than mailing the developers (or mailing lists) directly -- bugs that
are not entered into bugzilla tend to get forgotten about or ignored.
+489913 WARNING: unhandled amd64-linux syscall: 444 (landlock_create_ruleset)
494327 Crash when running Helgrind built with #define TRACE_PTH_FNS 1
494337 All threaded applications cause still holding lock errors
495488 Add FreeBSD getrlimitusage syscall wrapper
DECL_TEMPLATE(linux, sys_close_range);
DECL_TEMPLATE(linux, sys_openat2);
+// Linux-specific (new in Linux 5.13)
+DECL_TEMPLATE(linux, sys_landlock_create_ruleset)
+DECL_TEMPLATE(linux, sys_landlock_add_rule)
+DECL_TEMPLATE(linux, sys_landlock_restrict_self)
+
// Linux-specific (new in Linux 5.14)
DECL_TEMPLATE(linux, sys_memfd_secret);
LINXY(__NR_epoll_pwait2, sys_epoll_pwait2), // 441
+ LINXY(__NR_landlock_create_ruleset, sys_landlock_create_ruleset), // 444
+ LINX_(__NR_landlock_add_rule, sys_landlock_add_rule), // 445
+ LINX_(__NR_landlock_restrict_self, sys_landlock_restrict_self), // 446
+
LINXY(__NR_memfd_secret, sys_memfd_secret), // 447
LINX_(__NR_fchmodat2, sys_fchmodat2), // 452
LINXY(__NR_epoll_pwait2, sys_epoll_pwait2), // 441
+ LINXY(__NR_landlock_create_ruleset, sys_landlock_create_ruleset), // 444
+ LINX_(__NR_landlock_add_rule, sys_landlock_add_rule), // 445
+ LINX_(__NR_landlock_restrict_self, sys_landlock_restrict_self), // 446
+
LINX_(__NR_fchmodat2, sys_fchmodat2), // 452
};
LINXY(__NR_epoll_pwait2, sys_epoll_pwait2), // 441
+ LINXY(__NR_landlock_create_ruleset, sys_landlock_create_ruleset), // 444
+ LINX_(__NR_landlock_add_rule, sys_landlock_add_rule), // 445
+ LINX_(__NR_landlock_restrict_self, sys_landlock_restrict_self), // 446
+
LINXY(__NR_memfd_secret, sys_memfd_secret), // 447
LINX_(__NR_fchmodat2, sys_fchmodat2), // 452
}
}
+PRE(sys_landlock_create_ruleset)
+{
+ PRINT("sys_landlock_create_ruleset ( %#" FMT_REGWORD "x, %lu, %lu )",
+ ARG1, ARG2, ARG3);
+ PRE_REG_READ3(long, "landlock_create_ruleset",
+ const struct vki_landlock_ruleset_attr*, attr,
+ vki_size_t, size, vki_uint32_t, flags);
+ PRE_MEM_READ( "landlock_create_ruleset(value)", ARG1, ARG2 );
+
+ /* XXX Alternatively we could always fail with EOPNOTSUPP
+ since the rules might interfere with valgrind itself. */
+}
+
+POST(sys_landlock_create_ruleset)
+{
+ /* Returns either the abi version or a file descriptor. */
+ if (ARG3 != VKI_LANDLOCK_CREATE_RULESET_VERSION) {
+ if (!ML_(fd_allowed)(RES, "landlock_create_ruleset", tid, True)) {
+ VG_(close)(RES);
+ SET_STATUS_Failure( VKI_EMFILE );
+ } else {
+ if (VG_(clo_track_fds))
+ ML_(record_fd_open_nameless)(tid, RES);
+ }
+ }
+}
+
+PRE(sys_landlock_add_rule)
+{
+ PRINT("sys_landlock_add_rule ( %ld, %lu, %#" FMT_REGWORD "x, %lu )",
+ SARG1, ARG2, ARG3, ARG4);
+ PRE_REG_READ4(long, "landlock_add_rule",
+ int, ruleset_fd, enum vki_landlock_rule_type, rule_type,
+ const void*, rule_attr, vki_uint32_t, flags);
+ if (!ML_(fd_allowed)(ARG1, "landlock_add_rule", tid, False))
+ SET_STATUS_Failure(VKI_EBADF);
+ /* XXX Depending on rule_type we should also check the given rule_attr. */
+}
+
+PRE(sys_landlock_restrict_self)
+{
+ PRINT("sys_landlock_restrict_self ( %ld, %lu )", SARG1, ARG2);
+ PRE_REG_READ2(long, "landlock_create_ruleset",
+ int, ruleset_fd, vki_uint32_t, flags);
+ if (!ML_(fd_allowed)(ARG1, "landlock_restrict_self", tid, False))
+ SET_STATUS_Failure(VKI_EBADF);
+}
+
PRE(sys_memfd_secret)
{
PRINT("sys_memfd_secret ( %#" FMT_REGWORD "x )", ARG1);
LINXY(__NR_epoll_pwait2, sys_epoll_pwait2), // 441
+ LINXY(__NR_landlock_create_ruleset, sys_landlock_create_ruleset), // 444
+ LINX_(__NR_landlock_add_rule, sys_landlock_add_rule), // 445
+ LINX_(__NR_landlock_restrict_self, sys_landlock_restrict_self), // 446
+
LINX_(__NR_fchmodat2, sys_fchmodat2), // 452
};
LINXY (__NR_openat2, sys_openat2),
LINXY (__NR_pidfd_getfd, sys_pidfd_getfd),
LINX_ (__NR_faccessat2, sys_faccessat2),
- LINXY(__NR_epoll_pwait2, sys_epoll_pwait2),
+ LINXY (__NR_epoll_pwait2, sys_epoll_pwait2),
+ LINXY (__NR_landlock_create_ruleset, sys_landlock_create_ruleset),
+ LINX_ (__NR_landlock_add_rule, sys_landlock_add_rule),
+ LINX_ (__NR_landlock_restrict_self, sys_landlock_restrict_self),
LINX_ (__NR_fchmodat2, sys_fchmodat2),
};
LINXY(__NR_pidfd_getfd, sys_pidfd_getfd),
LINX_ (__NR_faccessat2, sys_faccessat2),
LINXY (__NR_epoll_pwait2, sys_epoll_pwait2),
+ LINXY (__NR_landlock_create_ruleset,sys_landlock_create_ruleset),
+ LINX_ (__NR_landlock_add_rule, sys_landlock_add_rule),
+ LINX_ (__NR_landlock_restrict_self, sys_landlock_restrict_self),
LINX_ (__NR_fchmodat2, sys_fchmodat2),
};
LINXY (__NR_epoll_pwait2, sys_epoll_pwait2), // 441
+ LINXY(__NR_landlock_create_ruleset, sys_landlock_create_ruleset), // 444
+ LINX_(__NR_landlock_add_rule, sys_landlock_add_rule), // 445
+ LINX_(__NR_landlock_restrict_self, sys_landlock_restrict_self), // 446
+
LINX_ (__NR_fchmodat2, sys_fchmodat2), // 452
};
LINXY (__NR_epoll_pwait2, sys_epoll_pwait2), // 441
+ LINXY(__NR_landlock_create_ruleset, sys_landlock_create_ruleset), // 444
+ LINX_(__NR_landlock_add_rule, sys_landlock_add_rule), // 445
+ LINX_(__NR_landlock_restrict_self, sys_landlock_restrict_self), // 446
+
LINX_ (__NR_fchmodat2, sys_fchmodat2), // 452
};
LINXY(__NR_epoll_pwait2, sys_epoll_pwait2), // 441
+ LINXY(__NR_landlock_create_ruleset, sys_landlock_create_ruleset), // 444
+ LINX_(__NR_landlock_add_rule, sys_landlock_add_rule), // 445
+ LINX_(__NR_landlock_restrict_self, sys_landlock_restrict_self), // 446
+
LINXY(__NR_memfd_secret, sys_memfd_secret), // 447
LINX_ (__NR_fchmodat2, sys_fchmodat2), // 452
LINXY(__NR_epoll_pwait2, sys_epoll_pwait2), // 441
+ LINXY(__NR_landlock_create_ruleset, sys_landlock_create_ruleset), // 444
+ LINX_(__NR_landlock_add_rule, sys_landlock_add_rule), // 445
+ LINX_(__NR_landlock_restrict_self, sys_landlock_restrict_self), // 446
+
LINXY(__NR_memfd_secret, sys_memfd_secret), // 447
LINX_(__NR_fchmodat2, sys_fchmodat2), // 452
vki/vki-xen-xsm.h \
vki/vki-xen-x86.h \
vki/vki-linux-drm.h \
- vki/vki-linux-io_uring.h
+ vki/vki-linux-io_uring.h \
+ vki/vki-linux-landlock.h
# include "vki/vki-linux.h"
# include "vki/vki-linux-drm.h"
# include "vki/vki-linux-io_uring.h"
+# include "vki/vki-linux-landlock.h"
#elif defined(VGO_darwin)
# include "vki/vki-darwin.h"
#elif defined(VGO_solaris)
--- /dev/null
+/*
+ This file is part of Valgrind, a dynamic binary instrumentation framework.
+
+ Copyright (C) 2024 Peter Seiderer <ps.report@gmx.net>
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+ The GNU General Public License is contained in the file COPYING.
+*/
+#ifndef __VKI_LANDLOCK_H
+#define __VKI_LANDLOCK_H
+
+// Derived from linux-6.9.7/include/uapi/linux/landlock.h
+struct vki_landlock_ruleset_attr {
+ __vki_u64 handled_access_fs;
+ __vki_u64 handled_access_net;
+};
+
+enum vki_landlock_rule_type {
+ VKI_LANDLOCK_RULE_PATH_BENEATH = 1,
+ VKI_LANDLOCK_RULE_NET_PORT,
+};
+
+#define VKI_LANDLOCK_CREATE_RULESET_VERSION 1
+
+#endif
#define __NR_epoll_pwait2 441
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
+
#define __NR_memfd_secret 447
#define __NR_fchmodat2 452