17 Commits

Author SHA1 Message Date
5d460ae383 seccomp: decode SECCOMP_GET_ACTION_AVAIL operation
* defs.h (seccomp_ret_action): New xlat prototype.
* seccomp.c (decode_seccomp_set_mode_strict): Remove.
(SYS_FUNC(seccomp)): Decode SECCOMP_GET_ACTION_AVAIL operation.
* NEWS: Mention this.
* tests/seccomp_get_action_avail.c: New file.
* tests/gen_tests.in (seccomp_get_action_avail): New entry.
* tests/pure_executables.list: Add seccomp_get_action_avail.
* tests/.gitignore: Likewise.
2017-11-02 00:21:57 +00:00
899220d28d Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.

Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.

* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 01:49:00 +00:00
cc5db1c893 Assume that <linux/filter.h> is always available
<linux/filter.h> was introduced in linux 2.1.75, way before
the minimal kernel version supported by strace.

* configure.ac (AC_CHECK_HEADERS): Remove linux/filter.h.
* seccomp.c: Assume HAVE_LINUX_FILTER_H.
* tests/prctl-seccomp-filter-v.c: Likewise.
* tests/seccomp-filter-v.c: Likewise.
* tests/seccomp-filter.c: Likewise.
2017-07-08 01:49:00 +00:00
Eugene Syromyatnikov
9d095c7860 Add copyright headers 2017-05-22 17:33:51 +00:00
c34952709d Introduce tprintf_comment and tprints_comment functions
* defs.h (tprintf_comment, tprints_comment): New prototypes.
* strace.c (tvprintf): New function.
(tprintf): Use it.
(tprintf_comment, tprints_comment): New functions.
* aio.c (tprint_lio_opcode): Use tprints_comment.
* dm.c (dm_decode_dm_target_spec, dm_decode_dm_target_deps,
dm_decode_dm_name_list, dm_decode_dm_target_versions,
dm_decode_dm_target_msg, dm_decode_string, dm_known_ioctl): Likewise.
* futex.c (SYS_FUNC(futex)): Likewise.
* perf.c (print_perf_event_attr): Likewise.
* seccomp.c (decode_bpf_code): Likewise.
* util.c (printxvals, printxval_searchn, printflags64): Likewise.
* btrfs.c (print_u64, btrfs_print_key_type, btrfs_print_objectid,
print_key_value_internal): Likewise.
(btrfs_ioctl): Use tprints_comment and tprintf_comment.
* dirent.c (SYS_FUNC(getdents)): Likewise.
* dirent64.c (SYS_FUNC(getdents64)): Likewise.
* execve.c (printargc): Use tprintf_comment.
* tests/btrfs.c (btrfs_test_get_dev_stats_ioctl,
btrfs_test_features_ioctls): Update expected output.
2017-04-24 19:31:54 +00:00
7fa3d78319 Automatically replace kernel_(scno|ureg)_t with kernel_ulong_t
Remove temporary types created for transition from long
to kernel_ulong_t.

Automatically replace kernel_scno_t and kernel_ureg_t with
kernel_ulong_t using
$ git grep -El 'kernel_(scno|ureg)_t' |
  xargs sed -ri 's/kernel_(scno|ureg)_t/kernel_ulong_t/g'

* kernel_types.h (kernel_scno_t, kernel_ureg_t): Remove.
All users updated.
2016-12-26 10:43:34 +00:00
fde482b82e print_seccomp_*: change address argument type from unsigned long to kernel_ureg_t
* defs.h (print_seccomp_filter, print_seccomp_fprog): Change
address argument type from unsigned long to kernel_ureg_t.
* seccomp.c (print_seccomp_filter, print_seccomp_fprog,
decode_seccomp_set_mode_strict): Likewise.
2016-12-23 19:26:57 +00:00
50a26514a5 Export print_seccomp_fprog for further use in parser of ptrace syscall
* defs.h (print_seccomp_fprog): New prototype.
* seccomp.c (print_seccomp_fprog): Remove "static" keyword.
Move printing of struct seccomp_fprog fields ...
(print_seccomp_filter): ... here.
2016-05-12 14:35:02 +00:00
f82dcd980d seccomp.c: use print_array function
* seccomp.c (decode_filter, decode_seccomp_fprog): Remove.
(print_bpf_filter): New function.
(print_seccomp_fprog): Use it via print_array.
* tests/seccomp-filter-v.c (main): Update.
2016-05-07 23:37:53 +00:00
6ba947f36e seccomp: fix decoding of sock_fprog and sock_filter structures
Always print struct sock_fprog.len.
Fix printing of unfetchable elements in sock_filter array.
Fix printing of large sock_filter arrays.

* seccomp.c (decode_fprog): Rewrite into decode_seccomp_fprog and
print_seccomp_fprog.
(print_seccomp_filter): Replace decode_fprog with print_seccomp_fprog.
* tests/prctl-seccomp-filter-v.c (main): Update.
* tests/seccomp-filter-v.c: New file.
* tests/seccomp-filter-v.test: New test.
* tests/.gitignore: Add seccomp-filter-v.
* tests/Makefile.am (check_PROGRAMS): Likewise.
(DECODER_TESTS): Add seccomp-filter-v.test.
2016-04-12 00:05:43 +00:00
3ea6a59802 seccomp: print SECCOMP_* and BPF_* constants in a more compact way
* seccomp.c (decode_bpf_code, decode_bpf_stmt): Replace " | " with "|".
* tests/prctl-seccomp-filter-v.c: Update.
2016-04-11 20:25:01 +00:00
7a12974e95 Convert parser of seccomp filter program to new mpers infrastructure
* seccomp_fprog.h: New file.
* fetch_seccomp_fprog.c: New file.
* Makefile.am (strace_SOURCES): Add them.
* seccomp.c: Include "seccomp_fprog.h".
(print_seccomp_filter): Use fetch_seccomp_fprog.
2015-09-20 00:02:26 +00:00
1252d26db8 seccomp.c: make use of RVAL_DECODED
* seccomp.c (sys_seccomp): Update for RVAL_DECODED.
2015-07-17 01:16:16 +00:00
931ebbfd92 seccomp.c: use printaddr and umove_or_printaddr
* seccomp.c (decode_fprog, decode_seccomp_set_mode_strict):
Use printaddr.
(print_seccomp_filter): Use umove_or_printaddr.
2015-07-17 01:16:16 +00:00
a0bd3749fc Declare syscall parsers using SYS_FUNC macro
Introduce SYS_FUNC macro to declare and define all syscall parsers.

* Makefile.am (BUILT_SOURCES, CLEANFILES): Add sys_func.h.
(sys_func.h): New rule.
* defs.h (SYS_FUNC_NAME, SYS_FUNC): New macros.
* linux/syscall.h: Include "sys_func.h".
[NEED_UID16_PARSERS]: Use SYS_FUNC to declare uid16 syscall parsers.
Remove other declarations.
* linux/alpha/syscallent.h (160, 161): Add sys_ prefix to osf_statfs
and osf_fstatfs syscall parsers.
* *.c: Use SYS_FUNC to define syscall parsers.
2015-04-07 11:22:49 +00:00
0a59454fb3 seccomp: fix fallback definitions of some SECCOMP_* constants
* seccomp.c (SECCOMP_SET_MODE_STRICT, SECCOMP_SET_MODE_FILTER,
SECCOMP_FILTER_FLAG_TSYNC): Remove fallback definitions.
* xlat/seccomp_filter_flags.in: Add default value.
* xlat/seccomp_ops.in: Add default values.
2015-02-19 20:30:01 +00:00
2af6903f45 Implement seccomp decoding
* configure.ac (AC_CHECK_HEADERS): Add linux/filter.h
and linux/seccomp.h.
* defs.h (print_seccomp_filter): New prototype.
* linux/dummy.h (sys_seccomp): Remove.
* linux/syscall.h (sys_seccomp): New prototype.
* prctl.c: Include <linux/seccomp.h>.
(sys_prctl): Decode PR_SET_SECCOMP.
* seccomp.c: New file.
* Makefile.am (strace_SOURCES): Add it.
* xlat/bpf_class.in: New file.
* xlat/bpf_miscop.in: Likewise.
* xlat/bpf_mode.in: Likewise.
* xlat/bpf_op_alu.in: Likewise.
* xlat/bpf_op_jmp.in: Likewise.
* xlat/bpf_rval.in: Likewise.
* xlat/bpf_size.in: Likewise.
* xlat/bpf_src.in: Likewise.
* xlat/seccomp_filter_flags.in: Likewise.
* xlat/seccomp_mode.in: Likewise.
* xlat/seccomp_ops.in: Likewise.
* xlat/seccomp_ret_action.in: Likewise.
2015-02-06 01:23:05 +00:00