Accepting request 295335 from home:a_faerber:branches:security

Fix some arm syscall constants OBS-URL: https://build.opensuse.org/request/show/295335 OBS-URL: https://build.opensuse.org/package/show/security/libseccomp?expand=0&rev=31
2015-04-10 19:27:34 +00:00 · 2015-04-10 19:27:34 +00:00 · 41da53f084
commit 41da53f084
parent cdf6d5ec85
3 changed files with 187 additions and 1 deletions
--- a/libseccomp-arm-syscall-fixes.patch
+++ b/libseccomp-arm-syscall-fixes.patch
@ -0,0 +1,179 @@
+From d1019115acdc8460c9a1f8a878768001a3c32431 Mon Sep 17 00:00:00 2001
+From: Paul Moore <pmoore@redhat.com>
+Date: Fri, 10 Apr 2015 10:31:04 -0400
+Subject: [PATCH] arm: fix some problems with the syscall table
+
+The 32-bit ARM syscall table mistakenly included syscall definitions
+for the syscalls below.  This patch redefines those syscalls to
+libseccomp's pseudo-syscall numbers and corrects the
+arch-syscall-validate to correctly list the 32-bit ARM syscalls.
+
+ * time
+ * umount
+ * stime
+ * alarm
+ * utime
+ * getrlimit
+ * select
+ * readdir
+ * mmap
+ * socketcall
+ * syscall
+ * ipc
+
+Reported-by: Andreas Farber <afaerber@suse.de>
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+---
+ include/seccomp.h.in      | 10 ++++++++++
+ src/arch-arm-syscalls.c   | 24 ++++++++++++------------
+ src/arch-syscall-validate |  2 +-
+ 3 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/include/seccomp.h.in b/include/seccomp.h.in
+index 6a115d1..9a28e4a 100644
+--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
+@@ -1424,6 +1424,16 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
+ #define __NR_utimes		__PNR_utimes
+ #endif /* __NR_utimes */
+ 
+#define __PNR_getrlimit		-10180
+#ifndef __NR_getrlimit
+#define __NR_getrlimit		__PNR_getrlimit
+#endif /* __NR_utimes */
+
+#define __PNR_mmap		-10181
+#ifndef __NR_mmap
+#define __NR_mmap		__PNR_mmap
+#endif /* __NR_utimes */
+
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
+index 8876135..b574ccc 100644
+--- a/src/arch-arm-syscalls.c
+++ b/src/arch-arm-syscalls.c
+@@ -49,7 +49,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "add_key", (__NR_SYSCALL_BASE + 309) },
+ 	{ "adjtimex", (__NR_SYSCALL_BASE + 124) },
+ 	{ "afs_syscall", __PNR_afs_syscall },
+-	{ "alarm", (__NR_SYSCALL_BASE + 27) },
+	{ "alarm", __PNR_alarm },
+ 	{ "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) },
+ 	{ "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) },
+ 	{ "arch_prctl", __PNR_arch_prctl },
+@@ -156,7 +156,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "getresgid32", (__NR_SYSCALL_BASE + 211) },
+ 	{ "getresuid", (__NR_SYSCALL_BASE + 165) },
+ 	{ "getresuid32", (__NR_SYSCALL_BASE + 209) },
+-	{ "getrlimit", (__NR_SYSCALL_BASE + 76) },
+	{ "getrlimit", __PNR_getrlimit },
+ 	{ "getrusage", (__NR_SYSCALL_BASE + 77) },
+ 	{ "getsid", (__NR_SYSCALL_BASE + 147) },
+ 	{ "getsockname", (__NR_SYSCALL_BASE + 286) },
+@@ -183,7 +183,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "iopl", __PNR_iopl },
+ 	{ "ioprio_get", (__NR_SYSCALL_BASE + 315) },
+ 	{ "ioprio_set", (__NR_SYSCALL_BASE + 314) },
+-	{ "ipc", (__NR_SYSCALL_BASE + 117) },
+	{ "ipc", __PNR_ipc },
+ 	{ "kcmp", (__NR_SYSCALL_BASE + 378) },
+ 	{ "kexec_file_load", __PNR_kexec_file_load },
+ 	{ "kexec_load", (__NR_SYSCALL_BASE + 347) },
+@@ -215,7 +215,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "mknodat", (__NR_SYSCALL_BASE + 324) },
+ 	{ "mlock", (__NR_SYSCALL_BASE + 150) },
+ 	{ "mlockall", (__NR_SYSCALL_BASE + 152) },
+-	{ "mmap", (__NR_SYSCALL_BASE + 90) },
+	{ "mmap", __PNR_mmap },
+ 	{ "mmap2", (__NR_SYSCALL_BASE + 192) },
+ 	{ "modify_ldt", __PNR_modify_ldt },
+ 	{ "mount", (__NR_SYSCALL_BASE + 21) },
+@@ -279,7 +279,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "quotactl", (__NR_SYSCALL_BASE + 131) },
+ 	{ "read", (__NR_SYSCALL_BASE +  3) },
+ 	{ "readahead", (__NR_SYSCALL_BASE + 225) },
+-	{ "readdir", (__NR_SYSCALL_BASE + 89) },
+	{ "readdir", __PNR_readdir },
+ 	{ "readlink", (__NR_SYSCALL_BASE + 85) },
+ 	{ "readlinkat", (__NR_SYSCALL_BASE + 332) },
+ 	{ "readv", (__NR_SYSCALL_BASE + 145) },
+@@ -318,7 +318,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "sched_yield", (__NR_SYSCALL_BASE + 158) },
+ 	{ "seccomp", (__NR_SYSCALL_BASE + 383) },
+ 	{ "security", __PNR_security },
+-	{ "select", (__NR_SYSCALL_BASE + 82) },
+	{ "select", __PNR_select },
+ 	{ "semctl", (__NR_SYSCALL_BASE + 300) },
+ 	{ "semget", (__NR_SYSCALL_BASE + 299) },
+ 	{ "semop", (__NR_SYSCALL_BASE + 298) },
+@@ -378,7 +378,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "sigreturn", (__NR_SYSCALL_BASE + 119) },
+ 	{ "sigsuspend", (__NR_SYSCALL_BASE + 72) },
+ 	{ "socket", (__NR_SYSCALL_BASE + 281) },
+-	{ "socketcall", (__NR_SYSCALL_BASE + 102) },
+	{ "socketcall", __PNR_socketcall },
+ 	{ "socketpair", (__NR_SYSCALL_BASE + 288) },
+ 	{ "splice", (__NR_SYSCALL_BASE + 340) },
+ 	{ "ssetmask", __PNR_ssetmask },
+@@ -386,7 +386,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "stat64", (__NR_SYSCALL_BASE + 195) },
+ 	{ "statfs", (__NR_SYSCALL_BASE + 99) },
+ 	{ "statfs64", (__NR_SYSCALL_BASE + 266) },
+-	{ "stime", (__NR_SYSCALL_BASE + 25) },
+	{ "stime", __PNR_stime },
+ 	{ "stty", __PNR_stty },
+ 	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
+ 	{ "swapon", (__NR_SYSCALL_BASE + 87) },
+@@ -396,14 +396,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "sync_file_range", __PNR_sync_file_range },
+ 	{ "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
+ 	{ "syncfs", (__NR_SYSCALL_BASE + 373) },
+-	{ "syscall", (__NR_SYSCALL_BASE + 113) },
+	{ "syscall", __PNR_syscall },
+ 	{ "sysfs", (__NR_SYSCALL_BASE + 135) },
+ 	{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
+ 	{ "syslog", (__NR_SYSCALL_BASE + 103) },
+ 	{ "sysmips", __PNR_sysmips },
+ 	{ "tee", (__NR_SYSCALL_BASE + 342) },
+ 	{ "tgkill", (__NR_SYSCALL_BASE + 268) },
+-	{ "time", (__NR_SYSCALL_BASE + 13) },
+	{ "time", __PNR_time },
+ 	{ "timer_create", (__NR_SYSCALL_BASE + 257) },
+ 	{ "timer_delete", (__NR_SYSCALL_BASE + 261) },
+ 	{ "timer_getoverrun", (__NR_SYSCALL_BASE + 260) },
+@@ -421,7 +421,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "ugetrlimit", (__NR_SYSCALL_BASE + 191) },
+ 	{ "ulimit", __PNR_ulimit },
+ 	{ "umask", (__NR_SYSCALL_BASE + 60) },
+-	{ "umount", (__NR_SYSCALL_BASE + 22) },
+	{ "umount", __PNR_umount },
+ 	{ "umount2", (__NR_SYSCALL_BASE + 52) },
+ 	{ "uname", (__NR_SYSCALL_BASE + 122) },
+ 	{ "unlink", (__NR_SYSCALL_BASE + 10) },
+@@ -429,7 +429,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
+ 	{ "unshare", (__NR_SYSCALL_BASE + 337) },
+ 	{ "uselib", (__NR_SYSCALL_BASE + 86) },
+ 	{ "ustat", (__NR_SYSCALL_BASE + 62) },
+-	{ "utime", (__NR_SYSCALL_BASE + 30) },
+	{ "utime", __PNR_utime },
+ 	{ "utimensat", (__NR_SYSCALL_BASE + 348) },
+ 	{ "utimes", (__NR_SYSCALL_BASE + 269) },
+ 	{ "vfork", (__NR_SYSCALL_BASE + 190) },
+diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
+index 2cbf696..1616c9f 100755
+--- a/src/arch-syscall-validate
+++ b/src/arch-syscall-validate
+@@ -146,7 +146,7 @@ function dump_lib_x32() {
+ #
+ function dump_sys_arm() {
+ 	# NOTE: arm_sync_file_range() and sync_file_range2() share values
+-	cat $1/arch/arm/include/uapi/asm/unistd.h | \
+	gcc -E -dM -D __ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \
+ 		grep "^#define __NR_" | sort | \
+ 		grep -v "^#define __NR_OABI_SYSCALL_BASE" | \
+ 		grep -v "^#define __NR_SYSCALL_BASE" | \
+-- 
+2.1.4
+
--- a/libseccomp.changes
+++ b/libseccomp.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Apr 10 16:52:55 UTC 2015 - afaerber@suse.de
+
+- Fix some arm syscall constants
+  libseccomp-arm-syscall-fixes.patch
+
 -------------------------------------------------------------------
 Sun Mar 29 00:28:59 UTC 2015 - jengelh@inai.de

--- a/libseccomp.spec
+++ b/libseccomp.spec
@ -31,6 +31,7 @@ Source2:        https://github.com/seccomp/libseccomp/releases/download/v%versio
 Patch1:         no-static.diff
 Patch2:         0001-tools-add-the-missing-elf.h-header-file.patch
 Patch3:         libseccomp-s390x-support.patch
+Patch4:         libseccomp-arm-syscall-fixes.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  autoconf
 BuildRequires:  automake >= 1.11
@ -98,7 +99,7 @@ This subpackage contains debug utilities for the seccomp interface.

 %prep
 %setup -q
-%patch -P 1 -P 2 -P 3 -p1
+%patch -P 1 -P 2 -P 3 -P 4 -p1

 %build
 autoreconf -fi