS(statx), -#endif /* __SNR_statx || __NR_statx */ - // glibc ncsd // TODO: Restrict connect() to AF_UNIX. SCMP_SYS(connect), SCMP_SYS(recvmsg), SCMP_SYS(sendto),