bdf2sfd

BDF to SFD converter, allowing to vectorize bitmap fonts
Log | Files | Refs | README | LICENSE

commit 8278778e551b44e1d03a776a80328568f4b385b8
parent 85c5f28d8e2e818491704f77fe0879ea19822510
Author: Frederic Cambus <fred@statdns.com>
Date:   Tue, 23 Jun 2020 21:16:02 +0200

Validate architectures for seccomp.

Seccomp support has only been tested on amd64 and aarch64 architectures.

Diffstat:
Msrc/seccomp.h | 16+++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/seccomp.h b/src/seccomp.h @@ -4,7 +4,7 @@ * https://github.com/fcambus/bdf2sfd * * Created: 2019-11-21 - * Last Updated: 2020-06-09 + * Last Updated: 2020-06-23 * * bdf2sfd is released under the BSD 2-Clause license * See LICENSE file for details @@ -21,11 +21,25 @@ #include <linux/filter.h> #include <linux/seccomp.h> +#if defined(__x86_64__) +#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_X86_64 +#elif defined(__aarch64__) +#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_AARCH64 +#else +#error "Seccomp is only supported on amd64 and aarch64 architectures." +#endif + #define BDF2SFD_SYSCALL_ALLOW(syscall) \ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##syscall, 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) static struct sock_filter filter[] = { + /* Validate architecture */ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, arch)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SECCOMP_AUDIT_ARCH, 1, 0), + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL), + + /* Load syscall */ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)), BDF2SFD_SYSCALL_ALLOW(brk),