Bug 489913

Summary: WARNING: unhandled amd64-linux syscall: 444 (landlock_create_ruleset)
Product: [Developer tools] valgrind Reporter: Peter Seiderer <ps.report>
Component: generalAssignee: Mark Wielaard <mark>
Status: RESOLVED FIXED    
Severity: normal CC: mark
Priority: NOR    
Version First Reported In: 3.23.0   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: [PATCH v1] Add support for landlock_create_ruleset (444), landlock_add_rule (445) and landlock_restrict_self (446) syscalls

Description Peter Seiderer 2024-07-08 09:48:13 UTC 
SUMMARY

Running valgrind on /usr/bin/xz gives the following warning 'WARNING: unhandled amd64-linux syscall: 444'

STEPS TO REPRODUCE

1. valgrind /usr/bin/xz

OBSERVED RESULT

==444534== Memcheck, a memory error detector
==444534== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==444534== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==444534== Command: /usr/bin/xz
==444534== 
--444534-- WARNING: unhandled amd64-linux syscall: 444
--444534-- You may be able to write your own handler.
--444534-- Read the file README_MISSING_SYSCALL_OR_IOCTL.
--444534-- Nevertheless we consider this a bug.  Please report
--444534-- it at http://valgrind.org/support/bug_reports.html.
/usr/bin/xz: Compressed data cannot be written to a terminal
/usr/bin/xz: Try '/usr/bin/xz --help' for more information.
==444534== 
==444534== HEAP SUMMARY:
==444534==     in use at exit: 0 bytes in 0 blocks
==444534==   total heap usage: 456 allocs, 456 frees, 30,942 bytes allocated
==444534== 
==444534== All heap blocks were freed -- no leaks are possible
==444534== 
==444534== For lists of detected and suppressed errors, rerun with: -s
==444534== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)


EXPECTED RESULT

No warning ;-)

SOFTWARE/OS VERSIONS

- Linux openSUSE Tumbleweed (20240704)
- valgrind-3.23.0
- xz-5.6.2

ADDITIONAL INFORMATION

Missing syscall handling for landlock_create_ruleset (444), landlock_add_rule (445) and landlock_restrict_self (446)
Comment 1 Peter Seiderer 2024-07-08 11:26:29 UTC 
Created attachment 171476 [details]
[PATCH v1] Add support for landlock_create_ruleset (444), landlock_add_rule (445) and landlock_restrict_self (446) syscalls

Patch v1-0001-Add-support-for-landlock_create_ruleset-444-landl.patch attached (add support for landlock_create_ruleset (444), landlock_add_rule (445) and landlock_restrict_self (446) syscalls).
Comment 2 Mark Wielaard 2024-11-25 01:50:50 UTC 
Thanks. I made a couple of tweaks so that the landlock_ruleset_attr given to landlock_create_ruleset is initialized. Added a POST for landlock_create_ruleset to track the returned file descriptor. And check the file descriptor given to landlock_add_rule and landlock_restrict_self is valid. And since it is a generic syscall I also hooked up the other syswrap-<arch>-linux.c files.

It already found a ruleset fd "leak" in xz with --track-fds=yes.

Depending on the rules installed valgrind might file opening files though, like debug files. So maybe we may also want a mode where landlock_create_ruleset just fails with EOPNOTSUPP.

commit b1453546fe7396e7d4b4b2fc8ec7e64b71d18611
Author: Peter Seiderer <ps.report@gmx.net>
Date:   Mon Jul 8 11:05:47 2024 +0200

    Add support for landlock_create_ruleset (444), landlock_add_rule (445) and landlock_restrict_self (446) syscalls
    
    - add support for landlock_create_ruleset (444) syscall
    - add support for landlock_add_rule (445) syscall
    - add support for landlock_restrict_self (446) syscall
    
    https://bugs.kde.org/show_bug.cgi?id=489913
    
    Signed-off-by: Peter Seiderer <ps.report@gmx.net>