Trying Xenomai3.2 and has some web browser problem

Trying Xenomai3.2 and has some web browser problem

[Ando Yuta]

Hello

We are now testing xenomai3.2 with dovetail core(kernel ver5.10.70)
The kernel build was successful with some modifications to the ipipe configuration we had been using.
Building our application was also successful without any problems, just by slightly changing the flags in cmake.
So our application is working well, except for one thing.

When using xenomai 3.1 with ipipe patch 5.4.77, there was no problem,
but when using 5.10.70 dovetail, the web browser started to crash.

Firefox didn't work at all.
When using Google Chrome and chromium, some pages don't crash and some,
in particular, video sites like youtube and sites that require login such as github did.

Attached below are the results of strace when using chrome.
The problem seems to be around seccomp.

If we follow this web(https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/linux/sandboxing.md)
and specify --disable-seccomp-filter-sandbox, the crash was apparently avoided.
However, this option disables sandbox, which causes a security problem.
Therefore, we do not want to disable sandbox if possible.

This browser crash does not occur on the same 5.10.70 kernel unless we enable the dovetail realtime kernel, so
It seems to be an issue with a system call related to dovetail's seccomp.
Is there any way to solve this problem?

The strace results are as follows


set_robust_list(0x7f81172e19e0, 24) = 0
gettid() = 17
stat("/sys/fs/cgroup/cpuset/chrome", 0x7f81172e07c0) = -1 ENOSYS (Function not implemented)
setpriority(PRIO_PROCESS, 0, 0) = 0
getpid() = 1
prctl(PR_SET_NAME, "ServiceWorker t"...) = 0
mmap(0x196a00000000, 4294967296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x196a00000000
mprotect(0x196a00000000, 4096, PROT_READ|PROT_WRITE) = 0
sched_getaffinity(17, 32, <unfinished ...>
--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_errno=ENXIO, si_call_addr=0x7f8131c01c33, si_syscall=__NR_sched_getaffinity, si_arch=AUDIT_ARCH_X86_64} ---
0x3ed603ae9440) = -1 ENOSYS (Function not implemented)
write(2, "Sanity checks are failing after "..., 49) = -1 ENOSYS (Function not implemented)
write(2, "\n", 1) = -1 ENOSYS (Function not implemented)
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = -1 ENOSYS (Function not implemented)
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], 0x7f81172df6e0, 8) = -1 ENOSYS (Function not implemented)
getpid() = -38
gettid() = -38
tgkill(1, 17, SIGABRT) = -1 ENOSYS (Function not implemented)
rt_sigprocmask(SIG_SETMASK, [], <unfinished ...>
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=1, si_uid=1000} ---
NULL, 8) = -1 ENOSYS (Function not implemented)
gettid() = -38
prctl(PR_GET_DUMPABLE) = -1 ENOSYS (Function not implemented)
rt_sigprocmask(SIG_BLOCK, [CONT], 0x7f81172de810, 8) = -1 ENOSYS (Function not implemented)
sendmsg(18, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\1\0\0\0\1\0\0\0\10\351-\27\201\177\0\0\10\246\32\0\326>\0\0\0\0\0\0\0\0\0\0"..., iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = -1 ENOSYS (Function not implemented)
rt_sigtimedwait([CONT], 0x7f81172de820, {tv_sec=5, tv_nsec=0}, 8) = -1 ENOSYS (Function not implemented)
rt_sigtimedwait([CONT], 0x7f81172de820, {tv_sec=5, tv_nsec=0}, 8) = -1 ENOSYS (Function not implemented)
rt_sigtimedwait([CONT], 0x7f81172de820, {tv_sec=5, tv_nsec=0}, 8) = -1 ENOSYS (Function not implemented)
rt_sigtimedwait([CONT], 0x7f81172de820, {tv_sec=5, tv_nsec=0}, 8) = -1 ENOSYS (Function not implemented)
rt_sigtimedwait([CONT], 0x7f81172de820, {tv_sec=5, tv_nsec=0}, 8) = -1 ENOSYS (Function not implemented)
rt_sigtimedwait([CONT], 0x7f81172de820, {tv_sec=5, tv_nsec=0}, 8) = -1 ENOSYS (Function not implemented)
rt_sigtimedwait([CONT], 0x7f81172de820, {tv_sec=5, tv_nsec=0}, 8) = -1 ENOSYS (Function not implemented)
rt_sigtimedwait([CONT], 0x7f81172de820, {tv_sec=5, tv_nsec=0}, 8) = -1 ENOSYS (Function not implemented)
rt_sigprocmask(SIG_SETMASK, [ABRT], NULL, 8) = -1 ENOSYS (Function not implemented)
rt_sigaction(SIGABRT, {sa_handler=0x56013b2b5688, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f8131c01980}, NULL, 8) = -1 ENOSYS (Function not implemented)
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], 0x7f81172de810, 8) = -1 ENOSYS (Function not implemented)
getpid() = -38
gettid() = -38
tgkill(1, 17, SIGABRT) = -1 ENOSYS (Function not implemented)
rt_sigprocmask(SIG_SETMASK, [ABRT], NULL, 8) = -1 ENOSYS (Function not implemented)
syscall_0xffffffffffffffff(0x2, 0x7f81172df6e0, 0, 0x8, 0, 0x7f81172df6e0 <unfinished ...>
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=1, si_uid=1000} ---
) = -1 (errno 38)
+++ exited with 250 +++

Yuta Ando

Re: Trying Xenomai3.2 and has some web browser problem

[Jan Kiszka]

On 10.11.21 07:33, Ando Yuta via Xenomai wrote:
> Hello
> 
> We are now testing xenomai3.2 with dovetail core(kernel ver5.10.70)

x86?

> The kernel build was successful with some modifications to the ipipe configuration we had been using.
> Building our application was also successful without any problems, just by slightly changing the flags in cmake.
> So our application is working well, except for one thing.
> 
> When using xenomai 3.1 with ipipe patch 5.4.77, there was no problem,
> but when using 5.10.70 dovetail, the web browser started to crash.
> 
> Firefox didn't work at all.
> When using Google Chrome and chromium, some pages don't crash and some,
> in particular, video sites like youtube and sites that require login such as github did.
> 
> Attached below are the results of strace when using chrome.
> The problem seems to be around seccomp.
> 
> If we follow this web(https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/linux/sandboxing.md)
> and specify --disable-seccomp-filter-sandbox, the crash was apparently avoided.
> However, this option disables sandbox, which causes a security problem.
> Therefore, we do not want to disable sandbox if possible.
> 
> This browser crash does not occur on the same 5.10.70 kernel unless we enable the dovetail realtime kernel, so
> It seems to be an issue with a system call related to dovetail's seccomp.
> Is there any way to solve this problem?
> 
> The strace results are as follows
> 

Can you generate a trace (strace or maybe even kernel event trace) of
both good an bad cases? To see where the behaviour diverges.

Or is there something that reproduces this without requiring a full UI
for the browser?

Thanks for reporting!

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

RE: Trying Xenomai3.2 and has some web browser problem

[Ando Yuta]

Hello Jan

Thanks for the reply.

>x86?

Sorry I forgot to write the CPU info.
My CPU is x86_64(11th Gen Intel i5)

>Can you generate a trace (strace or maybe even kernel event trace) of both good an bad cases? To see where the behaviour diverges.
>Or is there something that reproduces this without requiring a full UI for the browser?

Yes, I found that the same phenomenon occurs when I specify "--disable-gpu" in headless mode chrome.

There are the command to reproduce.
1 chrome --headless --disable-gpu https://www.google.com (in dovetail browser crash, in generic works properly)
2 chrome --headless --disable-gpu --disable-seccomp-filter-sandbox https://www.google.com (disable sandbox, this works in both dovetail and generic but unsafe)

Attached files are the results of strace and kernel event trace in headless mode above.
They are generic, dovetail with sandbox enabled, and dovetail with sandbox disabled.

Yuta Ando

-----Original Message-----
From: Jan Kiszka <jan.kiszka@siemens.com> 
Sent: Wednesday, November 10, 2021 8:16 PM
To: Ando Yuta <andouyuuta@yamaha-motor.co.jp>; xenomai@xenomai.org
Subject: Re: Trying Xenomai3.2 and has some web browser problem

On 10.11.21 07:33, Ando Yuta via Xenomai wrote:
> Hello
> 
> We are now testing xenomai3.2 with dovetail core(kernel ver5.10.70)

x86?

> The kernel build was successful with some modifications to the ipipe configuration we had been using.
> Building our application was also successful without any problems, just by slightly changing the flags in cmake.
> So our application is working well, except for one thing.
> 
> When using xenomai 3.1 with ipipe patch 5.4.77, there was no problem, 
> but when using 5.10.70 dovetail, the web browser started to crash.
> 
> Firefox didn't work at all.
> When using Google Chrome and chromium, some pages don't crash and 
> some, in particular, video sites like youtube and sites that require login such as github did.
> 
> Attached below are the results of strace when using chrome.
> The problem seems to be around seccomp.
> 
> If we follow this 
> web(https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> chromium.googlesource.com%2Fchromium%2Fsrc%2F%2B%2Frefs%2Fheads%2Fmain
> %2Fdocs%2Flinux%2Fsandboxing.md&amp;data=04%7C01%7Candouyuuta%40yamaha
> -motor.co.jp%7C9d666629b66d41c1cad908d9a43b70b4%7C76684a67d81643ce93f9
> 29b6f72f823f%7C1%7C0%7C637721397467929645%7CUnknown%7CTWFpbGZsb3d8eyJW
> IjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&
> amp;sdata=B0%2BqIC8MVLBc%2FxdqkCWmb2skU6NDLv2793FFvQTZGLQ%3D&amp;reser
> ved=0) and specify --disable-seccomp-filter-sandbox, the crash was 
> apparently avoided.
> However, this option disables sandbox, which causes a security problem.
> Therefore, we do not want to disable sandbox if possible.
> 
> This browser crash does not occur on the same 5.10.70 kernel unless we 
> enable the dovetail realtime kernel, so It seems to be an issue with a system call related to dovetail's seccomp.
> Is there any way to solve this problem?
> 
> The strace results are as follows
> 

Can you generate a trace (strace or maybe even kernel event trace) of both good an bad cases? To see where the behaviour diverges.

Or is there something that reproduces this without requiring a full UI for the browser?

Thanks for reporting!

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: generic_kernel_event_trace.txt
URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: generic_strace.txt
URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0001.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dovetail_kernel_event_trace.txt
URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dovetail_kernel_event_trace_disable_sandbox.txt
URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0003.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dovetail_strace.txt
URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dovetail_strace_disable_sandbox.txt
URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0005.txt>

Re: Trying Xenomai3.2 and has some web browser problem

[Bezdeka, Florian]

On Thu, 2021-11-11 at 04:46 +0000, Ando Yuta via Xenomai wrote:
> Hello Jan
> 
> Thanks for the reply.
> 
> > x86?
> 
> Sorry I forgot to write the CPU info.
> My CPU is x86_64(11th Gen Intel i5)
> 
> > Can you generate a trace (strace or maybe even kernel event trace) of both good an bad cases? To see where the behaviour diverges.
> > Or is there something that reproduces this without requiring a full UI for the browser?
> 
> Yes, I found that the same phenomenon occurs when I specify "--disable-gpu" in headless mode chrome.
> 
> There are the command to reproduce.
> 1 chrome --headless --disable-gpu https://www.google.com (in dovetail browser crash, in generic works properly)
> 2 chrome --headless --disable-gpu --disable-seccomp-filter-sandbox https://www.google.com (disable sandbox, this works in both dovetail and generic but unsafe)
> 
> Attached files are the results of strace and kernel event trace in headless mode above.
> They are generic, dovetail with sandbox enabled, and dovetail with sandbox disabled.

Sandbox enabled:
stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9068a987c0) = -1 ENOSYS (Function not implemented)

Sandbox disabled:
stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9e3a03a7c0) = -1 ENOENT (No such file or directory)

You have updated the kernel, but did you update your libseccomp
security profile as well? (IOW: Have you updated your userspace as
well?)

I know about some problems in the past where similar affects were
observed when using syscalls that were not known to the security
profile in use. The stat call is not new, but ENOSYS is unexpected.

> 
> Yuta Ando
> 
> -----Original Message-----
> From: Jan Kiszka <jan.kiszka@siemens.com> 
> Sent: Wednesday, November 10, 2021 8:16 PM
> To: Ando Yuta <andouyuuta@yamaha-motor.co.jp>; xenomai@xenomai.org
> Subject: Re: Trying Xenomai3.2 and has some web browser problem
> 
> On 10.11.21 07:33, Ando Yuta via Xenomai wrote:
> > Hello
> > 
> > We are now testing xenomai3.2 with dovetail core(kernel ver5.10.70)
> 
> x86?
> 
> > The kernel build was successful with some modifications to the ipipe configuration we had been using.
> > Building our application was also successful without any problems, just by slightly changing the flags in cmake.
> > So our application is working well, except for one thing.
> > 
> > When using xenomai 3.1 with ipipe patch 5.4.77, there was no problem, 
> > but when using 5.10.70 dovetail, the web browser started to crash.
> > 
> > Firefox didn't work at all.
> > When using Google Chrome and chromium, some pages don't crash and 
> > some, in particular, video sites like youtube and sites that require login such as github did.
> > 
> > Attached below are the results of strace when using chrome.
> > The problem seems to be around seccomp.
> > 
> > If we follow this 
> > web(https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > chromium.googlesource.com%2Fchromium%2Fsrc%2F%2B%2Frefs%2Fheads%2Fmain
> > %2Fdocs%2Flinux%2Fsandboxing.md&amp;data=04%7C01%7Candouyuuta%40yamaha
> > -motor.co.jp%7C9d666629b66d41c1cad908d9a43b70b4%7C76684a67d81643ce93f9
> > 29b6f72f823f%7C1%7C0%7C637721397467929645%7CUnknown%7CTWFpbGZsb3d8eyJW
> > IjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&
> > amp;sdata=B0%2BqIC8MVLBc%2FxdqkCWmb2skU6NDLv2793FFvQTZGLQ%3D&amp;reser
> > ved=0) and specify --disable-seccomp-filter-sandbox, the crash was 
> > apparently avoided.
> > However, this option disables sandbox, which causes a security problem.
> > Therefore, we do not want to disable sandbox if possible.
> > 
> > This browser crash does not occur on the same 5.10.70 kernel unless we 
> > enable the dovetail realtime kernel, so It seems to be an issue with a system call related to dovetail's seccomp.
> > Is there any way to solve this problem?
> > 
> > The strace results are as follows
> > 
> 
> Can you generate a trace (strace or maybe even kernel event trace) of both good an bad cases? To see where the behaviour diverges.
> 
> Or is there something that reproduces this without requiring a full UI for the browser?
> 
> Thanks for reporting!
> 
> Jan
> 
> --
> Siemens AG, T RDA IOT
> Corporate Competence Center Embedded Linux
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: generic_kernel_event_trace.txt
> URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment.txt>
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: generic_strace.txt
> URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0001.txt>
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: dovetail_kernel_event_trace.txt
> URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0002.txt>
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: dovetail_kernel_event_trace_disable_sandbox.txt
> URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0003.txt>
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: dovetail_strace.txt
> URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0004.txt>
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: dovetail_strace_disable_sandbox.txt
> URL: <http://xenomai.org/pipermail/xenomai/attachments/20211111/e72ff993/attachment-0005.txt>

RE: Trying Xenomai3.2 and has some web browser problem

[Ando Yuta]

Hello

>Sandbox enabled:
>stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9068a987c0) = -1 ENOSYS (Function not implemented)
>Sandbox disabled:
>stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9e3a03a7c0) = -1 ENOENT (No such file or directory)
>You have updated the kernel, but did you update your libseccomp security profile as well? (IOW: Have you updated your userspace as well?)
>I know about some problems in the past where similar affects were observed when using syscalls that were not known to the security profile in use. The stat call is not new, but ENOSYS is unexpected.

Yes I checked. My seccomp version is 2.5.1-1ubuntu1~18.04.1.
Is there anything else I need to do to update the security profile of libseccomp?

Yuta Ando

-----Original Message-----
From: Bezdeka, Florian <florian.bezdeka@siemens.com> 
Sent: Thursday, November 11, 2021 6:09 PM
To: xenomai@xenomai.org; Ando Yuta <andouyuuta@yamaha-motor.co.jp>; jan.kiszka@siemens.com
Subject: Re: Trying Xenomai3.2 and has some web browser problem

On Thu, 2021-11-11 at 04:46 +0000, Ando Yuta via Xenomai wrote:
> Hello Jan
> 
> Thanks for the reply.
> 
> > x86?
> 
> Sorry I forgot to write the CPU info.
> My CPU is x86_64(11th Gen Intel i5)
> 
> > Can you generate a trace (strace or maybe even kernel event trace) of both good an bad cases? To see where the behaviour diverges.
> > Or is there something that reproduces this without requiring a full UI for the browser?
> 
> Yes, I found that the same phenomenon occurs when I specify "--disable-gpu" in headless mode chrome.
> 
> There are the command to reproduce.
> 1 chrome --headless --disable-gpu 
> https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> google.com%2F&amp;data=04%7C01%7Candouyuuta%40yamaha-motor.co.jp%7C42b
> 7cfc69345461303a108d9a4f2e22f%7C76684a67d81643ce93f929b6f72f823f%7C1%7
> C0%7C637722185358222963%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=d5K%2BuP
> 31DcmB3cCvYv8aHIjEHYCaj6%2FFKczgq5qTM2I%3D&amp;reserved=0 (in dovetail 
> browser crash, in generic works properly)
> 2 chrome --headless --disable-gpu --disable-seccomp-filter-sandbox 
> https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> google.com%2F&amp;data=04%7C01%7Candouyuuta%40yamaha-motor.co.jp%7C42b
> 7cfc69345461303a108d9a4f2e22f%7C76684a67d81643ce93f929b6f72f823f%7C1%7
> C0%7C637722185358232954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=FeCuoU%2
> BojmsoaLbDIO2Q%2BovZ88u1A5JPfql9RtXu8nc%3D&amp;reserved=0 (disable 
> sandbox, this works in both dovetail and generic but unsafe)
> 
> Attached files are the results of strace and kernel event trace in headless mode above.
> They are generic, dovetail with sandbox enabled, and dovetail with sandbox disabled.

Sandbox enabled:
stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9068a987c0) = -1 ENOSYS (Function not implemented)

Sandbox disabled:
stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9e3a03a7c0) = -1 ENOENT (No such file or directory)

You have updated the kernel, but did you update your libseccomp security profile as well? (IOW: Have you updated your userspace as
well?)

I know about some problems in the past where similar affects were observed when using syscalls that were not known to the security profile in use. The stat call is not new, but ENOSYS is unexpected.

> 
> Yuta Ando
> 
> -----Original Message-----
> From: Jan Kiszka <jan.kiszka@siemens.com>
> Sent: Wednesday, November 10, 2021 8:16 PM
> To: Ando Yuta <andouyuuta@yamaha-motor.co.jp>; xenomai@xenomai.org
> Subject: Re: Trying Xenomai3.2 and has some web browser problem
> 
> On 10.11.21 07:33, Ando Yuta via Xenomai wrote:
> > Hello
> > 
> > We are now testing xenomai3.2 with dovetail core(kernel ver5.10.70)
> 
> x86?
> 
> > The kernel build was successful with some modifications to the ipipe configuration we had been using.
> > Building our application was also successful without any problems, just by slightly changing the flags in cmake.
> > So our application is working well, except for one thing.
> > 
> > When using xenomai 3.1 with ipipe patch 5.4.77, there was no 
> > problem, but when using 5.10.70 dovetail, the web browser started to crash.
> > 
> > Firefox didn't work at all.
> > When using Google Chrome and chromium, some pages don't crash and 
> > some, in particular, video sites like youtube and sites that require login such as github did.
> > 
> > Attached below are the results of strace when using chrome.
> > The problem seems to be around seccomp.
> > 
> > If we follow this
> > web(https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%
> > 2F 
> > chromium.googlesource.com%2Fchromium%2Fsrc%2F%2B%2Frefs%2Fheads%2Fma
> > in 
> > %2Fdocs%2Flinux%2Fsandboxing.md&amp;data=04%7C01%7Candouyuuta%40yama
> > ha
> > -motor.co.jp%7C9d666629b66d41c1cad908d9a43b70b4%7C76684a67d81643ce93
> > f9 
> > 29b6f72f823f%7C1%7C0%7C637721397467929645%7CUnknown%7CTWFpbGZsb3d8ey
> > JW 
> > IjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C100
> > 0& 
> > amp;sdata=B0%2BqIC8MVLBc%2FxdqkCWmb2skU6NDLv2793FFvQTZGLQ%3D&amp;res
> > er
> > ved=0) and specify --disable-seccomp-filter-sandbox, the crash was 
> > apparently avoided.
> > However, this option disables sandbox, which causes a security problem.
> > Therefore, we do not want to disable sandbox if possible.
> > 
> > This browser crash does not occur on the same 5.10.70 kernel unless 
> > we enable the dovetail realtime kernel, so It seems to be an issue with a system call related to dovetail's seccomp.
> > Is there any way to solve this problem?
> > 
> > The strace results are as follows
> > 
> 
> Can you generate a trace (strace or maybe even kernel event trace) of both good an bad cases? To see where the behaviour diverges.
> 
> Or is there something that reproduces this without requiring a full UI for the browser?
> 
> Thanks for reporting!
> 
> Jan
> 
> --
> Siemens AG, T RDA IOT
> Corporate Competence Center Embedded Linux
> -------------- next part -------------- An embedded and 
> charset-unspecified text was scrubbed...
> Name: generic_kernel_event_trace.txt
> URL: 
> <https://jpn01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxeno
> mai.org%2Fpipermail%2Fxenomai%2Fattachments%2F20211111%2Fe72ff993%2Fat
> tachment.txt&amp;data=04%7C01%7Candouyuuta%40yamaha-motor.co.jp%7C42b7
> cfc69345461303a108d9a4f2e22f%7C76684a67d81643ce93f929b6f72f823f%7C1%7C
> 0%7C637722185358232954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ
> QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=WIBfYVivj
> d5t7BbAqPDxfnwCzcvNIwNhHisrC%2Fe4n%2Bs%3D&amp;reserved=0>
> -------------- next part -------------- An embedded and 
> charset-unspecified text was scrubbed...
> Name: generic_strace.txt
> URL: 
> <https://jpn01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxeno
> mai.org%2Fpipermail%2Fxenomai%2Fattachments%2F20211111%2Fe72ff993%2Fat
> tachment-0001.txt&amp;data=04%7C01%7Candouyuuta%40yamaha-motor.co.jp%7
> C42b7cfc69345461303a108d9a4f2e22f%7C76684a67d81643ce93f929b6f72f823f%7
> C1%7C0%7C637722185358232954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD
> AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=jWYe
> qJfFZtSexiqlg5qTANWUptrCcVckGK4wyvBFNug%3D&amp;reserved=0>
> -------------- next part -------------- An embedded and 
> charset-unspecified text was scrubbed...
> Name: dovetail_kernel_event_trace.txt
> URL: 
> <https://jpn01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxeno
> mai.org%2Fpipermail%2Fxenomai%2Fattachments%2F20211111%2Fe72ff993%2Fat
> tachment-0002.txt&amp;data=04%7C01%7Candouyuuta%40yamaha-motor.co.jp%7
> C42b7cfc69345461303a108d9a4f2e22f%7C76684a67d81643ce93f929b6f72f823f%7
> C1%7C0%7C637722185358232954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD
> AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=yxRN
> KP5dzcjpnJYBxZohT7iXIXKsayKQXAA6zZHg3tU%3D&amp;reserved=0>
> -------------- next part -------------- An embedded and 
> charset-unspecified text was scrubbed...
> Name: dovetail_kernel_event_trace_disable_sandbox.txt
> URL: 
> <https://jpn01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxeno
> mai.org%2Fpipermail%2Fxenomai%2Fattachments%2F20211111%2Fe72ff993%2Fat
> tachment-0003.txt&amp;data=04%7C01%7Candouyuuta%40yamaha-motor.co.jp%7
> C42b7cfc69345461303a108d9a4f2e22f%7C76684a67d81643ce93f929b6f72f823f%7
> C1%7C0%7C637722185358232954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD
> AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=R0nq
> dSH8z9T2FPTv5fEN1zq7%2BWSv0Gw2tEzWjNKnGcc%3D&amp;reserved=0>
> -------------- next part -------------- An embedded and 
> charset-unspecified text was scrubbed...
> Name: dovetail_strace.txt
> URL: 
> <https://jpn01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxeno
> mai.org%2Fpipermail%2Fxenomai%2Fattachments%2F20211111%2Fe72ff993%2Fat
> tachment-0004.txt&amp;data=04%7C01%7Candouyuuta%40yamaha-motor.co.jp%7
> C42b7cfc69345461303a108d9a4f2e22f%7C76684a67d81643ce93f929b6f72f823f%7
> C1%7C0%7C637722185358232954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD
> AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=%2Bj
> 4eeKTcAZIphWYiJ406bnhYRQsrsSdgtRQJdqo2Bok%3D&amp;reserved=0>
> -------------- next part -------------- An embedded and 
> charset-unspecified text was scrubbed...
> Name: dovetail_strace_disable_sandbox.txt
> URL: 
> <https://jpn01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxeno
> mai.org%2Fpipermail%2Fxenomai%2Fattachments%2F20211111%2Fe72ff993%2Fat
> tachment-0005.txt&amp;data=04%7C01%7Candouyuuta%40yamaha-motor.co.jp%7
> C42b7cfc69345461303a108d9a4f2e22f%7C76684a67d81643ce93f929b6f72f823f%7
> C1%7C0%7C637722185358232954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD
> AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=YX9A
> 86Uza%2Bk8bcsuuZHQm9yDy5upAfj6l%2FnqvWy2W0I%3D&amp;reserved=0>

Re: Trying Xenomai3.2 and has some web browser problem

[Jan Kiszka]

On 11.11.21 11:58, Ando Yuta wrote:
> Hello
> 
>> Sandbox enabled:
>> stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9068a987c0) = -1 ENOSYS (Function not implemented)
>> Sandbox disabled:
>> stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9e3a03a7c0) = -1 ENOENT (No such file or directory)
>> You have updated the kernel, but did you update your libseccomp security profile as well? (IOW: Have you updated your userspace as well?)
>> I know about some problems in the past where similar affects were observed when using syscalls that were not known to the security profile in use. The stat call is not new, but ENOSYS is unexpected.
> 
> Yes I checked. My seccomp version is 2.5.1-1ubuntu1~18.04.1.
> Is there anything else I need to do to update the security profile of libseccomp?
> 

I'm starting to reproduce, and there is some behavioral difference on
5.10 with vs. without Dovetail/Xenomai. I'm now trying to narrow this
down, will keep you posted.

Thanks so far,
Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

RE: Trying Xenomai3.2 and has some web browser problem

[Ando Yuta]

Hello Jan

> I'm starting to reproduce, and there is some behavioral difference on
> 5.10 with vs. without Dovetail/Xenomai. I'm now trying to narrow this down, will keep you posted.

Thank you.
We are waiting for your fix as we continue testing xenomai 3.2.

Yuta Ando

-----Original Message-----
From: Jan Kiszka <jan.kiszka@siemens.com> 
Sent: Thursday, November 11, 2021 8:03 PM
To: Ando Yuta <andouyuuta@yamaha-motor.co.jp>; Bezdeka, Florian <florian.bezdeka@siemens.com>; xenomai@xenomai.org
Subject: Re: Trying Xenomai3.2 and has some web browser problem

On 11.11.21 11:58, Ando Yuta wrote:
> Hello
> 
>> Sandbox enabled:
>> stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9068a987c0) = -1 ENOSYS 
>> (Function not implemented) Sandbox disabled:
>> stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9e3a03a7c0) = -1 ENOENT (No 
>> such file or directory) You have updated the kernel, but did you 
>> update your libseccomp security profile as well? (IOW: Have you updated your userspace as well?) I know about some problems in the past where similar affects were observed when using syscalls that were not known to the security profile in use. The stat call is not new, but ENOSYS is unexpected.
> 
> Yes I checked. My seccomp version is 2.5.1-1ubuntu1~18.04.1.
> Is there anything else I need to do to update the security profile of libseccomp?
> 

I'm starting to reproduce, and there is some behavioral difference on
5.10 with vs. without Dovetail/Xenomai. I'm now trying to narrow this down, will keep you posted.

Thanks so far,
Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Re: Trying Xenomai3.2 and has some web browser problem

[Jan Kiszka]

On 11.11.21 12:30, Ando Yuta wrote:
> Hello Jan
> 
>> I'm starting to reproduce, and there is some behavioral difference on
>> 5.10 with vs. without Dovetail/Xenomai. I'm now trying to narrow this down, will keep you posted.
> 
> Thank you.
> We are waiting for your fix as we continue testing xenomai 3.2.
> 
> Yuta Ando
> 
> -----Original Message-----
> From: Jan Kiszka <jan.kiszka@siemens.com> 
> Sent: Thursday, November 11, 2021 8:03 PM
> To: Ando Yuta <andouyuuta@yamaha-motor.co.jp>; Bezdeka, Florian <florian.bezdeka@siemens.com>; xenomai@xenomai.org
> Subject: Re: Trying Xenomai3.2 and has some web browser problem
> 
> On 11.11.21 11:58, Ando Yuta wrote:
>> Hello
>>
>>> Sandbox enabled:
>>> stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9068a987c0) = -1 ENOSYS 
>>> (Function not implemented) Sandbox disabled:
>>> stat("/sys/fs/cgroup/cpuset/chrome", 0x7f9e3a03a7c0) = -1 ENOENT (No 
>>> such file or directory) You have updated the kernel, but did you 
>>> update your libseccomp security profile as well? (IOW: Have you updated your userspace as well?) I know about some problems in the past where similar affects were observed when using syscalls that were not known to the security profile in use. The stat call is not new, but ENOSYS is unexpected.
>>
>> Yes I checked. My seccomp version is 2.5.1-1ubuntu1~18.04.1.
>> Is there anything else I need to do to update the security profile of libseccomp?
>>
> 
> I'm starting to reproduce, and there is some behavioral difference on
> 5.10 with vs. without Dovetail/Xenomai. I'm now trying to narrow this down, will keep you posted.
> 

This seems to resolve the issue:

diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h
index ac53de5717bd..ecf68779d9fb 100644
--- a/include/linux/entry-common.h
+++ b/include/linux/entry-common.h
@@ -76,8 +76,8 @@
  * Status codes of syscall entry when Dovetail is enabled. Must not
  * conflict with valid syscall numbers.
  */
-#define EXIT_SYSCALL_OOB	(-1)
-#define EXIT_SYSCALL_TAIL	(-2)
+#define EXIT_SYSCALL_OOB	(-2)
+#define EXIT_SYSCALL_TAIL	(-3)
 
 /**
  * arch_check_user_regs - Architecture specific sanity check for user mode regs


Proper patch with explanation will follow later.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux