Re: [5.2 REGRESSION] Generic vDSO breaks seccomp-enabled userspace on i386

[Andy Lutomirski]

> On Jul 19, 2019, at 1:03 PM, Sean Christopherson <sean.j.christopherson@xxxxxxxxx> wrote:
> 
> The generic vDSO implementation, starting with commit
> 
>   7ac870747988 ("x86/vdso: Switch to generic vDSO implementation")
> 
> breaks seccomp-enabled userspace on 32-bit x86 (i386) kernels.  Prior to
> the generic implementation, the x86 vDSO used identical code for both
> x86_64 and i386 kernels, which worked because it did all calcuations using
> structs with naturally sized variables, i.e. didn't use __kernel_timespec.
> 
> The generic vDSO does its internal calculations using __kernel_timespec,
> which in turn requires the i386 fallback syscall to use the 64-bit
> variation, __NR_clock_gettime64.

This is basically doomed to break eventually, right?

Iâve occasionally considered adding a concept of âseccomp aliasesâ.  The idea is that, if a filter returns anything other than ALLOW, we re-run it with a different nr that we dig out it a small list of such cases. This would be limited to cases where the new syscall does the same thing with the same arguments.

I want this for restart_syscall: I want to renumber it.

Kees?