aboutgitcodelistschat:MatrixIRC
Commit message (Collapse)AuthorAgeFilesLines
...
* ops: add op_nr and op_copyAlice Frosi2023-05-174-13/+112
| | | | | | | Add: - missing implementation for op_nr - op_copy to copy data - tests for op_nr and op_data
* filter: refactoring filterAlice Frosi2023-05-174-474/+419
| | | | | | | | | | | Attempt to simplify the filter build: - storing all the bpf_args in a common array and saving the index of each entry in filter_input - added new flag to filter_add_arg for append an argument to an entry - split large loop in filter_build in multiple functions - adjust and refactor tests/units/test_filter The tests in test_filter_build.c still need to be fixed
* filter: increment countAlice Frosi2023-05-161-1/+2
|
* cooker, seitan: Now with 100% more glutenStefano Brivio2023-05-1627-520/+1311
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pseudorandom changes and progress around cooker and seitan: - cooker: - rename matching functions, split match.c - fix up SELECT semantics - add some form of handling for all syscalls in the example (some stubs) - OP_CMP for all basic and compound types except for flags - link jumps to next block and next match - completed implementation of tags - gluten write - filter clean-ups, write filters (probably not working) - seitan: - load gluten and source instructions and data from there $ ./seitan-cooker cooker/example.hjson example.gluten example.bpf Parsing block 0 Parsing match 0: connect Found description for connect 0: OP_NR: if syscall number is not 0, jump to next block Parsing match argument fd setting tag reference 'fd' tag 'fd' now refers to seccomp data at 0 Parsing match argument addr allocating 128 at offset 0 1: OP_LOAD: #0 < args[1] (size: 128) C#0: (INT) 1 2: OP_CMP: if temporary data: #0 NE (size: 4) read-only data: #0, jump to next block C#4: (STRING:24) /var/run/pr-helper.sock 3: OP_CMP: if temporary data: #0 NE (size: 24) read-only data: #4, jump to next block Linking match... Linking block... linked jump of instruction #0 to #4 linked jump of instruction #2 to #4 linked jump of instruction #3 to #4 Parsing block 1 Parsing match 0: ioctl Found description for ioctl 4: OP_NR: if syscall number is not 112, jump to next block Parsing match argument path Parsing match argument request C#28: (INT) 1074025674 5: OP_CMP: if seccomp data: #1 NE (size: 4) read-only data: #28, jump to next block Parsing match argument ifr allocating 40 at offset 128 6: OP_LOAD: #128 < args[2] (size: 40) C#32: (STRING:5) tap0 7: OP_CMP: if temporary data: #128 NE (size: 5) read-only data: #32, jump to next block C#37: (INT) 1 8: OP_CMP: if temporary data: #128 NE (size: 4) read-only data: #37, jump to next block Linking match... Linking block... linked jump of instruction #4 to #9 linked jump of instruction #5 to #9 linked jump of instruction #7 to #9 linked jump of instruction #8 to #9 Parsing block 2 Parsing match 0: unshare Found description for unshare 9: OP_NR: if syscall number is not 164, jump to next block Parsing match argument flags Linking match... Linking block... linked jump of instruction #9 to #10 Parsing block 3 Parsing match 0: unshare Found description for unshare 10: OP_NR: if syscall number is not 164, jump to next block Parsing match argument flags Linking match... Linking block... linked jump of instruction #10 to #11 Parsing block 4 Parsing match 0: mknod Found description for mknod 11: OP_NR: if syscall number is not 164, jump to next block Parsing match argument path allocating 1 at offset 168 12: OP_LOAD: #168 < args[0] (size: 1) setting tag reference 'path' tag 'path' now refers to temporary data at 168 Parsing match argument mode Parsing match argument major Parsing match argument minor setting tag reference 'minor' tag 'minor' now refers to seccomp data at 2 Linking match... Linking block... linked jump of instruction #11 to #13 Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* ops: copy call args from glutenAlice Frosi2023-05-151-0/+5
|
* Adjust op_call with gluten_offsetAlice Frosi2023-05-115-70/+92
|
* gluten: remove unused enum value_typeAlice Frosi2023-05-111-5/+0
|
* Add missing license header to tests/unit/test_errors.cAlice Frosi2023-05-111-0/+5
|
* Clean-up error message and testAlice Frosi2023-05-115-58/+122
| | | | | | | | Refactoring error messages: - standardize error messages and functions - return on error instead of exit - test error when target doesn't exist - include ability to capture stderr and stdout in the tests
* ops: check for SECCOMP_DATAAlice Frosi2023-05-102-3/+6
| | | | Add check if offset type is SECCOMP_DATA and the seccomp request is set.
* seitan: add check for limits to op_cmpAlice Frosi2023-05-102-3/+39
| | | | Adding the offset limits checks and unit tests.
* Refactoring of gluten_read/writeAlice Frosi2023-05-105-60/+86
| | | | | | | | Refactor includes: - use static inline instead of macro - return -1 if there is an error and don't exit - eval return 0 or -1 - adjust code and tests
* gluten: check limitsAlice Frosi2023-05-095-11/+183
| | | | | | Add bounds checking: - if offset is larger then the maximum per offset type - if memcpy is reading/writing inside gluten
* test: fix operationsAlice Frosi2023-05-085-274/+244
| | | | Adjust the tests after the refactoring and to use struct gluten_offset
* seitan: refactor operationsAlice Frosi2023-05-084-188/+231
| | | | | | | | | | | Refactoring: - rename do_operations to eval and reduce the number of arguments - create macro HANDLE_OP - rename all functions with op_*(operation name) - exposed the op_* functions in the operations.h Fixes: - use pread for op_load
* cooker updates spilling all over the placeStefano Brivio2023-05-0215-283/+677
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only tangentially related: - make seitan C99 again, so that I can build cooker without warnings - make Makefiles make use of the usual conventions about assigning directory paths in variables, drop numbers.h as requirement for cooker and make it convenient to run stand-alone Makefiles - fix up nr_syscalls.sh to be POSIX, otherwise it will give syntax errors on my system - define a single, common way to refer to offsets in gluten, and functions to use those offsets in a safe way. Immediates are gone: cooker will write any bit of "data" to the read-only section - call const what has to be const - define on-disk layout for gluten - add OP_NR (to check syscall numbers), rename OP_COPY_ARGS to OP_LOAD (it loads _selected_ stuff from arguments) As for cooker itself: - drop ARG_ and arg_ prefixes from struct names, and similar - add/rework functions to build OP_NR, OP_LOAD, OP_CMP, and to write constant data to gluten - add parsing for "compound" arguments, but that's not completely hooked into evaluation for numeric arguments yet Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* filter: add missing license headerAlice Frosi2023-04-252-0/+10
|
* filter: remove logging partAlice Frosi2023-04-252-20/+3
| | | | The logging will be handled different using op_log
* seitan: use functions from util.hAlice Frosi2023-04-252-7/+8
|
* seitan: remove unused optionsAlice Frosi2023-04-251-108/+3
|
* test: uncomment testAlice Frosi2023-04-211-1/+1
|
* test: test various values for op_cmp_typeAlice Frosi2023-04-211-8/+83
|
* Add op_cmp typeAlice Frosi2023-04-212-5/+25
|
* tests: clean-up created fileAlice Frosi2023-04-212-1/+3
|
* operations: fix bug into the reference injectionAlice Frosi2023-04-211-2/+2
|
* operation: remove pid and idAlice Frosi2023-04-213-34/+36
| | | | | Pid and id are reduandant fields as the information are already included in the seccomp request
* Replace argp with getoptAlice Frosi2023-04-202-86/+90
|
* Makefile: fix compilation for cooker for missing numbers.hAlice Frosi2023-04-181-2/+2
|
* filter: clean-up unused functionsAlice Frosi2023-04-181-28/+4
|
* test: fix test filter with the new filter buildAlice Frosi2023-04-181-94/+101
|
* filter: remove superfluous jumpsAlice Frosi2023-04-181-25/+25
|
* test: add test for and_neAlice Frosi2023-04-181-10/+38
|
* filter: add and_ne operationAlice Frosi2023-04-181-4/+39
|
* test: add unit test for and operationAlice Frosi2023-04-181-0/+66
|
* filter: add and operationAlice Frosi2023-04-182-10/+57
|
* Fix filter offset for gt and ltAlice Frosi2023-04-141-2/+2
|
* Add test for BPF filter comparison operationsAlice Frosi2023-04-141-28/+110
|
* Add comparison operations to the BPF filterAlice Frosi2023-04-131-2/+20
|
* Fix testsAlice Frosi2023-04-135-29/+35
|
* Fix offset after refactoringAlice Frosi2023-04-121-1/+5
|
* Refactor tests to use same struct arg as the filterAlice Frosi2023-04-126-43/+45
|
* Add other comparison operation for the BPF filterAlice Frosi2023-04-124-39/+122
|
* filter: define arg_cmp and arg_typeAlice Frosi2023-04-066-49/+56
|
* Refactor makefileAlice Frosi2023-04-061-12/+20
|
* Add support for 64 bits argumentsAlice Frosi2023-04-066-34/+195
|
* fix filter testAlice Frosi2023-04-032-85/+72
|
* filter: fix filterAlice Frosi2023-04-034-56/+133
| | | | | An additional notification is need either when we jump from an instruction without arguments then at the end of the argument checks.
* filter: load argument to checkAlice Frosi2023-03-312-1/+10
|
* tests: add tests for filtering the syscallsAlice Frosi2023-03-314-3/+122
|
* test: moving shareable function in a separate fileAlice Frosi2023-03-304-176/+238
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 16:42:51 +0000