diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-08-25 13:08:57 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-08-25 13:08:57 +0100 |
| commit | 235c82acca0491465e94be3cae2583b42d37c859 (patch) | |
| tree | a12df5de8c9021c524a7c4116c97d0f9f6d429ea | |
| parent | 17182bb47fe62ac6a005b325a7007488056f3a2d (diff) | |
| parent | 70dfabeaa79ba4d7a3b699abe1a047c8012db114 (diff) | |
Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180823' into staging
pull-seccomp-20180823
# gpg: Signature made Thu 23 Aug 2018 15:46:13 BST
# gpg: using RSA key DF32E7C0F0FFF9A2
# gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>"
# Primary key fingerprint: D67E 1B50 9374 86B4 0723 DBAB DF32 E7C0 F0FF F9A2
* remotes/otubo/tags/pull-seccomp-20180823:
seccomp: set the seccomp filter to all threads
configure: require libseccomp 2.2.0
seccomp: prefer SCMP_ACT_KILL_PROCESS if available
seccomp: use SIGSYS signal instead of killing the thread
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rwxr-xr-x | configure | 7 | ||||
| -rw-r--r-- | qemu-seccomp.c | 36 |
2 files changed, 37 insertions, 6 deletions
@@ -2228,13 +2228,10 @@ fi ########################################## # libseccomp check +libseccomp_minver="2.2.0" if test "$seccomp" != "no" ; then case "$cpu" in - i386|x86_64) - libseccomp_minver="2.1.0" - ;; - mips) - libseccomp_minver="2.2.0" + i386|x86_64|mips) ;; arm|aarch64) libseccomp_minver="2.2.3" diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 9cd8eb9499..4729eb107f 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -20,6 +20,7 @@ #include <sys/prctl.h> #include <seccomp.h> #include "sysemu/seccomp.h" +#include <linux/seccomp.h> /* For some architectures (notably ARM) cacheflush is not supported until * libseccomp 2.2.3, but configure enforces that we are using a more recent @@ -107,12 +108,40 @@ static const struct QemuSeccompSyscall blacklist[] = { { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL }, }; +static inline __attribute__((unused)) int +qemu_seccomp(unsigned int operation, unsigned int flags, void *args) +{ +#ifdef __NR_seccomp + return syscall(__NR_seccomp, operation, flags, args); +#else + errno = ENOSYS; + return -1; +#endif +} + +static uint32_t qemu_seccomp_get_kill_action(void) +{ +#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \ + defined(SECCOMP_RET_KILL_PROCESS) + { + uint32_t action = SECCOMP_RET_KILL_PROCESS; + + if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) { + return SCMP_ACT_KILL_PROCESS; + } + } +#endif + + return SCMP_ACT_TRAP; +} + static int seccomp_start(uint32_t seccomp_opts) { int rc = 0; unsigned int i = 0; scmp_filter_ctx ctx; + uint32_t action = qemu_seccomp_get_kill_action(); ctx = seccomp_init(SCMP_ACT_ALLOW); if (ctx == NULL) { @@ -120,12 +149,17 @@ static int seccomp_start(uint32_t seccomp_opts) goto seccomp_return; } + rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1); + if (rc != 0) { + goto seccomp_return; + } + for (i = 0; i < ARRAY_SIZE(blacklist); i++) { if (!(seccomp_opts & blacklist[i].set)) { continue; } - rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num, + rc = seccomp_rule_add_array(ctx, action, blacklist[i].num, blacklist[i].narg, blacklist[i].arg_cmp); if (rc < 0) { goto seccomp_return; |