diff options
| author | Paul Moore <paul@paul-moore.com> | 2020-08-16 09:56:36 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2020-08-19 10:10:22 -0400 |
| commit | d1482eaf5a3643f73bc7f599876e7000c502b3d5 (patch) | |
| tree | 7b18d74e34be881f43213bc05667a5120c6cf958 | |
| parent | 1db3b323d8b61eb83a186013422e57b75b18ace0 (diff) | |
| download | libseccomp-d1482eaf5a3643f73bc7f599876e7000c502b3d5.tar.gz | |
arch: ensure we don't "munge" pseudo syscall numbers
A number of arches/ABIs have either syscall offsets (the MIPS
family) or specific bits (x32) which are applied to their normal
syscall numbers. We generally handle that via "munging" in
libseccomp, and it works reasonably well. Unfortunately we were
applying this munging process to the negative pseudo syscall
numbers as well and this was causing problems.
This patch fixes the various offset/bit arches/ABIs by not applying
the munging to the negative pseudo syscall numbers.
This resolves GH issue #284:
* https://github.com/seccomp/libseccomp/issues/284
Reported-by: Harald van Dijk <harald@gigawatt.nl>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(imported from commit 34cde704979defcbddb8eea64295acf0e477c250)
| -rw-r--r-- | src/arch-arm.c | 8 | ||||
| -rw-r--r-- | src/arch-mips.c | 8 | ||||
| -rw-r--r-- | src/arch-mips64.c | 8 | ||||
| -rw-r--r-- | src/arch-mips64n32.c | 8 | ||||
| -rw-r--r-- | src/arch-x32.c | 8 |
5 files changed, 30 insertions, 10 deletions
diff --git a/src/arch-arm.c b/src/arch-arm.c index 4dd4b63..9c9153a 100644 --- a/src/arch-arm.c +++ b/src/arch-arm.c @@ -50,8 +50,9 @@ int arm_syscall_resolve_name_munge(const char *name) { int sys; + /* NOTE: we don't want to modify the pseudo-syscall numbers */ sys = arm_syscall_resolve_name(name); - if (sys == __NR_SCMP_ERROR) + if (sys == __NR_SCMP_ERROR || sys < 0) return sys; return (sys | __SCMP_NR_BASE); @@ -68,7 +69,10 @@ int arm_syscall_resolve_name_munge(const char *name) */ const char *arm_syscall_resolve_num_munge(int num) { - return arm_syscall_resolve_num(num & (~__SCMP_NR_BASE)); + /* NOTE: we don't want to modify the pseudo-syscall numbers */ + if (num >= 0) + num &= ~__SCMP_NR_BASE; + return arm_syscall_resolve_num(num); } const struct arch_def arch_def_arm = { diff --git a/src/arch-mips.c b/src/arch-mips.c index f0e6a14..06741c7 100644 --- a/src/arch-mips.c +++ b/src/arch-mips.c @@ -43,8 +43,9 @@ int mips_syscall_resolve_name_munge(const char *name) { int sys; + /* NOTE: we don't want to modify the pseudo-syscall numbers */ sys = mips_syscall_resolve_name(name); - if (sys == __NR_SCMP_ERROR) + if (sys == __NR_SCMP_ERROR || sys < 0) return sys; return sys + __SCMP_NR_BASE; @@ -61,7 +62,10 @@ int mips_syscall_resolve_name_munge(const char *name) */ const char *mips_syscall_resolve_num_munge(int num) { - return mips_syscall_resolve_num(num - __SCMP_NR_BASE); + /* NOTE: we don't want to modify the pseudo-syscall numbers */ + if (num >= __SCMP_NR_BASE) + num -= __SCMP_NR_BASE; + return mips_syscall_resolve_num(num); } const struct arch_def arch_def_mips = { diff --git a/src/arch-mips64.c b/src/arch-mips64.c index 9707d1c..342d0d8 100644 --- a/src/arch-mips64.c +++ b/src/arch-mips64.c @@ -41,8 +41,9 @@ int mips64_syscall_resolve_name_munge(const char *name) { int sys; + /* NOTE: we don't want to modify the pseudo-syscall numbers */ sys = mips64_syscall_resolve_name(name); - if (sys == __NR_SCMP_ERROR) + if (sys == __NR_SCMP_ERROR || sys < 0) return sys; return sys + __SCMP_NR_BASE; @@ -59,7 +60,10 @@ int mips64_syscall_resolve_name_munge(const char *name) */ const char *mips64_syscall_resolve_num_munge(int num) { - return mips64_syscall_resolve_num(num - __SCMP_NR_BASE); + /* NOTE: we don't want to modify the pseudo-syscall numbers */ + if (num >= __SCMP_NR_BASE) + num -= __SCMP_NR_BASE; + return mips64_syscall_resolve_num(num); } const struct arch_def arch_def_mips64 = { diff --git a/src/arch-mips64n32.c b/src/arch-mips64n32.c index f8088ae..098864b 100644 --- a/src/arch-mips64n32.c +++ b/src/arch-mips64n32.c @@ -43,8 +43,9 @@ int mips64n32_syscall_resolve_name_munge(const char *name) { int sys; + /* NOTE: we don't want to modify the pseudo-syscall numbers */ sys = mips64n32_syscall_resolve_name(name); - if (sys == __NR_SCMP_ERROR) + if (sys == __NR_SCMP_ERROR || sys < 0) return sys; return sys + __SCMP_NR_BASE; @@ -61,7 +62,10 @@ int mips64n32_syscall_resolve_name_munge(const char *name) */ const char *mips64n32_syscall_resolve_num_munge(int num) { - return mips64n32_syscall_resolve_num(num - __SCMP_NR_BASE); + /* NOTE: we don't want to modify the pseudo-syscall numbers */ + if (num >= __SCMP_NR_BASE) + num -= __SCMP_NR_BASE; + return mips64n32_syscall_resolve_num(num); } const struct arch_def arch_def_mips64n32 = { diff --git a/src/arch-x32.c b/src/arch-x32.c index 3890968..50c502e 100644 --- a/src/arch-x32.c +++ b/src/arch-x32.c @@ -39,8 +39,9 @@ int x32_syscall_resolve_name_munge(const char *name) { int sys; + /* NOTE: we don't want to modify the pseudo-syscall numbers */ sys = x32_syscall_resolve_name(name); - if (sys == __NR_SCMP_ERROR) + if (sys == __NR_SCMP_ERROR || sys < 0) return sys; return (sys | X32_SYSCALL_BIT); @@ -57,7 +58,10 @@ int x32_syscall_resolve_name_munge(const char *name) */ const char *x32_syscall_resolve_num_munge(int num) { - return x32_syscall_resolve_num(num & (~X32_SYSCALL_BIT)); + /* NOTE: we don't want to modify the pseudo-syscall numbers */ + if (num >= 0) + num &= ~X32_SYSCALL_BIT; + return x32_syscall_resolve_num(num); } const struct arch_def arch_def_x32 = { |