Wrap linux specific mseal syscall

mseal takes address, size and flags.  Flags are reserved for
future use. Modern CPUs support memory permissions such as RW and
NX bits.  The mseal syscall takes address and size parameters to
additionally protect memory mapping against modifications.

FTR: https://docs.kernel.org/userspace-api/mseal.html

Declare a sys_mseal wrapper in priv_syswrap-linux.h and hook it
for {amd64,arm,arm64,mips64,nanomips,ppc32,ppc64,riscv64,s390x,x86}-linux
using LINX_ with PRE handler in syswrap-linux.c

https://bugs.kde.org/show_bug.cgi?id=505228

diff --git a/NEWS b/NEWS
index 041d7afdf376b973fa60c360c790ee5321afc8b3..97e4b3b413cc49886655bd4e1968599df9fea5aa 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -41,6 +41,7 @@ are not entered into bugzilla tend to get forgotten about or ignored.
 504919  Hide "client tried to modify addresses" warnings when -q (quiet) set
 504936  Add FreeBSD amd64 sysarch subcommands AMD64_SET_TLSBASE and
         AMD64_GET_TLSBASE
+505228  Wrap linux specific mseal syscall
 
 To see details of a given bug, visit
   https://bugs.kde.org/show_bug.cgi?id=XXXXXX

diff --git a/coregrind/m_syswrap/priv_syswrap-linux.h b/coregrind/m_syswrap/priv_syswrap-linux.h
index 966eae543712a061611a29a7bc8edb2248b84f0e..ed8cb4ed50ed4ee2aa1a2e332bdac7d8a1679911 100644 (file)
--- a/coregrind/m_syswrap/priv_syswrap-linux.h
+++ b/coregrind/m_syswrap/priv_syswrap-linux.h
@@ -355,6 +355,9 @@ DECL_TEMPLATE(linux, sys_pidfd_getfd);
 // Since Linux 6.6
 DECL_TEMPLATE(linux, sys_fchmodat2);
 
+// Since Linux 6.10
+DECL_TEMPLATE(linux, sys_mseal);
+
 /* ---------------------------------------------------------------------
    Wrappers for sockets and ipc-ery.  These are split into standalone
    procedures because x86-linux hides them inside multiplexors

diff --git a/coregrind/m_syswrap/syswrap-amd64-linux.c b/coregrind/m_syswrap/syswrap-amd64-linux.c
index c22683192643313828ec3a340d43bfc68d0e4907..292e969fc1c8837dd6dbec4fa7a6827029517f81 100644 (file)
--- a/coregrind/m_syswrap/syswrap-amd64-linux.c
+++ b/coregrind/m_syswrap/syswrap-amd64-linux.c
@@ -904,6 +904,7 @@ static SyscallTableEntry syscall_table[] = {
 
    LINXY(__NR_cachestat,         sys_cachestat),         // 451
    LINX_(__NR_fchmodat2,         sys_fchmodat2),         // 452
+   LINX_(__NR_mseal,             sys_mseal),             // 462
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )

diff --git a/coregrind/m_syswrap/syswrap-arm-linux.c b/coregrind/m_syswrap/syswrap-arm-linux.c
index 05cd1e4b65a3014b18fa1e0ca208c56da5878dc0..6d7db0425bdafa25cc1aad27a2c6b27e926970c3 100644 (file)
--- a/coregrind/m_syswrap/syswrap-arm-linux.c
+++ b/coregrind/m_syswrap/syswrap-arm-linux.c
@@ -1075,6 +1075,7 @@ static SyscallTableEntry syscall_main_table[] = {
 
    LINXY(__NR_cachestat,         sys_cachestat),         // 451
    LINX_(__NR_fchmodat2,         sys_fchmodat2),         // 452
+   LINX_(__NR_mseal,             sys_mseal),             // 462
 };
 
 

diff --git a/coregrind/m_syswrap/syswrap-arm64-linux.c b/coregrind/m_syswrap/syswrap-arm64-linux.c
index 28cb3647c46c987fc83e5e80d6dd1808bee7e879..2d6b45f91665965fea02a3d40cb3bf29bc26728d 100644 (file)
--- a/coregrind/m_syswrap/syswrap-arm64-linux.c
+++ b/coregrind/m_syswrap/syswrap-arm64-linux.c
@@ -855,6 +855,7 @@ static SyscallTableEntry syscall_main_table[] = {
 
    LINXY(__NR_cachestat,         sys_cachestat),         // 451
    LINX_(__NR_fchmodat2,         sys_fchmodat2),         // 452
+   LINX_(__NR_mseal,             sys_mseal),             // 462
 };
 
 

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index be936ecbe18b5b9c0e82b1cf8b40d4d3c6c02e28..0db8717786d4d1c73c4bc2493b730ad8ee8a8e93 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -4296,6 +4296,15 @@ PRE(sys_membarrier)
    PRE_REG_READ1(int, "membarrier", int, flags);
 }
 
+PRE(sys_mseal)
+{
+    /* int mseal(void *addr, size_t len, unsigned long flags) */
+    PRINT("sys_mseal ( %#" FMT_REGWORD "x, %" FMT_REGWORD "u, %#" FMT_REGWORD "x, )", ARG1, ARG2, ARG3);
+    PRE_REG_READ3(int, "mseal", void *, addr,  vki_size_t, len, int, flags);
+    if (!ML_(valid_client_addr)(ARG1, ARG2, tid, "mseal"))
+       SET_STATUS_Failure(VKI_ENOMEM);
+}
+
 PRE(sys_syncfs)
 {
    *flags |= SfMayBlock;

diff --git a/coregrind/m_syswrap/syswrap-mips32-linux.c b/coregrind/m_syswrap/syswrap-mips32-linux.c
index d16a9a4bc1f867c795588c6ab91182af9fff79fc..5edae82c31f183cf8fe005dacf4fec9d9c212121 100644 (file)
--- a/coregrind/m_syswrap/syswrap-mips32-linux.c
+++ b/coregrind/m_syswrap/syswrap-mips32-linux.c
@@ -1182,6 +1182,7 @@ static SyscallTableEntry syscall_main_table[] = {
 
    LINXY(__NR_cachestat,               sys_cachestat),               // 451
    LINX_(__NR_fchmodat2,               sys_fchmodat2),               // 452
+   LINX_(__NR_mseal,                   sys_mseal),                   // 462
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) (UInt sysno)

diff --git a/coregrind/m_syswrap/syswrap-mips64-linux.c b/coregrind/m_syswrap/syswrap-mips64-linux.c
index fe1f3db7f5d9db714dbf9e1c5698428a2b324b4e..63e4b111ec56cd422f1238655b0298ae00e319ad 100644 (file)
--- a/coregrind/m_syswrap/syswrap-mips64-linux.c
+++ b/coregrind/m_syswrap/syswrap-mips64-linux.c
@@ -838,6 +838,7 @@ static SyscallTableEntry syscall_main_table[] = {
    LINXY (__NR_cachestat, sys_cachestat),
    LINX_ (__NR_fchmodat2, sys_fchmodat2),
    LINXY (__NR_userfaultfd, sys_userfaultfd),
+   LINX_ (__NR_mseal, sys_mseal),
 };
 
 SyscallTableEntry * ML_(get_linux_syscall_entry) ( UInt sysno )

diff --git a/coregrind/m_syswrap/syswrap-nanomips-linux.c b/coregrind/m_syswrap/syswrap-nanomips-linux.c
index 87153737d3ac6706a6595711a6fa57ebf13eb23b..b392ad1adea8e08ffaadc0cb4d5e3cde926cffa0 100644 (file)
--- a/coregrind/m_syswrap/syswrap-nanomips-linux.c
+++ b/coregrind/m_syswrap/syswrap-nanomips-linux.c
@@ -842,6 +842,7 @@ static SyscallTableEntry syscall_main_table[] = {
    LINX_ (__NR_landlock_restrict_self, sys_landlock_restrict_self),
    LINXY (__NR_cachestat,              sys_cachestat),
    LINX_ (__NR_fchmodat2,              sys_fchmodat2),
+   LINX_ (__NR_mseal,                  sys_mseal),
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) (UInt sysno)

diff --git a/coregrind/m_syswrap/syswrap-ppc32-linux.c b/coregrind/m_syswrap/syswrap-ppc32-linux.c
index bc180b8b1c1ee267f58c00d0a48b3fbabef87aa1..9d02a02580689c57ef4ea00c3b24811064e49db0 100644 (file)
--- a/coregrind/m_syswrap/syswrap-ppc32-linux.c
+++ b/coregrind/m_syswrap/syswrap-ppc32-linux.c
@@ -1081,6 +1081,7 @@ static SyscallTableEntry syscall_table[] = {
 
    LINXY(__NR_cachestat,         sys_cachestat),         // 451
    LINX_ (__NR_fchmodat2,        sys_fchmodat2),         // 452
+   LINX_ (__NR_mseal,            sys_mseal),             // 462
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )

diff --git a/coregrind/m_syswrap/syswrap-ppc64-linux.c b/coregrind/m_syswrap/syswrap-ppc64-linux.c
index 6e97358e89b1d14f34c72169edb2481a64662c2d..94385a4fa11764ee02830ff0a988d893de729d8e 100644 (file)
--- a/coregrind/m_syswrap/syswrap-ppc64-linux.c
+++ b/coregrind/m_syswrap/syswrap-ppc64-linux.c
@@ -1048,6 +1048,7 @@ static SyscallTableEntry syscall_table[] = {
 
    LINXY (__NR_cachestat,        sys_cachestat),         // 451
    LINX_ (__NR_fchmodat2,        sys_fchmodat2),         // 452
+   LINX_ (__NR_mseal,            sys_mseal),             // 462
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )

diff --git a/coregrind/m_syswrap/syswrap-riscv64-linux.c b/coregrind/m_syswrap/syswrap-riscv64-linux.c
index 7a1ff0751884f63478f4397b49422dfa696e45e3..68ccd0ea49032bc16c17774cb2a110cec827023d 100644 (file)
--- a/coregrind/m_syswrap/syswrap-riscv64-linux.c
+++ b/coregrind/m_syswrap/syswrap-riscv64-linux.c
@@ -599,6 +599,7 @@ static SyscallTableEntry syscall_main_table[] = {
    LINXY(__NR_memfd_secret, sys_memfd_secret),                     /* 447 */
    LINXY(__NR_cachestat, sys_cachestat),                           /* 451 */
    LINX_(__NR_fchmodat2, sys_fchmodat2),                           /* 452 */
+   LINX_(__NR_mseal, sys_mseal),                                   /* 462 */
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry)(UInt sysno)

diff --git a/coregrind/m_syswrap/syswrap-s390x-linux.c b/coregrind/m_syswrap/syswrap-s390x-linux.c
index f4ceae4613f2637e933141e5101e2ba39ab15f16..a6770399dd33afc04ea0dd0f09a3292fa6d348cb 100644 (file)
--- a/coregrind/m_syswrap/syswrap-s390x-linux.c
+++ b/coregrind/m_syswrap/syswrap-s390x-linux.c
@@ -890,6 +890,7 @@ static SyscallTableEntry syscall_table[] = {
 
    LINXY (__NR_cachestat, sys_cachestat),                             // 451
    LINX_ (__NR_fchmodat2, sys_fchmodat2),                             // 452
+   LINX_ (__NR_mseal, sys_mseal),                                     // 462
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )

diff --git a/coregrind/m_syswrap/syswrap-x86-linux.c b/coregrind/m_syswrap/syswrap-x86-linux.c
index 662780588af41e79622d68509d8ef43683c76f6f..4b5b5fb15f2bafc4044bbaa2f1f2298f792bd6a0 100644 (file)
--- a/coregrind/m_syswrap/syswrap-x86-linux.c
+++ b/coregrind/m_syswrap/syswrap-x86-linux.c
@@ -1676,6 +1676,7 @@ static SyscallTableEntry syscall_table[] = {
 
    LINXY(__NR_cachestat,         sys_cachestat),         // 451
    LINX_(__NR_fchmodat2,         sys_fchmodat2),         // 452
+   LINX_(__NR_mseal,             sys_mseal),             // 462
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )

diff --git a/include/vki/vki-scnums-mips32-linux.h b/include/vki/vki-scnums-mips32-linux.h
index d4f8de15aac762a11dfd957ea9d15633b8e596ea..53f6499aab10839fff4cbb7ab74baf33c8263ff0 100644 (file)
--- a/include/vki/vki-scnums-mips32-linux.h
+++ b/include/vki/vki-scnums-mips32-linux.h
@@ -460,6 +460,7 @@
 #define __NR_set_mempolicy_home_node    (__NR_Linux + 450)
 #define __NR_cachestat                  (__NR_Linux + 451)
 #define __NR_fchmodat2                  (__NR_Linux + 452)
+#define __NR_mseal                      (__NR_Linux + 462)
 /*
  * Offset of the last Linux o32 flavoured syscall
  */

diff --git a/include/vki/vki-scnums-mips64-linux.h b/include/vki/vki-scnums-mips64-linux.h
index c5291e31c654cde816a406b8f121275b2771a265..91f5783457b772143d51efec15201cd46caf4777 100644 (file)
--- a/include/vki/vki-scnums-mips64-linux.h
+++ b/include/vki/vki-scnums-mips64-linux.h
@@ -401,6 +401,7 @@
 #define __NR_lsm_get_self_attr      (__NR_Linux + 459)
 #define __NR_lsm_set_self_attr      (__NR_Linux + 460)
 #define __NR_lsm_list_modules       (__NR_Linux + 461)
+#define __NR_mseal                  (__NR_Linux + 462)
 
 #elif defined(VGABI_N32)
 

diff --git a/include/vki/vki-scnums-shared-linux.h b/include/vki/vki-scnums-shared-linux.h
index 616f8052d379b0c070d0ec775c01c677393206fa..32ef8ac133c9894b8e62446abac27c797de478e7 100644 (file)
--- a/include/vki/vki-scnums-shared-linux.h
+++ b/include/vki/vki-scnums-shared-linux.h
@@ -56,5 +56,6 @@
 
 #define __NR_cachestat         451
 #define __NR_fchmodat2         452
+#define __NR_mseal             462
 
 #endif