diff options
| author | Mathias Svensson <idolf@google.com> | 2017-01-06 16:32:39 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-03-12 00:41:46 -0500 |
| commit | d6407e10bcf540a67afbeca83e60a4323cba8b33 (patch) | |
| tree | b580a7e2b92b7c2797edd8c8fa0cdfb427624b11 | |
| parent | d6dcec965bc53eb375e50642b3b1abb9b835c2a7 (diff) | |
samples/seccomp: fix 64-bit comparison macros
commit 916cafdc95843fb9af5fd5f83ca499d75473d107 upstream.
There were some bugs in the JNE64 and JLT64 comparision macros. This fixes
them, improves comments, and cleans up the file while we are at it.
Reported-by: Stephen Röttger <sroettger@google.com>
Signed-off-by: Mathias Svensson <idolf@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | samples/seccomp/bpf-helper.h | 125 |
1 files changed, 72 insertions, 53 deletions
diff --git a/samples/seccomp/bpf-helper.h b/samples/seccomp/bpf-helper.h index 38ee70f3cd5b..1d8de9edd858 100644 --- a/samples/seccomp/bpf-helper.h +++ b/samples/seccomp/bpf-helper.h | |||
| @@ -138,7 +138,7 @@ union arg64 { | |||
| 138 | #define ARG_32(idx) \ | 138 | #define ARG_32(idx) \ |
| 139 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, LO_ARG(idx)) | 139 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, LO_ARG(idx)) |
| 140 | 140 | ||
| 141 | /* Loads hi into A and lo in X */ | 141 | /* Loads lo into M[0] and hi into M[1] and A */ |
| 142 | #define ARG_64(idx) \ | 142 | #define ARG_64(idx) \ |
| 143 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, LO_ARG(idx)), \ | 143 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, LO_ARG(idx)), \ |
| 144 | BPF_STMT(BPF_ST, 0), /* lo -> M[0] */ \ | 144 | BPF_STMT(BPF_ST, 0), /* lo -> M[0] */ \ |
| @@ -153,88 +153,107 @@ union arg64 { | |||
| 153 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (value), 1, 0), \ | 153 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (value), 1, 0), \ |
| 154 | jt | 154 | jt |
| 155 | 155 | ||
| 156 | /* Checks the lo, then swaps to check the hi. A=lo,X=hi */ | 156 | #define JA32(value, jt) \ |
| 157 | BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (value), 0, 1), \ | ||
| 158 | jt | ||
| 159 | |||
| 160 | #define JGE32(value, jt) \ | ||
| 161 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (value), 0, 1), \ | ||
| 162 | jt | ||
| 163 | |||
| 164 | #define JGT32(value, jt) \ | ||
| 165 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (value), 0, 1), \ | ||
| 166 | jt | ||
| 167 | |||
| 168 | #define JLE32(value, jt) \ | ||
| 169 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (value), 1, 0), \ | ||
| 170 | jt | ||
| 171 | |||
| 172 | #define JLT32(value, jt) \ | ||
| 173 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (value), 1, 0), \ | ||
| 174 | jt | ||
| 175 | |||
| 176 | /* | ||
| 177 | * All the JXX64 checks assume lo is saved in M[0] and hi is saved in both | ||
| 178 | * A and M[1]. This invariant is kept by restoring A if necessary. | ||
| 179 | */ | ||
| 157 | #define JEQ64(lo, hi, jt) \ | 180 | #define JEQ64(lo, hi, jt) \ |
| 181 | /* if (hi != arg.hi) goto NOMATCH; */ \ | ||
| 158 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ | 182 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ |
| 159 | BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \ | 183 | BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \ |
| 184 | /* if (lo != arg.lo) goto NOMATCH; */ \ | ||
| 160 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (lo), 0, 2), \ | 185 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (lo), 0, 2), \ |
| 161 | BPF_STMT(BPF_LD+BPF_MEM, 1), /* passed: swap hi back in */ \ | 186 | BPF_STMT(BPF_LD+BPF_MEM, 1), \ |
| 162 | jt, \ | 187 | jt, \ |
| 163 | BPF_STMT(BPF_LD+BPF_MEM, 1) /* failed: swap hi back in */ | 188 | BPF_STMT(BPF_LD+BPF_MEM, 1) |
| 164 | 189 | ||
| 165 | #define JNE64(lo, hi, jt) \ | 190 | #define JNE64(lo, hi, jt) \ |
| 166 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 5, 0), \ | 191 | /* if (hi != arg.hi) goto MATCH; */ \ |
| 167 | BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \ | 192 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 3), \ |
| 193 | BPF_STMT(BPF_LD+BPF_MEM, 0), \ | ||
| 194 | /* if (lo != arg.lo) goto MATCH; */ \ | ||
| 168 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (lo), 2, 0), \ | 195 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (lo), 2, 0), \ |
| 169 | BPF_STMT(BPF_LD+BPF_MEM, 1), /* passed: swap hi back in */ \ | 196 | BPF_STMT(BPF_LD+BPF_MEM, 1), \ |
| 170 | jt, \ | 197 | jt, \ |
| 171 | BPF_STMT(BPF_LD+BPF_MEM, 1) /* failed: swap hi back in */ | 198 | BPF_STMT(BPF_LD+BPF_MEM, 1) |
| 172 | |||
| 173 | #define JA32(value, jt) \ | ||
| 174 | BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (value), 0, 1), \ | ||
| 175 | jt | ||
| 176 | 199 | ||
| 177 | #define JA64(lo, hi, jt) \ | 200 | #define JA64(lo, hi, jt) \ |
| 201 | /* if (hi & arg.hi) goto MATCH; */ \ | ||
| 178 | BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (hi), 3, 0), \ | 202 | BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (hi), 3, 0), \ |
| 179 | BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \ | 203 | BPF_STMT(BPF_LD+BPF_MEM, 0), \ |
| 204 | /* if (lo & arg.lo) goto MATCH; */ \ | ||
| 180 | BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (lo), 0, 2), \ | 205 | BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (lo), 0, 2), \ |
| 181 | BPF_STMT(BPF_LD+BPF_MEM, 1), /* passed: swap hi back in */ \ | 206 | BPF_STMT(BPF_LD+BPF_MEM, 1), \ |
| 182 | jt, \ | 207 | jt, \ |
| 183 | BPF_STMT(BPF_LD+BPF_MEM, 1) /* failed: swap hi back in */ | 208 | BPF_STMT(BPF_LD+BPF_MEM, 1) |
| 184 | 209 | ||
| 185 | #define JGE32(value, jt) \ | ||
| 186 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (value), 0, 1), \ | ||
| 187 | jt | ||
| 188 | |||
| 189 | #define JLT32(value, jt) \ | ||
| 190 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (value), 1, 0), \ | ||
| 191 | jt | ||
| 192 | |||
| 193 | /* Shortcut checking if hi > arg.hi. */ | ||
| 194 | #define JGE64(lo, hi, jt) \ | 210 | #define JGE64(lo, hi, jt) \ |
| 211 | /* if (hi > arg.hi) goto MATCH; */ \ | ||
| 195 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (hi), 4, 0), \ | 212 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (hi), 4, 0), \ |
| 213 | /* if (hi != arg.hi) goto NOMATCH; */ \ | ||
| 196 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ | 214 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ |
| 197 | BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \ | 215 | BPF_STMT(BPF_LD+BPF_MEM, 0), \ |
| 216 | /* if (lo >= arg.lo) goto MATCH; */ \ | ||
| 198 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (lo), 0, 2), \ | 217 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (lo), 0, 2), \ |
| 199 | BPF_STMT(BPF_LD+BPF_MEM, 1), /* passed: swap hi back in */ \ | 218 | BPF_STMT(BPF_LD+BPF_MEM, 1), \ |
| 200 | jt, \ | ||
| 201 | BPF_STMT(BPF_LD+BPF_MEM, 1) /* failed: swap hi back in */ | ||
| 202 | |||
| 203 | #define JLT64(lo, hi, jt) \ | ||
| 204 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (hi), 0, 4), \ | ||
| 205 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ | ||
| 206 | BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \ | ||
| 207 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (lo), 2, 0), \ | ||
| 208 | BPF_STMT(BPF_LD+BPF_MEM, 1), /* passed: swap hi back in */ \ | ||
| 209 | jt, \ | 219 | jt, \ |
| 210 | BPF_STMT(BPF_LD+BPF_MEM, 1) /* failed: swap hi back in */ | 220 | BPF_STMT(BPF_LD+BPF_MEM, 1) |
| 211 | 221 | ||
| 212 | #define JGT32(value, jt) \ | ||
| 213 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (value), 0, 1), \ | ||
| 214 | jt | ||
| 215 | |||
| 216 | #define JLE32(value, jt) \ | ||
| 217 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (value), 1, 0), \ | ||
| 218 | jt | ||
| 219 | |||
| 220 | /* Check hi > args.hi first, then do the GE checking */ | ||
| 221 | #define JGT64(lo, hi, jt) \ | 222 | #define JGT64(lo, hi, jt) \ |
| 223 | /* if (hi > arg.hi) goto MATCH; */ \ | ||
| 222 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (hi), 4, 0), \ | 224 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (hi), 4, 0), \ |
| 225 | /* if (hi != arg.hi) goto NOMATCH; */ \ | ||
| 223 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ | 226 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ |
| 224 | BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \ | 227 | BPF_STMT(BPF_LD+BPF_MEM, 0), \ |
| 228 | /* if (lo > arg.lo) goto MATCH; */ \ | ||
| 225 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (lo), 0, 2), \ | 229 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (lo), 0, 2), \ |
| 226 | BPF_STMT(BPF_LD+BPF_MEM, 1), /* passed: swap hi back in */ \ | 230 | BPF_STMT(BPF_LD+BPF_MEM, 1), \ |
| 227 | jt, \ | 231 | jt, \ |
| 228 | BPF_STMT(BPF_LD+BPF_MEM, 1) /* failed: swap hi back in */ | 232 | BPF_STMT(BPF_LD+BPF_MEM, 1) |
| 229 | 233 | ||
| 230 | #define JLE64(lo, hi, jt) \ | 234 | #define JLE64(lo, hi, jt) \ |
| 231 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (hi), 6, 0), \ | 235 | /* if (hi < arg.hi) goto MATCH; */ \ |
| 232 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 3), \ | 236 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (hi), 0, 4), \ |
| 233 | BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \ | 237 | /* if (hi != arg.hi) goto NOMATCH; */ \ |
| 238 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ | ||
| 239 | BPF_STMT(BPF_LD+BPF_MEM, 0), \ | ||
| 240 | /* if (lo <= arg.lo) goto MATCH; */ \ | ||
| 234 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (lo), 2, 0), \ | 241 | BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (lo), 2, 0), \ |
| 235 | BPF_STMT(BPF_LD+BPF_MEM, 1), /* passed: swap hi back in */ \ | 242 | BPF_STMT(BPF_LD+BPF_MEM, 1), \ |
| 243 | jt, \ | ||
| 244 | BPF_STMT(BPF_LD+BPF_MEM, 1) | ||
| 245 | |||
| 246 | #define JLT64(lo, hi, jt) \ | ||
| 247 | /* if (hi < arg.hi) goto MATCH; */ \ | ||
| 248 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (hi), 0, 4), \ | ||
| 249 | /* if (hi != arg.hi) goto NOMATCH; */ \ | ||
| 250 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \ | ||
| 251 | BPF_STMT(BPF_LD+BPF_MEM, 0), \ | ||
| 252 | /* if (lo < arg.lo) goto MATCH; */ \ | ||
| 253 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (lo), 2, 0), \ | ||
| 254 | BPF_STMT(BPF_LD+BPF_MEM, 1), \ | ||
| 236 | jt, \ | 255 | jt, \ |
| 237 | BPF_STMT(BPF_LD+BPF_MEM, 1) /* failed: swap hi back in */ | 256 | BPF_STMT(BPF_LD+BPF_MEM, 1) |
| 238 | 257 | ||
| 239 | #define LOAD_SYSCALL_NR \ | 258 | #define LOAD_SYSCALL_NR \ |
| 240 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ | 259 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ |