util: Add mincore and clone3 to syscall sandbox #23255

pull MarcoFalke wants to merge 1 commits into bitcoin:master from MarcoFalke:2110-syscall changing 1 files +9 −0
  1. MarcoFalke commented at 2:09 PM on October 11, 2021: member

    Closes #23248

  2. in src/util/syscall_sandbox.cpp:124 in fa13c8ee24 outdated 
     114 | @@ -115,6 +115,9 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
 115 |      {__NR_clock_nanosleep, "clock_nanosleep"},
 116 |      {__NR_clock_settime, "clock_settime"},
 117 |      {__NR_clone, "clone"},
 118 | +#ifdef __NR_clone3
 119 | +    {__NR_clone3, "clone3"},
    MarcoFalke commented at 2:12 PM on October 11, 2021:

    For reference, The clone3() system call first appeared in Linux 5.3.

  3. practicalswift commented at 2:15 PM on October 11, 2021: contributor

    Concept ACK

    I think we need to #define __NR_clone3 (if not defined) like we do for statx and other relatively recently introduced syscalls:

    // Define system call numbers for x86_64 that are referenced in the system call profile
// but not provided by the kernel headers used in the GUIX build.
#ifndef __NR_statx
#define __NR_statx 332
#endif
  4. MarcoFalke force-pushed on Oct 11, 2021
  5. MarcoFalke commented at 2:21 PM on October 11, 2021: member

    How do I find the number?

  6. laanwj commented at 2:22 PM on October 11, 2021: member

    How do I find the number?

    Usually in /usr/include/x86_64-linux-gnu/asm/unistd_64.h for x86_64.

  7. util: Add mincore and clone3 to syscall sandbox fab40732a9
  8. MarcoFalke force-pushed on Oct 11, 2021
  9. MarcoFalke added the label DrahtBot Guix build requested on Oct 11, 2021
  10. MarcoFalke commented at 2:27 PM on October 11, 2021: member

    Thanks, added that to the comment in the file.

  11. practicalswift commented at 2:28 PM on October 11, 2021: contributor

    cr ACK fab40732a95711abadc22c3689f248753341a481

    Thanks again for testing on diverse systems and filling in the gaps!

    From the original syscall sandbox PR #20487 (comment): As have been noted in previous discussions above syscall sandboxing is a type of feature that needs experimentation and fine-tuning for different environments to catch potential diversity in syscall use across systems. Such experimentation was required when sandboxing using seccomp-bpf was introduced in projects such as Chromium, OpenSSH and Tor, and it will be required for Bitcoin Core too. There is really no way around it :)

  12. laanwj commented at 3:47 PM on October 11, 2021: member

    ACK fab40732a95711abadc22c3689f248753341a481

  13. fanquake approved
  14. fanquake commented at 12:45 AM on October 12, 2021: member

    ACK fab40732a95711abadc22c3689f248753341a481

    Guix build:

    bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
be71c62f9577549217817b2103ff7333910f61a107277193d2024b9744e99812  guix-build-fab40732a957/output/aarch64-linux-gnu/SHA256SUMS.part
d3bb19a3705c58e35ba709b329d57cdc137c4c334b512d5799213b39a4e547f4  guix-build-fab40732a957/output/aarch64-linux-gnu/bitcoin-fab40732a957-aarch64-linux-gnu-debug.tar.gz
f4f286269244aeb66a219abb98b3b2b860d76235a9741afbeae3478ec803d529  guix-build-fab40732a957/output/aarch64-linux-gnu/bitcoin-fab40732a957-aarch64-linux-gnu.tar.gz
5b5e0ef591e747e47473e2d575ba64dfab75f3bcd0f4585ef9f3dc858d90d4d4  guix-build-fab40732a957/output/arm-linux-gnueabihf/SHA256SUMS.part
73a9bb92ec0da0fcd13e6eff979977552ceaed06c3e0bc44f7b8145d6e19183a  guix-build-fab40732a957/output/arm-linux-gnueabihf/bitcoin-fab40732a957-arm-linux-gnueabihf-debug.tar.gz
bd0e170d39bae7827f2a4dd7e01d375eece5fee0ca8207fdb4ffd378e012c88a  guix-build-fab40732a957/output/arm-linux-gnueabihf/bitcoin-fab40732a957-arm-linux-gnueabihf.tar.gz
5345db41cbf71ea03bb8de05ef81b9894446abdf0fbc95169ad0e7fb1c1bd93f  guix-build-fab40732a957/output/dist-archive/bitcoin-fab40732a957.tar.gz
b590fd5daa56fddd4736c8c5571a2c3125cf8742bdd2bd6673b331ba8ac28eb6  guix-build-fab40732a957/output/powerpc64-linux-gnu/SHA256SUMS.part
49f8a8816c32173220a5fc65500900419dd8e276597ea5279557dbe24a8933cd  guix-build-fab40732a957/output/powerpc64-linux-gnu/bitcoin-fab40732a957-powerpc64-linux-gnu-debug.tar.gz
b4bd4c7f7ed9c7545cc63324d9e8624b58a03238fb30b8ab1342d17b64f56c74  guix-build-fab40732a957/output/powerpc64-linux-gnu/bitcoin-fab40732a957-powerpc64-linux-gnu.tar.gz
c41fc9a1dbfd1e640536dc7ffe073907dd3aa5d960efdfd11ec6c4fefccdd79c  guix-build-fab40732a957/output/powerpc64le-linux-gnu/SHA256SUMS.part
36a55d1d1f7345322e1f54c9f19c096c44dc488797c3533dafa91de6e6b9e12f  guix-build-fab40732a957/output/powerpc64le-linux-gnu/bitcoin-fab40732a957-powerpc64le-linux-gnu-debug.tar.gz
70f1f1dd54b6445722cc34a928d1195bfdd5e5138c058c7eea84e5f349aef9f8  guix-build-fab40732a957/output/powerpc64le-linux-gnu/bitcoin-fab40732a957-powerpc64le-linux-gnu.tar.gz
43deaf7e784040af8e0213abb90531fa85756f20115ad507d7662afe45ccc5e8  guix-build-fab40732a957/output/riscv64-linux-gnu/SHA256SUMS.part
4c9b59c4c9bdebef98b89ebf6a01fdf1db150228cb43f8b43d08c9110fe55e8c  guix-build-fab40732a957/output/riscv64-linux-gnu/bitcoin-fab40732a957-riscv64-linux-gnu-debug.tar.gz
dc32beaf064b2f9302b01b5e58cea1678324059b49ad2fb51ea0af3adedc611e  guix-build-fab40732a957/output/riscv64-linux-gnu/bitcoin-fab40732a957-riscv64-linux-gnu.tar.gz
c5aade2a281f0e580f5894607ebd9199a070be45d456cfa79ca9e3fe9a2d8497  guix-build-fab40732a957/output/x86_64-apple-darwin19/SHA256SUMS.part
6c2fc38b66d3a4d726d3290b34de8bc194f3e0cf58fea55de16341f780b06548  guix-build-fab40732a957/output/x86_64-apple-darwin19/bitcoin-fab40732a957-osx-unsigned.dmg
0429a1e0876555eeca17d109de5dab440368d61966c03263bb2375d10dd5d171  guix-build-fab40732a957/output/x86_64-apple-darwin19/bitcoin-fab40732a957-osx-unsigned.tar.gz
b36cc30649245295a6a06a837172c412baf6cc0fe6a4992f3c1cc39343226217  guix-build-fab40732a957/output/x86_64-apple-darwin19/bitcoin-fab40732a957-osx64.tar.gz
480044c8a32c047540fdab4a93b4e9b583dd64a75334602c4fff235a0f88958c  guix-build-fab40732a957/output/x86_64-linux-gnu/SHA256SUMS.part
e3eb53986b47bb906e2696953e01328b7b3ba069c1b68900be77236289c594db  guix-build-fab40732a957/output/x86_64-linux-gnu/bitcoin-fab40732a957-x86_64-linux-gnu-debug.tar.gz
fc6dc4736252e3823d3ec5a8d02169ebd7f29061191298ee3924b007ac0f2f7b  guix-build-fab40732a957/output/x86_64-linux-gnu/bitcoin-fab40732a957-x86_64-linux-gnu.tar.gz
983eaa6efec0e9e68dca8e420a1cc3f2bbb203e0c92c9674c10e968b6bc081ab  guix-build-fab40732a957/output/x86_64-w64-mingw32/SHA256SUMS.part
a4ae386869bad65425f27696c538e91aa2c922dad75b95c616c97986ddd12fdb  guix-build-fab40732a957/output/x86_64-w64-mingw32/bitcoin-fab40732a957-win-unsigned.tar.gz
58a67cf5435ccdfec20f29cafc02882f4fb2d8751dd5c900c60ff798024eb64d  guix-build-fab40732a957/output/x86_64-w64-mingw32/bitcoin-fab40732a957-win64-debug.zip
fae336c21c4196a0b94ef057dd636fef5c70aaa393c1bddeba49936a25b81040  guix-build-fab40732a957/output/x86_64-w64-mingw32/bitcoin-fab40732a957-win64-setup-unsigned.exe
a58ac20479b5c8fd43663786ecabe799dbc2086e8b60a98008e3fd07a4676872  guix-build-fab40732a957/output/x86_64-w64-mingw32/bitcoin-fab40732a957-win64.zip
  15. fanquake merged this on Oct 12, 2021
  16. fanquake closed this on Oct 12, 2021
  17. sidhujag referenced this in commit 2da5fde964 on Oct 12, 2021
  18. MarcoFalke deleted the branch on Oct 12, 2021
  19. MarcoFalke removed the label DrahtBot Guix build requested on Oct 12, 2021
  20. MarcoFalke added the label Utils/log/libs on Oct 12, 2021
  21. DrahtBot locked this on Oct 30, 2022
Contributors
MarcoFalkepracticalswiftlaanwjfanquake
Labels
Utils/log/libs
Linked (view graph)
#23248 Bitcoin Core crashes under clang-13 libc++ with "Bad system call (core dumped)"#24771 Outcome of the syscall sandbox experiment
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-02 18:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me