| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First, and most importantly, let me state that this is perhaps the worst
possible example of a patch I can think of, and if anyone tries to submit
a PR/patch like this one I will reject it almost immediately. I'm only
merging this because 1) this patch escalated quickly, 2) splitting it would
require a disproportionate amount of time, and 3) this effort had blocked
other work for too long ... and, well, I'm the maintainer. Consider this
a bit of "maintainer privilege" if you will.
This patch started simply enough: the goal was to add/augment some tests to
help increase the libseccomp test coverage. Unfortunately, this particular
test improvement uncovered a rather tricky bug which escalated quite quickly
and soon involved a major rework of how we build the filter tree in src/db.c.
This rework brought about changes throughout the repository, including the
transaction and ABI specific code.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Process tracers use a -1 syscall value to indicate that a syscall
should be skipped. This turns out to be quite an undertaking as
we need to workaround __NR_SCMP_ERROR (which also has a value of
-1). Pay special attention to the new attribute,
SCMP_FLTATR_API_TSKIP, and the documentation additions.
More information in the GitHub issue:
* https://github.com/seccomp/libseccomp/issues/80
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
| |
Instead of dynamically allocating a variable number of arguments,
include an array of ARG_COUNT_MAX elements directly in the struct.
Also perform a number of simplifications to the code with the
understanding that ARG_COUNT_MAX is an ABI independent value that
isn't variable.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch (v4) adds support for the parisc and parisc64 architectures
to libseccomp.
I didn't split up the patch, because it's pretty trivial.
Those parisc-specific files gets added:
src/arch-parisc-syscalls.c
src/arch-parisc.c
src/arch-parisc.h
src/arch-parisc64.c
All other changes are trivial because they simply add parisc-specific
case statements in variouse switch statements.
I did ran a "make check" on x86-64 and parisc and all testcases succeeded.
All live testcases succeed as well when running "./regression -T live".
The patch applies cleanly to current libseccomp git head.
Changes between v4 and v3 of this patch:
- Added parisc arch to arch-syscall-check.c and fixup syscall table as
needed
- Fixed copyright notices in parisc files as suggested by Mike Frysinger
Changes between v3 and v2 of this patch:
- Stripped out patch which reports if a check was skipped because
valgrind isn't installed.
- Added tuxcall pseudo syscall for 19-sim-missing_syscalls testcase
- Added sysmips pseudo syscall for 29-sim-pseudo_syscall testcase
Changes between v2 and v1 of this patch:
- Enabled seccomp mode 2 regression tests on parisc. Kernel support for
hppa was added in kernel 4.6-rc1 and backported into the kernel v4.5.2
stable series.
Signed-off-by: Helge Deller <deller@gmx.de>
[PM: corrected a number or errors from 'make check-syntax']
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Employer agnostic emails make things a lot easier in the long run so
make sure the paul-moore.com address is used whenever it makes sense.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
| |
Linux 4.3 added direct-wired socket syscalls in addition to the
multiplexed socket syscalls available via socketcall(). This patch
causes libseccomp to generate filters for socket syscall methods on
x86 systems.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Create the infrastructure for arch/ABI specific rule creation that
allows us much more involved arch/ABI customization.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The arch specific filter rewrite code is going to need to become more
complex so move the low level rule addition code directly into the
arch layer instead of the db layer, but still keep the tree manipulation
code in the db layer.
This patch also creates a new arch specific rule_add() function table
entry and allows for this function to create multiple rules from a
single rule.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
| |
This will be useful in future patches for rebuilding and manipulating
the filter.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|\
| |
| |
| | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Because on S390x both __s390x__ and __s390__ are defined, the check
of __s390x__ must be before __s390__.
Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com>
[PM: subject tweaks]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds support for S390 (32-bit) architecture.
Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com>
[PM: rewrote the subject line, style fixes, s390x/s390 typo bugfixes]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds support for S390x (64-bit) architecture.
Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com>
[PM: rewrote the subject line, style fixes]
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We use negative syscalls numbers to indicate syscalls that aren't
supported by a certain arch/ABI and unfortunately there were cases
where these bogus syscall values were finding their way into the
filter. This patch corrects this and adds a new test to check for
this in the future.
Reported-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| | |
Mike Strosaker <strosake@linux.vnet.ibm.com> reports that the
working-ppc64 branch is working for both 'make check' and './regression
-T live'.
|
| |
| |
| |
| |
| | |
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|/
|
|
|
| |
Reported-by: Brian Cain <brian.cain@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
| |
I've been putting off simplifing the arch specific code until we had
enough ABIs to know what simplifications made sense. Well, our
supported ABI list is not quite reasonable so go ahead and clean
things up a bit.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
| |
This patch adds support for AArch64 (64-bit ARM) architecture.
Signed-off-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
(Additional fixes/corrections/etc.)
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
| |
MIPS stuff needs to be handled on MIPS platforms otherwise no new
architectures can be added after MIPS block.
Signed-off-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
| |
As requested by the systemd developers and used by our own tools.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
| |
Add support for MIPS 32-bit (O32 ABI) Little Endian
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
| |
Add support for MIPS 32-bit (O32 ABI) Big Endian
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two major issues resolved in this patch: proper support for
generating BPF on big endian systems, and ensuring we build the BPF
correctly when the host system does not share the same endianess as
the target platform.
Relevant discussion in LKML regarding BPF on big endian systems:
https://lkml.org/lkml/2012/4/8/87
Inspired by an earlier patch from Markos Chandras.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
| |
Make it more obvious that these variables are booleans.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
| |
We may not always want to have statically defined syscall tables,
e.g. x32, so create a series of functions to access the syscall
tables which should provide us some flexibility.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
| |
No code chanages here, just an effort to improve naming consistency
a bit.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Unfortunately, the x32 ABI shares the same architecture token with
x86_64 in the kernel so we need to separate the arch token we use
in the BPF filter with the arch token we use for idenitfying the
arch/ABI to libseccomp callers.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
| |
This patch ensures that you can create non-native filters using
syscalls not present in the native architecture.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Add the seccomp_arch_add() and seccomp_arch_remove() functions to add
and remove architectures from the filter. This patch also adds the
seccomp_merge() function which merges two filter contexts together
assuming there is no architecture conflicts.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
| |
Add the arch_syscall_translate() function which converts the syscall
table from the native architecture to the desired architecture.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
| |
Provide syscall name to syscall number resolution.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the libseccomp-discuss mailing list:
On Monday, April 09, 2012 06:06:51 PM Paul Moore wrote:
> Hello,
>
> It was suggested on the libseccomp announcement thread that we
> relicense the library from GPLv2 to LGPLv2.1. In my opinion this
> makes sense and I recommend we relicense the library, can I have
> your permission to relicense your contributions?
>
> * LGPLv2.1
> -> http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
On Tuesday, April 10, 2012 10:07:37 AM Eric Paris wrote:
> You have my permission to relicense to LGPL.
On Tuesday, April 10, 2012 10:27:39 AM Ashley Lai wrote:
> Yes, you have my permission to relicense to LGPL.
On Tuesday, April 10, 2012 11:48:14 AM Corey Bryant wrote:
> We (IBM) have OSSC approval now. You have my approval to
> relicense my contributions to LGPLv2.1.
On Tuesday, April 10, 2012 12:57:25 PM Eduardo Otubo wrote:
> On Tue, Apr 10, 2012 at 11:48:14AM -0400, Corey Bryant wrote:
> > We (IBM) have OSSC approval now. You have my approval to
> > relicense my contributions to LGPLv2.1.
>
> Exactly, not a problem for me.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present we fail if we can't completely preserve the caller's
filter, while admirable, this does require some knowledge of the
architecture to ensure you're adding a "correct" rule.
In keeping with our goal of architecture independence, we want to
add the ability to do "best effort" rewrites that preserve as much
of the original filter rule as possible.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
| |
We have a filter rewriting function but we also need a syscall
rewriting function.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
| |
In the majority of the cases, we don't need to implement full
functions when a simple #define will work. We also probably don't
need to pass as many arguments as we are at present.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This is obviously not a working example, but it lays the foundation
for providing working syscall and argument chain rewriting. This
functionality can be used both for the x86/socketcall() case as well
as non-native BPF code generation.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately, there doesn't appear to be a great way to detect this,
so we need to depend on some GCC specific pre-processor #defines.
For reasons that should be obvious, we also change the default compiler
from whatever make provides via "$(CC)" to "gcc".
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
Signed-off-by: Paul Moore <pmoore@redhat.com>
|