From 482ea8d4c02b4e262a7139fba98db5b32d143a5b Mon Sep 17 00:00:00 2001 From: bol-van Date: Sat, 14 Sep 2024 21:00:15 +0300 Subject: [PATCH] nfqws,tpws: fix seccomp on mips64 --- nfq/sec.h | 34 +++++++++++++++++++++++++++++++--- tpws/sec.h | 33 ++++++++++++++++++++++++++++++--- 2 files changed, 61 insertions(+), 6 deletions(-) diff --git a/nfq/sec.h b/nfq/sec.h index afd6e8a..ecce7f5 100644 --- a/nfq/sec.h +++ b/nfq/sec.h @@ -19,39 +19,67 @@ bool dropcaps(void); #define syscall_arg(x) (offsetof(struct seccomp_data, args[x])) #if defined(__aarch64__) + # define REG_SYSCALL regs.regs[8] # define ARCH_NR AUDIT_ARCH_AARCH64 + #elif defined(__amd64__) + # define REG_SYSCALL REG_RAX # define ARCH_NR AUDIT_ARCH_X86_64 + #elif defined(__arm__) && (defined(__ARM_EABI__) || defined(__thumb__)) + # define REG_SYSCALL regs.uregs[7] # if __BYTE_ORDER == __LITTLE_ENDIAN # define ARCH_NR AUDIT_ARCH_ARM # else # define ARCH_NR AUDIT_ARCH_ARMEB # endif + #elif defined(__i386__) + # define REG_SYSCALL REG_EAX # define ARCH_NR AUDIT_ARCH_I386 + #elif defined(__mips__) + # define REG_SYSCALL regs[2] + +#if _MIPS_SIM == _MIPS_SIM_ABI32 # if __BYTE_ORDER == __LITTLE_ENDIAN # define ARCH_NR AUDIT_ARCH_MIPSEL # else # define ARCH_NR AUDIT_ARCH_MIPS # endif -#elif defined(__PPC__) -# define REG_SYSCALL regs.gpr[0] -# define ARCH_NR AUDIT_ARCH_PPC +#elif _MIPS_SIM == _MIPS_SIM_ABI64 +# if __BYTE_ORDER == __LITTLE_ENDIAN +# define ARCH_NR AUDIT_ARCH_MIPSEL64 +# else +# define ARCH_NR AUDIT_ARCH_MIPS64 +# endif #else # warning "Platform does not support seccomp filter yet" # define REG_SYSCALL 0 # define ARCH_NR 0 #endif +#elif defined(__PPC__) + +# define REG_SYSCALL regs.gpr[0] +# define ARCH_NR AUDIT_ARCH_PPC + +#else + +# warning "Platform does not support seccomp filter yet" +# define REG_SYSCALL 0 +# define ARCH_NR 0 + #endif +#endif + + #ifndef __CYGWIN__ bool sec_harden(void); bool can_drop_root(void); diff --git a/tpws/sec.h b/tpws/sec.h index e76f630..4582fb3 100644 --- a/tpws/sec.h +++ b/tpws/sec.h @@ -21,37 +21,64 @@ bool dropcaps(void); #define syscall_arg(x) (offsetof(struct seccomp_data, args[x])) #if defined(__aarch64__) + # define REG_SYSCALL regs.regs[8] # define ARCH_NR AUDIT_ARCH_AARCH64 + #elif defined(__amd64__) + # define REG_SYSCALL REG_RAX # define ARCH_NR AUDIT_ARCH_X86_64 + #elif defined(__arm__) && (defined(__ARM_EABI__) || defined(__thumb__)) + # define REG_SYSCALL regs.uregs[7] # if __BYTE_ORDER == __LITTLE_ENDIAN # define ARCH_NR AUDIT_ARCH_ARM # else # define ARCH_NR AUDIT_ARCH_ARMEB # endif + #elif defined(__i386__) + # define REG_SYSCALL REG_EAX # define ARCH_NR AUDIT_ARCH_I386 + #elif defined(__mips__) + # define REG_SYSCALL regs[2] + +#if _MIPS_SIM == _MIPS_SIM_ABI32 # if __BYTE_ORDER == __LITTLE_ENDIAN # define ARCH_NR AUDIT_ARCH_MIPSEL # else # define ARCH_NR AUDIT_ARCH_MIPS # endif -#elif defined(__PPC__) -# define REG_SYSCALL regs.gpr[0] -# define ARCH_NR AUDIT_ARCH_PPC +#elif _MIPS_SIM == _MIPS_SIM_ABI64 +# if __BYTE_ORDER == __LITTLE_ENDIAN +# define ARCH_NR AUDIT_ARCH_MIPSEL64 +# else +# define ARCH_NR AUDIT_ARCH_MIPS64 +# endif #else # warning "Platform does not support seccomp filter yet" # define REG_SYSCALL 0 # define ARCH_NR 0 #endif +#elif defined(__PPC__) + +# define REG_SYSCALL regs.gpr[0] +# define ARCH_NR AUDIT_ARCH_PPC + +#else + +# warning "Platform does not support seccomp filter yet" +# define REG_SYSCALL 0 +# define ARCH_NR 0 + +#endif + #endif bool sec_harden(void);