[PATCH] seccomp: Unconditionally allow accept(2) even if accept4(2) is present

[PATCH] seccomp: Unconditionally allow accept(2) even if accept4(2) is present

[Stefano Brivio]

On Alpine Linux 3.21, passt aborts right away as soon as QEMU connects
to it.

Most likely, this has always been the case with musl, because since
musl commit dc01e2cbfb29 ("add fallback emulation for accept4 on old
kernels"), accept4() without flags is implemented using accept().

However, I guess that nobody realised earlier because it's typically
pasta(1) being used on musl-based distributions, and the only place
where we call accept4() without flags is tap_listen_handler().

Add accept() to the list of allowed system calls regardless of the
presence of accept4().

Reported-by: NN708
Link: https://bugs.passt.top/show_bug.cgi?id=106
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 passt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/passt.c b/passt.c
index 957f3d0..1a0c404 100644
--- a/passt.c
+++ b/passt.c
@@ -180,7 +180,7 @@ void exit_handler(int signal)
  * #syscalls socket getsockopt setsockopt s390x:socketcall i686:socketcall close
  * #syscalls bind connect recvfrom sendto shutdown
  * #syscalls arm:recv ppc64le:recv arm:send ppc64le:send
- * #syscalls accept4|accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait
+ * #syscalls accept4 accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait
  * #syscalls clock_gettime arm:clock_gettime64 i686:clock_gettime64
  */
 int main(int argc, char **argv)
-- 
@@ -180,7 +180,7 @@ void exit_handler(int signal)
  * #syscalls socket getsockopt setsockopt s390x:socketcall i686:socketcall close
  * #syscalls bind connect recvfrom sendto shutdown
  * #syscalls arm:recv ppc64le:recv arm:send ppc64le:send
- * #syscalls accept4|accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait
+ * #syscalls accept4 accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait
  * #syscalls clock_gettime arm:clock_gettime64 i686:clock_gettime64
  */
 int main(int argc, char **argv)
-- 
2.43.0

Re: [PATCH] seccomp: Unconditionally allow accept(2) even if accept4(2) is present

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 1788 bytes --]

On Thu, Jan 02, 2025 at 11:02:23PM +0100, Stefano Brivio wrote:
> On Alpine Linux 3.21, passt aborts right away as soon as QEMU connects
> to it.
> 
> Most likely, this has always been the case with musl, because since
> musl commit dc01e2cbfb29 ("add fallback emulation for accept4 on old
> kernels"), accept4() without flags is implemented using accept().
> 
> However, I guess that nobody realised earlier because it's typically
> pasta(1) being used on musl-based distributions, and the only place
> where we call accept4() without flags is tap_listen_handler().
> 
> Add accept() to the list of allowed system calls regardless of the
> presence of accept4().
> 
> Reported-by: NN708
> Link: https://bugs.passt.top/show_bug.cgi?id=106
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  passt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/passt.c b/passt.c
> index 957f3d0..1a0c404 100644
> --- a/passt.c
> +++ b/passt.c
> @@ -180,7 +180,7 @@ void exit_handler(int signal)
>   * #syscalls socket getsockopt setsockopt s390x:socketcall i686:socketcall close
>   * #syscalls bind connect recvfrom sendto shutdown
>   * #syscalls arm:recv ppc64le:recv arm:send ppc64le:send
> - * #syscalls accept4|accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait
> + * #syscalls accept4 accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait
>   * #syscalls clock_gettime arm:clock_gettime64 i686:clock_gettime64
>   */
>  int main(int argc, char **argv)

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]