diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2023-05-16 03:19:01 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-05-16 07:20:25 +0200 |
| commit | 7ab2bda2e69d4a862572be4b5e389a6aa864470d (patch) | |
| tree | fa9653204a4ab9581b76499c95d76d16d467301d /common | |
| parent | 049bd1ca828da835f2903b88adcf9ce0bdacd6e4 (diff) | |
| download | seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.gz seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.bz2 seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.lz seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.xz seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.zst seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.zip | |
cooker, seitan: Now with 100% more gluten
Pseudorandom changes and progress around cooker and seitan:
- cooker:
- rename matching functions, split match.c
- fix up SELECT semantics
- add some form of handling for all syscalls in the example
(some stubs)
- OP_CMP for all basic and compound types except for flags
- link jumps to next block and next match
- completed implementation of tags
- gluten write
- filter clean-ups, write filters (probably not working)
- seitan:
- load gluten and source instructions and data from there
$ ./seitan-cooker cooker/example.hjson example.gluten example.bpf
Parsing block 0
Parsing match 0: connect
Found description for connect
0: OP_NR: if syscall number is not 0, jump to next block
Parsing match argument fd
setting tag reference 'fd'
tag 'fd' now refers to seccomp data at 0
Parsing match argument addr
allocating 128 at offset 0
1: OP_LOAD: #0 < args[1] (size: 128)
C#0: (INT) 1
2: OP_CMP: if temporary data: #0 NE (size: 4) read-only data: #0, jump to next block
C#4: (STRING:24) /var/run/pr-helper.sock
3: OP_CMP: if temporary data: #0 NE (size: 24) read-only data: #4, jump to next block
Linking match...
Linking block...
linked jump of instruction #0 to #4
linked jump of instruction #2 to #4
linked jump of instruction #3 to #4
Parsing block 1
Parsing match 0: ioctl
Found description for ioctl
4: OP_NR: if syscall number is not 112, jump to next block
Parsing match argument path
Parsing match argument request
C#28: (INT) 1074025674
5: OP_CMP: if seccomp data: #1 NE (size: 4) read-only data: #28, jump to next block
Parsing match argument ifr
allocating 40 at offset 128
6: OP_LOAD: #128 < args[2] (size: 40)
C#32: (STRING:5) tap0
7: OP_CMP: if temporary data: #128 NE (size: 5) read-only data: #32, jump to next block
C#37: (INT) 1
8: OP_CMP: if temporary data: #128 NE (size: 4) read-only data: #37, jump to next block
Linking match...
Linking block...
linked jump of instruction #4 to #9
linked jump of instruction #5 to #9
linked jump of instruction #7 to #9
linked jump of instruction #8 to #9
Parsing block 2
Parsing match 0: unshare
Found description for unshare
9: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument flags
Linking match...
Linking block...
linked jump of instruction #9 to #10
Parsing block 3
Parsing match 0: unshare
Found description for unshare
10: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument flags
Linking match...
Linking block...
linked jump of instruction #10 to #11
Parsing block 4
Parsing match 0: mknod
Found description for mknod
11: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument path
allocating 1 at offset 168
12: OP_LOAD: #168 < args[0] (size: 1)
setting tag reference 'path'
tag 'path' now refers to temporary data at 168
Parsing match argument mode
Parsing match argument major
Parsing match argument minor
setting tag reference 'minor'
tag 'minor' now refers to seccomp data at 2
Linking match...
Linking block...
linked jump of instruction #11 to #13
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'common')
| -rw-r--r-- | common/gluten.h | 10 | ||||
| -rw-r--r-- | common/util.c | 5 |
2 files changed, 12 insertions, 3 deletions
diff --git a/common/gluten.h b/common/gluten.h index 3df638e..ff29caa 100644 --- a/common/gluten.h +++ b/common/gluten.h @@ -10,6 +10,7 @@ #include <stddef.h> #include <stdint.h> #include <stdbool.h> +#include <sys/types.h> #include <linux/seccomp.h> #include <stdio.h> @@ -39,6 +40,8 @@ enum gluten_offset_type { OFFSET_TYPE_MAX = OFFSET_INSTRUCTION, }; +extern const char *gluten_offset_name[OFFSET_TYPE_MAX + 1]; + struct gluten_offset { #ifdef __GNUC__ enum gluten_offset_type type : BITS_PER_NUM(OFFSET_TYPE_MAX); @@ -89,6 +92,8 @@ struct op_context { }; enum op_type { + OP_END = 0, + OP_NR, OP_CALL, OP_BLOCK, OP_CONT, @@ -98,7 +103,6 @@ enum op_type { OP_LOAD, OP_CMP, OP_RESOLVEDFD, - OP_END, }; struct op_nr { @@ -147,7 +151,7 @@ struct op_cmp { struct gluten_offset y; size_t size; enum op_cmp_type cmp; - unsigned int jmp; + struct gluten_offset jmp; }; struct op_resolvedfd { @@ -237,7 +241,7 @@ static inline const void *gluten_ptr(const struct seccomp_data *s, if (!is_offset_valid(x)) return NULL; - if(x.type == OFFSET_SECCOMP_DATA && s == NULL) + if (x.type == OFFSET_SECCOMP_DATA && s == NULL) return NULL; switch (x.type) { diff --git a/common/util.c b/common/util.c index a2ecce0..3a4b2e5 100644 --- a/common/util.c +++ b/common/util.c @@ -12,6 +12,8 @@ #include <stdarg.h> #include <string.h> +#include "gluten.h" + #define logfn(name) \ void name(const char *format, ...) { \ va_list args; \ @@ -27,3 +29,6 @@ logfn(err) logfn(info) logfn(debug) +const char *gluten_offset_name[OFFSET_TYPE_MAX + 1] = { + "read-only data", "temporary data", "seccomp data", "instruction area" +}; |