From 5e248716e6ac7c08f24d5cc0856a13a94395faca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= Date: Fri, 5 May 2023 00:38:11 +0200 Subject: enosys: remove long jumps from BPF MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BPF encodes the jump distance in a uint8_t. To avoid overflows of this value reorganize the generated bytecode to work without long jumps. Signed-off-by: Thomas Weißschuh --- misc-utils/enosys.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/misc-utils/enosys.c b/misc-utils/enosys.c index 83e1847ff..79f57b255 100644 --- a/misc-utils/enosys.c +++ b/misc-utils/enosys.c @@ -139,7 +139,7 @@ int main(int argc, char **argv) if (optind >= argc) errtryhelp(EXIT_FAILURE); -#define N_FILTERS (ARRAY_SIZE(syscalls) + 6) +#define N_FILTERS (ARRAY_SIZE(syscalls) * 2 + 5) struct sock_filter filter[N_FILTERS] = { [0] = BPF_STMT(BPF_LD | BPF_W | BPF_ABS, syscall_arch), @@ -147,19 +147,21 @@ int main(int argc, char **argv) [2] = BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_TRAP), [3] = BPF_STMT(BPF_LD | BPF_W | BPF_ABS, syscall_nr), - [N_FILTERS - 2] = BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), - [N_FILTERS - 1] = BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ERRNO | ENOSYS), + [N_FILTERS - 1] = BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), }; + static_assert(ARRAY_SIZE(filter) <= BPF_MAXINSNS, "bpf filter too big"); for (i = 0; i < ARRAY_SIZE(syscalls); i++) { - if (blocked_syscalls[i]) { - filter[i + 4] = (struct sock_filter) BPF_JUMP( - BPF_JMP | BPF_JEQ | BPF_K, - syscalls[i].number, - N_FILTERS - 3 - i, 0); - } else { - filter[i + 4] = UL_BPF_NOP; - } + struct sock_filter *f = &filter[4 + i * 2]; + + *f = (struct sock_filter) BPF_JUMP( + BPF_JMP | BPF_JEQ | BPF_K, + syscalls[i].number, + 0, 1); + *(f + 1) = blocked_syscalls[i] + ? (struct sock_filter) BPF_STMT( + BPF_RET | BPF_K, SECCOMP_RET_ERRNO | ENOSYS) + : UL_BPF_NOP; } struct sock_fprog prog = { -- cgit v1.2.1