From 482ea8d4c02b4e262a7139fba98db5b32d143a5b Mon Sep 17 00:00:00 2001 From: bol-van Date: Sat, 14 Sep 2024 21:00:15 +0300 Subject: [PATCH] nfqws,tpws: fix seccomp on mips64 --- nfq/sec.h | 28 ++++++++++++++++++++++++++++ tpws/sec.h | 27 +++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/nfq/sec.h b/nfq/sec.h index afd6e8a..ecce7f5 100644 --- a/nfq/sec.h +++ b/nfq/sec.h @@ -19,39 +19,67 @@ bool dropcaps(void); #define syscall_arg(x) (offsetof(struct seccomp_data, args[x])) #if defined(__aarch64__) + # define REG_SYSCALL regs.regs[8] # define ARCH_NR AUDIT_ARCH_AARCH64 + #elif defined(__amd64__) + # define REG_SYSCALL REG_RAX # define ARCH_NR AUDIT_ARCH_X86_64 + #elif defined(__arm__) && (defined(__ARM_EABI__) || defined(__thumb__)) + # define REG_SYSCALL regs.uregs[7] # if __BYTE_ORDER == __LITTLE_ENDIAN # define ARCH_NR AUDIT_ARCH_ARM # else # define ARCH_NR AUDIT_ARCH_ARMEB # endif + #elif defined(__i386__) + # define REG_SYSCALL REG_EAX # define ARCH_NR AUDIT_ARCH_I386 + #elif defined(__mips__) + # define REG_SYSCALL regs[2] + +#if _MIPS_SIM == _MIPS_SIM_ABI32 # if __BYTE_ORDER == __LITTLE_ENDIAN # define ARCH_NR AUDIT_ARCH_MIPSEL # else # define ARCH_NR AUDIT_ARCH_MIPS # endif +#elif _MIPS_SIM == _MIPS_SIM_ABI64 +# if __BYTE_ORDER == __LITTLE_ENDIAN +# define ARCH_NR AUDIT_ARCH_MIPSEL64 +# else +# define ARCH_NR AUDIT_ARCH_MIPS64 +# endif +#else +# warning "Platform does not support seccomp filter yet" +# define REG_SYSCALL 0 +# define ARCH_NR 0 +#endif + #elif defined(__PPC__) + # define REG_SYSCALL regs.gpr[0] # define ARCH_NR AUDIT_ARCH_PPC + #else + # warning "Platform does not support seccomp filter yet" # define REG_SYSCALL 0 # define ARCH_NR 0 + #endif #endif + #ifndef __CYGWIN__ bool sec_harden(void); bool can_drop_root(void); diff --git a/tpws/sec.h b/tpws/sec.h index e76f630..4582fb3 100644 --- a/tpws/sec.h +++ b/tpws/sec.h @@ -21,35 +21,62 @@ bool dropcaps(void); #define syscall_arg(x) (offsetof(struct seccomp_data, args[x])) #if defined(__aarch64__) + # define REG_SYSCALL regs.regs[8] # define ARCH_NR AUDIT_ARCH_AARCH64 + #elif defined(__amd64__) + # define REG_SYSCALL REG_RAX # define ARCH_NR AUDIT_ARCH_X86_64 + #elif defined(__arm__) && (defined(__ARM_EABI__) || defined(__thumb__)) + # define REG_SYSCALL regs.uregs[7] # if __BYTE_ORDER == __LITTLE_ENDIAN # define ARCH_NR AUDIT_ARCH_ARM # else # define ARCH_NR AUDIT_ARCH_ARMEB # endif + #elif defined(__i386__) + # define REG_SYSCALL REG_EAX # define ARCH_NR AUDIT_ARCH_I386 + #elif defined(__mips__) + # define REG_SYSCALL regs[2] + +#if _MIPS_SIM == _MIPS_SIM_ABI32 # if __BYTE_ORDER == __LITTLE_ENDIAN # define ARCH_NR AUDIT_ARCH_MIPSEL # else # define ARCH_NR AUDIT_ARCH_MIPS # endif +#elif _MIPS_SIM == _MIPS_SIM_ABI64 +# if __BYTE_ORDER == __LITTLE_ENDIAN +# define ARCH_NR AUDIT_ARCH_MIPSEL64 +# else +# define ARCH_NR AUDIT_ARCH_MIPS64 +# endif +#else +# warning "Platform does not support seccomp filter yet" +# define REG_SYSCALL 0 +# define ARCH_NR 0 +#endif + #elif defined(__PPC__) + # define REG_SYSCALL regs.gpr[0] # define ARCH_NR AUDIT_ARCH_PPC + #else + # warning "Platform does not support seccomp filter yet" # define REG_SYSCALL 0 # define ARCH_NR 0 + #endif #endif