Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

disasm/asm: Support "<arch>.<syscall>" #212

Merged
merged 6 commits into from
Oct 12, 2022
Merged

disasm/asm: Support "<arch>.<syscall>" #212

merged 6 commits into from
Oct 12, 2022

Conversation

david942j
Copy link
Owner

@david942j david942j commented Oct 9, 2022
edited
Loading

disasm: support inferring the syscall name when there is only one possible architecture
asm: support considering <arch>.<syscall> as a valid syntax

A = arch
if (A != ARCH_X86_64) goto i386
A = sys_number
if (A >= 0x40000000) goto dead
if (A == 0) goto allow
if (A == 1) goto allow
if (A == 2) goto allow else goto dead

i386: if (A != ARCH_I386) goto arm64
A = sys_number
if (A == 0) goto allow
if (A == 1) goto allow
if (A == 2) goto allow else goto dead

arm64: if (A != ARCH_AARCH64) goto s390x
A = sys_number
if (A == 0) goto allow
if (A == 1) goto allow
if (A == 2) goto allow else goto dead

s390x: if (A != ARCH_S390X) goto dead
A = sys_number
if (A == 0) goto allow
if (A == 1) goto allow
if (A == 2) goto allow else goto dead

dead: return KILL
allow: return ALLOW

Will be disasm-ed as

 line  CODE  JT   JF      K
=================================
 0000: 0x20 0x00 0x00 0x00000004  A = arch
 0001: 0x15 0x00 0x05 0xc000003e  if (A != ARCH_X86_64) goto 0007
 0002: 0x20 0x00 0x00 0x00000000  A = sys_number
 0003: 0x35 0x12 0x00 0x40000000  if (A >= 0x40000000) goto 0022
 0004: 0x15 0x12 0x00 0x00000000  if (A == read) goto 0023
 0005: 0x15 0x11 0x00 0x00000001  if (A == write) goto 0023
 0006: 0x15 0x10 0x0f 0x00000002  if (A == open) goto 0023 else goto 0022
 0007: 0x15 0x00 0x04 0x40000003  if (A != ARCH_I386) goto 0012
 0008: 0x20 0x00 0x00 0x00000000  A = sys_number
 0009: 0x15 0x0d 0x00 0x00000000  if (A == i386.restart_syscall) goto 0023
 0010: 0x15 0x0c 0x00 0x00000001  if (A == i386.exit) goto 0023
 0011: 0x15 0x0b 0x0a 0x00000002  if (A == i386.fork) goto 0023 else goto 0022
 0012: 0x15 0x00 0x04 0xc00000b7  if (A != ARCH_AARCH64) goto 0017
 0013: 0x20 0x00 0x00 0x00000000  A = sys_number
 0014: 0x15 0x08 0x00 0x00000000  if (A == aarch64.io_setup) goto 0023
 0015: 0x15 0x07 0x00 0x00000001  if (A == aarch64.io_destroy) goto 0023
 0016: 0x15 0x06 0x05 0x00000002  if (A == aarch64.io_submit) goto 0023 else goto 0022
 0017: 0x15 0x00 0x04 0x80000016  if (A != ARCH_S390X) goto 0022
 0018: 0x20 0x00 0x00 0x00000000  A = sys_number
 0019: 0x15 0x03 0x00 0x00000000  if (A == 0x0) goto 0023
 0020: 0x15 0x02 0x00 0x00000001  if (A == s390x.exit) goto 0023
 0021: 0x15 0x01 0x00 0x00000002  if (A == s390x.fork) goto 0023
 0022: 0x06 0x00 0x00 0x00000000  return KILL
 0023: 0x06 0x00 0x00 0x7fff0000  return ALLOW

Fixes #204

@david942j david942j mentioned this pull request Oct 9, 2022
Closed
@david942j david942j merged commit 0ee8727 into master Oct 12, 2022
@david942j david942j deleted the syscall branch October 12, 2022 15:22
@david942j david942j restored the syscall branch October 12, 2022 15:22
@david942j david942j deleted the syscall branch October 12, 2022 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dumping seccomp works wrong
1 participant
@david942j