Turns out that since security_RunOci was not running, we had never caught this before: https://stainless.corp.google.com/search?view=list&first_date=2018-09-25&last_date=2018-09-27&test=%5Esecurity_RunOci%24&status=FAIL&status=ERROR&status=ABORT&exclude_cts=false&exclude_not_run=false&exclude_non_release=true&exclude_au=true&exclude_acts=true&exclude_retried=true&exclude_non_production=false
I wonder why security_AltSyscall didn't fail...
because it didn't run at all u___u https://stainless.corp.google.com/search?view=matrix&row=test&col=board&first_date=2018-09-26&last_date=2018-09-28&test=security_AltSyscall&exclude_cts=false&exclude_not_run=false&exclude_non_release=true&exclude_au=true&exclude_acts=true&exclude_retried=true&exclude_non_production=false
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/7cd688d49857d7941d78a65eb76de4fe75567cd1 commit 7cd688d49857d7941d78a65eb76de4fe75567cd1 Author: Luis Hector Chavez <lhchavez@google.com> Date: Sat Sep 29 11:27:34 2018 CHROMIUM: x86: Enable alt-syscall in x86_64 This change makes the x86_64 syscalls go through the thread_info's sys_call_table instead of using the global one. That makes it possible for the alt-syscall feature to work in 64-bit processes. BUG= chromium:890079 TEST=security_RunOci # on a betty with USE="-kernel-4_4 kernel-4_14" Change-Id: I6b6c5c3f244e3e5f429a6c3540b562e2b5409fa4 Signed-off-by: Luis Hector Chavez <lhchavez@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1250146 Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/7cd688d49857d7941d78a65eb76de4fe75567cd1/arch/x86/entry/common.c
Comment 1 by lhchavez@chromium.org
, Sep 28