Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/812791/?format=api
{ "id": 812791, "url": "http://patchwork.ozlabs.org/api/patches/812791/?format=api", "web_url": "http://patchwork.ozlabs.org/project/lede/patch/20170912111250.31576-19-sojkam1@fel.cvut.cz/", "project": { "id": 54, "url": "http://patchwork.ozlabs.org/api/projects/54/?format=api", "name": "LEDE development", "link_name": "lede", "list_id": "lede-dev.lists.infradead.org", "list_email": "lede-dev@lists.infradead.org", "web_url": "http://lede-project.org/", "scm_url": "", "webscm_url": "http://git.lede-project.org/", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20170912111250.31576-19-sojkam1@fel.cvut.cz>", "list_archive_url": null, "date": "2017-09-12T11:12:48", "name": "[LEDE-DEV,procd,16/17] utrace: Support non-contiguous syscall numbers", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "2b18ca987393877c9efe6b35dd3e8a69e9475b97", "submitter": { "id": 14651, "url": "http://patchwork.ozlabs.org/api/people/14651/?format=api", "name": "Michal Sojka", "email": "sojkam1@fel.cvut.cz" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/lede/patch/20170912111250.31576-19-sojkam1@fel.cvut.cz/mbox/", "series": [ { "id": 2665, "url": "http://patchwork.ozlabs.org/api/series/2665/?format=api", "web_url": "http://patchwork.ozlabs.org/project/lede/list/?series=2665", "date": "2017-09-12T11:12:36", "name": "[LEDE-DEV,procd,01/17] utrace: Fix environment initialization", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/2665/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/812791/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/812791/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": [ "ozlabs.org; spf=none (mailfrom)\n\tsmtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;\n\thelo=bombadil.infradead.org;\n\tenvelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"FYVtSc5P\"; \n\tdkim-atps=neutral" ], "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xs2PQ1f7hz9s82\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 12 Sep 2017 21:19:22 +1000 (AEST)", "from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1drjDm-0001Wk-L5; Tue, 12 Sep 2017 11:19:14 +0000", "from smtpx.feld.cvut.cz ([147.32.192.33])\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1drj97-0004gF-W4\n\tfor lede-dev@lists.infradead.org; Tue, 12 Sep 2017 11:14:30 +0000", "from localhost (unknown [192.168.200.7])\n\tby smtpx.feld.cvut.cz (Postfix) with ESMTP id 5A548DC3C9;\n\tTue, 12 Sep 2017 13:13:17 +0200 (CEST)", "from smtpx.feld.cvut.cz ([192.168.200.6])\n\tby localhost (styx.feld.cvut.cz [192.168.200.7]) (amavisd-new,\n\tport 10054)\n\twith ESMTP id llPMkQUuaUZu; Tue, 12 Sep 2017 13:13:15 +0200 (CEST)", "from imap.feld.cvut.cz (imap.feld.cvut.cz [147.32.192.34])\n\tby smtpx.feld.cvut.cz (Postfix) with ESMTP id 907F1DC3EF;\n\tTue, 12 Sep 2017 13:13:13 +0200 (CEST)", "from wsh by steelpick.2x.cz with local (Exim 4.89)\n\t(envelope-from <sojkam1@fel.cvut.cz>)\n\tid 1drj7x-0008Et-IF; Tue, 12 Sep 2017 13:13:13 +0200" ], "DKIM-Signature": "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:\n\tList-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References:\n\tIn-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=MmtzDH+K/C2UxngSPr+MY9arudlOY7LRIqfKpKjMF8c=;\n\tb=FYVtSc5PrLAC2S\n\tDtfju+84pwIQpcj2R5vHh5OwJZvCzt5zqHGCVpglsdpijevbCkoJ/nGkTHx1wSPEajBF4/z0sLO+t\n\tPo4QUXJ2dKz7mZsKxi/SM+2CfznQnMyjnUdYl8SgCYY2Ic41up4ye9vxc+75DIOBrcPkG1ZAvd7MW\n\tRnsPkdVqULSH4GIDZNrfGg3BZRqQl7IHin5TMW4EMcw28Ky85nY4GYidItApbttFbcOWwLdaWsOUk\n\tQX+I0SDphvrwZLo6esSKRRxQRui2uJ3Z8eubymtUMHyLsGcmSXuZoSdeTQt2tuHpeSEIkmsa386xC\n\tyawAtSD+i8dh4sKurIvw==;", "X-Virus-Scanned": "IMAP STYX AMAVIS", "From": "Michal Sojka <sojkam1@fel.cvut.cz>", "To": "lede-dev@lists.infradead.org", "Date": "Tue, 12 Sep 2017 13:12:48 +0200", "Message-Id": "<20170912111250.31576-19-sojkam1@fel.cvut.cz>", "X-Mailer": "git-send-email 2.14.1", "In-Reply-To": "<20170912111250.31576-1-sojkam1@fel.cvut.cz>", "References": "<20170912111250.31576-1-sojkam1@fel.cvut.cz>", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20170912_041426_433991_96EB9A75 ", "X-CRM114-Status": "GOOD ( 16.30 )", "X-Spam-Score": "-4.2 (----)", "X-Spam-Report": "SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details: (-4.2 points)\n\tpts rule name description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,\n\tmedium trust [147.32.192.33 listed in list.dnswl.org]\n\t-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay\n\tdomain\n\t-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]", "Subject": "[LEDE-DEV] [PATCH procd 16/17] utrace: Support non-contiguous\n\tsyscall numbers", "X-BeenThere": "lede-dev@lists.infradead.org", "X-Mailman-Version": "2.1.21", "Precedence": "list", "List-Id": "<lede-dev.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/lede-dev>,\n\t<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/lede-dev/>", "List-Post": "<mailto:lede-dev@lists.infradead.org>", "List-Help": "<mailto:lede-dev-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/lede-dev>,\n\t<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>", "Cc": "Michal Sojka <sojkam1@fel.cvut.cz>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"Lede-dev\" <lede-dev-bounces@lists.infradead.org>", "Errors-To": "lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "ARM architecture does not have its system call numbers contiguous. So\nfar, utrace ignored the non-contiguous system calls, but it makes it\ndifficult to setup seccomp whitelists. This patch adds support for\nthese extra out-of-range syscalls.\n\nIt extends the generated file syscall_names.h to include a few\nfunctions. Now, for ARM this file looks like:\n\n #include <asm/unistd.h>\n static const char *__syscall_names[] = {\n [280] = \"waitid\",\n [148] = \"fdatasync\",\n ...\n [252] = \"epoll_wait\",\n [74] = \"sethostname\",\n };\n static inline const char *syscall_name(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return __syscall_names[i];\n switch (i) {\n case 0x0f0001: return \"breakpoint\";\n case 0x0f0003: return \"usr26\";\n case 0x0f0004: return \"usr32\";\n case 0x0f0005: return \"set_tls\";\n case 0x0f0002: return \"cacheflush\";\n default: return (void*)0;\n }\n }\n static inline int syscall_index(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return i;\n switch (i) {\n case 0x0f0001: return ARRAY_SIZE(__syscall_names) + 0;\n case 0x0f0003: return ARRAY_SIZE(__syscall_names) + 1;\n case 0x0f0004: return ARRAY_SIZE(__syscall_names) + 2;\n case 0x0f0005: return ARRAY_SIZE(__syscall_names) + 3;\n case 0x0f0002: return ARRAY_SIZE(__syscall_names) + 4;\n default: return -1;\n }\n }\n static inline int syscall_index_to_number(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return i;\n switch (i) {\n case ARRAY_SIZE(__syscall_names) + 0: return 0x0f0001;\n case ARRAY_SIZE(__syscall_names) + 1: return 0x0f0003;\n case ARRAY_SIZE(__syscall_names) + 2: return 0x0f0004;\n case ARRAY_SIZE(__syscall_names) + 3: return 0x0f0005;\n case ARRAY_SIZE(__syscall_names) + 4: return 0x0f0002;\n default: return -1;\n }\n }\n #define SYSCALL_COUNT (ARRAY_SIZE(__syscall_names) + 5)\n\nFor x86, which does not have extra syscalls, the file looks this way:\n\n #include <asm/unistd.h>\n static const char *__syscall_names[] = {\n [247] = \"waitid\",\n [75] = \"fdatasync\",\n ...\n [232] = \"epoll_wait\",\n [170] = \"sethostname\",\n };\n static inline const char *syscall_name(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return __syscall_names[i];\n switch (i) {\n default: return (void*)0;\n }\n }\n static inline int syscall_index(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return i;\n switch (i) {\n default: return -1;\n }\n }\n static inline int syscall_index_to_number(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return i;\n switch (i) {\n default: return -1;\n }\n }\n #define SYSCALL_COUNT (ARRAY_SIZE(__syscall_names) + 0)\n\nSigned-off-by: Michal Sojka <sojkam1@fel.cvut.cz>\n---\n jail/seccomp.c | 10 +++++-----\n make_syscall_h.sh | 48 +++++++++++++++++++++++++++++++++++++++++++++++-\n trace/trace.c | 42 ++++++++++++++++++++----------------------\n 3 files changed, 72 insertions(+), 28 deletions(-)", "diff": "diff --git a/jail/seccomp.c b/jail/seccomp.c\nindex 27bf3ce..eeb5781 100644\n--- a/jail/seccomp.c\n+++ b/jail/seccomp.c\n@@ -22,15 +22,15 @@\n #include \"seccomp.h\"\n #include \"../syscall-names.h\"\n \n-static int max_syscall = ARRAY_SIZE(syscall_names);\n-\n static int find_syscall(const char *name)\n {\n \tint i;\n \n-\tfor (i = 0; i < max_syscall; i++)\n-\t\tif (syscall_names[i] && !strcmp(syscall_names[i], name))\n-\t\t\treturn i;\n+\tfor (i = 0; i < SYSCALL_COUNT; i++) {\n+\t\tint sc = syscall_index_to_number(i);\n+\t\tif (syscall_name(sc) && !strcmp(syscall_name(sc), name))\n+\t\t\treturn sc;\n+\t}\n \n \treturn -1;\n }\ndiff --git a/make_syscall_h.sh b/make_syscall_h.sh\nindex 3363bc7..18d9131 100755\n--- a/make_syscall_h.sh\n+++ b/make_syscall_h.sh\n@@ -12,7 +12,53 @@ CC=$1\n [ -n \"$TARGET_CC_NOCACHE\" ] && CC=$TARGET_CC_NOCACHE\n \n echo \"#include <asm/unistd.h>\"\n-echo \"static const char *syscall_names[] = {\"\n+echo \"static const char *__syscall_names[] = {\"\n echo \"#include <sys/syscall.h>\" | ${CC} -E -dM - | grep '^#define __NR_' | \\\n \tLC_ALL=C sed -r -n -e 's/^\\#define[ \\t]+__NR_([a-z0-9_]+)[ \\t]+([ ()+0-9a-zNR_Linux]+)(.*)/ [\\2] = \"\\1\",/p'\n echo \"};\"\n+\n+extra_syscalls=\"$(echo \"#include <sys/syscall.h>\" | ${CC} -E -dM - | sed -n -e '/^#define __ARM_NR_/ s///p')\"\n+\n+cat <<EOF\n+static inline const char *syscall_name(unsigned i) {\n+ if (i < ARRAY_SIZE(__syscall_names))\n+ return __syscall_names[i];\n+ switch (i) {\n+EOF\n+echo \"$extra_syscalls\" | \\\n+ LC_ALL=C sed -r -n -e 's/^([a-z0-9_]+)[ \\t]+([ ()+0-9a-zNR_Linux]+)(.*)/ case \\2: return \"\\1\";/p'\n+cat <<EOF\n+ default: return (void*)0;\n+ }\n+}\n+EOF\n+\n+cat <<EOF\n+static inline int syscall_index(unsigned i) {\n+ if (i < ARRAY_SIZE(__syscall_names))\n+ return i;\n+ switch (i) {\n+EOF\n+echo \"$extra_syscalls\" | \\\n+ LC_ALL=C perl -ne 'print \" case $2: return ARRAY_SIZE(__syscall_names) + \", $. - 1, \";\\n\" if /^([a-z0-9_]+)[ \\t]+([ ()+0-9a-zNR_Linux]+)(.*)/;'\n+cat <<EOF\n+ default: return -1;\n+ }\n+}\n+EOF\n+\n+cat <<EOF\n+static inline int syscall_index_to_number(unsigned i) {\n+ if (i < ARRAY_SIZE(__syscall_names))\n+ return i;\n+ switch (i) {\n+EOF\n+echo \"$extra_syscalls\" | \\\n+ LC_ALL=C perl -ne 'print \" case ARRAY_SIZE(__syscall_names) + \", $. - 1, \": return $2;\\n\" if /^([a-z0-9_]+)[ \\t]+([ ()+0-9a-zNR_Linux]+)(.*)/;'\n+cat <<EOF\n+ default: return -1;\n+ }\n+}\n+EOF\n+\n+echo \"#define SYSCALL_COUNT (ARRAY_SIZE(__syscall_names) + $({ test -n \"$extra_syscalls\" && echo \"$extra_syscalls\"; } | wc -l))\"\ndiff --git a/trace/trace.c b/trace/trace.c\nindex d86c215..8228edf 100644\n--- a/trace/trace.c\n+++ b/trace/trace.c\n@@ -83,25 +83,24 @@ struct tracee {\n };\n \n static struct tracee tracer;\n-static int *syscall_count;\n+static int syscall_count[SYSCALL_COUNT];\n static int violation_count;\n static struct blob_buf b;\n-static int syscall_max;\n static int debug;\n char *json = NULL;\n int ptrace_restart;\n \n-static int max_syscall = ARRAY_SIZE(syscall_names);\n-\n static void set_syscall(const char *name, int val)\n {\n \tint i;\n \n-\tfor (i = 0; i < max_syscall; i++)\n-\t\tif (syscall_names[i] && !strcmp(syscall_names[i], name)) {\n+\tfor (i = 0; i < SYSCALL_COUNT; i++) {\n+\t\tint sc = syscall_index_to_number(i);\n+\t\tif (syscall_name(sc) && !strcmp(syscall_name(sc), name)) {\n \t\t\tsyscall_count[i] = val;\n \t\t\treturn;\n \t\t}\n+\t}\n }\n \n struct syscall {\n@@ -127,27 +126,27 @@ static void print_syscalls(int policy, const char *json)\n \t\tset_syscall(\"exit\", 1);\n \t}\n \n-\tstruct syscall sorted[ARRAY_SIZE(syscall_names)];\n+\tstruct syscall sorted[SYSCALL_COUNT];\n \n-\tfor (i = 0; i < ARRAY_SIZE(syscall_names); i++) {\n-\t\tsorted[i].syscall = i;\n+\tfor (i = 0; i < SYSCALL_COUNT; i++) {\n+\t\tsorted[i].syscall = syscall_index_to_number(i);\n \t\tsorted[i].count = syscall_count[i];\n \t}\n \n-\tqsort(sorted, ARRAY_SIZE(syscall_names), sizeof(sorted[0]), cmp_count);\n+\tqsort(sorted, SYSCALL_COUNT, sizeof(sorted[0]), cmp_count);\n \n \tblob_buf_init(&b, 0);\n \tc = blobmsg_open_array(&b, \"whitelist\");\n \n-\tfor (i = 0; i < ARRAY_SIZE(syscall_names); i++) {\n+\tfor (i = 0; i < SYSCALL_COUNT; i++) {\n \t\tint sc = sorted[i].syscall;\n \t\tif (!sorted[i].count)\n \t\t\tbreak;\n-\t\tif (syscall_names[sc]) {\n+\t\tif (syscall_name(sc)) {\n \t\t\tif (debug)\n \t\t\t\tprintf(\"syscall %d (%s) was called %d times\\n\",\n-\t\t\t\t\tsc, syscall_names[sc], sorted[i].count);\n-\t\t\tblobmsg_add_string(&b, NULL, syscall_names[sc]);\n+\t\t\t\t sc, syscall_name(sc), sorted[i].count);\n+\t\t\tblobmsg_add_string(&b, NULL, syscall_name(sc));\n \t\t} else {\n \t\t\tERROR(\"no name found for syscall(%d)\\n\", sc);\n \t\t}\n@@ -184,10 +183,11 @@ static void report_seccomp_vialation(pid_t pid, unsigned syscall)\n \n \tif (violation_count < INT_MAX)\n \t\tviolation_count++;\n-\tif (syscall < ARRAY_SIZE(syscall_names)) {\n-\t\tsyscall_count[syscall]++;\n+\tint i = syscall_index(syscall);\n+\tif (i >= 0) {\n+\t\tsyscall_count[i]++;\n \t\tLOGERR(\"%s[%u] tried to call non-whitelisted syscall: %s (see %s)\\n\",\n-\t\t buf, pid, syscall_names[syscall], json);\n+\t\t buf, pid, syscall_name(syscall), json);\n \t} else {\n \t\tLOGERR(\"%s[%u] tried to call non-whitelisted syscall: %d (see %s)\\n\",\n \t\t buf, pid, syscall, json);\n@@ -206,11 +206,11 @@ static void tracer_cb(struct uloop_process *c, int ret)\n \t\tif (WSTOPSIG(ret) & 0x80) {\n \t\t\tif (!tracee->in_syscall) {\n \t\t\t\tint syscall = ptrace(PTRACE_PEEKUSER, c->pid, reg_syscall_nr);\n-\n-\t\t\t\tif (syscall < syscall_max) {\n+\t\t\t\tint i = syscall_index(syscall);\n+\t\t\t\tif (i >= 0) {\n \t\t\t\t\tsyscall_count[syscall]++;\n \t\t\t\t\tif (debug)\n-\t\t\t\t\t\tfprintf(stderr, \"%s()\\n\", syscall_names[syscall]);\n+\t\t\t\t\t\tfprintf(stderr, \"%s()\\n\", syscall_name(syscall));\n \t\t\t\t} else if (debug) {\n \t\t\t\t\tfprintf(stderr, \"syscal(%d)\\n\", syscall);\n \t\t\t\t}\n@@ -342,8 +342,6 @@ int main(int argc, char **argv, char **envp)\n \tif (child < 0)\n \t\treturn -1;\n \n-\tsyscall_max = ARRAY_SIZE(syscall_names);\n-\tsyscall_count = calloc(syscall_max, sizeof(int));\n \twaitpid(child, &status, WUNTRACED);\n \tif (!WIFSTOPPED(status)) {\n \t\tERROR(\"failed to start %s\\n\", *argv);\n", "prefixes": [ "LEDE-DEV", "procd", "16/17" ] }