1. Patchew
  2. linux
  3. View series

[PATCH] samples/seccomp: enforce an architecture for bpf-fancy seccomp sample

Mayank Gite posted 1 patch 1 week, 1 day ago 
samples/seccomp/bpf-fancy.c  | 11 ++++++++++-
samples/seccomp/bpf-helper.h |  8 +++++++-
2 files changed, 17 insertions(+), 2 deletions(-)
[PATCH] samples/seccomp: enforce an architecture for bpf-fancy seccomp sample
Posted by Mayank Gite 1 week, 1 day ago 
- Enforce user specified architecture for bpf-fancy seccomp sample.
- Kills the thread if user specified architecture does not match system
  architecture.

Signed-off-by: Mayank Gite <drapl0n.kernel@gmail.com>
---
 samples/seccomp/bpf-fancy.c  | 11 ++++++++++-
 samples/seccomp/bpf-helper.h |  8 +++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/samples/seccomp/bpf-fancy.c b/samples/seccomp/bpf-fancy.c
index 1ccb435025b6..8a966da890b3 100644
--- a/samples/seccomp/bpf-fancy.c
+++ b/samples/seccomp/bpf-fancy.c
@@ -14,6 +14,7 @@
 #include <linux/seccomp.h>
 #include <linux/unistd.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/prctl.h>
 #include <unistd.h>
@@ -26,6 +27,14 @@
 
 int main(int argc, char **argv)
 {
+	if (argc < 2) {
+		fprintf(stderr, "Usage:\n"
+			"bpf-fancy <architecture>\n"
+			"Help:	AUDIT_ARCH_I386: 0x%X\n"
+			"	AUDIT_ARCH_X86_64: 0x%X\n"
+			"\n", AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);
+		return -1;
+	}
 	struct bpf_labels l = {
 		.count = 0,
 	};
@@ -34,7 +43,7 @@ int main(int argc, char **argv)
 	char buf[256];
 	struct sock_filter filter[] = {
 		/* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
-		LOAD_SYSCALL_NR,
+		LOAD_SYSCALL_NR(strtol(argv[1], NULL, 0)),
 		SYSCALL(__NR_exit, ALLOW),
 		SYSCALL(__NR_exit_group, ALLOW),
 		SYSCALL(__NR_write, JUMP(&l, write_fd)),
diff --git a/samples/seccomp/bpf-helper.h b/samples/seccomp/bpf-helper.h
index 417e48a4c4df..246a50d8a0af 100644
--- a/samples/seccomp/bpf-helper.h
+++ b/samples/seccomp/bpf-helper.h
@@ -17,6 +17,7 @@
 
 #include <asm/bitsperlong.h>	/* for __BITS_PER_LONG */
 #include <endian.h>
+#include <linux/audit.h>
 #include <linux/filter.h>
 #include <linux/seccomp.h>	/* for seccomp_data */
 #include <linux/types.h>
@@ -256,7 +257,12 @@ union arg64 {
 	jt, \
 	BPF_STMT(BPF_LD+BPF_MEM, 1)
 
-#define LOAD_SYSCALL_NR \
+#define LOAD_SYSCALL_NR(_arch) \
+	BPF_STMT(BPF_LD + BPF_W + BPF_ABS, \
+		offsetof(struct seccomp_data, arch)), \
+	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, \
+		_arch, 1, 0), \
+	DENY, \
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
 		 offsetof(struct seccomp_data, nr))
 
-- 
2.53.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.