--3938-- WARNING: unhandled syscall: 308 Reproducible: Always Steps to Reproduce: 1. run something that use setns, for example 'ip netns exec <NS> sh' under valgrind
Created attachment 90554 [details] implement Linux x64 setns syscall wrapper
This probably needs to be considered alongside unshare, which I think there's already a bug for. The main issue is working out the affects on valgrind itself (as against the program being run under valgrind) of allowing namespaces to be modified...
Hi! What is the status of this issue?
The unshare syscall (bug #166355) mentioned by Tom Hughes has been added a long time ago. I there any argument against adding setns that would not have been applied to unshare as well? Or in other words, what I can do to get this change merged?
Any news here? I am looking forward to seeing this patch could be accepted officially.
Created attachment 116432 [details] another setns patch This is the patch I was going to submit a while ago. It is a little different from the patch you have already, so I submit it for you to compare with what you have.
*** Bug 369031 has been marked as a duplicate of this bug. ***
I tested Brenda's patch on Valgrind 3.3.12 on Debian 9.6 amd64, works as expected. Thanks!
Any update on accepting the patch provided by @Andreas? this fix would be really helpful for applications which use setns. Thanks
(In reply to Brenda J. Butler from comment #6) > Created attachment 116432 [details] > another setns patch > > This is the patch I was going to submit a while ago. It is a little > different from the patch you have already, so I submit it for you to compare > with what you have. I have changed the code as your patch in VALGRIND_3_14_0-227-g4443b782c , but got error as following: ../coregrind/link_tool_exe_linux 0x58000000 gcc -o memcheck-amd64-linux -m64 -O2 -g -Wall -Wmissing-prototypes -Wshadow -Wpointer-arith -Wstrict-prototypes -Wmissing-declarations -Wcast-align -Wcast-qual -Wwrite-strings -Wempty-body -Wformat -Wformat-signedness -Wformat-security -Wignored-qualifiers -Wmissing-parameter-type -Wlogical-op -Wimplicit-fallthrough=2 -Wold-style-declaration -finline-functions -fno-stack-protector -fno-strict-aliasing -fno-builtin -fomit-frame-pointer -O2 -static -nodefaultlibs -nostartfiles -u _start -m64 memcheck_amd64_linux-mc_leakcheck.o memcheck_amd64_linux-mc_malloc_wrappers.o memcheck_amd64_linux-mc_main.o memcheck_amd64_linux-mc_main_asm.o memcheck_amd64_linux-mc_translate.o memcheck_amd64_linux-mc_machine.o memcheck_amd64_linux-mc_errors.o ../coregrind/libcoregrind-amd64-linux.a ../VEX/libvex-amd64-linux.a -lgcc /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../coregrind/libcoregrind-amd64-linux.a(libcoregrind_amd64_linux_a-syswrap-amd64-linux.o):(.data.rel+0x1340): undefined reference to `vgSysWrap_linux_sys_setns_before' collect2: error: ld returned 1 exit status make[3]: *** [Makefile:1038: memcheck-amd64-linux] Error 1 make[3]: Leaving directory '/home/hhan/Software/valgrind/memcheck' make[2]: *** [Makefile:1349: all-recursive] Error 1 make[2]: Leaving directory '/home/hhan/Software/valgrind/memcheck' make[1]: *** [Makefile:841: all-recursive] Error 1 make[1]: Leaving directory '/home/hhan/Software/valgrind' make: *** [Makefile:710: all] Error 2 My git diff: diff --git a/coregrind/m_syswrap/priv_syswrap-linux.h b/coregrind/m_syswrap/priv_syswrap-linux.h index 8ce8ef3d5..647cc8a36 100644 --- a/coregrind/m_syswrap/priv_syswrap-linux.h +++ b/coregrind/m_syswrap/priv_syswrap-linux.h @@ -391,6 +391,7 @@ DECL_TEMPLATE(linux, sys_getsockname); DECL_TEMPLATE(linux, sys_getpeername); DECL_TEMPLATE(linux, sys_socketpair); DECL_TEMPLATE(linux, sys_kcmp); +DECL_TEMPLATE(linux, sys_setns); DECL_TEMPLATE(linux, sys_copy_file_range); // Some arch specific functions called from syswrap-linux.c diff --git a/coregrind/m_syswrap/syswrap-amd64-linux.c b/coregrind/m_syswrap/syswrap-amd64-linux.c index 9b8068d0f..5cd4b4e50 100644 --- a/coregrind/m_syswrap/syswrap-amd64-linux.c +++ b/coregrind/m_syswrap/syswrap-amd64-linux.c @@ -449,6 +449,19 @@ POST(sys_syscall184) ARG4, ARG5, ARG6 ); } +PRE(sys_setns) +{ + PRINT("sys_setns ( %ld, %ld )", ARG1,ARG2); + PRE_REG_READ2(long, "setns", int, fd, int, nstype); + if (!ML_(fd_allowed)(ARG1, "setns", tid, True)) + SET_STATUS_Failure( VKI_EBADF ); +} + +POST(sys_setns) +{ + vg_assert(SUCCESS); +} + #undef PRE #undef POST @@ -839,7 +852,7 @@ static SyscallTableEntry syscall_table[] = { LINXY(__NR_clock_adjtime, sys_clock_adjtime), // 305 LINX_(__NR_syncfs, sys_syncfs), // 306 LINXY(__NR_sendmmsg, sys_sendmmsg), // 307 -// LINX_(__NR_setns, sys_ni_syscall), // 308 + LINX_(__NR_setns, sys_setns), // 308 LINXY(__NR_getcpu, sys_getcpu), // 309 LINXY(__NR_process_vm_readv, sys_process_vm_readv), // 310 Could you please help resolve the error?
I've posted the patch to the list: https://sourceforge.net/p/valgrind/mailman/valgrind-developers/thread/ed7c25aa08c0ac5484a1f2fd1ed5547822d659aa.1574084227.git.mprivozn%40redhat.com/#msg36810809
Created attachment 124291 [details] 0001-Add-support-for-setns-syscall.patch Based on IRC conversation, I'm attaching the patch I've sent to the list.
*** Bug 368923 has been marked as a duplicate of this bug. ***
I think this last patch is the best we can do. I think we should apply it with one change. The last argument to fd_allowed should be False, since this is an existing file descriptor in a PRE handler (it should only be True if we are checking a new file descriptor in a POST handler).
(In reply to Mark Wielaard from comment #14) > I think this last patch is the best we can do. I think we should apply it > with one change. The last argument to fd_allowed should be False, since this > is an existing file descriptor in a PRE handler (it should only be True if > we are checking a new file descriptor in a POST handler). Alright, do you want me to update the patch?
(In reply to Michal Prívozník from comment #15) > (In reply to Mark Wielaard from comment #14) > > I think this last patch is the best we can do. I think we should apply it > > with one change. The last argument to fd_allowed should be False, since this > > is an existing file descriptor in a PRE handler (it should only be True if > > we are checking a new file descriptor in a POST handler). > > Alright, do you want me to update the patch? No, thanks, I updated it myself. Also asked on irc (#valgrind-dev on irc.freenode.org) if there were any concerns to push this right before the 3.16.0 branch was created. No concerns, so... commit 60a7ebedc0b53e2cdcea112635a285d8136b68a8 Author: Michal Privoznik <mprivozn@redhat.com> Date: Fri Nov 15 10:37:53 2019 +0100 Add support for setns syscall I've tested this on amd64 and arm but I'm enabling it on all arches since the syscall should work identically on all of them. This was requested by users for a long time (almost 5 years) and in fact, some programs (like libvirt) use namespaces and fork off to enter other namespaces. Lack of implementation means valgrind can't be used with these programs (or their configuration must be changed to not use namespaces, which defeats the purpose). Without knowing it, I've converged to same patch as mentioned in bugs below. https://bugs.kde.org/show_bug.cgi?id=343099 https://bugs.kde.org/show_bug.cgi?id=368923 https://bugs.kde.org/show_bug.cgi?id=369031 Signed-off-by: Michal Privoznik <mprivozn@redhat.com>