commit 1e98d56617ff3488b5803fb6acb69bf4a6b6922d Author: Nick Mathewson nickm@torproject.org Date: Thu Jun 4 12:08:02 2020 -0400
sandbox: Do not require M_SYSCALL.
M_SYSCALL is used to report information about a sandbox violation, but when we don't have a definition for it, it still makes sense to compile.
Closes ticket 34382. --- changes/ticket34382 | 6 ++++++ src/lib/sandbox/sandbox.c | 31 +++++++++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/changes/ticket34382 b/changes/ticket34382 new file mode 100644 index 000000000..0bdfe22a5 --- /dev/null +++ b/changes/ticket34382 @@ -0,0 +1,6 @@ + o Minor features (Linux seccomp2 sandbox, compilation): + - Allow Tor to build on platforms where it doesn't know how to + report which syscall had caused the linux seccomp2 sandbox + to fail. This change should make the sandbox code more portable + to less common Linux architectures. + Closes ticket 34382. diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index b917912f4..903d48449 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -117,6 +117,10 @@
#endif /* defined(__i386__) || ... */
+#ifdef M_SYSCALL +#define SYSCALL_NAME_DEBUGGING +#endif + /**Determines if at least one sandbox is active.*/ static int sandbox_active = 0; /** Holds the parameter list configuration for the sandbox.*/ @@ -1545,8 +1549,10 @@ install_syscall_filter(sandbox_cfg_t* cfg) return (rc < 0 ? -rc : rc); }
+#ifdef SYSCALL_NAME_DEBUGGING #include "lib/sandbox/linux_syscalls.inc"
+/** Return a string containing the name of a given syscall (if we know it) */ static const char * get_syscall_name(int syscall_num) { @@ -1564,6 +1570,28 @@ get_syscall_name(int syscall_num) } }
+/** Return the syscall number from a ucontext_t that we got in a signal + * handler (if we know how to do that). */ +static int +get_syscall_from_ucontext(const ucontext_t *ctx) +{ + return (int) ctx->uc_mcontext.M_SYSCALL; +} +#else +static const char * +get_syscall_name(int syscall_num) +{ + (void) syscall_num; + return "unknown"; +} +static int +get_syscall_from_ucontext(const ucontext_t *ctx) +{ + (void) ctx; + return -1; +} +#endif + #ifdef USE_BACKTRACE #define MAX_DEPTH 256 static void *syscall_cb_buf[MAX_DEPTH]; @@ -1579,7 +1607,6 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context) { ucontext_t *ctx = (ucontext_t *) (void_context); const char *syscall_name; - int syscall; #ifdef USE_BACKTRACE size_t depth; int n_fds, i; @@ -1594,7 +1621,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context) if (!ctx) return;
- syscall = (int) ctx->uc_mcontext.M_SYSCALL; + int syscall = get_syscall_from_ucontext(ctx);
#ifdef USE_BACKTRACE depth = backtrace(syscall_cb_buf, MAX_DEPTH);