From 3e88c6f2b179062160d018aa9da2926dbd185f28 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Thu, 28 Jan 2021 20:10:46 +0000 Subject: [PATCH] jail/seccomp: add support for aarch64 Add support for Aarch64 in utrace and ujail. Sort and unify architecture-specific definitions in headers. Use new PTRACE_GET_SYSCALL_INFO call (available since Linux 5.3), for now only for aarch64, but this may potentially unify things and get rid of some #ifdef'ery for other platforms as well. Signed-off-by: Daniel Golle --- jail/seccomp-bpf.h | 25 ++++++++++++++----------- trace/trace.c | 23 ++++++++++++++++------- 2 files changed, 30 insertions(+), 18 deletions(-) diff --git a/jail/seccomp-bpf.h b/jail/seccomp-bpf.h index bd59ac8..077483f 100644 --- a/jail/seccomp-bpf.h +++ b/jail/seccomp-bpf.h @@ -64,19 +64,12 @@ struct seccomp_data { #define arch_nr (offsetof(struct seccomp_data, arch)) #define syscall_arg(x) (offsetof(struct seccomp_data, args[x])) -#if defined(__i386__) -# define REG_SYSCALL REG_EAX -# define ARCH_NR AUDIT_ARCH_I386 -#elif defined(__x86_64__) +#if defined(__aarch64__) +# define REG_SYSCALL regs.regs[8] +# define ARCH_NR AUDIT_ARCH_AARCH64 +#elif defined(__amd64__) # define REG_SYSCALL REG_RAX # define ARCH_NR AUDIT_ARCH_X86_64 -#elif defined(__mips__) -# define REG_SYSCALL regs[2] -# if __BYTE_ORDER == __LITTLE_ENDIAN -# define ARCH_NR AUDIT_ARCH_MIPSEL -# else -# define ARCH_NR AUDIT_ARCH_MIPS -# endif #elif defined(__arm__) && (defined(__ARM_EABI__) || defined(__thumb__)) # define REG_SYSCALL regs.uregs[7] # if __BYTE_ORDER == __LITTLE_ENDIAN @@ -84,6 +77,16 @@ struct seccomp_data { # else # define ARCH_NR AUDIT_ARCH_ARMEB # endif +#elif defined(__i386__) +# define REG_SYSCALL REG_EAX +# define ARCH_NR AUDIT_ARCH_I386 +#elif defined(__mips__) +# define REG_SYSCALL regs[2] +# if __BYTE_ORDER == __LITTLE_ENDIAN +# define ARCH_NR AUDIT_ARCH_MIPSEL +# else +# define ARCH_NR AUDIT_ARCH_MIPS +# endif #elif defined(__PPC__) # define REG_SYSCALL regs.gpr[0] # define ARCH_NR AUDIT_ARCH_PPC diff --git a/trace/trace.c b/trace/trace.c index 977396a..2fd27b8 100644 --- a/trace/trace.c +++ b/trace/trace.c @@ -48,8 +48,16 @@ #define _offsetof(a, b) __builtin_offsetof(a,b) #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) -#ifdef __amd64__ +#if defined (__aarch64__) +#include +#elif defined(__amd64__) #define reg_syscall_nr _offsetof(struct user, regs.orig_rax) +#elif defined(__arm__) +#include /* for PTRACE_SET_SYSCALL */ +#define reg_syscall_nr _offsetof(struct user, regs.uregs[7]) +# if defined(__ARM_EABI__) +# define reg_retval_nr _offsetof(struct user, regs.uregs[0]) +# endif #elif defined(__i386__) #define reg_syscall_nr _offsetof(struct user, regs.orig_eax) #elif defined(__mips) @@ -57,12 +65,6 @@ # define EF_REG2 8 # endif #define reg_syscall_nr (EF_REG2 / 4) -#elif defined(__arm__) -#include /* for PTRACE_SET_SYSCALL */ -#define reg_syscall_nr _offsetof(struct user, regs.uregs[7]) -# if defined(__ARM_EABI__) -# define reg_retval_nr _offsetof(struct user, regs.uregs[0]) -# endif #elif defined(__PPC__) #define reg_syscall_nr _offsetof(struct user, regs.gpr[0]) #define reg_retval_nr _offsetof(struct user, regs.gpr[3]) @@ -208,7 +210,14 @@ static void tracer_cb(struct uloop_process *c, int ret) if (WIFSTOPPED(ret) || (ret >> 16)) { if (WSTOPSIG(ret) & 0x80) { if (!tracee->in_syscall) { +#ifdef __aarch64__ + int syscall = -1; + struct ptrace_syscall_info ptsi = {.op=PTRACE_SYSCALL_INFO_ENTRY}; + if (ptrace(PTRACE_GET_SYSCALL_INFO, c->pid, sizeof(ptsi), &ptsi) != -1) + syscall = ptsi.entry.nr; +#else int syscall = ptrace(PTRACE_PEEKUSER, c->pid, reg_syscall_nr); +#endif int i = syscall_index(syscall); if (i >= 0) { syscall_count[i]++; -- 2.30.2