[gentoo-commits] proj/sandbox:master commit in: /, libsandbox/trace/linux/

[gentoo-commits] proj/sandbox:master commit in: /, libsandbox/trace/linux/

[Mike Frysinger]

commit:     c1dc899d4cdece095925e2391aefce3b0ad3785f
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 25 05:58:19 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Oct 25 05:58:19 2021 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=c1dc899d

libsandbox: add sparc personality support

This allows tracing of sparc32 in a sparc64 multilib setup.

Although it doesn't quite work -- the syscall table needs to be
reloaded after the exec commits.  We leave that out for now since
there isn't actually a sparc32+sparc64 multilib port currently.

Bug: https://bugs.gentoo.org/293632
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 TODO                           |  3 ++
 configure.ac                   |  4 +++
 libsandbox/trace/linux/sparc.c | 70 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 77 insertions(+)

diff --git a/TODO b/TODO
index 6b3df5a..f48068c 100644
--- a/TODO
+++ b/TODO
@@ -60,3 +60,6 @@ really only way around this would be to have sandbox set up
 a named pipe in $T and set the message path to that.  then
 it would poll that for data and take care of writing it to
 its open stderr.
+
+sparc32 tracing under sparc64 doesn't work quite right.  we need to reload the
+syscall table after the exec call finishes.  not sure any other port needs this.

diff --git a/configure.ac b/configure.ac
index fee0e4f..f43923c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -77,6 +77,10 @@ if test "x$enable_schizo" != "xno" ; then
 		SB_CHECK_SCHIZO([s390x], [-m64])
 		SB_CHECK_SCHIZO([s390], [-m31])
 		;;
+	sparc*linux*)
+		SB_CHECK_SCHIZO([sparc64], [-m64])
+		SB_CHECK_SCHIZO([sparc], [-m32])
+		;;
 	esac
 	SB_SCHIZO_SETTINGS=${SB_SCHIZO_SETTINGS# }
 	if test "x$enable_schizo" != "xno" ; then

diff --git a/libsandbox/trace/linux/sparc.c b/libsandbox/trace/linux/sparc.c
index cb1cb54..36d737a 100644
--- a/libsandbox/trace/linux/sparc.c
+++ b/libsandbox/trace/linux/sparc.c
@@ -13,6 +13,76 @@
 #define U_REG_G1 0
 #define U_REG_O0 7
 
+#undef _trace_possible
+#define _trace_possible _trace_possible
+
+#ifdef SB_SCHIZO
+
+static const struct syscall_entry syscall_table_32[] = {
+#ifdef SB_SCHIZO_sparc
+#define S(s) { SB_SYS_sparc_##s, SB_NR_##s, #s },
+#include "trace_syscalls_sparc.h"
+#undef S
+#endif
+	{ SB_NR_UNDEF, SB_NR_UNDEF, NULL },
+};
+static const struct syscall_entry syscall_table_64[] = {
+#ifdef SB_SCHIZO_sparc64
+#define S(s) { SB_SYS_sparc64_##s, SB_NR_##s, #s },
+#include "trace_syscalls_sparc64.h"
+#undef S
+#endif
+	{ SB_NR_UNDEF, SB_NR_UNDEF, NULL },
+};
+
+static bool pers_is_32(trace_regs *regs)
+{
+#ifdef __arch64__
+	/* Sparc does not make it easy to detect 32-bit vs 64-bit.
+	 * Inspect the syscall trap insn to see which one it is.
+	 */
+	unsigned long ret = do_ptrace(PTRACE_PEEKTEXT, (void *)regs->tpc, NULL);
+	return (ret >> 32) == 0x91d02010;
+#else
+	return true;
+#endif
+}
+
+static const struct syscall_entry *trace_check_personality(void *vregs)
+{
+	trace_regs *regs = vregs;
+	if (pers_is_32(regs))
+		return syscall_table_32;
+	else
+		return syscall_table_64;
+}
+
+static bool _trace_possible(const void *data)
+{
+#ifdef __arch64__
+	/* sparc64 can trace sparc32. */
+	return true;
+#else
+	/* sparc32 can only trace sparc32 :(. */
+	const Elf64_Ehdr *ehdr = data;
+	return ehdr->e_ident[EI_CLASS] == ELFCLASS32;
+#endif
+}
+
+#else
+
+static bool _trace_possible(const void *data)
+{
+	const Elf64_Ehdr *ehdr = data;
+#ifdef __arch64__
+	return ehdr->e_ident[EI_CLASS] == ELFCLASS64;
+#else
+	return ehdr->e_ident[EI_CLASS] == ELFCLASS32;
+#endif
+}
+
+#endif
+
 /* Sparc systems have swapped the addr/data args. */
 #undef trace_get_regs
 #undef trace_set_regs

[gentoo-commits] proj/sandbox:master commit in: /, libsandbox/trace/linux/

[Mike Frysinger]

commit:     f3b7a388d49383e092e7c09d514b698db644bb20
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 25 05:52:29 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Oct 25 05:52:29 2021 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f3b7a388

libsandbox: port ptrace to sparc64 & re-enable for sparc

Now that we have a real dev system & userland running sparc64,
port the logic to it and make sure tests pass on 32-bit & 64-bit.
Hopefully the trace main loop rewrite to avoid signals should
address the instability issues we saw.

Closes: https://bugs.gentoo.org/293632
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 README.md                      |  1 +
 libsandbox/trace/linux/sparc.c | 18 +++++++++++-------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 087ff31..750c0fe 100644
--- a/README.md
+++ b/README.md
@@ -70,6 +70,7 @@ It requires:
   * Itanium
   * PowerPC (32-bit & 64-bit)
   * s390 (32-bit & 64-bit)
+  * SPARC (32-bit & 64-bit)
   * x86 (32-bit & 64-bit & x32)
 * Operating system
   * [Linux](https://kernel.org/) 3.8+

diff --git a/libsandbox/trace/linux/sparc.c b/libsandbox/trace/linux/sparc.c
index b59a036..cb1cb54 100644
--- a/libsandbox/trace/linux/sparc.c
+++ b/libsandbox/trace/linux/sparc.c
@@ -1,6 +1,3 @@
-#define SB_NO_TRACE_ARCH
-#if 0 /* XXX: broken sometimes #293632 */
-
 /* Since sparc's g0 register is hardcoded to 0 in the ISA, the kernel does not
  * bother copying it out when using the regs ptrace.  Instead it shifts things
  * by one and stores [g1..g7] in [0..6] and [o0..o7] in [7..14] (leaving the
@@ -18,9 +15,14 @@
 
 /* Sparc systems have swapped the addr/data args. */
 #undef trace_get_regs
-#define trace_get_regs(regs) do_ptrace(PTRACE_GETREGS, regs, NULL)
 #undef trace_set_regs
-#define trace_set_regs(regs) do_ptrace(PTRACE_SETREGS, regs, NULL)
+#ifdef __arch64__
+# define trace_get_regs(regs) do_ptrace(PTRACE_GETREGS64, regs, NULL)
+# define trace_set_regs(regs) do_ptrace(PTRACE_SETREGS64, regs, NULL)
+#else
+# define trace_get_regs(regs) do_ptrace(PTRACE_GETREGS, regs, NULL)
+# define trace_set_regs(regs) do_ptrace(PTRACE_SETREGS, regs, NULL)
+#endif
 
 #define trace_reg_sysnum u_regs[U_REG_G1]
 
@@ -33,8 +35,12 @@ static long trace_raw_ret(void *vregs)
 static void trace_set_ret(void *vregs, int err)
 {
 	trace_regs *regs = vregs;
+#ifndef __arch64__
 	/* The carry bit is used to flag errors. */
 	regs->psr |= PSR_C;
+#else
+	regs->tstate |= 0x1100000000;
+#endif
 	/* Userland negates the value on sparc. */
 	regs->u_regs[U_REG_O0] = err;
 	trace_set_regs(regs);
@@ -48,5 +54,3 @@ static unsigned long trace_arg(void *vregs, int num)
 	else
 		return -1;
 }
-
-#endif

[gentoo-commits] proj/sandbox:master commit in: /, libsandbox/trace/linux/

[Mike Frysinger]

commit:     03e14b50b395669ca2ee2849230aa00826c763b2
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 24 22:02:11 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Oct 25 06:23:30 2021 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=03e14b50

libsandbox: use PTRACE_GET_SYSCALL_INFO when available

This is a generic interface for all arches, but it only supports
reading settings currently.  We can at least detect failures which
is better than nothing.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 configure.ac                          |  1 +
 libsandbox/trace/linux/arch.c         |  2 ++
 libsandbox/trace/linux/syscall_info.c | 24 ++++++++++++++++++++++++
 3 files changed, 27 insertions(+)

diff --git a/configure.ac b/configure.ac
index f43923c..254104d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -165,6 +165,7 @@ AC_CHECK_TYPES([sighandler_t, sig_t, __sighandler_t],,,[#include <signal.h>])
 
 save_CPPFLAGS=$CPPFLAGS
 CPPFLAGS="-I$srcdir $CPPFLAGS"
+AC_CHECK_TYPES([struct ptrace_syscall_info],,,[#include "headers.h"])
 AC_CHECK_TYPES([struct user_regs_struct, struct pt_regs],,,[#include "headers.h"])
 AC_CHECK_SIZEOF([struct user_regs_struct],,[#include "headers.h"])
 AC_CHECK_SIZEOF([struct pt_regs],,[#include "headers.h"])

diff --git a/libsandbox/trace/linux/arch.c b/libsandbox/trace/linux/arch.c
index 4b3d615..fd2d0de 100644
--- a/libsandbox/trace/linux/arch.c
+++ b/libsandbox/trace/linux/arch.c
@@ -27,6 +27,8 @@
 # include "sparc.c"
 #elif defined(__x86_64__)
 # include "x86_64.c"
+#elif defined(HAVE_STRUCT_PTRACE_SYSCALL_INFO)
+# include "syscall_info.c"
 #else
 # define SB_NO_TRACE_ARCH
 #endif

diff --git a/libsandbox/trace/linux/syscall_info.c b/libsandbox/trace/linux/syscall_info.c
new file mode 100644
index 0000000..23cd509
--- /dev/null
+++ b/libsandbox/trace/linux/syscall_info.c
@@ -0,0 +1,24 @@
+#undef trace_regs
+#define trace_regs struct ptrace_syscall_info
+
+#define trace_reg_sysnum entry.nr
+#define trace_reg_ret exit.rval
+
+#undef trace_get_regs
+#define trace_get_regs(regs) do_ptrace(PTRACE_GET_SYSCALL_INFO, (void *)(uintptr_t)sizeof(trace_regs), regs)
+
+static unsigned long trace_arg(void *vregs, int num)
+{
+	trace_regs *regs = vregs;
+	if (num < 7)
+		return regs->entry.args[num - 1];
+	else
+		return -1;
+}
+
+#undef trace_set_regs
+static long trace_set_regs(void *vregs)
+{
+	sb_ewarn("sandbox: Unable to block violation\n");
+	return 0;
+}