| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
See the mailing list thread below:
-> https://groups.google.com/forum/#!topic/libseccomp/VtrClkXxLGA
... unfortunately the 32-bit ARM userspace has problems with this
particular test so we need to disable it for the time being. It is
important to note that this is only a problem with the test and not
with libseccomp in general.
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit bca4e115715174a64c7b5f56430a51f3e676c34a)
|
| |
|
|
|
|
| |
Also correct some typos in the existing CHANGELOG entries.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the masked compare is a tautology we don't need to generate
instructions for the runtime test. It'll always be true.
This patch handles the case for 32 bit arches and partially for 64 bit
arches. The cases where either the upper half or the lower half is a
tautology is still TODO.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: minor function name changes to better match existing style]
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 1ff6f3e6521d787e52fe328b862094898fc0b77e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the mask is 0 and we do a masked compare we shouldn't "optimize" this
case to a compare against zero. "(arg & 0) eq 0" != "(arg & ~0) eq 0".
The former is a tautology while the latter depends on the value of "arg".
Just mask "datum" instead to fix this bug. We'll do an unnecessary runtime
test for the tautology in this case but follow up patches will take care
of this.
This fixes the failing test cases of 12-sim-basic_masked_ops with 64 bit
argument values.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit ccaf7d240c2fe034a323af2783ddec6297ae37e6)
|
| |
|
|
|
|
|
|
|
|
|
| |
Add test vectors with bits set in the upper half of the syscall argument.
They trigger a bug with mask values having the upper half set to 0. We
accidentally emit a test for 0 in this case when we should not test the
upper half at all.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 62f1e7e2fa6163964322d232bde89e37478772e9)
|
| |
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit d7ccfb511b17e0e04ba98623946b1f09f1fc31ed)
|
| |
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 2876e1f8a76b9f18cf57bab089740223fc738408)
|
| |
|
|
|
|
|
|
|
|
| |
The symbols are prefixed with __ARM_NR_, not __NR_. We still shoehorn
the symbols into the __NR_ format for libseccomp though. Doing so keeps
SCMP_SYS simple.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 0cad182e971a06d61aeeacc7bd0d94be872e37b8)
|
| |
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit e46729f64af23c73ee43e93429a7db7b6ac9c002)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test 28-sim-arch_x86 points out a flaw in the x32 arch handling as we
wrongly jump to the next architecture check while we should jump to the
bad_arch handling instruction instead. See below:
$ ./tests/28-sim-arch_x86 -b | ./tools/scmp_bpf_disasm
line OP JT JF K
=================================
0000: 0x20 0x00 0x00 0x00000004 ld $data[4]
0001: 0x15 0x00 0x03 0xc000003e jeq 3221225534 true:0002 false:0005
0002: 0x20 0x00 0x00 0x00000000 ld $data[0]
0003: 0x35 0x01 0x00 0x40000000 jge 1073741824 true:0005 false:0004
0004: 0x15 0x04 0x03 0x00000003 jeq 3 true:0009 false:0008
0005: 0x15 0x00 0x04 0x40000003 jeq 1073741827 true:0006 false:0010
0006: 0x20 0x00 0x00 0x00000000 ld $data[0]
0007: 0x15 0x01 0x00 0x00000006 jeq 6 true:0009 false:0008
0008: 0x06 0x00 0x00 0x7fff0000 ret ALLOW
0009: 0x06 0x00 0x00 0x00050001 ret ERRNO(1)
0010: 0x06 0x00 0x00 0x00000000 ret KILL
When we reach the test at 0003 the accumulator register was changed
from holding the audit architecture to contain the syscall number
instead. This is needed to actually test for the x32 sub-architecture
as it, unfortunately, got no dedicated audit arch value. However, if
that test succeeds, we end up jumping to the next architecture check
at 0005 which is wrong. We should jump to the bad_arch handling at
0010 instead as x32 is an unsupported architecture for that test
program. Even worse, the next architecture check now operates on the
wrong data as it's no longer testing the audit arch but the syscall
number instead. As it happen to be, the syscall number for x32's
close() is 0x40000003. That exactly matches the audit arch value for
the x86 architecture. So what this filter does is allowing the x32
close() call while it should not.
As we already successfully checked the arch to be SCMP_ARCH_X86_64 in
0001 it cannot have a different value. Testing for other values just
makes no sense. So instead of reloading the accumulator register on a
successful x32 test fix this by jumping to the bad_arch handling block
instead.
The generated BPF program now looks as follows:
$ ./tests/28-sim-arch_x86 -b | ./tools/scmp_bpf_disasm
line OP JT JF K
=================================
0000: 0x20 0x00 0x00 0x00000004 ld $data[4]
0001: 0x15 0x00 0x03 0xc000003e jeq 3221225534 true:0002 false:0005
0002: 0x20 0x00 0x00 0x00000000 ld $data[0]
0003: 0x35 0x06 0x00 0x40000000 jge 1073741824 true:0010 false:0004
0004: 0x15 0x04 0x03 0x00000003 jeq 3 true:0009 false:0008
0005: 0x15 0x00 0x04 0x40000003 jeq 1073741827 true:0006 false:0010
0006: 0x20 0x00 0x00 0x00000000 ld $data[0]
0007: 0x15 0x01 0x00 0x00000006 jeq 6 true:0009 false:0008
0008: 0x06 0x00 0x00 0x7fff0000 ret ALLOW
0009: 0x06 0x00 0x00 0x00050001 ret ERRNO(1)
0010: 0x06 0x00 0x00 0x00000000 ret KILL
It now correctly jumps to the bad_arch handling at 0010 when the x32
test in 0003 succeeds.
This fixes test 28-sim-arch_x86.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: subject tweak, renamed 'bad_arch_hash' to 'bad_arch_hsh']
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 8868f7eb0c343cfcb9bbe28736928a7f7e108b97)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently allow calling close() on the x32 architecture when we're
generating a blacklist filter for x86 and x86_64, i.e. one with an
ALLOW policy. We shouldn't as the default handling for unsupported
architectures should be defined by the bad_arch handling -- not the
default policy.
The reason for the faulty behaviour is the wrong jump target for the
x32 architecture test. It should jump to the KILL label, not the next
architecture test instruction. That one won't test the architecture
any more as the accumulator register was already overwritten with the
syscall number for the x32 test.
This test generates a filter that should return ERRNO(1) on calls to
close() for supported architectures or KILL on unsupported ones. But,
currently, does not do so for x32 and ALLOWs the syscall instead.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: added a python version of the test]
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 25be15a99463286f1dcf8ba581ad9b94676db754)
|
| |
|
|
|
|
|
|
| |
See https://github.com/cgwalters/build-api/blob/master/build-api.md
Signed-off-by: Colin Walters <walters@verbum.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 9b16b91c1293c3629529d288018415e309043daa)
|
| |
|
|
|
|
|
|
|
|
| |
Using any of the socket related syscalls is always problematic, use
a generic syscall number for this test since it isn't syscall
specific.
Reported-by: Jan Willeke <willeke@linux.vnet.ibm.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 37a609498a218c370e86d34470a21d0d98db3b4f)
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 21f4fa4c90fa57022f3494633871f2a74be22cdc)
|
| |
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit c940cdf15b1c9f742949f422589ee1d0287e0db3)
|
| |
|
|
|
|
| |
Reported-by: Brian Cain <brian.cain@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 0cd288bee5879af3aab6c447de55c90d4971e38c)
|
| |
|
|
|
|
|
|
|
| |
On some really old systems the ELF and or Audit ABI/arch defines are
missing, this patch provides our own #defines in these cases.
Reported-by: Vincent.Riera@imgtec.com
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit f8de89b8764afa1e714e7b6d1c2247a655ed5470)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Retrieving attributes using the Python bindings fails on some platforms.
The attributes are encoded in a 32-bit mask. Python variables are
usually larger (64 bits); Cython is not capable of recognizing that it
should only use a 32-bit number on every platform. This patch ensures
that the variable used to store the value of the attribute is only 32 bits.
Signed-off-by: Michael Strosaker <strosake@linux.vnet.ibm.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 4367b1b4f94ca1e0c0606ff85622f2ecb1a9c278)
|
| |
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit d32ef67e87ae4005e6456d17c071dbd410d957ea)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the following syscalls to the ARM arch/ABI and update the syscall
validation script.
* breakpoint()
* cacheflush()
* usr26()
* usr32()
* set_tls()
Reported-by: Purcareata Bogdan <b43198@freescale.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit a710a2d246bdc73ba77e3ff5624e790688cc51fd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 32-bit ARM syscall table mistakenly included syscall definitions
for the syscalls below. This patch redefines those syscalls to
libseccomp's pseudo-syscall numbers and corrects the
arch-syscall-validate to correctly list the 32-bit ARM syscalls.
* time
* umount
* stime
* alarm
* utime
* getrlimit
* select
* readdir
* mmap
* socketcall
* syscall
* ipc
Reported-by: Andreas Farber <afaerber@suse.de>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit d1019115acdc8460c9a1f8a878768001a3c32431)
|
| |
|
|
|
|
|
| |
That would be a type-o which results in bad style :)
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit f530cb495857c3d9fcf9d82b74893aec9caa6053)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out there are a few corner cases where we incorrectly
generate seccomp BPF due to poor accumulator state tracking for each
BPF instruction block. This patch adds accumulator state tracking
such that we know what any given instruction block expects from the
accumulator and what value it leaves in the accumulator when it is
finished. This allows us to veryify the accumulator state when
assembling the instruction blocks into the final BPF program and if
necessary we can insert accumulator load/mask instructions to
maintain the proper accumulator state.
Reported-by: Matthew Heon <mheon@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit b43a7dde03f96ce6a291eb58f620c5d2b7700b51)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building the BPF filter code we need to ensure that we take the
state of the BPF state machine accumulator into account. This test
creates a situation where the BPF filter code generator needs to
perform some extra work to ensure the accumulator state is correct.
This test is based on a bug reproducer by Matthew Heon.
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 4992bc217387c44dfbd9a4d290cdc42ba098b124)
|
| |
|
|
|
|
|
|
|
| |
Fixed a couple of warnings -- 'rc' was used-uninitialized IIRC and
missing enums from the switch.
Signed-off-by: Brian Cain <brian.cain@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 67de487698778eeabadf28687ce5df3c795fb511)
|
| |
|
|
|
|
|
|
|
|
|
| |
These were likely vestiges from the C implementation of the
corresponding tests. But in python, we've been liberated from the
bonds of semicolons, let us rejoice and instead serve our
new whitespace masters!
Signed-off-by: Brian Cain <brian.cain@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 49419d82c80129323c78ad51a7fd7b317e511b5f)
|
| |
|
|
|
|
|
|
|
|
| |
seccomp_syscall_resolve_num_arch() returns a string from strdup() that
needs to be reaped. I found this bug using clang and
address-sanitizer.
Signed-off-by: Brian Cain <brian.cain@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 5b813a7331dcadd5d8b63532df8d07cdf47a041e)
|
| |
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
(imported from commit 7a7a83a24491f636d422e951f9e0547caaa68967)
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
| |
In many of the manpages we use the term "process" when in reality we
should be using "thread".
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
| |
Also display the build revision to make things easier when submitting
builds for scanning.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
| |
As noted in the previous commit, I made some style changes, but forgot
to include them in the commit. This patch includes those tweaks.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is based on the following patch written by Richard W.M. Jones
from RedHat:
https://www.redhat.com/archives/libguestfs/2013-February/msg00102.html
Earlier versions of automake complain if they get a configuration
parameter which they don't understand. The error is:
configure.ac:27: error: option 'serial-tests' not recognized
Use some m4 hackery to work around this.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
(minor style tweaks to the comments)
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |\
| |
| |
| |
| | |
Conflicts:
src/arch-x86.c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
I've been putting off simplifing the arch specific code until we had
enough ABIs to know what simplifications made sense. Well, our
supported ABI list is not quite reasonable so go ahead and clean
things up a bit.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
I've been putting off simplifing the arch specific code until we had
enough ABIs to know what simplifications made sense. Well, our
supported ABI list is not quite reasonable so go ahead and clean
things up a bit.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
| |
Also, now that we've fixed arch-syscall-check to include x32, bring
the x32 syscall table up to speed with the rest of the library.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
| |
This patch adds support for AArch64 (64-bit ARM) architecture.
Signed-off-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
(Additional fixes/corrections/etc.)
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for a number of new enhancements to the
automated test suite, all of which are focused on the architecture
selection of the bpf-sim test type.
With this patch, the architecture field can now contain a comma
delimited list of architecture names with the following values:
* all
Add the current native arch to the list.
* all_le
Add the current native arch to the list only if it is little
endian.
* +all_le
Add all of the supported little endian architectures to the list.
* all_be
Add the current native arch to the list only if it is big endian.
* +all_be
Add all of the supported big endian architectures to the list.
* <arch>
Add the architecture specified by "<arch>" if it is the native
architecture.
* +<arch>
Add the architecture specified by "<arch>" to the list.
* -<arch>
Remove the architecture specified by "<arch>" to the list if
present.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
