LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

seccomp.2: tfix 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2015-06-30 13:28:10 +02:00
parent 29218e62cc
commit 65cfc71220
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
man2/seccomp.2
View File

@ -257,7 +257,7 @@ struct seccomp_data {
.in
Because the numbers of system calls vary between architectures and
some architectures (e.g., X86-64) allow user-space code to use
some architectures (e.g., x86-64) allow user-space code to use
the calling conventions of multiple architectures, it is usually
necessary to verify the value of the
.IR arch
@ -274,7 +274,7 @@ a blacklist bypass.
The
.IR arch
field is not unique for all calling conventions.
The X86-64 ABI and the X32 ABI both use
The x86-64 ABI and the x32 ABI both use
.BR AUDIT_ARCH_X86_64
as
.IR arch ,
@ -283,7 +283,7 @@ Instead, the mask
.BR __X32_SYSCALL_BIT
is used on the system call number to tell the two ABIs apart.
This means that in order to create a seccomp-based
blacklist for system calls performed through the X86-64 ABI,
blacklist for system calls performed through the x86-64 ABI,
it is necessary to not only check that
.IR arch
equals
@ -298,10 +298,10 @@ When checking values from
against a blacklist, keep in mind that arguments are often
silently truncated before being processed, but after the seccomp check.
For example, this happens if the i386 ABI is used on an
X86-64 kernel: Although the kernel will normally not look beyond
x86-64 kernel: Although the kernel will normally not look beyond
the 32 lowest bits of the arguments, the values of the full
64-bit registers will be present in the seccomp data.
A less surprising example is that if the X86-64 ABI is used to perform
A less surprising example is that if the x86-64 ABI is used to perform
a system call that takes an argument of type
.IR int ,
the more-significant half of the argument register is ignored by
@ -678,7 +678,7 @@ static int
install_filter(int syscall_nr, int t_arch, int f_errno)
{
unsigned int upper_nr_limit = 0xffffffff;
/* assume that AUDIT_ARCH_X86_64 means the normal X86-64 ABI */
/* assume that AUDIT_ARCH_X86_64 means the normal x86-64 ABI */
if (t_arch == AUDIT_ARCH_X86_64)
upper_nr_limit = X32_SYSCALL_BIT - 1;
@ -697,7 +697,7 @@ install_filter(int syscall_nr, int t_arch, int f_errno)
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
/* [3] Check ABI - only needed for X86-64 in blacklist use
/* [3] Check ABI - only needed for x86-64 in blacklist use
cases. Use JGT instead of checking against the bit
mask to avoid having to reload the syscall number. */
BPF_JUMP(BPF_JMP | BPF_JGT | BPF_K, upper_nr_limit, 3, 0),