Menu
▾
▴
[Valgrind-developers] [valgrind] Wrap linux specific mseal syscall
|
From: Mark W. <ma...@so...> - 2025-06-17 15:36:07
|
https://sourceware.org/git/gitweb.cgi?p=valgrind.git;h=9775bc496e4b6f80dec993e5d147356ebbe29fe3 commit 9775bc496e4b6f80dec993e5d147356ebbe29fe3 Author: Martin Cermak <mc...@re...> Date: Tue Jun 17 13:51:48 2025 +0200 Wrap linux specific mseal syscall mseal takes address, size and flags. Flags are reserved for future use. Modern CPUs support memory permissions such as RW and NX bits. The mseal syscall takes address and size parameters to additionally protect memory mapping against modifications. FTR: https://docs.kernel.org/userspace-api/mseal.html Declare a sys_mseal wrapper in priv_syswrap-linux.h and hook it for {amd64,arm,arm64,mips64,nanomips,ppc32,ppc64,riscv64,s390x,x86}-linux using LINX_ with PRE handler in syswrap-linux.c https://bugs.kde.org/show_bug.cgi?id=505228 Diff: --- NEWS | 1 + coregrind/m_syswrap/priv_syswrap-linux.h | 3 +++ coregrind/m_syswrap/syswrap-amd64-linux.c | 1 + coregrind/m_syswrap/syswrap-arm-linux.c | 1 + coregrind/m_syswrap/syswrap-arm64-linux.c | 1 + coregrind/m_syswrap/syswrap-linux.c | 9 +++++++++ coregrind/m_syswrap/syswrap-mips32-linux.c | 1 + coregrind/m_syswrap/syswrap-mips64-linux.c | 1 + coregrind/m_syswrap/syswrap-nanomips-linux.c | 1 + coregrind/m_syswrap/syswrap-ppc32-linux.c | 1 + coregrind/m_syswrap/syswrap-ppc64-linux.c | 1 + coregrind/m_syswrap/syswrap-riscv64-linux.c | 1 + coregrind/m_syswrap/syswrap-s390x-linux.c | 1 + coregrind/m_syswrap/syswrap-x86-linux.c | 1 + include/vki/vki-scnums-mips32-linux.h | 1 + include/vki/vki-scnums-mips64-linux.h | 1 + include/vki/vki-scnums-shared-linux.h | 1 + 17 files changed, 27 insertions(+) diff --git a/NEWS b/NEWS index 041d7afdf3..97e4b3b413 100644 --- a/NEWS +++ b/NEWS @@ -41,6 +41,7 @@ are not entered into bugzilla tend to get forgotten about or ignored. 504919 Hide "client tried to modify addresses" warnings when -q (quiet) set 504936 Add FreeBSD amd64 sysarch subcommands AMD64_SET_TLSBASE and AMD64_GET_TLSBASE +505228 Wrap linux specific mseal syscall To see details of a given bug, visit https://bugs.kde.org/show_bug.cgi?id=XXXXXX diff --git a/coregrind/m_syswrap/priv_syswrap-linux.h b/coregrind/m_syswrap/priv_syswrap-linux.h index 966eae5437..ed8cb4ed50 100644 --- a/coregrind/m_syswrap/priv_syswrap-linux.h +++ b/coregrind/m_syswrap/priv_syswrap-linux.h @@ -355,6 +355,9 @@ DECL_TEMPLATE(linux, sys_pidfd_getfd); // Since Linux 6.6 DECL_TEMPLATE(linux, sys_fchmodat2); +// Since Linux 6.10 +DECL_TEMPLATE(linux, sys_mseal); + /* --------------------------------------------------------------------- Wrappers for sockets and ipc-ery. These are split into standalone procedures because x86-linux hides them inside multiplexors diff --git a/coregrind/m_syswrap/syswrap-amd64-linux.c b/coregrind/m_syswrap/syswrap-amd64-linux.c index c226831926..292e969fc1 100644 --- a/coregrind/m_syswrap/syswrap-amd64-linux.c +++ b/coregrind/m_syswrap/syswrap-amd64-linux.c @@ -904,6 +904,7 @@ static SyscallTableEntry syscall_table[] = { LINXY(__NR_cachestat, sys_cachestat), // 451 LINX_(__NR_fchmodat2, sys_fchmodat2), // 452 + LINX_(__NR_mseal, sys_mseal), // 462 }; SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno ) diff --git a/coregrind/m_syswrap/syswrap-arm-linux.c b/coregrind/m_syswrap/syswrap-arm-linux.c index 05cd1e4b65..6d7db0425b 100644 --- a/coregrind/m_syswrap/syswrap-arm-linux.c +++ b/coregrind/m_syswrap/syswrap-arm-linux.c @@ -1075,6 +1075,7 @@ static SyscallTableEntry syscall_main_table[] = { LINXY(__NR_cachestat, sys_cachestat), // 451 LINX_(__NR_fchmodat2, sys_fchmodat2), // 452 + LINX_(__NR_mseal, sys_mseal), // 462 }; diff --git a/coregrind/m_syswrap/syswrap-arm64-linux.c b/coregrind/m_syswrap/syswrap-arm64-linux.c index 28cb3647c4..2d6b45f916 100644 --- a/coregrind/m_syswrap/syswrap-arm64-linux.c +++ b/coregrind/m_syswrap/syswrap-arm64-linux.c @@ -855,6 +855,7 @@ static SyscallTableEntry syscall_main_table[] = { LINXY(__NR_cachestat, sys_cachestat), // 451 LINX_(__NR_fchmodat2, sys_fchmodat2), // 452 + LINX_(__NR_mseal, sys_mseal), // 462 }; diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index be936ecbe1..0db8717786 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -4296,6 +4296,15 @@ PRE(sys_membarrier) PRE_REG_READ1(int, "membarrier", int, flags); } +PRE(sys_mseal) +{ + /* int mseal(void *addr, size_t len, unsigned long flags) */ + PRINT("sys_mseal ( %#" FMT_REGWORD "x, %" FMT_REGWORD "u, %#" FMT_REGWORD "x, )", ARG1, ARG2, ARG3); + PRE_REG_READ3(int, "mseal", void *, addr, vki_size_t, len, int, flags); + if (!ML_(valid_client_addr)(ARG1, ARG2, tid, "mseal")) + SET_STATUS_Failure(VKI_ENOMEM); +} + PRE(sys_syncfs) { *flags |= SfMayBlock; diff --git a/coregrind/m_syswrap/syswrap-mips32-linux.c b/coregrind/m_syswrap/syswrap-mips32-linux.c index d16a9a4bc1..5edae82c31 100644 --- a/coregrind/m_syswrap/syswrap-mips32-linux.c +++ b/coregrind/m_syswrap/syswrap-mips32-linux.c @@ -1182,6 +1182,7 @@ static SyscallTableEntry syscall_main_table[] = { LINXY(__NR_cachestat, sys_cachestat), // 451 LINX_(__NR_fchmodat2, sys_fchmodat2), // 452 + LINX_(__NR_mseal, sys_mseal), // 462 }; SyscallTableEntry* ML_(get_linux_syscall_entry) (UInt sysno) diff --git a/coregrind/m_syswrap/syswrap-mips64-linux.c b/coregrind/m_syswrap/syswrap-mips64-linux.c index fe1f3db7f5..63e4b111ec 100644 --- a/coregrind/m_syswrap/syswrap-mips64-linux.c +++ b/coregrind/m_syswrap/syswrap-mips64-linux.c @@ -838,6 +838,7 @@ static SyscallTableEntry syscall_main_table[] = { LINXY (__NR_cachestat, sys_cachestat), LINX_ (__NR_fchmodat2, sys_fchmodat2), LINXY (__NR_userfaultfd, sys_userfaultfd), + LINX_ (__NR_mseal, sys_mseal), }; SyscallTableEntry * ML_(get_linux_syscall_entry) ( UInt sysno ) diff --git a/coregrind/m_syswrap/syswrap-nanomips-linux.c b/coregrind/m_syswrap/syswrap-nanomips-linux.c index 87153737d3..b392ad1ade 100644 --- a/coregrind/m_syswrap/syswrap-nanomips-linux.c +++ b/coregrind/m_syswrap/syswrap-nanomips-linux.c @@ -842,6 +842,7 @@ static SyscallTableEntry syscall_main_table[] = { LINX_ (__NR_landlock_restrict_self, sys_landlock_restrict_self), LINXY (__NR_cachestat, sys_cachestat), LINX_ (__NR_fchmodat2, sys_fchmodat2), + LINX_ (__NR_mseal, sys_mseal), }; SyscallTableEntry* ML_(get_linux_syscall_entry) (UInt sysno) diff --git a/coregrind/m_syswrap/syswrap-ppc32-linux.c b/coregrind/m_syswrap/syswrap-ppc32-linux.c index bc180b8b1c..9d02a02580 100644 --- a/coregrind/m_syswrap/syswrap-ppc32-linux.c +++ b/coregrind/m_syswrap/syswrap-ppc32-linux.c @@ -1081,6 +1081,7 @@ static SyscallTableEntry syscall_table[] = { LINXY(__NR_cachestat, sys_cachestat), // 451 LINX_ (__NR_fchmodat2, sys_fchmodat2), // 452 + LINX_ (__NR_mseal, sys_mseal), // 462 }; SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno ) diff --git a/coregrind/m_syswrap/syswrap-ppc64-linux.c b/coregrind/m_syswrap/syswrap-ppc64-linux.c index 6e97358e89..94385a4fa1 100644 --- a/coregrind/m_syswrap/syswrap-ppc64-linux.c +++ b/coregrind/m_syswrap/syswrap-ppc64-linux.c @@ -1048,6 +1048,7 @@ static SyscallTableEntry syscall_table[] = { LINXY (__NR_cachestat, sys_cachestat), // 451 LINX_ (__NR_fchmodat2, sys_fchmodat2), // 452 + LINX_ (__NR_mseal, sys_mseal), // 462 }; SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno ) diff --git a/coregrind/m_syswrap/syswrap-riscv64-linux.c b/coregrind/m_syswrap/syswrap-riscv64-linux.c index 7a1ff07518..68ccd0ea49 100644 --- a/coregrind/m_syswrap/syswrap-riscv64-linux.c +++ b/coregrind/m_syswrap/syswrap-riscv64-linux.c @@ -599,6 +599,7 @@ static SyscallTableEntry syscall_main_table[] = { LINXY(__NR_memfd_secret, sys_memfd_secret), /* 447 */ LINXY(__NR_cachestat, sys_cachestat), /* 451 */ LINX_(__NR_fchmodat2, sys_fchmodat2), /* 452 */ + LINX_(__NR_mseal, sys_mseal), /* 462 */ }; SyscallTableEntry* ML_(get_linux_syscall_entry)(UInt sysno) diff --git a/coregrind/m_syswrap/syswrap-s390x-linux.c b/coregrind/m_syswrap/syswrap-s390x-linux.c index f4ceae4613..a6770399dd 100644 --- a/coregrind/m_syswrap/syswrap-s390x-linux.c +++ b/coregrind/m_syswrap/syswrap-s390x-linux.c @@ -890,6 +890,7 @@ static SyscallTableEntry syscall_table[] = { LINXY (__NR_cachestat, sys_cachestat), // 451 LINX_ (__NR_fchmodat2, sys_fchmodat2), // 452 + LINX_ (__NR_mseal, sys_mseal), // 462 }; SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno ) diff --git a/coregrind/m_syswrap/syswrap-x86-linux.c b/coregrind/m_syswrap/syswrap-x86-linux.c index 662780588a..4b5b5fb15f 100644 --- a/coregrind/m_syswrap/syswrap-x86-linux.c +++ b/coregrind/m_syswrap/syswrap-x86-linux.c @@ -1676,6 +1676,7 @@ static SyscallTableEntry syscall_table[] = { LINXY(__NR_cachestat, sys_cachestat), // 451 LINX_(__NR_fchmodat2, sys_fchmodat2), // 452 + LINX_(__NR_mseal, sys_mseal), // 462 }; SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno ) diff --git a/include/vki/vki-scnums-mips32-linux.h b/include/vki/vki-scnums-mips32-linux.h index d4f8de15aa..53f6499aab 100644 --- a/include/vki/vki-scnums-mips32-linux.h +++ b/include/vki/vki-scnums-mips32-linux.h @@ -460,6 +460,7 @@ #define __NR_set_mempolicy_home_node (__NR_Linux + 450) #define __NR_cachestat (__NR_Linux + 451) #define __NR_fchmodat2 (__NR_Linux + 452) +#define __NR_mseal (__NR_Linux + 462) /* * Offset of the last Linux o32 flavoured syscall */ diff --git a/include/vki/vki-scnums-mips64-linux.h b/include/vki/vki-scnums-mips64-linux.h index c5291e31c6..91f5783457 100644 --- a/include/vki/vki-scnums-mips64-linux.h +++ b/include/vki/vki-scnums-mips64-linux.h @@ -401,6 +401,7 @@ #define __NR_lsm_get_self_attr (__NR_Linux + 459) #define __NR_lsm_set_self_attr (__NR_Linux + 460) #define __NR_lsm_list_modules (__NR_Linux + 461) +#define __NR_mseal (__NR_Linux + 462) #elif defined(VGABI_N32) diff --git a/include/vki/vki-scnums-shared-linux.h b/include/vki/vki-scnums-shared-linux.h index 616f8052d3..32ef8ac133 100644 --- a/include/vki/vki-scnums-shared-linux.h +++ b/include/vki/vki-scnums-shared-linux.h @@ -56,5 +56,6 @@ #define __NR_cachestat 451 #define __NR_fchmodat2 452 +#define __NR_mseal 462 #endif |
