|
Packit Service |
8eee21 |
/**
|
|
Packit Service |
8eee21 |
* Enhanced Seccomp Architecture Sycall Checker
|
|
Packit Service |
8eee21 |
*
|
|
Packit Service |
8eee21 |
* Copyright (c) 2014 Red Hat <pmoore@redhat.com>
|
|
Packit Service |
8eee21 |
* Author: Paul Moore <paul@paul-moore.com>
|
|
Packit Service |
8eee21 |
*
|
|
Packit Service |
8eee21 |
*/
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
/*
|
|
Packit Service |
8eee21 |
* This library is free software; you can redistribute it and/or modify it
|
|
Packit Service |
8eee21 |
* under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
Packit Service |
8eee21 |
* published by the Free Software Foundation.
|
|
Packit Service |
8eee21 |
*
|
|
Packit Service |
8eee21 |
* This library is distributed in the hope that it will be useful, but WITHOUT
|
|
Packit Service |
8eee21 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
Packit Service |
8eee21 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
Packit Service |
8eee21 |
* for more details.
|
|
Packit Service |
8eee21 |
*
|
|
Packit Service |
8eee21 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
8eee21 |
* along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
Packit Service |
8eee21 |
*/
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
#include <stdlib.h>
|
|
Packit Service |
8eee21 |
#include <stdio.h>
|
|
Packit Service |
8eee21 |
#include <string.h>
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
#include "arch.h"
|
|
Packit Service |
8eee21 |
#include "arch-x86.h"
|
|
Packit Service |
8eee21 |
#include "arch-x86_64.h"
|
|
Packit Service |
8eee21 |
#include "arch-x32.h"
|
|
Packit Service |
8eee21 |
#include "arch-arm.h"
|
|
Packit Service |
8eee21 |
#include "arch-aarch64.h"
|
|
Packit Service |
8eee21 |
#include "arch-mips.h"
|
|
Packit Service |
8eee21 |
#include "arch-mips64.h"
|
|
Packit Service |
8eee21 |
#include "arch-mips64n32.h"
|
|
Packit Service |
8eee21 |
#include "arch-parisc.h"
|
|
Packit Service |
8eee21 |
#include "arch-ppc.h"
|
|
Packit Service |
8eee21 |
#include "arch-ppc64.h"
|
|
Packit Service |
8eee21 |
#include "arch-s390.h"
|
|
Packit Service |
8eee21 |
#include "arch-s390x.h"
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
/**
|
|
Packit Service |
8eee21 |
* compare the syscall values
|
|
Packit Service |
8eee21 |
* @param str_miss the other bad architectures
|
|
Packit Service |
8eee21 |
* @param syscall the syscall string to compare against
|
|
Packit Service |
8eee21 |
* @param arch_name the name of the arch being tested
|
|
Packit Service |
8eee21 |
* @param arch_sys the syscall name to compare
|
|
Packit Service |
8eee21 |
*
|
|
Packit Service |
8eee21 |
* Compare the syscall names and update @str_miss if necessary.
|
|
Packit Service |
8eee21 |
*
|
|
Packit Service |
8eee21 |
*/
|
|
Packit Service |
8eee21 |
void syscall_check(char *str_miss, const char *syscall,
|
|
Packit Service |
8eee21 |
const char *arch_name, const struct arch_syscall_def *sys)
|
|
Packit Service |
8eee21 |
{
|
|
Packit Service |
8eee21 |
if (strcmp(syscall, sys->name)) {
|
|
Packit Service |
8eee21 |
if (str_miss[0] != '\0')
|
|
Packit Service |
8eee21 |
strcat(str_miss, ",");
|
|
Packit Service |
8eee21 |
strcat(str_miss, arch_name);
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
/**
|
|
Packit Service |
8eee21 |
* main
|
|
Packit Service |
8eee21 |
*/
|
|
Packit Service |
8eee21 |
int main(int argc, char *argv[])
|
|
Packit Service |
8eee21 |
{
|
|
Packit Service |
8eee21 |
int i_x86 = 0;
|
|
Packit Service |
8eee21 |
int i_x86_64 = 0;
|
|
Packit Service |
8eee21 |
int i_x32 = 0;
|
|
Packit Service |
8eee21 |
int i_arm = 0;
|
|
Packit Service |
8eee21 |
int i_aarch64 = 0;
|
|
Packit Service |
8eee21 |
int i_mips = 0;
|
|
Packit Service |
8eee21 |
int i_mips64 = 0;
|
|
Packit Service |
8eee21 |
int i_mips64n32 = 0;
|
|
Packit Service |
8eee21 |
int i_parisc = 0;
|
|
Packit Service |
8eee21 |
int i_ppc = 0;
|
|
Packit Service |
8eee21 |
int i_ppc64 = 0;
|
|
Packit Service |
8eee21 |
int i_s390 = 0;
|
|
Packit Service |
8eee21 |
int i_s390x = 0;
|
|
Packit Service |
8eee21 |
char str_miss[256];
|
|
Packit Service |
8eee21 |
const char *sys_name;
|
|
Packit Service |
8eee21 |
const struct arch_syscall_def *sys;
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
do {
|
|
Packit Service |
8eee21 |
str_miss[0] = '\0';
|
|
Packit Service |
8eee21 |
sys = x86_syscall_iterate(i_x86);
|
|
Packit Service |
8eee21 |
if (sys == NULL || sys->name == NULL) {
|
|
Packit Service |
8eee21 |
printf("FAULT\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
sys_name = sys->name;
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
/* check each arch using x86 as the reference */
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "x86_64",
|
|
Packit Service |
8eee21 |
x86_64_syscall_iterate(i_x86_64));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "x32",
|
|
Packit Service |
8eee21 |
x32_syscall_iterate(i_x32));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "arm",
|
|
Packit Service |
8eee21 |
arm_syscall_iterate(i_arm));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "aarch64",
|
|
Packit Service |
8eee21 |
aarch64_syscall_iterate(i_aarch64));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "mips",
|
|
Packit Service |
8eee21 |
mips_syscall_iterate(i_mips));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "mips64",
|
|
Packit Service |
8eee21 |
mips64_syscall_iterate(i_mips64));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "mips64n32",
|
|
Packit Service |
8eee21 |
mips64n32_syscall_iterate(i_mips64n32));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "parisc",
|
|
Packit Service |
8eee21 |
parisc_syscall_iterate(i_parisc));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "ppc",
|
|
Packit Service |
8eee21 |
ppc_syscall_iterate(i_ppc));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "ppc64",
|
|
Packit Service |
8eee21 |
ppc64_syscall_iterate(i_ppc64));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "s390",
|
|
Packit Service |
8eee21 |
s390_syscall_iterate(i_s390));
|
|
Packit Service |
8eee21 |
syscall_check(str_miss, sys_name, "s390x",
|
|
Packit Service |
8eee21 |
s390x_syscall_iterate(i_s390x));
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
/* output the results */
|
|
Packit Service |
8eee21 |
printf("%s: ", sys_name);
|
|
Packit Service |
8eee21 |
if (str_miss[0] != '\0') {
|
|
Packit Service |
8eee21 |
printf("MISS(%s)\n", str_miss);
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
} else
|
|
Packit Service |
8eee21 |
printf("OK\n");
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
/* next */
|
|
Packit Service |
8eee21 |
if (x86_syscall_iterate(i_x86 + 1)->name)
|
|
Packit Service |
8eee21 |
i_x86++;
|
|
Packit Service |
8eee21 |
if (!x86_64_syscall_iterate(++i_x86_64)->name)
|
|
Packit Service |
8eee21 |
i_x86_64 = -1;
|
|
Packit Service |
8eee21 |
if (!x32_syscall_iterate(++i_x32)->name)
|
|
Packit Service |
8eee21 |
i_x32 = -1;
|
|
Packit Service |
8eee21 |
if (!arm_syscall_iterate(++i_arm)->name)
|
|
Packit Service |
8eee21 |
i_arm = -1;
|
|
Packit Service |
8eee21 |
if (!aarch64_syscall_iterate(++i_aarch64)->name)
|
|
Packit Service |
8eee21 |
i_aarch64 = -1;
|
|
Packit Service |
8eee21 |
if (!mips_syscall_iterate(++i_mips)->name)
|
|
Packit Service |
8eee21 |
i_mips = -1;
|
|
Packit Service |
8eee21 |
if (!mips64_syscall_iterate(++i_mips64)->name)
|
|
Packit Service |
8eee21 |
i_mips64 = -1;
|
|
Packit Service |
8eee21 |
if (!mips64n32_syscall_iterate(++i_mips64n32)->name)
|
|
Packit Service |
8eee21 |
i_mips64n32 = -1;
|
|
Packit Service |
8eee21 |
if (!parisc_syscall_iterate(++i_parisc)->name)
|
|
Packit Service |
8eee21 |
i_parisc = -1;
|
|
Packit Service |
8eee21 |
if (!ppc_syscall_iterate(++i_ppc)->name)
|
|
Packit Service |
8eee21 |
i_ppc = -1;
|
|
Packit Service |
8eee21 |
if (!ppc64_syscall_iterate(++i_ppc64)->name)
|
|
Packit Service |
8eee21 |
i_ppc64 = -1;
|
|
Packit Service |
8eee21 |
if (!s390_syscall_iterate(++i_s390)->name)
|
|
Packit Service |
8eee21 |
i_s390 = -1;
|
|
Packit Service |
8eee21 |
if (!s390x_syscall_iterate(++i_s390x)->name)
|
|
Packit Service |
8eee21 |
i_s390x = -1;
|
|
Packit Service |
8eee21 |
} while (i_x86_64 >= 0 && i_x32 >= 0 &&
|
|
Packit Service |
8eee21 |
i_arm >= 0 && i_aarch64 >= 0 &&
|
|
Packit Service |
8eee21 |
i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
|
|
Packit Service |
8eee21 |
i_parisc >= 0 &&
|
|
Packit Service |
8eee21 |
i_ppc >= 0 && i_ppc64 >= 0 &&
|
|
Packit Service |
8eee21 |
i_s390 >= 0 && i_s390x >= 0);
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
/* check for any leftovers */
|
|
Packit Service |
8eee21 |
sys = x86_syscall_iterate(i_x86 + 1);
|
|
Packit Service |
8eee21 |
if (sys->name) {
|
|
Packit Service |
8eee21 |
printf("ERROR, x86 has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_x86_64 >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, x86_64 has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_x32 >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, x32 has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_arm >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, arm has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_aarch64 >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, aarch64 has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_mips >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, mips has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_mips64 >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, mips64 has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_mips64n32 >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, mips64n32 has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_parisc >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, parisc has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_ppc >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, ppc has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_ppc64 >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, ppc64 has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_s390 >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, s390 has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
if (i_s390x >= 0) {
|
|
Packit Service |
8eee21 |
printf("ERROR, s390x has additional syscalls\n");
|
|
Packit Service |
8eee21 |
return 1;
|
|
Packit Service |
8eee21 |
}
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
/* if we made it here, all is good */
|
|
Packit Service |
8eee21 |
return 0;
|
|
Packit Service |
8eee21 |
}
|