From 80a987d6f8d0152def07fa90ace6417d56eea741 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Mon, 14 Jan 2019 22:33:44 -0500 Subject: api: provide 32-bit friendly argument comparison macros We have a longstanding issue with 32-bit to 64-bit sign extension inadvertently resulting in bogus syscall argument extensions. This patch introduces a new set of argument comparison macros which limit the argument values to 32-bit values so that we don't run into problems with sign extension. We use the macro overloading proposed by Roman at https://kecher.net/overloading-macros/ to retain the feature of these macros being usable as static initializers. Thanks to @jdstrand on GitHub for reporting the problem. Signed-off-by: Paul Moore Signed-off-by: Michael Weiser --- doc/man/man3/seccomp_rule_add.3 | 49 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/man/man3/seccomp_rule_add.3 b/doc/man/man3/seccomp_rule_add.3 index b051577..e86f41b 100644 --- a/doc/man/man3/seccomp_rule_add.3 +++ b/doc/man/man3/seccomp_rule_add.3 @@ -1,4 +1,4 @@ -.TH "seccomp_rule_add" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation" +.TH "seccomp_rule_add" 3 "17 February 2019" "paul@paul-moore.com" "libseccomp Documentation" .\" ////////////////////////////////////////////////////////////////////////// .SH NAME .\" ////////////////////////////////////////////////////////////////////////// @@ -22,6 +22,24 @@ seccomp_rule_add, seccomp_rule_add_exact \- Add a seccomp filter rule .BI "struct scmp_arg_cmp SCMP_A4(enum scmp_compare " op ", " ... ");" .BI "struct scmp_arg_cmp SCMP_A5(enum scmp_compare " op ", " ... ");" .sp +.BI "struct scmp_arg_cmp SCMP_CMP64(unsigned int " arg "," +.BI " enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A0_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A1_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A2_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A3_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A4_64(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A5_64(enum scmp_compare " op ", " ... ");" +.sp +.BI "struct scmp_arg_cmp SCMP_CMP32(unsigned int " arg "," +.BI " enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A0_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A1_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A2_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A3_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A4_32(enum scmp_compare " op ", " ... ");" +.BI "struct scmp_arg_cmp SCMP_A5_32(enum scmp_compare " op ", " ... ");" +.sp .BI "int seccomp_rule_add(scmp_filter_ctx " ctx ", uint32_t " action "," .BI " int " syscall ", unsigned int " arg_cnt ", " ... ");" .BI "int seccomp_rule_add_exact(scmp_filter_ctx " ctx ", uint32_t " action "," @@ -71,15 +89,36 @@ loaded into the kernel using .BR seccomp_load (3). .P The +.BR SCMP_CMP (), +.BR SCMP_CMP64 (), +.BR SCMP_A{0-5} (), +and +.BR SCMP_A{0-5}_64 () +macros generate a scmp_arg_cmp structure for use with the above functions. The .BR SCMP_CMP () and +.BR SCMP_CMP64 () +macros allows the caller to specify an arbitrary argument along with the +comparison operator, 64-bit mask, and 64-bit datum values where the .BR SCMP_A{0-5} () -macros generate a scmp_arg_cmp structure for use with the above functions. The +and +.BR SCMP_A{0-5}_64 () +macros are specific to a certain argument. +.P +The +.BR SCMP_CMP32 () +and +.BR SCMP_A{0-5}_32 () +macros are similar to the variants above, but they take 32-bit mask and 32-bit +datum values. +.P +It is recommended that whenever possible developers avoid using the .BR SCMP_CMP () -macro allows the caller to specify an arbitrary argument along with the -comparison operator, mask, and datum values where the +and .BR SCMP_A{0-5} () -macros are specific to a certain argument. See the EXAMPLES section below. +macros and use the variants which are explicitly 32 or 64-bit. This should +help eliminate problems caused by an unwanted sign extension of negative datum +values. .P While it is possible to specify the .I syscall -- cgit v1.2.1