Re: incorrect pledge error report

Tue, 27 Feb 2024 18:48:33 -0800 

When a syscall is denied, pledge cannot reverse map the required promise.
It is not possible.  Think about it for a bit.

It is best effort.  It helps 95% of the developers.  When you get close
to ioctl, there is no plausible way to say what promise is required.


cho...@jtan.com wrote:

> I decided late in an application's life to start using pledge, so
> I put a call in at the top and started running it and adding the
> requirements reported by dmesg on each iteration.
> 
> Eventually it reported that the tty promise was breached so I added
> that and it reported again that the tty promise was breached.
> 
> From GDB the relevant part of the stack trace is:
> 
>     (gdb) bt
>     #0  ioctl () at /tmp/-:2
>     #1  0x606521cbcd89301f in ?? ()
>     #2  0x000003089d94d4a2 in drmGetVersion (fd=8) at 
> /usr/xenocara/lib/libdrm/mk/libdrm/../../xf86drm.c:708
>     #3  0x00000308b1d3b7e1 in loader_get_driver_for_fd (fd=8) at 
> /usr/xenocara/lib/mesa/mk/libloader/../../src/loader/loader.c:108
>     #4  0x00000308b1d02ed6 in dri3_create_screen (screen=0, priv=Unhandled 
> dwarf expression opcode 0xa3) at 
> /usr/xenocara/lib/mesa/mk/libGL/../../src/glx/dri3_glx.c:829
>     #5  0x00000308b1cf5956 in __glXInitialize (dpy=0x3083034c000) at 
> /usr/xenocara/lib/mesa/mk/libGL/../../src/glx/glxext.c:800
>     #6  0x00000308b1d080a5 in glXQueryVersion (dpy=Unhandled dwarf expression 
> opcode 0xa3) at /usr/xenocara/lib/mesa/mk/libGL/../../src/glx/glxcmds.c:483
> 
> loader_get_driver_for_fd is calling:
> 
>     drmVersionPtr version = drmGetVersion(fd);
> 
> xf86drm.c at line 708 is in drmIoctl which I presume is the result
> of some preprocessor magic, calling:
> 
>     ret = ioctl(fd, request, arg);
> 
> dmesg reports (many times with different PID, same syscall):
> 
>     turtle[32350]: pledge "tty", syscall 54
> 
> Clearly pledge is correct: whatever 'request' has this ioctl doing
> doesn't use the tty promise (fd is probably the X connection). The
> problem here is the error report in dmesg that the breach is in
> something which is already included in the list of promises ("stdio
> inet unix rpath recvfd tty", NULL).
> 
> I shall continue investigating to get my application to work and
> follow up if I find anything useful but I hope this is enough
> information for somebody familiar with the implementation of pledge
> to quickly figure out where its, or my, misunderstanding is.
> 
> Cheers,
> 
> Matthew
>

Reply via email to