From patchwork Wed Jun 13 19:20:22 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduardo Otubo X-Patchwork-Id: 164745 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id F403FB6FE0 for ; Thu, 14 Jun 2012 05:21:16 +1000 (EST) Received: from localhost ([::1]:47233 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Set7y-0002XE-Ol for incoming@patchwork.ozlabs.org; Wed, 13 Jun 2012 15:21:14 -0400 Received: from eggs.gnu.org ([208.118.235.92]:39939) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Set7g-0002Jb-Pz for qemu-devel@nongnu.org; Wed, 13 Jun 2012 15:20:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Set7e-0007jO-Ph for qemu-devel@nongnu.org; Wed, 13 Jun 2012 15:20:56 -0400 Received: from e24smtp03.br.ibm.com ([32.104.18.24]:41084) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Set7e-0007iS-EL for qemu-devel@nongnu.org; Wed, 13 Jun 2012 15:20:54 -0400 Received: from /spool/local by e24smtp03.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 13 Jun 2012 16:20:44 -0300 Received: from d24dlp02.br.ibm.com (9.18.248.206) by e24smtp03.br.ibm.com (10.172.0.139) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 13 Jun 2012 16:20:42 -0300 Received: from d24relay02.br.ibm.com (d24relay02.br.ibm.com [9.13.184.26]) by d24dlp02.br.ibm.com (Postfix) with ESMTP id A55041DC004D for ; Wed, 13 Jun 2012 15:20:41 -0400 (EDT) Received: from d24av01.br.ibm.com (d24av01.br.ibm.com [9.8.31.91]) by d24relay02.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q5DJK6eM34996398 for ; Wed, 13 Jun 2012 16:20:06 -0300 Received: from d24av01.br.ibm.com (loopback [127.0.0.1]) by d24av01.br.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q5DHKZBj005320 for ; Wed, 13 Jun 2012 14:20:35 -0300 Received: from vader.br.ibm.com ([9.12.229.71]) by d24av01.br.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id q5DHKShY004870; Wed, 13 Jun 2012 14:20:33 -0300 From: Eduardo Otubo To: qemu-devel@nongnu.org Date: Wed, 13 Jun 2012 16:20:22 -0300 Message-Id: X-Mailer: git-send-email 1.7.9.5 In-Reply-To: References: In-Reply-To: References: X-Content-Scanned: Fidelis XPS MAILER x-cbid: 12061319-9254-0000-0000-00000948C4A8 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 32.104.18.24 Cc: Eduardo Otubo Subject: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org I added a syscall struct using priority levels as described in the libseccomp man page. The priority numbers are based to the frequency they appear in a sample strace from a regular qemu guest run under libvirt. Libseccomp generates linear BPF code to filter system calls, those rules are read one after another. The priority system places the most common rules first in order to reduce the overhead when processing them. Also, since this is just a first RFC, the whitelist is a little raw. We might need your help to improve, test and fine tune the set of system calls. v2: Fixed some style issues Removed code from vl.c and created qemu-seccomp.[ch] Now using ARRAY_SIZE macro Added more syscalls without priority/frequency set yet Signed-off-by: Eduardo Otubo --- qemu-seccomp.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ qemu-seccomp.h | 9 +++++++ vl.c | 7 ++++++ 3 files changed, 89 insertions(+) create mode 100644 qemu-seccomp.c create mode 100644 qemu-seccomp.h diff --git a/qemu-seccomp.c b/qemu-seccomp.c new file mode 100644 index 0000000..048b7ba --- /dev/null +++ b/qemu-seccomp.c @@ -0,0 +1,73 @@ +#include +#include +#include "qemu-seccomp.h" + +static struct QemuSeccompSyscall seccomp_whitelist[] = { + { SCMP_SYS(timer_settime), 255 }, + { SCMP_SYS(timer_gettime), 254 }, + { SCMP_SYS(futex), 253 }, + { SCMP_SYS(select), 252 }, + { SCMP_SYS(recvfrom), 251 }, + { SCMP_SYS(sendto), 250 }, + { SCMP_SYS(read), 249 }, + { SCMP_SYS(brk), 248 }, + { SCMP_SYS(clone), 247 }, + { SCMP_SYS(mmap), 247 }, + { SCMP_SYS(mprotect), 246 }, + { SCMP_SYS(ioctl), 245 }, + { SCMP_SYS(recvmsg), 245 }, + { SCMP_SYS(sendmsg), 245 }, + { SCMP_SYS(accept), 245 }, + { SCMP_SYS(connect), 245 }, + { SCMP_SYS(bind), 245 }, + { SCMP_SYS(listen), 245 }, + { SCMP_SYS(ioctl), 245 }, + { SCMP_SYS(eventfd), 245 }, + { SCMP_SYS(rt_sigprocmask), 245 }, + { SCMP_SYS(write), 244 }, + { SCMP_SYS(fcntl), 243 }, + { SCMP_SYS(tgkill), 242 }, + { SCMP_SYS(rt_sigaction), 242 }, + { SCMP_SYS(pipe2), 242 }, + { SCMP_SYS(munmap), 242 }, + { SCMP_SYS(mremap), 242 }, + { SCMP_SYS(getsockname), 242 }, + { SCMP_SYS(getpeername), 242 }, + { SCMP_SYS(fdatasync), 242 }, + { SCMP_SYS(close), 242 } +}; + +#define seccomp_whitelist_count ARRAY_SIZE(seccomp_whitelist) + +int seccomp_start(void) +{ + int rc = 0; + unsigned int i = 0; + + rc = seccomp_init(SCMP_ACT_KILL); + if (rc < 0) { + goto seccomp_return; + } + + for (i = 0; i < seccomp_whitelist_count; i++) { + rc = seccomp_rule_add(SCMP_ACT_ALLOW, seccomp_whitelist[i].num, 0); + if (rc < 0) { + goto seccomp_return; + } + rc = seccomp_syscall_priority(seccomp_whitelist[i].num, + seccomp_whitelist[i].priority); + if (rc < 0) { + goto seccomp_return; + } + } + + rc = seccomp_load(); + + seccomp_return: + seccomp_release(); + if (rc < 0) { + fprintf(stderr, + "ERROR: failed to configure the seccomp syscall filter in the kernel\n"); + } + return rc; +} diff --git a/qemu-seccomp.h b/qemu-seccomp.h new file mode 100644 index 0000000..3bbdd87 --- /dev/null +++ b/qemu-seccomp.h @@ -0,0 +1,9 @@ +#include +#include "osdep.h" + +struct QemuSeccompSyscall { + int32_t num; + uint8_t priority; +}; + +int seccomp_start(void); diff --git a/vl.c b/vl.c index 204d85b..315afaf 100644 --- a/vl.c +++ b/vl.c @@ -61,6 +61,9 @@ #include #include +#ifdef CONFIG_LIBSECCOMP +#include "qemu-seccomp.h" +#endif #endif #ifdef __sun__ #include @@ -2296,6 +2299,10 @@ int main(int argc, char **argv, char **envp) const char *trace_events = NULL; const char *trace_file = NULL; +#ifdef CONFIG_LIBSECCOMP + seccomp_start(); +#endif + atexit(qemu_run_exit_notifiers); error_set_progname(argv[0]);