From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202412 header.b=IQXpGOO7;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id CFF7C5A004E
	for <passt-dev@passt.top>; Fri, 03 Jan 2025 02:16:55 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202412; t=1735867004;
	bh=eJdHPpOGJj35n7+XHUiy1ijo7fcBiAc6Q5KutuwO7Sw=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=IQXpGOO7yjJnKEjzG+O5SJ2d26SHhEA+gH0tU1b064OeoyGi4lJc1A2+nriLu/9Zx
	 F9g+qp5l7aDm3ZDEzNiRiPy0Tk7KaFocoxSLjcSPTP9pQw0+EHQIEhFZXTvtOJilWn
	 W1RPTqBXoqFLQ1bjEgsSSlERzXgGarUkVAq3XqTH1i1IUrKCsFFDiDKmyllfowPjH6
	 8SEXdxLS5J3xxg9ODaCyNeCavusHg2vXrcrH1EJFqrIt/jMR3O3W7t2B7Gpp+vqn5H
	 k+/ceLTVJyVNvQOuQCrZLYlzh0OrvPgr4vQqUeU9PUDyUBdx5sw0Gx0h5d4xcprldT
	 bL81lEJw28m7w==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4YPQdm6q0zz4xff; Fri,  3 Jan 2025 12:16:44 +1100 (AEDT)
Date: Fri, 3 Jan 2025 11:40:03 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] seccomp: Unconditionally allow accept(2) even if
 accept4(2) is present
Message-ID: <Z3cx47YjboWpxVmn@zatzit>
References: <20250102220223.3485440-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="HXjUEMB1eyhFJkBs"
Content-Disposition: inline
In-Reply-To: <20250102220223.3485440-1-sbrivio@redhat.com>
Message-ID-Hash: SN5ZNRSGVXYQ3U4NE4C3HXU77R6NLXHE
X-Message-ID-Hash: SN5ZNRSGVXYQ3U4NE4C3HXU77R6NLXHE
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z3cx47YjboWpxVmn@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/SN5ZNRSGVXYQ3U4NE4C3HXU77R6NLXHE/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--HXjUEMB1eyhFJkBs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jan 02, 2025 at 11:02:23PM +0100, Stefano Brivio wrote:
> On Alpine Linux 3.21, passt aborts right away as soon as QEMU connects
> to it.
>=20
> Most likely, this has always been the case with musl, because since
> musl commit dc01e2cbfb29 ("add fallback emulation for accept4 on old
> kernels"), accept4() without flags is implemented using accept().
>=20
> However, I guess that nobody realised earlier because it's typically
> pasta(1) being used on musl-based distributions, and the only place
> where we call accept4() without flags is tap_listen_handler().
>=20
> Add accept() to the list of allowed system calls regardless of the
> presence of accept4().
>=20
> Reported-by: NN708
> Link: https://bugs.passt.top/show_bug.cgi?id=3D106
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  passt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/passt.c b/passt.c
> index 957f3d0..1a0c404 100644
> --- a/passt.c
> +++ b/passt.c
> @@ -180,7 +180,7 @@ void exit_handler(int signal)
>   * #syscalls socket getsockopt setsockopt s390x:socketcall i686:socketca=
ll close
>   * #syscalls bind connect recvfrom sendto shutdown
>   * #syscalls arm:recv ppc64le:recv arm:send ppc64le:send
> - * #syscalls accept4|accept listen epoll_ctl epoll_wait|epoll_pwait epol=
l_pwait
> + * #syscalls accept4 accept listen epoll_ctl epoll_wait|epoll_pwait epol=
l_pwait
>   * #syscalls clock_gettime arm:clock_gettime64 i686:clock_gettime64
>   */
>  int main(int argc, char **argv)

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--HXjUEMB1eyhFJkBs
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmd3MbkACgkQzQJF27ox
2GfP3A/+PEq712UPcUUdYarlSZa4JaU1E+JHop2bLtEgS8MRp6JBAXCX94pWWWlY
7NZpx3mWAclssvW/3GbQ4W3kSIImpMOotTW/+qJPb3n1TCFcSGcWDdbCjdUE5CiY
VITaZrfQQ71i2KOC8RMqMadgkapNhxBzFsyN2JPlWQVm+nvjr1ltAk3P3squcpf+
5k/YIsVzA2HbxTDVRsSZRtBhTxa+5h2Ys67EOlBEcSATIg5bans8YV3OkEwMt3J2
vh/tQE2vkgxzn4vmYN7SfFnGizGsg5ekd+9oDOyfELW2ep1cY5oEAo0vTFJTKnde
QT76YjXn+b2XpPeTzIDWk4JNfsvVHyY48cPJTzRc0wVGVhN0fr6gPTws5xKM12mY
MexVYSpfVLzK9jI3oYoOuVSRHuBGFJDe95Uy2WI4YIhbYjJFZH6EzOD6Ny6lXN/N
Y6xPHVhrbqlI83ZC3jmCdG7WAdLOInIC4Oow0iTp6oysUSa+Fn/UgybpErFm0lJ9
Oc4VDUf4oaD6H63b3FM2qSqzds0l5APLEY5Wc0WDxIGNpPDesl0GQWtnzmQLIKKF
kFJ0nRy3fmzldY5rBCYmcvMxZ8BR4UilAzfGRS1AUTbuZw73E1oMymOEb31Re4Vi
40Y7B4gNEDlxAJ+dOSmChvcelwuZxsoGrruQA8RUnzMmw2jTgiE=
=RVXN
-----END PGP SIGNATURE-----

--HXjUEMB1eyhFJkBs--