From e59bb6221076c24600203bbe6f936a6fd110b8bea7c6940318f3b48ee044f07b Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Thu, 5 May 2022 06:18:13 +0000
Subject: [PATCH] Accepting request 975050 from home:cyphar:lxc
- Backport upstream patch to fix build on x32 systems.
+ 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
OBS-URL: https://build.opensuse.org/request/show/975050
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=107
---
...sysinfo-syscall-interception-on-32-b.patch | 174 ++++++++++++++++++
lxd.changes | 2 +
lxd.spec | 4 +
3 files changed, 180 insertions(+)
create mode 100644 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
diff --git a/0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch b/0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
new file mode 100644
index 0000000..63195de
--- /dev/null
+++ b/0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
@@ -0,0 +1,174 @@
+From fd6845ddda3f80cdd24a8f94c42acce6bff0c41f Mon Sep 17 00:00:00 2001
+From: Thomas Parrott <thomas.parrott@canonical.com>
+Date: Fri, 29 Apr 2022 11:12:48 +0100
+Subject: [PATCH] lxd/secommp: Fix sysinfo syscall interception on 32 bit
+ platforms
+
+Fixes #10347
+
+Backport: <https://github.com/lxc/lxd/pull/10348>
+Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
+---
+ lxd/seccomp/seccomp.go | 22 ++++++++++++++--------
+ lxd/seccomp/sysinfo.go | 13 +++++++++++++
+ lxd/seccomp/sysinfo_32.go | 19 +++++++++++++++++++
+ lxd/seccomp/sysinfo_64.go | 19 +++++++++++++++++++
+ 4 files changed, 65 insertions(+), 8 deletions(-)
+ create mode 100644 lxd/seccomp/sysinfo.go
+ create mode 100644 lxd/seccomp/sysinfo_32.go
+ create mode 100644 lxd/seccomp/sysinfo_64.go
+
+diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go
+index 03fee3c71a09..203d408a8286 100644
+--- a/lxd/seccomp/seccomp.go
++++ b/lxd/seccomp/seccomp.go
+@@ -1709,6 +1709,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
+
+ defer l.Debug("Handling sysinfo syscall")
+
++ // Pre-fill sysinfo struct with metrics from host system.
+ info := unix.Sysinfo_t{}
+ err := unix.Sysinfo(&info)
+ if err != nil {
+@@ -1718,6 +1719,8 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
+ return 0
+ }
+
++ instMetrics := Sysinfo{} // Architecture independent place to hold instance metrics.
++
+ cg, err := cgroup.NewFileReadWriter(int(siov.msg.init_pid), liblxc.HasApiExtension("cgroup2"))
+ if err != nil {
+ l.Warn("Failed loading cgroup", logger.Ctx{"err": err, "pid": siov.msg.init_pid})
+@@ -1735,7 +1738,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
+ return 0
+ }
+
+- info.Uptime = int64(time.Now().Sub(f.ModTime()).Seconds())
++ instMetrics.Uptime = int64(time.Now().Sub(f.ModTime()).Seconds())
+
+ // Get instance process count.
+ pids, err := cg.GetTotalProcesses()
+@@ -1746,7 +1749,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
+ return 0
+ }
+
+- info.Procs = uint16(pids)
++ instMetrics.Procs = uint16(pids)
+
+ // Get instance memory stats.
+ memStats, err := cg.GetMemoryStats()
+@@ -1760,9 +1763,9 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
+ for k, v := range memStats {
+ switch k {
+ case "shmem":
+- info.Sharedram = v
++ instMetrics.Sharedram = v
+ case "cache":
+- info.Bufferram = v
++ instMetrics.Bufferram = v
+ }
+ }
+
+@@ -1784,8 +1787,8 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
+ return 0
+ }
+
+- info.Totalram = uint64(memoryLimit)
+- info.Freeram = info.Totalram - uint64(memoryUsage) - info.Bufferram
++ instMetrics.Totalram = uint64(memoryLimit)
++ instMetrics.Freeram = instMetrics.Totalram - uint64(memoryUsage) - instMetrics.Bufferram
+
+ // Get instance swap info.
+ if s.s.OS.CGInfo.Supports(cgroup.MemorySwapUsage, cg) {
+@@ -1805,14 +1808,17 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int {
+ return 0
+ }
+
+- info.Totalswap = uint64(swapLimit)
+- info.Freeswap = info.Totalswap - uint64(swapUsage)
++ instMetrics.Totalswap = uint64(swapLimit)
++ instMetrics.Freeswap = instMetrics.Totalswap - uint64(swapUsage)
+ }
+
+ // Get writable pointer to buffer of sysinfo syscall result.
+ const sz = int(unsafe.Sizeof(info))
+ var b []byte = (*(*[sz]byte)(unsafe.Pointer(&info)))[:]
+
++ // Write instance metrics to native sysinfo struct.
++ instMetrics.ToNative(&info)
++
+ // Write sysinfo response into buffer.
+ _, err = unix.Pwrite(siov.memFd, b, int64(siov.req.data.args[0]))
+ if err != nil {
+diff --git a/lxd/seccomp/sysinfo.go b/lxd/seccomp/sysinfo.go
+new file mode 100644
+index 000000000000..b255894af26e
+--- /dev/null
++++ b/lxd/seccomp/sysinfo.go
+@@ -0,0 +1,13 @@
++package seccomp
++
++// Sysinfo architecture independent sysinfo struct.
++type Sysinfo struct {
++ Uptime int64
++ Totalram uint64
++ Freeram uint64
++ Sharedram uint64
++ Bufferram uint64
++ Totalswap uint64
++ Freeswap uint64
++ Procs uint16
++}
+diff --git a/lxd/seccomp/sysinfo_32.go b/lxd/seccomp/sysinfo_32.go
+new file mode 100644
+index 000000000000..e52808300dd0
+--- /dev/null
++++ b/lxd/seccomp/sysinfo_32.go
+@@ -0,0 +1,19 @@
++//go:build 386 || arm || ppc || s390 || mips || mipsle
++
++package seccomp
++
++import (
++ "golang.org/x/sys/unix"
++)
++
++// ToNative fills fields from s into native fields.
++func (s *Sysinfo) ToNative(n *unix.Sysinfo_t) {
++ n.Bufferram = uint32(s.Bufferram)
++ n.Freeram = uint32(s.Freeram)
++ n.Freeswap = uint32(s.Freeswap)
++ n.Procs = s.Procs
++ n.Sharedram = uint32(s.Sharedram)
++ n.Totalram = uint32(s.Totalram)
++ n.Totalswap = uint32(s.Totalswap)
++ n.Uptime = int32(s.Uptime)
++}
+diff --git a/lxd/seccomp/sysinfo_64.go b/lxd/seccomp/sysinfo_64.go
+new file mode 100644
+index 000000000000..84383b1c5a86
+--- /dev/null
++++ b/lxd/seccomp/sysinfo_64.go
+@@ -0,0 +1,19 @@
++//go:build amd64 || ppc64 || ppc64le || arm64 || s390x || mips64 || mips64le || riscv64
++
++package seccomp
++
++import (
++ "golang.org/x/sys/unix"
++)
++
++// ToNative fills fields from s into native fields.
++func (s *Sysinfo) ToNative(n *unix.Sysinfo_t) {
++ n.Bufferram = s.Bufferram
++ n.Freeram = s.Freeram
++ n.Freeswap = s.Freeswap
++ n.Procs = s.Procs
++ n.Sharedram = s.Sharedram
++ n.Totalram = s.Totalram
++ n.Totalswap = s.Totalswap
++ n.Uptime = s.Uptime
++}
+--
+2.35.1
+
diff --git a/lxd.changes b/lxd.changes
index 685dd73..41dfc04 100644
--- a/lxd.changes
+++ b/lxd.changes
@@ -11,6 +11,8 @@ Thu May 5 04:27:43 UTC 2022 - Aleksa Sarai <asarai@suse.com>
+ Configurable host network interface naming pattern
* Overrideable evacuation mode
* Setting profiles during an image copy
+- Backport upstream patch to fix build on x32 systems.
+ + 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
-------------------------------------------------------------------
Thu May 5 03:31:24 UTC 2022 - Aleksa Sarai <asarai@suse.com>
diff --git a/lxd.spec b/lxd.spec
index 30149c5..869db91 100644
--- a/lxd.spec
+++ b/lxd.spec
@@ -51,6 +51,8 @@ Source101: %{name}-config.yml
# Additional runtime configuration.
Source200: %{name}.sysctl
Source201: %{name}.dnsmasq
+# OPENSUSE-UPSTREAM-FIX: Backport of <https://github.com/lxc/lxd/pull/10348>.
+Patch1: 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
BuildRequires: fdupes
BuildRequires: golang-packaging
BuildRequires: libacl-devel
@@ -123,6 +125,8 @@ Bash command line completion support for %{name}.
%prep
%setup -q
+# https://github.com/lxc/lxd/pull/10348
+%patch1 -p1
%build
# Make sure any leftover go build caches are gone.