Commit 235c82ac authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180823' into staging 



pull-seccomp-20180823

# gpg: Signature made Thu 23 Aug 2018 15:46:13 BST
# gpg:                using RSA key DF32E7C0F0FFF9A2
# gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>"
# Primary key fingerprint: D67E 1B50 9374 86B4 0723  DBAB DF32 E7C0 F0FF F9A2

* remotes/otubo/tags/pull-seccomp-20180823:
  seccomp: set the seccomp filter to all threads
  configure: require libseccomp 2.2.0
  seccomp: prefer SCMP_ACT_KILL_PROCESS if available
  seccomp: use SIGSYS signal instead of killing the thread

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 17182bb4 70dfabea

configure

+2 −5
Original line number Diff line number Diff line
@@ -2228,13 +2228,10 @@ fi 
##########################################

# libseccomp check



libseccomp_minver="2.2.0"

if test "$seccomp" != "no" ; then

    case "$cpu" in

    i386|x86_64)

        libseccomp_minver="2.1.0"

        ;;

    mips)

        libseccomp_minver="2.2.0"

    i386|x86_64|mips)

        ;;

    arm|aarch64)

        libseccomp_minver="2.2.3"

qemu-seccomp.c

+35 −1
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ 
#include <sys/prctl.h>

#include <seccomp.h>

#include "sysemu/seccomp.h"

#include <linux/seccomp.h>



/* For some architectures (notably ARM) cacheflush is not supported until

 * libseccomp 2.2.3, but configure enforces that we are using a more recent
@@ -107,12 +108,40 @@ static const struct QemuSeccompSyscall blacklist[] = { 
    { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },

};



static inline __attribute__((unused)) int

qemu_seccomp(unsigned int operation, unsigned int flags, void *args)

{

#ifdef __NR_seccomp

    return syscall(__NR_seccomp, operation, flags, args);

#else

    errno = ENOSYS;

    return -1;

#endif

}



static uint32_t qemu_seccomp_get_kill_action(void)

{

#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \

    defined(SECCOMP_RET_KILL_PROCESS)

    {

        uint32_t action = SECCOMP_RET_KILL_PROCESS;



        if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {

            return SCMP_ACT_KILL_PROCESS;

        }

    }

#endif



    return SCMP_ACT_TRAP;

}





static int seccomp_start(uint32_t seccomp_opts)

{

    int rc = 0;

    unsigned int i = 0;

    scmp_filter_ctx ctx;

    uint32_t action = qemu_seccomp_get_kill_action();



    ctx = seccomp_init(SCMP_ACT_ALLOW);

    if (ctx == NULL) {
@@ -120,12 +149,17 @@ static int seccomp_start(uint32_t seccomp_opts) 
        goto seccomp_return;

    }



    rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);

    if (rc != 0) {

        goto seccomp_return;

    }



    for (i = 0; i < ARRAY_SIZE(blacklist); i++) {

        if (!(seccomp_opts & blacklist[i].set)) {

            continue;

        }



        rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num,

        rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,

                                    blacklist[i].narg, blacklist[i].arg_cmp);

        if (rc < 0) {

            goto seccomp_return;