From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:43865) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SQQWp-0003oP-5l for qemu-devel@nongnu.org; Fri, 04 May 2012 17:59:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SQQWm-0007y1-9L for qemu-devel@nongnu.org; Fri, 04 May 2012 17:59:06 -0400 Received: from cantor2.suse.de ([195.135.220.15]:57944 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SQQWl-0007ui-VD for qemu-devel@nongnu.org; Fri, 04 May 2012 17:59:04 -0400 Message-ID: <4FA45124.4050207@suse.de> Date: Fri, 04 May 2012 23:59:00 +0200 From: =?ISO-8859-15?Q?Andreas_F=E4rber?= MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eduardo Otubo Cc: qemu-devel@nongnu.org Am 04.05.2012 21:08, schrieb Eduardo Otubo: > I added a syscall struct using priority levels as described in the libs= eccomp > man page. The priority numbers are based to the frequency they appear i= n a > sample strace from a regular qemu guest run under libvirt. >=20 > Libseccomp generates linear BPF code to filter system calls, those rule= s are > read one after another. The priority system places the most common rule= s first > in order to reduce the overhead when processing them. >=20 > Also, since this is just a first RFC, the whitelist is a little raw. We= might > need your help to improve, test and fine tune the set of system calls. >=20 > Signed-off-by: Eduardo Otubo > --- > vl.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++++++ > 1 file changed, 81 insertions(+) >=20 > diff --git a/vl.c b/vl.c > index ae91a8a..e23838b 100644 > --- a/vl.c > +++ b/vl.c > @@ -63,6 +63,9 @@ > =20 > #include > #include > +#ifdef CONFIG_LIBSECCOMP > +#include > +#endif > #endif > #ifdef __sun__ > #include > @@ -175,6 +178,8 @@ int main(int argc, char **argv) > =20 > #define MAX_VIRTIO_CONSOLES 1 > =20 > +static int seccomp_start(void); You haven't tested this without libseccomp apparently? Other than that mostly some Coding Style issues... > + > static const char *data_dir; > const char *bios_name =3D NULL; > enum vga_retrace_method vga_retrace_method =3D VGA_RETRACE_DUMB; > @@ -313,6 +318,75 @@ static int default_driver_check(QemuOpts *opts, vo= id *opaque) > return 0; > } > =20 > +#ifdef CONFIG_LIBSECCOMP > +struct qemu_seccomp_syscall { Struct names are expected to be CamelCase. > + int32_t num; > + uint8_t priority; > +}; > + > +static struct qemu_seccomp_syscall seccomp_whitelist[] =3D { > + {SCMP_SYS(timer_settime), 255}, Spaces inside braces please. > + {SCMP_SYS(timer_gettime), 254}, > + {SCMP_SYS(futex), 253}, > + {SCMP_SYS(select), 252}, > + {SCMP_SYS(recvfrom), 251}, > + {SCMP_SYS(sendto), 250}, > + {SCMP_SYS(read), 249}, > + {SCMP_SYS(brk), 248}, > + {SCMP_SYS(clone), 247}, > + {SCMP_SYS(mmap), 247}, > + {SCMP_SYS(mprotect), 246}, > + {SCMP_SYS(rt_sigprocmask), 245}, > + {SCMP_SYS(write), 244}, > + {SCMP_SYS(fcntl), 243}, > + {SCMP_SYS(tgkill), 242}, > + {SCMP_SYS(rt_sigaction), 242}, > + {SCMP_SYS(pipe2), 242}, > + {SCMP_SYS(munmap), 242}, > + {SCMP_SYS(mremap), 242}, > + {SCMP_SYS(getsockname), 242}, > + {SCMP_SYS(getpeername), 242}, > + {SCMP_SYS(fdatasync), 242}, > + {SCMP_SYS(close), 242} > +}; > + > +#define seccomp_whitelist_count \ > + (sizeof(seccomp_whitelist)/sizeof(seccomp_whitelist[0])) Please just use the ARRAY_SIZE() macro inline. > + > +int seccomp_start(void) > +{ > + int rc =3D 0; > + unsigned int i =3D 0; > + > + rc =3D seccomp_init(SCMP_ACT_KILL); > + if (rc < 0) { > + goto seccomp_return; > + } > + > + for (i =3D 0; i < seccomp_whitelist_count; i++) { > + rc =3D seccomp_rule_add(SCMP_ACT_ALLOW, seccomp_whitelist[i].n= um, 0); > + if (rc < 0) { > + goto seccomp_return; > + } > + rc =3D seccomp_syscall_priority(seccomp_whitelist[i].num, > + seccomp_whitelist[i].priority); > + if (rc < 0) { > + goto seccomp_return; > + } > + } > + > + rc =3D seccomp_load(); > + > + seccomp_return: > + seccomp_release(); > + if (rc < 0) { > + fprintf(stderr, > + "ERROR: failed to configure the seccomp syscall filter= in the kernel"); \n missing. > + } > + return rc; > +} > +#endif > + > /***********************************************************/ > /* QEMU state */ > =20 > @@ -2257,6 +2331,13 @@ int qemu_init_main_loop(void) > =20 > int main(int argc, char **argv, char **envp) > { > + > +#ifdef CONFIG_LIBSECCOMP > + if (seccomp_start() < 0) { > + exit(1); This is inconsistent: Either exit() within seccomp_start() where you print the error message, or move the fprintf() here. > + } > +#endif This is adding code before the variable declaration block, please move to after. > + > int i; > int snapshot, linux_boot; > const char *icount_option =3D NULL; Andreas --=20 SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 N=FCrnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imend=F6rffer; HRB 16746 AG N=FCrnbe= rg