tonistiigi · doringeman · Dec 4, 2024 · crazy-max · Dec 4, 2024 · crazy-max
diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -5,7 +5,7 @@ variable "QEMU_REPO" {
   default = "https://github.com/qemu/qemu"
 }
 variable "QEMU_VERSION" {
-  default = "v8.1.5"
+  default = "v9.1.2"
 }
 variable "QEMU_PATCHES" {
   default = "cpu-max-arm"
@@ -59,7 +59,7 @@ target "buildkit" {
   inherits = ["mainline"]
   args = {
     BINARY_PREFIX = "buildkit-"
-    QEMU_PATCHES = "${QEMU_PATCHES},buildkit-direct-execve-v8.1"
+    QEMU_PATCHES = "${QEMU_PATCHES},buildkit-direct-execve-v9.1.2"
     QEMU_PRESERVE_ARGV0 = ""
   }
   cache-from = ["${REPO}:buildkit-master"]
@@ -80,7 +80,7 @@ target "buildkit-test" {
 target "desktop" {
   inherits = ["mainline"]
   args = {
-    QEMU_PATCHES = "${QEMU_PATCHES},subreaper-prctl,pretcode"
+    QEMU_PATCHES = "${QEMU_PATCHES},pretcode"
   }
   cache-from = ["${REPO}:desktop-master"]
 }

diff --git a/patches/aports.config b/patches/aports.config
@@ -1,3 +1,4 @@
+9.1.2,364ac320139da4a9dfd68ea399267bd5056a670e
 8.1.50,e9d411e67e815ab0fcf1d00885cb55dd0f99e810
 8.0.50,6225632b267a3d2bf6700a8fce41df60a68c187b
 7.2.50,ed7a3122a32f53094f51e55abe68d416910e01ad
@@ -9,4 +10,4 @@
 5.2.90,75a54675dc421cadfb9c2fbb567dc2b335e0a50e
 5.1.90,8ffc0fe905f21e472724f58b101d61271a6571ff
 5.0.90,87ee9a5a8a925d4d9e566a9829231781f80ebcc5
-0.0.0,f238bdae4d755f6e7ab6ce0b9a2a71dc833eb106
+0.0.0,f238bdae4d755f6e7ab6ce0b9a2a71dc833eb106
diff --git a/...dkit-direct-execve-v9.1.2/0001-linux-user-have-execve-call-qemu-via-proc-self-exe-t.patch b/...dkit-direct-execve-v9.1.2/0001-linux-user-have-execve-call-qemu-via-proc-self-exe-t.patch
@@ -0,0 +1,92 @@
+From b0ccc59b95c5520847354bd4ab57694e7510a4ea Mon Sep 17 00:00:00 2001
+From: CrazyMax <[email protected]>
+Date: Fri, 8 Sep 2023 10:47:29 +0200
+Subject: [PATCH 1/7] linux-user: have execve call qemu via /proc/self/exe to
+ not rely on binfmt_misc
+
+It is assumed that when a guest program calls execve syscall it wants to
+execute a program on the same guest architecture and not the host architecture.
+
+Previously, such a guest program would have execve syscall error out with:
+"exec format error".
+
+A common solution is to register the qemu binary in binfmt_misc but that is not a
+userland-friendly solution, requiring to modify kernel state.
+
+This patch injects /proc/self/exe as the first parameter and the qemu program name
+as argv[0] to execve.
+
+Signed-off-by: Tibor Vass <[email protected]>
+Signed-off-by: CrazyMax <[email protected]>
+---
+ linux-user/syscall.c | 44 +++++++++++++++++++++++++++++++-------------
+ 1 file changed, 31 insertions(+), 13 deletions(-)
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 2edbd1ef15..b9808851e0 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -8489,10 +8489,37 @@ static int do_execv(CPUArchState *cpu_env, int dirfd,
+         envc++;
+     }
+
+-    argp = g_new0(char *, argc + 1);
++    argp = g_new0(char *, argc + 4);
+     envp = g_new0(char *, envc + 1);
+
+-    for (gp = guest_argp, q = argp; gp; gp += sizeof(abi_ulong), q++) {
++    if (!(p = lock_user_string(pathname)))
++        goto execve_efault;
++
++    /* if pathname is /proc/self/exe then retrieve the path passed to qemu via command line */
++    if (is_proc_myself(p, "exe")) {
++        CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
++        TaskState *ts = cpu->opaque;
++        p = ts->bprm->filename;
++    }
++
++    /* retrieve guest argv0 */
++    if (get_user_ual(addr, guest_argp))
++        goto execve_efault;
++
++    /*
++     * From the guest, the call
++     * 		execve(pathname, [argv0, argv1], envp)
++     * on the host, becomes:
++     * 		execve("/proc/self/exe", [qemu_progname, "-0", argv0, pathname, argv1], envp)
++     * where qemu_progname is the error message prefix for qemu
++    */
++    argp[0] = (char*)error_get_progname();
++    argp[1] = (char*)"-0";
++    argp[2] = (char*)lock_user_string(addr);
++    argp[3] = p;
++
++    /* copy guest argv1 onwards to host argv4 onwards */
++    for (gp = guest_argp + 1*sizeof(abi_ulong), q = argp + 4; gp; gp += sizeof(abi_ulong), q++) {
+         if (get_user_ual(addr, gp)) {
+             goto execve_efault;
+         }
+@@ -8531,18 +8558,9 @@ static int do_execv(CPUArchState *cpu_env, int dirfd,
+      * before the execve completes and makes it the other
+      * program's problem.
+      */
+-    p = lock_user_string(pathname);
+-    if (!p) {
+-        goto execve_efault;
+-    }
+-
+-    const char *exe = p;
+-    if (is_proc_myself(p, "exe")) {
+-        exe = exec_path;
+-    }
+     ret = is_execveat
+-        ? safe_execveat(dirfd, exe, argp, envp, flags)
+-        : safe_execve(exe, argp, envp);
++        ? safe_execveat(dirfd, "/proc/self/exe", argp, envp, flags)
++        : safe_execve("/proc/self/exe", argp, envp);
+     ret = get_errno(ret);
+
+     unlock_user(p, pathname, 0);
+-- 
+2.39.3 (Apple Git-146)
+
diff --git a/patches/buildkit-direct-execve-v9.1.2/0002-linux-user-lookup-user-program-in-PATH.patch b/patches/buildkit-direct-execve-v9.1.2/0002-linux-user-lookup-user-program-in-PATH.patch
@@ -0,0 +1,76 @@
+From 4a12f3c8b2d145ccbd5a437fbdf03e84f7b43b49 Mon Sep 17 00:00:00 2001
+From: Tibor Vass <[email protected]>
+Date: Tue, 2 Jun 2020 10:39:48 +0000
+Subject: [PATCH 2/7] linux-user: lookup user program in PATH
+
+Signed-off-by: Tibor Vass <[email protected]>
+---
+ linux-user/main.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 44 insertions(+), 1 deletion(-)
+
+diff --git a/linux-user/main.c b/linux-user/main.c
+index 149e35432e..dd70ee10f1 100644
+--- a/linux-user/main.c
++++ b/linux-user/main.c
+@@ -600,6 +600,45 @@ static void usage(int exitcode)
+     exit(exitcode);
+ }
+
++/*
++ * path_lookup searches for an executable filename in the directories named by the PATH environment variable.
++ * Returns a copy of filename if it is an absolute path or could not find a match.
++ * Caller is responsible to free returned string.
++ * Adapted from musl's execvp implementation.
++ */
++static char *path_lookup(char *filename) {
++    const char *p, *z, *path = getenv("PATH");
++    size_t l, k;
++    struct stat buf;
++
++    /* if PATH is not set or filename is absolute path return filename */
++    if (!path || !filename || filename[0] == '/')
++        return strndup(filename, NAME_MAX+1);
++
++    k = strnlen(filename, NAME_MAX+1);
++    if (k > NAME_MAX) {
++        errno = ENAMETOOLONG;
++        return NULL;
++    }
++    l = strnlen(path, PATH_MAX-1)+1;
++
++    for (p = path; ; p = z) {
++        char *b = calloc(l+k+1, sizeof(char));
++        z = strchrnul(p, ':');
++        if (z-p >= l) {
++            if (!*z++) break;
++            continue;
++        }
++        memcpy(b, p, z-p);
++        b[z-p] = '/';
++        memcpy(b+(z-p)+(z>p), filename, k+1);
++        if (!stat(b, &buf) && !(buf.st_mode & S_IFDIR) && (buf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)))
++            return b;
++        if (!*z++) break;
++    }
++    return strndup(filename, NAME_MAX+1);
++}
++
+ static int parse_args(int argc, char **argv)
+ {
+     const char *r;
+@@ -665,7 +704,11 @@ static int parse_args(int argc, char **argv)
+         exit(EXIT_FAILURE);
+     }
+
+-    exec_path = argv[optind];
++    /* not freeing exec_path as it is needed for the lifetime of the process */
++    if (!(exec_path = path_lookup(argv[optind]))) {
++        (void) fprintf(stderr, "qemu: could not find user program %s: %s\n", exec_path, strerror(errno));
++        exit(EXIT_FAILURE);
++    }
+
+     return optind;
+ }
+-- 
+2.39.3 (Apple Git-146)
+
diff --git a/...dkit-direct-execve-v9.1.2/0003-linux-user-path-in-execve-should-be-relative-to-work.patch b/...dkit-direct-execve-v9.1.2/0003-linux-user-path-in-execve-should-be-relative-to-work.patch
@@ -0,0 +1,104 @@
+From 0927d01f4f35c8ed3d8639d811fbd2ca49831fa4 Mon Sep 17 00:00:00 2001
+From: CrazyMax <[email protected]>
+Date: Wed, 3 May 2023 20:54:37 +0200
+Subject: [PATCH 3/7] linux-user: path in execve should be relative to working
+ dir
+
+Fixes regression introduced in parent commit where PATH handling was introduced.
+
+When guest calls execve(filename, argp, envp) filename can be relative in which
+case Linux makes it relative to the working directory.
+
+However, since execve is now handled by exec-ing qemu process again, filename
+would first get looked up in PATH in main() before calling host's execve.
+
+With this change, if filename is relative and exists in working directory as
+well as in PATH, working directory will get precedence over PATH if guest is
+doing an execve syscall, but not if relative filename comes from qemu's argv.
+
+Signed-off-by: Tibor Vass <[email protected]>
+Signed-off-by: CrazyMax <[email protected]>
+---
+ include/qemu/path.h  |  1 +
+ linux-user/syscall.c |  9 +++++++--
+ util/path.c          | 32 ++++++++++++++++++++++++++++++++
+ 3 files changed, 40 insertions(+), 2 deletions(-)
+
+diff --git a/include/qemu/path.h b/include/qemu/path.h
+index c6292a9709..a81fb51e1f 100644
+--- a/include/qemu/path.h
++++ b/include/qemu/path.h
+@@ -3,5 +3,6 @@
+
+ void init_paths(const char *prefix);
+ const char *path(const char *pathname);
++const char *prepend_workdir_if_relative(const char *path);
+
+ #endif
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index b9808851e0..c6de1303ae 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -8511,12 +8511,17 @@ static int do_execv(CPUArchState *cpu_env, int dirfd,
+      * 		execve(pathname, [argv0, argv1], envp)
+      * on the host, becomes:
+      * 		execve("/proc/self/exe", [qemu_progname, "-0", argv0, pathname, argv1], envp)
+-     * where qemu_progname is the error message prefix for qemu
++     * where qemu_progname is the error message prefix for qemu.
++     * Note: if pathname is relative, it will be prepended with the current working directory.
+     */
+     argp[0] = (char*)error_get_progname();
+     argp[1] = (char*)"-0";
+     argp[2] = (char*)lock_user_string(addr);
+-    argp[3] = p;
++    argp[3] = (char*)prepend_workdir_if_relative(p);
++    if (!argp[3]) {
++        ret = -host_to_target_errno(errno);
++        goto execve_end;
++    }
+
+     /* copy guest argv1 onwards to host argv4 onwards */
+     for (gp = guest_argp + 1*sizeof(abi_ulong), q = argp + 4; gp; gp += sizeof(abi_ulong), q++) {
+diff --git a/util/path.c b/util/path.c
+index 8e174eb436..06fe2663b8 100644
+--- a/util/path.c
++++ b/util/path.c
+@@ -68,3 +68,35 @@ const char *path(const char *name)
+     qemu_mutex_unlock(&lock);
+     return ret;
+ }
++
++/* Prepends working directory if path is relative.
++ * If path is absolute, it is returned as-is without any allocation.
++ * Otherwise, caller is responsible to free returned path.
++ * Returns NULL and sets errno upon error.
++ * Note: realpath is not called to let the kernel do the rest of the resolution.
++ */
++const char *prepend_workdir_if_relative(const char *path)
++{
++    char buf[PATH_MAX];
++    char *p;
++    int i, j, k;
++
++    if (!path || path[0] == '/') return path;
++
++    if (!getcwd(buf, PATH_MAX)) return NULL;
++    i = strlen(buf);
++    j = strlen(path);
++    k = i + 1 + j + 1; /* workdir + '/' + path + '\0' */
++    if (i + j > PATH_MAX) {
++        errno = ERANGE;
++        return NULL;
++    }
++    if (!(p = malloc(k * sizeof(char*)))) return NULL;
++
++    p[0] = '\0';
++
++    if (!strncat(p, buf, i)) return NULL;
++    if (!strncat(p, "/", 1)) return NULL;
++    if (!strncat(p, path, j)) return NULL;
++    return p;
++}
+-- 
+2.39.3 (Apple Git-146)
+