From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 8C51E5A026D
	for <passt-dev@passt.top>; Wed, 21 Jun 2023 07:10:35 +0200 (CEST)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4QmBQs4yqXz4x09; Wed, 21 Jun 2023 15:10:29 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1687324229;
	bh=bD7dWqiJq9dR6XpVVO1jTh7h05pWzmaOwxVWAN6CM50=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=aDJ8YRW0OeLQITkoAO6Q7aF8g0cqx+wvabwTzO+ypyqLmzpiQd+JUWmXqgPvpbCCJ
	 hPqWqFwcWtc71HdZOW/p3ZoNt2NvxdLbUOE1lG1cRK7p67AjuQOfU1AJKHkwA6PPwq
	 uoIKtT4Vg3V3h2kmJ1snUu7TsYjOzbphIDpZnX5Q=
Date: Wed, 21 Jun 2023 14:51:27 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] seccomp: Make seccomp.sh re-entrancy safe
Message-ID: <ZJKBz9WVOkmLPFkJ@zatzit>
References: <20230621030637.640272-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="ZaDptnfrR1JYHEx4"
Content-Disposition: inline
In-Reply-To: <20230621030637.640272-1-david@gibson.dropbear.id.au>
Message-ID-Hash: ELPA2V7WWZ4X73SWGCD5ICSVWICJZVTJ
X-Message-ID-Hash: ELPA2V7WWZ4X73SWGCD5ICSVWICJZVTJ
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZJKBz9WVOkmLPFkJ@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/ELPA2V7WWZ4X73SWGCD5ICSVWICJZVTJ/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--ZaDptnfrR1JYHEx4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 21, 2023 at 01:06:37PM +1000, David Gibson wrote:
> seccomp.sh generates seccomp.h piece by piece using >> directives.  This
> means that if two instances of seccomp.h are run concurrently a corrupted
> version of seccomp.h will be generated. Amongst other problems this can
> cause spurious failures on clang-tidy.
>=20
> Alter seccomp.sh to build the output in a temporary file and atomic move =
it
> to seccomp.h, so concurrent invocations will still result in valud output.
>=20
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

A note on context: I discovered this while working on the Avocado
stuff: avocado would run "make cppcheck" and "make clang-tidy" in
parallel, since both require seccomp.h to be generated, they'd both
try to generate it at the same time, and it would blow up.

> ---
>  seccomp.sh | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>=20
> diff --git a/seccomp.sh b/seccomp.sh
> index 092c24e0..e1224e0d 100755
> --- a/seccomp.sh
> +++ b/seccomp.sh
> @@ -15,7 +15,7 @@
> =20
>  TMP=3D"$(mktemp)"
>  IN=3D"$@"
> -OUT=3D"seccomp.h"
> +OUT=3D"$(mktemp)"
> =20
>  [ -z "${ARCH}" ] && ARCH=3D"$(uname -m)"
>  [ -z "${CC}" ] && CC=3D"cc"
> @@ -53,7 +53,7 @@ BST=3D'	BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, @NR@, @R@, =
@L@),'
> =20
>  # cleanup() - Remove temporary file if it exists
>  cleanup() {
> -	rm -f "${TMP}"
> +	rm -f "${TMP}" "${OUT}"
>  }
>  trap "cleanup" EXIT
> =20
> @@ -254,3 +254,5 @@ for __p in ${__profiles}; do
> =20
>  	gen_profile "${__p}" ${__calls}
>  done
> +
> +mv "${OUT}" seccomp.h

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--ZaDptnfrR1JYHEx4
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmSSgcgACgkQzQJF27ox
2GcA0xAAi5Ng9rtmjna1jMazUfsQNi+vZWbpWd9E8RdS6eLtVPK4U8LOWHt4r7Yi
LObualv50Zqr1UfbdkKKxre7SGIvk4MV7+b2QmICwCE5BnseAbhUkNVXKvHJ+Za4
KAomR4Nmtxc1JU3jVK8WknV4f2MvBP45Pn+3kSTgnKj0Dit6A3Al8VUODwzS2VSF
JvLDN4coKnYCvAQvmHzasYec+UCWQxF7PaXG+RRNAzPu2FEqQQMi53ogdt6KQj18
bxUy/1pKUvgnkBomQgcdKtcLxYKRmd5pIowTJPBEkg2XmVXxfeij3WlfnuQruhwO
ZBSq6GV5vrUWzAo3SUJzNRKTxzxBOCMq6CmdKUiBLoeBhTvTkEv/twhN4Eqpk0m4
Y6/8GWAUrhdzcT4aedP9r/j2qb8zeGMgQOT31sW/EpGhRsUeKxOJQBC/jSZvPPw4
oyd8+hmYeVMH/jsQ8I4MsmsSjwkl+Hlg0CeteS/wfWIFWsCT1ZYTh7cNsgkLp1/J
3gM7C/zB8DHoY1EjHKnzYPMORSW2DckhzMvM2KXycI1/91QkrY+WIj2HwEU8H7IV
+NmowA4wB8/AcRnN7viqTdqP8JYFUv8BcPWsonXbR0uWGOxroN2CmcyQnTRoHsPB
dML0SW8LWCn4HDQwjDolMSGYwJ+aIYpAaU/BqM22+esvOUdzKTs=
=9lEs
-----END PGP SIGNATURE-----

--ZaDptnfrR1JYHEx4--