/*
- * Copyright (c) 2015 Dmitry V. Levin <ldv@altlinux.org>
+ * Copyright (c) 2015-2017 Dmitry V. Levin <ldv@altlinux.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include "xlat/seccomp_ops.h"
#include "xlat/seccomp_filter_flags.h"
-#ifdef HAVE_LINUX_FILTER_H
-# include <linux/filter.h>
-# include "xlat/bpf_class.h"
-# include "xlat/bpf_miscop.h"
-# include "xlat/bpf_mode.h"
-# include "xlat/bpf_op_alu.h"
-# include "xlat/bpf_op_jmp.h"
-# include "xlat/bpf_rval.h"
-# include "xlat/bpf_size.h"
-# include "xlat/bpf_src.h"
-
-# ifndef SECCOMP_RET_ACTION
-# define SECCOMP_RET_ACTION 0x7fff0000U
-# endif
-# include "xlat/seccomp_ret_action.h"
-#endif
-
-struct bpf_filter {
- uint16_t code;
- uint8_t jt;
- uint8_t jf;
- uint32_t k;
-};
-
-#ifdef HAVE_LINUX_FILTER_H
-
-static void
-decode_bpf_code(uint16_t code)
-{
- uint16_t i = code & ~BPF_CLASS(code);
-
- printxval(bpf_class, BPF_CLASS(code), "BPF_???");
- switch (BPF_CLASS(code)) {
- case BPF_LD:
- case BPF_LDX:
- tprints(" | ");
- printxval(bpf_size, BPF_SIZE(code), "BPF_???");
- tprints(" | ");
- printxval(bpf_mode, BPF_MODE(code), "BPF_???");
- break;
- case BPF_ST:
- case BPF_STX:
- if (i)
- tprintf(" | %#x /* %s */", i, "BPF_???");
- break;
- case BPF_ALU:
- tprints(" | ");
- printxval(bpf_src, BPF_SRC(code), "BPF_???");
- tprints(" | ");
- printxval(bpf_op_alu, BPF_OP(code), "BPF_???");
- break;
- case BPF_JMP:
- tprints(" | ");
- printxval(bpf_src, BPF_SRC(code), "BPF_???");
- tprints(" | ");
- printxval(bpf_op_jmp, BPF_OP(code), "BPF_???");
- break;
- case BPF_RET:
- tprints(" | ");
- printxval(bpf_rval, BPF_RVAL(code), "BPF_???");
- i &= ~BPF_RVAL(code);
- if (i)
- tprintf(" | %#x /* %s */", i, "BPF_???");
- break;
- case BPF_MISC:
- tprints(" | ");
- printxval(bpf_miscop, BPF_MISCOP(code), "BPF_???");
- i &= ~BPF_MISCOP(code);
- if (i)
- tprintf(" | %#x /* %s */", i, "BPF_???");
- break;
- }
-
-}
-
-static void
-decode_bpf_stmt(const struct bpf_filter *filter)
-{
-#ifdef HAVE_LINUX_FILTER_H
- tprints("BPF_STMT(");
- decode_bpf_code(filter->code);
- tprints(", ");
- if (BPF_CLASS(filter->code) == BPF_RET) {
- unsigned int action = SECCOMP_RET_ACTION & filter->k;
- unsigned int data = filter->k & ~action;
-
- printxval(seccomp_ret_action, action, "SECCOMP_RET_???");
- if (data)
- tprintf(" | %#x)", data);
- else
- tprints(")");
- } else {
- tprintf("%#x)", filter->k);
- }
-#else
- tprintf("BPF_STMT(%#x, %#x)", filter->code, filter->k);
-#endif /* HAVE_LINUX_FILTER_H */
-}
-
-static void
-decode_bpf_jump(const struct bpf_filter *filter)
-{
-#ifdef HAVE_LINUX_FILTER_H
- tprints("BPF_JUMP(");
- decode_bpf_code(filter->code);
- tprintf(", %#x, %#x, %#x)",
- filter->k, filter->jt, filter->jf);
-#else
- tprintf("BPF_JUMP(%#x, %#x, %#x, %#x)",
- filter->code, filter->k, filter->jt, filter->jf);
-#endif /* HAVE_LINUX_FILTER_H */
-}
-
-static void
-decode_filter(const struct bpf_filter *filter)
-{
- if (filter->jt || filter->jf)
- decode_bpf_jump(filter);
- else
- decode_bpf_stmt(filter);
-}
-
-#endif /* HAVE_LINUX_FILTER_H */
-
-#ifndef BPF_MAXINSNS
-# define BPF_MAXINSNS 4096
-#endif
-
static void
-decode_fprog(struct tcb *tcp, unsigned short len, unsigned long addr)
-{
- if (!len || abbrev(tcp)) {
- tprintf("{len = %u, filter = ", len);
- printaddr(addr);
- tprints("}");
- } else {
- unsigned int i = 0;
-
- tprints("[");
- while (i < len && i < BPF_MAXINSNS) {
- struct bpf_filter filter;
-
- if (umove(tcp, addr, &filter) < 0)
- break;
- if (i)
- tprints(", ");
- decode_filter(&filter);
-
- addr += sizeof(filter);
- ++i;
- }
- if (i < len)
- tprints("...");
- tprints("]");
- }
-}
-
-void
-print_seccomp_filter(struct tcb *tcp, unsigned long addr)
-{
-#if SUPPORTED_PERSONALITIES > 1 && SIZEOF_LONG > 4
- if (current_wordsize == 4) {
- struct {
- unsigned short len;
- uint32_t filter;
- } fprog;
-
- if (!umove_or_printaddr(tcp, addr, &fprog))
- decode_fprog(tcp, fprog.len, fprog.filter);
- } else {
-#endif
- struct {
- unsigned short len;
- unsigned long filter;
- } fprog;
-
- if (!umove_or_printaddr(tcp, addr, &fprog))
- decode_fprog(tcp, fprog.len, fprog.filter);
-#if SUPPORTED_PERSONALITIES > 1 && SIZEOF_LONG > 4
- }
-#endif
-}
-
-static void
-decode_seccomp_set_mode_strict(unsigned int flags, unsigned long addr)
+decode_seccomp_set_mode_strict(const unsigned int flags,
+ const kernel_ulong_t addr)
{
tprintf("%u, ", flags);
printaddr(addr);
SYS_FUNC(seccomp)
{
- if (entering(tcp)) {
- unsigned int op = tcp->u_arg[0];
+ unsigned int op = tcp->u_arg[0];
- printxval(seccomp_ops, op, "SECCOMP_SET_MODE_???");
- tprints(", ");
+ printxval(seccomp_ops, op, "SECCOMP_SET_MODE_???");
+ tprints(", ");
- if (op == SECCOMP_SET_MODE_FILTER) {
- printflags(seccomp_filter_flags, tcp->u_arg[1],
- "SECCOMP_FILTER_FLAG_???");
- tprints(", ");
- print_seccomp_filter(tcp, tcp->u_arg[2]);
- } else {
- decode_seccomp_set_mode_strict(tcp->u_arg[1],
- tcp->u_arg[2]);
- }
+ if (op == SECCOMP_SET_MODE_FILTER) {
+ printflags(seccomp_filter_flags, tcp->u_arg[1],
+ "SECCOMP_FILTER_FLAG_???");
+ tprints(", ");
+ decode_seccomp_fprog(tcp, tcp->u_arg[2]);
+ } else {
+ decode_seccomp_set_mode_strict(tcp->u_arg[1],
+ tcp->u_arg[2]);
}
- return 0;
+
+ return RVAL_DECODED;
}