Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/817901/?format=api
{ "id": 817901, "url": "http://patchwork.ozlabs.org/api/patches/817901/?format=api", "web_url": "http://patchwork.ozlabs.org/project/lede/patch/20170924143821.13969-1-sojkam1@fel.cvut.cz/", "project": { "id": 54, "url": "http://patchwork.ozlabs.org/api/projects/54/?format=api", "name": "LEDE development", "link_name": "lede", "list_id": "lede-dev.lists.infradead.org", "list_email": "lede-dev@lists.infradead.org", "web_url": "http://lede-project.org/", "scm_url": "", "webscm_url": "http://git.lede-project.org/", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20170924143821.13969-1-sojkam1@fel.cvut.cz>", "list_archive_url": null, "date": "2017-09-24T14:38:21", "name": "[LEDE-DEV,procd,v2,16/17] utrace: Support non-contiguous syscall numbers", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "6c9eef10ab7561f06ae56da883a791720cc0c3f6", "submitter": { "id": 14651, "url": "http://patchwork.ozlabs.org/api/people/14651/?format=api", "name": "Michal Sojka", "email": "sojkam1@fel.cvut.cz" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/lede/patch/20170924143821.13969-1-sojkam1@fel.cvut.cz/mbox/", "series": [ { "id": 4815, "url": "http://patchwork.ozlabs.org/api/series/4815/?format=api", "web_url": "http://patchwork.ozlabs.org/project/lede/list/?series=4815", "date": "2017-09-24T14:38:21", "name": null, "version": 2, "mbox": "http://patchwork.ozlabs.org/series/4815/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/817901/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/817901/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": [ "ozlabs.org; spf=none (mailfrom)\n\tsmtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;\n\thelo=bombadil.infradead.org;\n\tenvelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"mTXzk8f1\"; \n\tdkim-atps=neutral" ], "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3y0VH21hqgz9sBd\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon, 25 Sep 2017 00:39:42 +1000 (AEST)", "from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dw842-0001Fu-5w; Sun, 24 Sep 2017 14:39:22 +0000", "from smtpx.feld.cvut.cz ([147.32.192.33])\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dw83a-00018E-VH\n\tfor lede-dev@lists.infradead.org; Sun, 24 Sep 2017 14:38:58 +0000", "from localhost (unknown [192.168.200.7])\n\tby smtpx.feld.cvut.cz (Postfix) with ESMTP id 5A3BADC338;\n\tSun, 24 Sep 2017 16:38:34 +0200 (CEST)", "from smtpx.feld.cvut.cz ([192.168.200.6])\n\tby localhost (styx.feld.cvut.cz [192.168.200.7]) (amavisd-new,\n\tport 10054)\n\twith ESMTP id xPvx8oWkciUx; Sun, 24 Sep 2017 16:38:32 +0200 (CEST)", "from imap.feld.cvut.cz (imap.feld.cvut.cz [147.32.192.34])\n\tby smtpx.feld.cvut.cz (Postfix) with ESMTP id BD37ADC27C;\n\tSun, 24 Sep 2017 16:38:32 +0200 (CEST)", "from wsh by steelpick.2x.cz with local (Exim 4.89)\n\t(envelope-from <sojkam1@fel.cvut.cz>)\n\tid 1dw83E-0003e7-G4; Sun, 24 Sep 2017 16:38:32 +0200" ], "DKIM-Signature": "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:\n\tList-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References:\n\tIn-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=ukOlLdrw7f/MfxMnW4LRHM2Izi5ZgLz2osPigXSoP0A=;\n\tb=mTXzk8f12zoHz0\n\txICeCpz/cpPh3noHjETTMcW2JU8DrP9GzWUnHirFfvkAWCLu2geDBVZWoBBfUc4I3iEhcnNxhWA0L\n\tjH3YeasRk3BL6ldmLP918IX5eUVqb//DskswWfChCsULl+QTE+SPadf4XrQVEUm4CiK9nytHDNHFM\n\tC6gCo+kJGGRhkfuMyaZSBDHE40oDKxpb8lQH9CauNU52q9GqCHZ3z0iSBq/dxOTudRrBSwTV0qALK\n\tdWw9CfyLzzOgAxD976s/tq2/Ld0LbwPDnih2OVFpoXH5tHK81y8nY1gt5r3Ke21LHrf0UCvzjD1eS\n\tucSWC2U0EtT1c7KXrpjA==;", "X-Virus-Scanned": "IMAP STYX AMAVIS", "From": "Michal Sojka <sojkam1@fel.cvut.cz>", "To": "lede-dev@lists.infradead.org,\n\tJohn Crispin <john@phrozen.org>", "Date": "Sun, 24 Sep 2017 16:38:21 +0200", "Message-Id": "<20170924143821.13969-1-sojkam1@fel.cvut.cz>", "X-Mailer": "git-send-email 2.14.1", "In-Reply-To": "<87poag88r7.fsf@steelpick.2x.cz>", "References": "<87poag88r7.fsf@steelpick.2x.cz>", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20170924_073855_429257_C8558BB2 ", "X-CRM114-Status": "GOOD ( 15.82 )", "X-Spam-Score": "-4.2 (----)", "X-Spam-Report": "SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details: (-4.2 points)\n\tpts rule name description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,\n\tmedium trust [147.32.192.33 listed in list.dnswl.org]\n\t-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay\n\tdomain\n\t-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]", "Subject": "[LEDE-DEV] [PATCH procd v2 16/17] utrace: Support non-contiguous\n\tsyscall numbers", "X-BeenThere": "lede-dev@lists.infradead.org", "X-Mailman-Version": "2.1.21", "Precedence": "list", "List-Id": "<lede-dev.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/lede-dev>,\n\t<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/lede-dev/>", "List-Post": "<mailto:lede-dev@lists.infradead.org>", "List-Help": "<mailto:lede-dev-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/lede-dev>,\n\t<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>", "Cc": "Michal Sojka <sojkam1@fel.cvut.cz>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"Lede-dev\" <lede-dev-bounces@lists.infradead.org>", "Errors-To": "lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "ARM architecture does not have its system call numbers contiguous. So\nfar, utrace ignored the non-contiguous system calls, but it makes it\ndifficult to setup seccomp whitelists. This patch adds support for\nthese extra out-of-range syscalls.\n\nIt extends the generated file syscall_names.h to include a few\nfunctions. Now, for ARM this file looks like:\n\n #include <asm/unistd.h>\n static const char *__syscall_names[] = {\n [280] = \"waitid\",\n [148] = \"fdatasync\",\n ...\n [252] = \"epoll_wait\",\n [74] = \"sethostname\",\n };\n static inline const char *syscall_name(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return __syscall_names[i];\n switch (i) {\n case 0x0f0001: return \"breakpoint\";\n case 0x0f0003: return \"usr26\";\n case 0x0f0004: return \"usr32\";\n case 0x0f0005: return \"set_tls\";\n case 0x0f0002: return \"cacheflush\";\n default: return (void*)0;\n }\n }\n static inline int syscall_index(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return i;\n switch (i) {\n case 0x0f0001: return ARRAY_SIZE(__syscall_names) + 0;\n case 0x0f0003: return ARRAY_SIZE(__syscall_names) + 1;\n case 0x0f0004: return ARRAY_SIZE(__syscall_names) + 2;\n case 0x0f0005: return ARRAY_SIZE(__syscall_names) + 3;\n case 0x0f0002: return ARRAY_SIZE(__syscall_names) + 4;\n default: return -1;\n }\n }\n static inline int syscall_index_to_number(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return i;\n switch (i) {\n case ARRAY_SIZE(__syscall_names) + 0: return 0x0f0001;\n case ARRAY_SIZE(__syscall_names) + 1: return 0x0f0003;\n case ARRAY_SIZE(__syscall_names) + 2: return 0x0f0004;\n case ARRAY_SIZE(__syscall_names) + 3: return 0x0f0005;\n case ARRAY_SIZE(__syscall_names) + 4: return 0x0f0002;\n default: return -1;\n }\n }\n #define SYSCALL_COUNT (ARRAY_SIZE(__syscall_names) + 5)\n\nFor x86, which does not have extra syscalls, the file looks this way:\n\n #include <asm/unistd.h>\n static const char *__syscall_names[] = {\n [247] = \"waitid\",\n [75] = \"fdatasync\",\n ...\n [232] = \"epoll_wait\",\n [170] = \"sethostname\",\n };\n static inline const char *syscall_name(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return __syscall_names[i];\n switch (i) {\n default: return (void*)0;\n }\n }\n static inline int syscall_index(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return i;\n switch (i) {\n default: return -1;\n }\n }\n static inline int syscall_index_to_number(unsigned i) {\n if (i < ARRAY_SIZE(__syscall_names))\n return i;\n switch (i) {\n default: return -1;\n }\n }\n #define SYSCALL_COUNT (ARRAY_SIZE(__syscall_names) + 0)\n\nSigned-off-by: Michal Sojka <sojkam1@fel.cvut.cz>\n---\n jail/seccomp.c | 10 +++++-----\n make_syscall_h.sh | 48 +++++++++++++++++++++++++++++++++++++++++++++++-\n trace/trace.c | 44 +++++++++++++++++++++-----------------------\n 3 files changed, 73 insertions(+), 29 deletions(-)", "diff": "diff --git a/jail/seccomp.c b/jail/seccomp.c\nindex 27bf3ce..eeb5781 100644\n--- a/jail/seccomp.c\n+++ b/jail/seccomp.c\n@@ -22,15 +22,15 @@\n #include \"seccomp.h\"\n #include \"../syscall-names.h\"\n \n-static int max_syscall = ARRAY_SIZE(syscall_names);\n-\n static int find_syscall(const char *name)\n {\n \tint i;\n \n-\tfor (i = 0; i < max_syscall; i++)\n-\t\tif (syscall_names[i] && !strcmp(syscall_names[i], name))\n-\t\t\treturn i;\n+\tfor (i = 0; i < SYSCALL_COUNT; i++) {\n+\t\tint sc = syscall_index_to_number(i);\n+\t\tif (syscall_name(sc) && !strcmp(syscall_name(sc), name))\n+\t\t\treturn sc;\n+\t}\n \n \treturn -1;\n }\ndiff --git a/make_syscall_h.sh b/make_syscall_h.sh\nindex 3363bc7..18d9131 100755\n--- a/make_syscall_h.sh\n+++ b/make_syscall_h.sh\n@@ -12,7 +12,53 @@ CC=$1\n [ -n \"$TARGET_CC_NOCACHE\" ] && CC=$TARGET_CC_NOCACHE\n \n echo \"#include <asm/unistd.h>\"\n-echo \"static const char *syscall_names[] = {\"\n+echo \"static const char *__syscall_names[] = {\"\n echo \"#include <sys/syscall.h>\" | ${CC} -E -dM - | grep '^#define __NR_' | \\\n \tLC_ALL=C sed -r -n -e 's/^\\#define[ \\t]+__NR_([a-z0-9_]+)[ \\t]+([ ()+0-9a-zNR_Linux]+)(.*)/ [\\2] = \"\\1\",/p'\n echo \"};\"\n+\n+extra_syscalls=\"$(echo \"#include <sys/syscall.h>\" | ${CC} -E -dM - | sed -n -e '/^#define __ARM_NR_/ s///p')\"\n+\n+cat <<EOF\n+static inline const char *syscall_name(unsigned i) {\n+ if (i < ARRAY_SIZE(__syscall_names))\n+ return __syscall_names[i];\n+ switch (i) {\n+EOF\n+echo \"$extra_syscalls\" | \\\n+ LC_ALL=C sed -r -n -e 's/^([a-z0-9_]+)[ \\t]+([ ()+0-9a-zNR_Linux]+)(.*)/ case \\2: return \"\\1\";/p'\n+cat <<EOF\n+ default: return (void*)0;\n+ }\n+}\n+EOF\n+\n+cat <<EOF\n+static inline int syscall_index(unsigned i) {\n+ if (i < ARRAY_SIZE(__syscall_names))\n+ return i;\n+ switch (i) {\n+EOF\n+echo \"$extra_syscalls\" | \\\n+ LC_ALL=C perl -ne 'print \" case $2: return ARRAY_SIZE(__syscall_names) + \", $. - 1, \";\\n\" if /^([a-z0-9_]+)[ \\t]+([ ()+0-9a-zNR_Linux]+)(.*)/;'\n+cat <<EOF\n+ default: return -1;\n+ }\n+}\n+EOF\n+\n+cat <<EOF\n+static inline int syscall_index_to_number(unsigned i) {\n+ if (i < ARRAY_SIZE(__syscall_names))\n+ return i;\n+ switch (i) {\n+EOF\n+echo \"$extra_syscalls\" | \\\n+ LC_ALL=C perl -ne 'print \" case ARRAY_SIZE(__syscall_names) + \", $. - 1, \": return $2;\\n\" if /^([a-z0-9_]+)[ \\t]+([ ()+0-9a-zNR_Linux]+)(.*)/;'\n+cat <<EOF\n+ default: return -1;\n+ }\n+}\n+EOF\n+\n+echo \"#define SYSCALL_COUNT (ARRAY_SIZE(__syscall_names) + $({ test -n \"$extra_syscalls\" && echo \"$extra_syscalls\"; } | wc -l))\"\ndiff --git a/trace/trace.c b/trace/trace.c\nindex d86c215..3db1fd0 100644\n--- a/trace/trace.c\n+++ b/trace/trace.c\n@@ -83,25 +83,24 @@ struct tracee {\n };\n \n static struct tracee tracer;\n-static int *syscall_count;\n+static int syscall_count[SYSCALL_COUNT];\n static int violation_count;\n static struct blob_buf b;\n-static int syscall_max;\n static int debug;\n char *json = NULL;\n int ptrace_restart;\n \n-static int max_syscall = ARRAY_SIZE(syscall_names);\n-\n static void set_syscall(const char *name, int val)\n {\n \tint i;\n \n-\tfor (i = 0; i < max_syscall; i++)\n-\t\tif (syscall_names[i] && !strcmp(syscall_names[i], name)) {\n+\tfor (i = 0; i < SYSCALL_COUNT; i++) {\n+\t\tint sc = syscall_index_to_number(i);\n+\t\tif (syscall_name(sc) && !strcmp(syscall_name(sc), name)) {\n \t\t\tsyscall_count[i] = val;\n \t\t\treturn;\n \t\t}\n+\t}\n }\n \n struct syscall {\n@@ -127,27 +126,27 @@ static void print_syscalls(int policy, const char *json)\n \t\tset_syscall(\"exit\", 1);\n \t}\n \n-\tstruct syscall sorted[ARRAY_SIZE(syscall_names)];\n+\tstruct syscall sorted[SYSCALL_COUNT];\n \n-\tfor (i = 0; i < ARRAY_SIZE(syscall_names); i++) {\n-\t\tsorted[i].syscall = i;\n+\tfor (i = 0; i < SYSCALL_COUNT; i++) {\n+\t\tsorted[i].syscall = syscall_index_to_number(i);\n \t\tsorted[i].count = syscall_count[i];\n \t}\n \n-\tqsort(sorted, ARRAY_SIZE(syscall_names), sizeof(sorted[0]), cmp_count);\n+\tqsort(sorted, SYSCALL_COUNT, sizeof(sorted[0]), cmp_count);\n \n \tblob_buf_init(&b, 0);\n \tc = blobmsg_open_array(&b, \"whitelist\");\n \n-\tfor (i = 0; i < ARRAY_SIZE(syscall_names); i++) {\n+\tfor (i = 0; i < SYSCALL_COUNT; i++) {\n \t\tint sc = sorted[i].syscall;\n \t\tif (!sorted[i].count)\n \t\t\tbreak;\n-\t\tif (syscall_names[sc]) {\n+\t\tif (syscall_name(sc)) {\n \t\t\tif (debug)\n \t\t\t\tprintf(\"syscall %d (%s) was called %d times\\n\",\n-\t\t\t\t\tsc, syscall_names[sc], sorted[i].count);\n-\t\t\tblobmsg_add_string(&b, NULL, syscall_names[sc]);\n+\t\t\t\t sc, syscall_name(sc), sorted[i].count);\n+\t\t\tblobmsg_add_string(&b, NULL, syscall_name(sc));\n \t\t} else {\n \t\t\tERROR(\"no name found for syscall(%d)\\n\", sc);\n \t\t}\n@@ -184,10 +183,11 @@ static void report_seccomp_vialation(pid_t pid, unsigned syscall)\n \n \tif (violation_count < INT_MAX)\n \t\tviolation_count++;\n-\tif (syscall < ARRAY_SIZE(syscall_names)) {\n-\t\tsyscall_count[syscall]++;\n+\tint i = syscall_index(syscall);\n+\tif (i >= 0) {\n+\t\tsyscall_count[i]++;\n \t\tLOGERR(\"%s[%u] tried to call non-whitelisted syscall: %s (see %s)\\n\",\n-\t\t buf, pid, syscall_names[syscall], json);\n+\t\t buf, pid, syscall_name(syscall), json);\n \t} else {\n \t\tLOGERR(\"%s[%u] tried to call non-whitelisted syscall: %d (see %s)\\n\",\n \t\t buf, pid, syscall, json);\n@@ -206,11 +206,11 @@ static void tracer_cb(struct uloop_process *c, int ret)\n \t\tif (WSTOPSIG(ret) & 0x80) {\n \t\t\tif (!tracee->in_syscall) {\n \t\t\t\tint syscall = ptrace(PTRACE_PEEKUSER, c->pid, reg_syscall_nr);\n-\n-\t\t\t\tif (syscall < syscall_max) {\n-\t\t\t\t\tsyscall_count[syscall]++;\n+\t\t\t\tint i = syscall_index(syscall);\n+\t\t\t\tif (i >= 0) {\n+\t\t\t\t\tsyscall_count[i]++;\n \t\t\t\t\tif (debug)\n-\t\t\t\t\t\tfprintf(stderr, \"%s()\\n\", syscall_names[syscall]);\n+\t\t\t\t\t\tfprintf(stderr, \"%s()\\n\", syscall_name(syscall));\n \t\t\t\t} else if (debug) {\n \t\t\t\t\tfprintf(stderr, \"syscal(%d)\\n\", syscall);\n \t\t\t\t}\n@@ -342,8 +342,6 @@ int main(int argc, char **argv, char **envp)\n \tif (child < 0)\n \t\treturn -1;\n \n-\tsyscall_max = ARRAY_SIZE(syscall_names);\n-\tsyscall_count = calloc(syscall_max, sizeof(int));\n \twaitpid(child, &status, WUNTRACED);\n \tif (!WIFSTOPPED(status)) {\n \t\tERROR(\"failed to start %s\\n\", *argv);\n", "prefixes": [ "LEDE-DEV", "procd", "v2", "16/17" ] }