script_core 0.2.3 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (529) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +35 -57
  3. data/.ruby-version +1 -1
  4. data/Gemfile +2 -2
  5. data/README.md +7 -1
  6. data/ext/enterprise_script_service/Rakefile +1 -1
  7. data/ext/enterprise_script_service/libseccomp/.travis.yml +24 -12
  8. data/ext/enterprise_script_service/libseccomp/CHANGELOG +32 -0
  9. data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
  10. data/ext/enterprise_script_service/libseccomp/CREDITS +11 -0
  11. data/ext/enterprise_script_service/libseccomp/README.md +21 -1
  12. data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
  13. data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
  14. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
  15. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
  16. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
  17. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
  18. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
  19. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
  20. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
  21. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
  22. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
  23. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
  24. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
  25. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
  26. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
  27. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
  28. data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
  29. data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +19 -0
  30. data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
  31. data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
  32. data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
  33. data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
  34. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
  35. data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
  36. data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
  37. data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
  38. data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
  39. data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
  40. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
  41. data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
  42. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
  43. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
  44. data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
  45. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
  46. data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
  47. data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
  48. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
  49. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
  50. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
  51. data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
  52. data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
  53. data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
  54. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
  55. data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
  56. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
  57. data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
  58. data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
  59. data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
  60. data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
  61. data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
  62. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
  63. data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
  64. data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
  65. data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
  66. data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
  67. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
  68. data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
  69. data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
  70. data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
  71. data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
  72. data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
  73. data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
  74. data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
  75. data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
  76. data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
  77. data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
  78. data/ext/enterprise_script_service/libseccomp/tests/.gitignore +10 -2
  79. data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
  80. data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
  81. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
  82. data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
  83. data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +4 -3
  84. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
  85. data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
  86. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
  87. data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
  88. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
  89. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
  90. data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
  91. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
  92. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
  93. data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
  94. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
  95. data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
  96. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
  97. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
  98. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
  99. data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
  100. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
  101. data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
  102. data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
  103. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
  104. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
  105. data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
  106. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.c +48 -0
  107. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.py +38 -0
  108. data/ext/enterprise_script_service/libseccomp/tests/52-basic-load.tests +11 -0
  109. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
  110. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
  111. data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
  112. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
  113. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
  114. data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
  115. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
  116. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
  117. data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
  118. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
  119. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
  120. data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
  121. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
  122. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
  123. data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
  124. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
  125. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
  126. data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
  127. data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +34 -10
  128. data/ext/enterprise_script_service/libseccomp/tests/regression +10 -3
  129. data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
  130. data/ext/enterprise_script_service/libseccomp/tools/Makefile.am +0 -3
  131. data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
  132. data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
  133. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
  134. data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +4 -0
  135. data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
  136. data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
  137. data/ext/enterprise_script_service/mruby/.github/workflows/build.yml +149 -0
  138. data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +55 -0
  139. data/ext/enterprise_script_service/mruby/.github/workflows/lint.yml +23 -0
  140. data/ext/enterprise_script_service/mruby/.github/workflows/oss-fuzz.yml +27 -0
  141. data/ext/enterprise_script_service/mruby/.github/workflows/spell-checker.yml +17 -0
  142. data/ext/enterprise_script_service/mruby/.gitignore +3 -0
  143. data/ext/enterprise_script_service/mruby/.gitlab-ci.yml +3 -3
  144. data/ext/enterprise_script_service/mruby/.markdownlint.yml +16 -0
  145. data/ext/enterprise_script_service/mruby/.travis.yml +7 -10
  146. data/ext/enterprise_script_service/mruby/.yamllint +8 -0
  147. data/ext/enterprise_script_service/mruby/AUTHORS +4 -0
  148. data/ext/enterprise_script_service/mruby/CODEOWNERS +1 -0
  149. data/ext/enterprise_script_service/mruby/CONTRIBUTING.md +6 -13
  150. data/ext/enterprise_script_service/mruby/Doxyfile +4 -4
  151. data/ext/enterprise_script_service/mruby/LICENSE +1 -1
  152. data/ext/enterprise_script_service/mruby/Makefile +1 -1
  153. data/ext/enterprise_script_service/mruby/README.md +5 -11
  154. data/ext/enterprise_script_service/mruby/Rakefile +18 -108
  155. data/ext/enterprise_script_service/mruby/TODO.md +17 -0
  156. data/ext/enterprise_script_service/mruby/appveyor.yml +29 -26
  157. data/ext/enterprise_script_service/mruby/benchmark/bm_ao_render.rb +1 -1
  158. data/ext/enterprise_script_service/mruby/build_config.rb +9 -152
  159. data/ext/enterprise_script_service/mruby/{examples/targets/build_config_ArduinoDue.rb → build_config/ArduinoDue.rb} +4 -21
  160. data/ext/enterprise_script_service/mruby/{examples/targets/build_config_IntelEdison.rb → build_config/IntelEdison.rb} +4 -4
  161. data/ext/enterprise_script_service/mruby/{examples/targets/build_config_IntelGalileo.rb → build_config/IntelGalileo.rb} +3 -20
  162. data/ext/enterprise_script_service/mruby/{examples/targets/build_config_RX630.rb → build_config/RX630.rb} +4 -21
  163. data/ext/enterprise_script_service/mruby/build_config/android_arm64-v8a.rb +11 -0
  164. data/ext/enterprise_script_service/mruby/build_config/android_armeabi.rb +11 -0
  165. data/ext/enterprise_script_service/mruby/{examples/targets/build_config_android_armeabi_v7a_neon_hard.rb → build_config/android_armeabi_v7a_neon_hard.rb} +0 -15
  166. data/ext/enterprise_script_service/mruby/build_config/bench.rb +11 -0
  167. data/ext/enterprise_script_service/mruby/build_config/boxing.rb +21 -0
  168. data/ext/enterprise_script_service/mruby/{examples/targets/build_config_chipKITMax32.rb → build_config/chipKITMax32.rb} +4 -21
  169. data/ext/enterprise_script_service/mruby/{appveyor_config.rb → build_config/ci/gcc-clang.rb} +11 -8
  170. data/ext/enterprise_script_service/mruby/build_config/ci/msvc.rb +20 -0
  171. data/ext/enterprise_script_service/mruby/build_config/clang-asan.rb +11 -0
  172. data/ext/enterprise_script_service/mruby/build_config/cross-32bit.rb +14 -0
  173. data/ext/enterprise_script_service/mruby/build_config/default.rb +80 -0
  174. data/ext/enterprise_script_service/mruby/build_config/dreamcast_shelf.rb +94 -0
  175. data/ext/enterprise_script_service/mruby/build_config/gameboyadvance.rb +73 -0
  176. data/ext/enterprise_script_service/mruby/build_config/host-cxx.rb +12 -0
  177. data/ext/enterprise_script_service/mruby/build_config/host-debug.rb +20 -0
  178. data/ext/enterprise_script_service/mruby/build_config/host-gprof.rb +14 -0
  179. data/ext/enterprise_script_service/mruby/build_config/host-m32.rb +15 -0
  180. data/ext/enterprise_script_service/mruby/build_config/host-shared.rb +36 -0
  181. data/ext/enterprise_script_service/mruby/build_config/mrbc.rb +11 -0
  182. data/ext/enterprise_script_service/mruby/build_config/no-float.rb +17 -0
  183. data/ext/enterprise_script_service/mruby/doc/guides/compile.md +142 -49
  184. data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +5 -4
  185. data/ext/enterprise_script_service/mruby/doc/guides/gc-arena-howto.md +1 -1
  186. data/ext/enterprise_script_service/mruby/doc/guides/mrbconf.md +53 -30
  187. data/ext/enterprise_script_service/mruby/doc/guides/mrbgems.md +31 -14
  188. data/ext/enterprise_script_service/mruby/doc/guides/symbol.md +83 -0
  189. data/ext/enterprise_script_service/mruby/doc/limitations.md +35 -36
  190. data/ext/enterprise_script_service/mruby/doc/mruby3.md +163 -0
  191. data/ext/enterprise_script_service/mruby/doc/opcode.md +102 -103
  192. data/ext/enterprise_script_service/mruby/examples/mrbgems/c_and_ruby_extension_example/mrblib/example.rb +1 -1
  193. data/ext/enterprise_script_service/mruby/examples/mrbgems/c_and_ruby_extension_example/src/example.c +5 -1
  194. data/ext/enterprise_script_service/mruby/examples/mrbgems/c_extension_example/src/example.c +5 -1
  195. data/ext/enterprise_script_service/mruby/examples/mrbgems/ruby_extension_example/mrblib/example.rb +1 -1
  196. data/ext/enterprise_script_service/mruby/include/mrbconf.h +88 -66
  197. data/ext/enterprise_script_service/mruby/include/mruby.h +160 -104
  198. data/ext/enterprise_script_service/mruby/include/mruby/array.h +27 -6
  199. data/ext/enterprise_script_service/mruby/include/mruby/boxing_nan.h +80 -46
  200. data/ext/enterprise_script_service/mruby/include/mruby/boxing_no.h +8 -8
  201. data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +76 -55
  202. data/ext/enterprise_script_service/mruby/include/mruby/class.h +10 -8
  203. data/ext/enterprise_script_service/mruby/include/mruby/common.h +14 -1
  204. data/ext/enterprise_script_service/mruby/include/mruby/compile.h +20 -6
  205. data/ext/enterprise_script_service/mruby/include/mruby/debug.h +2 -2
  206. data/ext/enterprise_script_service/mruby/include/mruby/dump.h +18 -52
  207. data/ext/enterprise_script_service/mruby/include/mruby/endian.h +44 -0
  208. data/ext/enterprise_script_service/mruby/include/mruby/error.h +39 -5
  209. data/ext/enterprise_script_service/mruby/include/mruby/gc.h +1 -0
  210. data/ext/enterprise_script_service/mruby/include/mruby/hash.h +33 -13
  211. data/ext/enterprise_script_service/mruby/include/mruby/irep.h +74 -14
  212. data/ext/enterprise_script_service/mruby/include/mruby/istruct.h +4 -1
  213. data/ext/enterprise_script_service/mruby/include/mruby/khash.h +19 -9
  214. data/ext/enterprise_script_service/mruby/include/mruby/numeric.h +37 -63
  215. data/ext/enterprise_script_service/mruby/include/mruby/opcode.h +1 -27
  216. data/ext/enterprise_script_service/mruby/include/mruby/ops.h +29 -24
  217. data/ext/enterprise_script_service/mruby/include/mruby/presym.h +40 -0
  218. data/ext/enterprise_script_service/mruby/include/mruby/presym/disable.h +70 -0
  219. data/ext/enterprise_script_service/mruby/include/mruby/presym/enable.h +37 -0
  220. data/ext/enterprise_script_service/mruby/include/mruby/presym/scanning.h +73 -0
  221. data/ext/enterprise_script_service/mruby/include/mruby/proc.h +93 -21
  222. data/ext/enterprise_script_service/mruby/include/mruby/string.h +12 -16
  223. data/ext/enterprise_script_service/mruby/include/mruby/throw.h +14 -3
  224. data/ext/enterprise_script_service/mruby/include/mruby/value.h +60 -59
  225. data/ext/enterprise_script_service/mruby/include/mruby/variable.h +1 -0
  226. data/ext/enterprise_script_service/mruby/include/mruby/version.h +25 -6
  227. data/ext/enterprise_script_service/mruby/lib/mruby/build.rb +198 -72
  228. data/ext/enterprise_script_service/mruby/lib/mruby/build/command.rb +71 -78
  229. data/ext/enterprise_script_service/mruby/lib/mruby/build/load_gems.rb +12 -10
  230. data/ext/enterprise_script_service/mruby/lib/{mruby-core-ext.rb → mruby/core_ext.rb} +10 -3
  231. data/ext/enterprise_script_service/mruby/lib/mruby/gem.rb +84 -32
  232. data/ext/enterprise_script_service/mruby/lib/mruby/lockfile.rb +1 -1
  233. data/ext/enterprise_script_service/mruby/lib/mruby/presym.rb +132 -0
  234. data/ext/enterprise_script_service/mruby/lib/mruby/source.rb +3 -1
  235. data/ext/enterprise_script_service/mruby/mrbgems/default-no-fpu.gembox +3 -0
  236. data/ext/enterprise_script_service/mruby/mrbgems/default-no-stdio.gembox +4 -0
  237. data/ext/enterprise_script_service/mruby/mrbgems/default.gembox +9 -81
  238. data/ext/enterprise_script_service/mruby/mrbgems/full-core.gembox +1 -4
  239. data/ext/enterprise_script_service/mruby/mrbgems/math.gembox +10 -0
  240. data/ext/enterprise_script_service/mruby/mrbgems/metaprog.gembox +15 -0
  241. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/mrblib/array.rb +1 -32
  242. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +10 -12
  243. data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/test/array.rb +0 -13
  244. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-config/mrbgem.rake +30 -18
  245. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-config/mruby-config +18 -8
  246. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/bintest/mrdb.rb +3 -6
  247. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/bintest/print.rb +10 -10
  248. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c +14 -9
  249. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apiprint.c +3 -2
  250. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c +4 -4
  251. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.h +2 -6
  252. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdbconf.h +6 -2
  253. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/bintest/mirb.rb +23 -5
  254. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/mrbgem.rake +11 -2
  255. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +46 -35
  256. data/ext/enterprise_script_service/mruby/mrbgems/{mruby-compiler → mruby-bin-mrbc}/bintest/mrbc.rb +0 -0
  257. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/mrbgem.rake +3 -4
  258. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +41 -28
  259. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/bintest/mruby.rb +25 -4
  260. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/mrbgem.rake +1 -2
  261. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c +26 -6
  262. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-strip/bintest/mruby-strip.rb +1 -1
  263. data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c +6 -2
  264. data/ext/enterprise_script_service/mruby/mrbgems/mruby-catch/mrbgem.rake +5 -0
  265. data/ext/enterprise_script_service/mruby/mrbgems/mruby-catch/mrblib/catch.rb +27 -0
  266. data/ext/enterprise_script_service/mruby/mrbgems/mruby-class-ext/src/class.c +7 -1
  267. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/codegen.c +495 -436
  268. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/keywords +5 -0
  269. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/lex.def +49 -44
  270. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/parse.y +637 -220
  271. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/core/y.tab.c +13734 -0
  272. data/ext/enterprise_script_service/mruby/mrbgems/mruby-compiler/mrbgem.rake +20 -23
  273. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +2 -2
  274. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +9 -9
  275. data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/test/complex.rb +4 -4
  276. data/ext/enterprise_script_service/mruby/mrbgems/mruby-enumerator/mrblib/enumerator.rb +1 -0
  277. data/ext/enterprise_script_service/mruby/mrbgems/mruby-enumerator/test/enumerator.rb +2 -2
  278. data/ext/enterprise_script_service/mruby/mrbgems/mruby-error/mrbgem.rake +2 -2
  279. data/ext/enterprise_script_service/mruby/mrbgems/mruby-error/src/exception.c +3 -3
  280. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +19 -238
  281. data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/test/eval.rb +21 -0
  282. data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +19 -15
  283. data/ext/enterprise_script_service/mruby/mrbgems/mruby-hash-ext/src/hash-ext.c +31 -5
  284. data/ext/enterprise_script_service/mruby/mrbgems/mruby-hash-ext/test/hash.rb +7 -0
  285. data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +5 -6
  286. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/README.md +18 -16
  287. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/include/mruby/ext/io.h +39 -7
  288. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrbgem.rake +2 -8
  289. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/file.rb +9 -4
  290. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/file_constants.rb +0 -16
  291. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/mrblib/io.rb +9 -14
  292. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +107 -59
  293. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +22 -38
  294. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +417 -203
  295. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/file.rb +20 -12
  296. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/io.rb +33 -2
  297. data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/test/mruby_io_test.c +58 -50
  298. data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +13 -14
  299. data/ext/enterprise_script_service/mruby/mrbgems/mruby-math/src/math.c +13 -12
  300. data/ext/enterprise_script_service/mruby/mrbgems/mruby-math/test/math.rb +5 -4
  301. data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/src/metaprog.c +56 -73
  302. data/ext/enterprise_script_service/mruby/mrbgems/mruby-metaprog/test/metaprog.rb +13 -4
  303. data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/README.md +4 -3
  304. data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +80 -78
  305. data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/test/method.rb +4 -4
  306. data/ext/enterprise_script_service/mruby/mrbgems/mruby-numeric-ext/src/numeric_ext.c +14 -13
  307. data/ext/enterprise_script_service/mruby/mrbgems/mruby-object-ext/src/object.c +8 -16
  308. data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +18 -13
  309. data/ext/enterprise_script_service/mruby/mrbgems/mruby-os-memsize/mrbgem.rake +10 -0
  310. data/ext/enterprise_script_service/mruby/mrbgems/mruby-os-memsize/src/memsize.c +231 -0
  311. data/ext/enterprise_script_service/mruby/mrbgems/mruby-os-memsize/test/memsize.rb +63 -0
  312. data/ext/enterprise_script_service/mruby/mrbgems/mruby-pack/README.md +15 -18
  313. data/ext/enterprise_script_service/mruby/mrbgems/mruby-pack/src/pack.c +120 -67
  314. data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/mrblib/print.rb +1 -30
  315. data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +65 -26
  316. data/ext/enterprise_script_service/mruby/mrbgems/mruby-proc-ext/src/proc.c +34 -21
  317. data/ext/enterprise_script_service/mruby/mrbgems/mruby-proc-ext/test/proc.c +1 -1
  318. data/ext/enterprise_script_service/mruby/mrbgems/mruby-random/src/random.c +98 -43
  319. data/ext/enterprise_script_service/mruby/mrbgems/mruby-random/test/random.rb +2 -2
  320. data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/mrblib/range.rb +39 -6
  321. data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +21 -43
  322. data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/test/range.rb +27 -3
  323. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +12 -20
  324. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/src/rational.c +216 -38
  325. data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/test/rational.rb +6 -6
  326. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sleep/README.md +6 -4
  327. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sleep/src/mrb_sleep.c +5 -5
  328. data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/README.md +3 -2
  329. data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/mrbgem.rake +1 -1
  330. data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/src/socket.c +47 -45
  331. data/ext/enterprise_script_service/mruby/mrbgems/mruby-socket/test/sockettest.c +3 -2
  332. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +161 -93
  333. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/test/sprintf.rb +9 -25
  334. data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/mrblib/string.rb +23 -1
  335. data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +17 -14
  336. data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/mrblib/struct.rb +1 -1
  337. data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +23 -36
  338. data/ext/enterprise_script_service/mruby/mrbgems/mruby-symbol-ext/src/symbol.c +7 -6
  339. data/ext/enterprise_script_service/mruby/mrbgems/mruby-symbol-ext/test/symbol.rb +1 -1
  340. data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/README.md +0 -1
  341. data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/driver.c +5 -5
  342. data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/mrbgem.rake +17 -44
  343. data/ext/enterprise_script_service/mruby/mrbgems/mruby-test/vformat.c +4 -4
  344. data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +37 -41
  345. data/ext/enterprise_script_service/mruby/mrbgems/stdlib-ext.gembox +18 -0
  346. data/ext/enterprise_script_service/mruby/mrbgems/stdlib-io.gembox +12 -0
  347. data/ext/enterprise_script_service/mruby/mrbgems/stdlib.gembox +54 -0
  348. data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
  349. data/ext/enterprise_script_service/mruby/mrblib/10error.rb +4 -0
  350. data/ext/enterprise_script_service/mruby/mrblib/array.rb +17 -9
  351. data/ext/enterprise_script_service/mruby/mrblib/enum.rb +1 -1
  352. data/ext/enterprise_script_service/mruby/mrblib/hash.rb +3 -23
  353. data/ext/enterprise_script_service/mruby/mrblib/init_mrblib.c +0 -11
  354. data/ext/enterprise_script_service/mruby/mrblib/numeric.rb +36 -11
  355. data/ext/enterprise_script_service/mruby/mrblib/range.rb +25 -3
  356. data/ext/enterprise_script_service/mruby/oss-fuzz/mruby_proto_fuzzer.cpp +2 -2
  357. data/ext/enterprise_script_service/mruby/oss-fuzz/proto_to_ruby.h +1 -1
  358. data/ext/enterprise_script_service/mruby/src/array.c +67 -90
  359. data/ext/enterprise_script_service/mruby/src/backtrace.c +18 -19
  360. data/ext/enterprise_script_service/mruby/src/class.c +819 -211
  361. data/ext/enterprise_script_service/mruby/src/codedump.c +226 -197
  362. data/ext/enterprise_script_service/mruby/src/debug.c +14 -11
  363. data/ext/enterprise_script_service/mruby/src/dump.c +470 -207
  364. data/ext/enterprise_script_service/mruby/src/enum.c +1 -1
  365. data/ext/enterprise_script_service/mruby/src/error.c +94 -20
  366. data/ext/enterprise_script_service/mruby/src/etc.c +56 -39
  367. data/ext/enterprise_script_service/mruby/src/fmt_fp.c +103 -27
  368. data/ext/enterprise_script_service/mruby/src/gc.c +86 -349
  369. data/ext/enterprise_script_service/mruby/src/hash.c +1058 -723
  370. data/ext/enterprise_script_service/mruby/src/kernel.c +78 -226
  371. data/ext/enterprise_script_service/mruby/src/load.c +215 -159
  372. data/ext/enterprise_script_service/mruby/src/numeric.c +400 -382
  373. data/ext/enterprise_script_service/mruby/src/object.c +115 -90
  374. data/ext/enterprise_script_service/mruby/src/print.c +31 -6
  375. data/ext/enterprise_script_service/mruby/src/proc.c +56 -45
  376. data/ext/enterprise_script_service/mruby/src/range.c +49 -33
  377. data/ext/enterprise_script_service/mruby/src/state.c +58 -42
  378. data/ext/enterprise_script_service/mruby/src/string.c +151 -156
  379. data/ext/enterprise_script_service/mruby/src/symbol.c +132 -66
  380. data/ext/enterprise_script_service/mruby/src/value_array.h +1 -0
  381. data/ext/enterprise_script_service/mruby/src/variable.c +158 -158
  382. data/ext/enterprise_script_service/mruby/src/vm.c +655 -645
  383. data/ext/enterprise_script_service/mruby/tasks/benchmark.rake +6 -6
  384. data/ext/enterprise_script_service/mruby/tasks/bin.rake +23 -0
  385. data/ext/enterprise_script_service/mruby/tasks/core.rake +12 -0
  386. data/ext/enterprise_script_service/mruby/tasks/doc.rake +50 -38
  387. data/ext/enterprise_script_service/mruby/tasks/gitlab.rake +64 -61
  388. data/ext/enterprise_script_service/mruby/tasks/libmruby.rake +10 -1
  389. data/ext/enterprise_script_service/mruby/tasks/mrbgems.rake +13 -1
  390. data/ext/enterprise_script_service/mruby/tasks/mrblib.rake +40 -0
  391. data/ext/enterprise_script_service/mruby/tasks/presym.rake +44 -0
  392. data/ext/enterprise_script_service/mruby/tasks/test.rake +68 -0
  393. data/ext/enterprise_script_service/mruby/tasks/toolchains/android.rake +46 -1
  394. data/ext/enterprise_script_service/mruby/tasks/toolchains/gcc.rake +8 -7
  395. data/ext/enterprise_script_service/mruby/tasks/toolchains/openwrt.rake +13 -17
  396. data/ext/enterprise_script_service/mruby/tasks/toolchains/visualcpp.rake +21 -25
  397. data/ext/enterprise_script_service/mruby/test/assert.rb +5 -4
  398. data/ext/enterprise_script_service/mruby/test/bintest.rb +5 -5
  399. data/ext/enterprise_script_service/mruby/test/t/argumenterror.rb +16 -0
  400. data/ext/enterprise_script_service/mruby/test/t/array.rb +7 -3
  401. data/ext/enterprise_script_service/mruby/test/t/bs_literal.rb +1 -1
  402. data/ext/enterprise_script_service/mruby/test/t/ensure.rb +8 -26
  403. data/ext/enterprise_script_service/mruby/test/t/exception.rb +2 -2
  404. data/ext/enterprise_script_service/mruby/test/t/float.rb +18 -8
  405. data/ext/enterprise_script_service/mruby/test/t/hash.rb +903 -281
  406. data/ext/enterprise_script_service/mruby/test/t/integer.rb +10 -38
  407. data/ext/enterprise_script_service/mruby/test/t/kernel.rb +16 -25
  408. data/ext/enterprise_script_service/mruby/test/t/literals.rb +50 -0
  409. data/ext/enterprise_script_service/mruby/test/t/module.rb +2 -2
  410. data/ext/enterprise_script_service/mruby/test/t/numeric.rb +1 -1
  411. data/ext/enterprise_script_service/mruby/test/t/range.rb +83 -1
  412. data/ext/enterprise_script_service/mruby/test/t/string.rb +4 -0
  413. data/ext/enterprise_script_service/mruby/test/t/superclass.rb +10 -10
  414. data/ext/enterprise_script_service/mruby/test/t/syntax.rb +24 -0
  415. data/ext/enterprise_script_service/mruby/test/t/vformat.rb +3 -3
  416. data/ext/enterprise_script_service/mruby_config.rb +2 -5
  417. data/ext/enterprise_script_service/mruby_engine.cpp +1 -1
  418. data/ext/enterprise_script_service/msgpack/.github/depends/boost.sh +56 -0
  419. data/ext/enterprise_script_service/msgpack/.github/workflows/coverage.yml +62 -0
  420. data/ext/enterprise_script_service/msgpack/.github/workflows/gha.yml +304 -0
  421. data/ext/enterprise_script_service/msgpack/CHANGELOG.md +11 -0
  422. data/ext/enterprise_script_service/msgpack/CMakeLists.txt +82 -39
  423. data/ext/enterprise_script_service/msgpack/Files.cmake +22 -12
  424. data/ext/enterprise_script_service/msgpack/QUICKSTART-C.md +26 -29
  425. data/ext/enterprise_script_service/msgpack/README.md +3 -2
  426. data/ext/enterprise_script_service/msgpack/appveyor.yml +6 -2
  427. data/ext/enterprise_script_service/msgpack/ci/build_cmake.sh +3 -1
  428. data/ext/enterprise_script_service/msgpack/cmake/CodeCoverage.cmake +55 -0
  429. data/ext/enterprise_script_service/msgpack/codecov.yml +36 -0
  430. data/ext/enterprise_script_service/msgpack/example/CMakeLists.txt +9 -5
  431. data/ext/enterprise_script_service/msgpack/example/boost/CMakeLists.txt +1 -1
  432. data/ext/enterprise_script_service/msgpack/example/c/CMakeLists.txt +17 -6
  433. data/ext/enterprise_script_service/msgpack/example/c/boundary.c +296 -0
  434. data/ext/enterprise_script_service/msgpack/example/c/jsonconv.c +419 -0
  435. data/ext/enterprise_script_service/msgpack/example/c/simple_c.c +1 -1
  436. data/ext/enterprise_script_service/msgpack/example/cpp03/CMakeLists.txt +3 -3
  437. data/ext/enterprise_script_service/msgpack/example/cpp11/CMakeLists.txt +2 -2
  438. data/ext/enterprise_script_service/msgpack/example/x3/CMakeLists.txt +2 -2
  439. data/ext/enterprise_script_service/msgpack/include/msgpack/pack.h +24 -1
  440. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/array_ref.hpp +5 -4
  441. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/boost/optional.hpp +4 -4
  442. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/cpp17/vector_byte.hpp +8 -8
  443. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/map.hpp +4 -4
  444. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector.hpp +4 -4
  445. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_char.hpp +8 -8
  446. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/vector_unsigned_char.hpp +8 -8
  447. data/ext/enterprise_script_service/msgpack/include/msgpack/v1/adaptor/wstring.hpp +4 -4
  448. data/ext/enterprise_script_service/msgpack/include/msgpack/v3/unpack.hpp +6 -6
  449. data/ext/enterprise_script_service/msgpack/include/msgpack/version_master.h +2 -2
  450. data/ext/enterprise_script_service/msgpack/include/msgpack/zbuffer.h +4 -4
  451. data/ext/enterprise_script_service/msgpack/make_file_list.sh +38 -11
  452. data/ext/enterprise_script_service/msgpack/src/vrefbuffer.c +6 -0
  453. data/ext/enterprise_script_service/msgpack/test/CMakeLists.txt +86 -64
  454. data/ext/enterprise_script_service/msgpack/test/array_ref.cpp +4 -0
  455. data/ext/enterprise_script_service/msgpack/test/boost_fusion.cpp +4 -0
  456. data/ext/enterprise_script_service/msgpack/test/boost_optional.cpp +4 -0
  457. data/ext/enterprise_script_service/msgpack/test/boost_string_ref.cpp +4 -1
  458. data/ext/enterprise_script_service/msgpack/test/boost_string_view.cpp +4 -0
  459. data/ext/enterprise_script_service/msgpack/test/boost_variant.cpp +4 -0
  460. data/ext/enterprise_script_service/msgpack/test/buffer.cpp +4 -47
  461. data/ext/enterprise_script_service/msgpack/test/buffer_c.cpp +148 -0
  462. data/ext/enterprise_script_service/msgpack/test/carray.cpp +4 -0
  463. data/ext/enterprise_script_service/msgpack/test/cases.cpp +8 -4
  464. data/ext/enterprise_script_service/msgpack/test/convert.cpp +8 -4
  465. data/ext/enterprise_script_service/msgpack/test/fixint.cpp +4 -0
  466. data/ext/enterprise_script_service/msgpack/test/fixint_c.cpp +4 -0
  467. data/ext/enterprise_script_service/msgpack/test/fuzz_unpack_pack_fuzzer_cpp11.cpp +4 -0
  468. data/ext/enterprise_script_service/msgpack/test/iterator_cpp11.cpp +4 -0
  469. data/ext/enterprise_script_service/msgpack/test/json.cpp +4 -0
  470. data/ext/enterprise_script_service/msgpack/test/limit.cpp +8 -4
  471. data/ext/enterprise_script_service/msgpack/test/msgpack_basic.cpp +4 -0
  472. data/ext/enterprise_script_service/msgpack/test/msgpack_c.cpp +159 -0
  473. data/ext/enterprise_script_service/msgpack/test/msgpack_container.cpp +4 -0
  474. data/ext/enterprise_script_service/msgpack/test/msgpack_cpp11.cpp +32 -27
  475. data/ext/enterprise_script_service/msgpack/test/msgpack_cpp17.cpp +4 -0
  476. data/ext/enterprise_script_service/msgpack/test/msgpack_stream.cpp +4 -0
  477. data/ext/enterprise_script_service/msgpack/test/msgpack_tuple.cpp +4 -1
  478. data/ext/enterprise_script_service/msgpack/test/msgpack_vref.cpp +4 -0
  479. data/ext/enterprise_script_service/msgpack/test/msgpack_x3_parse.cpp +4 -0
  480. data/ext/enterprise_script_service/msgpack/test/object.cpp +4 -1
  481. data/ext/enterprise_script_service/msgpack/test/object_with_zone.cpp +12 -8
  482. data/ext/enterprise_script_service/msgpack/test/pack_unpack.cpp +30 -26
  483. data/ext/enterprise_script_service/msgpack/test/pack_unpack_c.cpp +4 -0
  484. data/ext/enterprise_script_service/msgpack/test/raw.cpp +4 -0
  485. data/ext/enterprise_script_service/msgpack/test/reference.cpp +4 -0
  486. data/ext/enterprise_script_service/msgpack/test/reference_cpp11.cpp +4 -0
  487. data/ext/enterprise_script_service/msgpack/test/reference_wrapper_cpp11.cpp +4 -0
  488. data/ext/enterprise_script_service/msgpack/test/shared_ptr_cpp11.cpp +4 -0
  489. data/ext/enterprise_script_service/msgpack/test/size_equal_only.cpp +4 -0
  490. data/ext/enterprise_script_service/msgpack/test/streaming.cpp +8 -4
  491. data/ext/enterprise_script_service/msgpack/test/streaming_c.cpp +4 -0
  492. data/ext/enterprise_script_service/msgpack/test/unique_ptr_cpp11.cpp +4 -0
  493. data/ext/enterprise_script_service/msgpack/test/user_class.cpp +16 -12
  494. data/ext/enterprise_script_service/msgpack/test/version.cpp +4 -0
  495. data/ext/enterprise_script_service/msgpack/test/visitor.cpp +4 -0
  496. data/ext/enterprise_script_service/msgpack/test/zone.cpp +4 -0
  497. data/lib/script_core/engine.rb +24 -5
  498. data/lib/script_core/executable.rb +4 -3
  499. data/lib/script_core/version.rb +1 -1
  500. data/lib/tasks/script_core.rake +3 -1
  501. data/script_core.gemspec +1 -2
  502. data/spec/dummy/app/lib/script_engine.rb +64 -5
  503. data/spec/script_core_spec.rb +13 -0
  504. metadata +123 -61
  505. data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
  506. data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
  507. data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
  508. data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
  509. data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
  510. data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
  511. data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
  512. data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
  513. data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -626
  514. data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -626
  515. data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
  516. data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
  517. data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
  518. data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
  519. data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
  520. data/ext/enterprise_script_service/mruby/TODO +0 -8
  521. data/ext/enterprise_script_service/mruby/benchmark/build_config_boxing.rb +0 -28
  522. data/ext/enterprise_script_service/mruby/examples/targets/build_config_android_arm64-v8a.rb +0 -26
  523. data/ext/enterprise_script_service/mruby/examples/targets/build_config_android_armeabi.rb +0 -26
  524. data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/kernel.c +0 -30
  525. data/ext/enterprise_script_service/mruby/mrblib/mrblib.rake +0 -18
  526. data/ext/enterprise_script_service/mruby/src/crc.c +0 -39
  527. data/ext/enterprise_script_service/mruby/src/mruby_core.rake +0 -19
  528. data/ext/enterprise_script_service/mruby/travis_config.rb +0 -54
  529. data/ext/enterprise_script_service/msgpack/.travis.yml +0 -258
@@ -26,14 +26,48 @@
26
26
  #include "arch.h"
27
27
  #include "arch-x32.h"
28
28
 
29
+ /**
30
+ * Resolve a syscall name to a number
31
+ * @param name the syscall name
32
+ *
33
+ * Resolve the given syscall name to the syscall number using the syscall table.
34
+ * Returns the syscall number on success, including negative pseudo syscall
35
+ * numbers; returns __NR_SCMP_ERROR on failure.
36
+ *
37
+ */
38
+ int x32_syscall_resolve_name_munge(const char *name)
39
+ {
40
+ int sys;
41
+
42
+ sys = x32_syscall_resolve_name(name);
43
+ if (sys == __NR_SCMP_ERROR)
44
+ return sys;
45
+
46
+ return (sys | X32_SYSCALL_BIT);
47
+ }
48
+
49
+ /**
50
+ * Resolve a syscall number to a name
51
+ * @param num the syscall number
52
+ *
53
+ * Resolve the given syscall number to the syscall name using the syscall table.
54
+ * Returns a pointer to the syscall name string on success, including pseudo
55
+ * syscall names; returns NULL on failure.
56
+ *
57
+ */
58
+ const char *x32_syscall_resolve_num_munge(int num)
59
+ {
60
+ return x32_syscall_resolve_num(num & (~X32_SYSCALL_BIT));
61
+ }
62
+
29
63
  const struct arch_def arch_def_x32 = {
30
64
  .token = SCMP_ARCH_X32,
31
65
  /* NOTE: this seems odd but the kernel treats x32 like x86_64 here */
32
66
  .token_bpf = AUDIT_ARCH_X86_64,
33
67
  .size = ARCH_SIZE_32,
34
68
  .endian = ARCH_ENDIAN_LITTLE,
35
- .syscall_resolve_name = x32_syscall_resolve_name,
36
- .syscall_resolve_num = x32_syscall_resolve_num,
69
+ .syscall_resolve_name = x32_syscall_resolve_name_munge,
70
+ .syscall_resolve_num = x32_syscall_resolve_num_munge,
37
71
  .syscall_rewrite = NULL,
38
72
  .rule_add = NULL,
39
73
  };
@@ -22,18 +22,10 @@
22
22
  #ifndef _ARCH_X32_H
23
23
  #define _ARCH_X32_H
24
24
 
25
- #include <inttypes.h>
26
-
27
25
  #include "arch.h"
28
- #include "system.h"
29
-
30
- #define X32_SYSCALL_BIT 0x40000000
31
-
32
- extern const struct arch_def arch_def_x32;
33
26
 
34
- int x32_syscall_resolve_name(const char *name);
35
- const char *x32_syscall_resolve_num(int num);
27
+ #define X32_SYSCALL_BIT 0x40000000
36
28
 
37
- const struct arch_syscall_def *x32_syscall_iterate(unsigned int spot);
29
+ ARCH_DECL(x32)
38
30
 
39
31
  #endif
@@ -24,6 +24,8 @@
24
24
  #include <string.h>
25
25
  #include <linux/audit.h>
26
26
 
27
+ #include "db.h"
28
+ #include "syscalls.h"
27
29
  #include "arch.h"
28
30
  #include "arch-x86.h"
29
31
 
@@ -31,16 +33,165 @@
31
33
  #define __x86_NR_socketcall 102
32
34
  #define __x86_NR_ipc 117
33
35
 
34
- const struct arch_def arch_def_x86 = {
35
- .token = SCMP_ARCH_X86,
36
- .token_bpf = AUDIT_ARCH_I386,
37
- .size = ARCH_SIZE_32,
38
- .endian = ARCH_ENDIAN_LITTLE,
39
- .syscall_resolve_name = x86_syscall_resolve_name,
40
- .syscall_resolve_num = x86_syscall_resolve_num,
41
- .syscall_rewrite = x86_syscall_rewrite,
42
- .rule_add = x86_rule_add,
43
- };
36
+ /**
37
+ * Resolve a syscall name to a number
38
+ * @param name the syscall name
39
+ *
40
+ * Resolve the given syscall name to the syscall number using the syscall table.
41
+ * Returns the syscall number on success, including negative pseudo syscall
42
+ * numbers; returns __NR_SCMP_ERROR on failure.
43
+ *
44
+ */
45
+ int x86_syscall_resolve_name_munge(const char *name)
46
+ {
47
+ if (strcmp(name, "accept") == 0)
48
+ return __PNR_accept;
49
+ else if (strcmp(name, "accept4") == 0)
50
+ return __PNR_accept4;
51
+ else if (strcmp(name, "bind") == 0)
52
+ return __PNR_bind;
53
+ else if (strcmp(name, "connect") == 0)
54
+ return __PNR_connect;
55
+ else if (strcmp(name, "getpeername") == 0)
56
+ return __PNR_getpeername;
57
+ else if (strcmp(name, "getsockname") == 0)
58
+ return __PNR_getsockname;
59
+ else if (strcmp(name, "getsockopt") == 0)
60
+ return __PNR_getsockopt;
61
+ else if (strcmp(name, "listen") == 0)
62
+ return __PNR_listen;
63
+ else if (strcmp(name, "recv") == 0)
64
+ return __PNR_recv;
65
+ else if (strcmp(name, "recvfrom") == 0)
66
+ return __PNR_recvfrom;
67
+ else if (strcmp(name, "recvmsg") == 0)
68
+ return __PNR_recvmsg;
69
+ else if (strcmp(name, "recvmmsg") == 0)
70
+ return __PNR_recvmmsg;
71
+ else if (strcmp(name, "send") == 0)
72
+ return __PNR_send;
73
+ else if (strcmp(name, "sendmsg") == 0)
74
+ return __PNR_sendmsg;
75
+ else if (strcmp(name, "sendmmsg") == 0)
76
+ return __PNR_sendmmsg;
77
+ else if (strcmp(name, "sendto") == 0)
78
+ return __PNR_sendto;
79
+ else if (strcmp(name, "setsockopt") == 0)
80
+ return __PNR_setsockopt;
81
+ else if (strcmp(name, "shutdown") == 0)
82
+ return __PNR_shutdown;
83
+ else if (strcmp(name, "socket") == 0)
84
+ return __PNR_socket;
85
+ else if (strcmp(name, "socketpair") == 0)
86
+ return __PNR_socketpair;
87
+
88
+ if (strcmp(name, "semop") == 0)
89
+ return __PNR_semop;
90
+ else if (strcmp(name, "semget") == 0)
91
+ return __PNR_semget;
92
+ else if (strcmp(name, "semctl") == 0)
93
+ return __PNR_semctl;
94
+ else if (strcmp(name, "semtimedop") == 0)
95
+ return __PNR_semtimedop;
96
+ else if (strcmp(name, "msgsnd") == 0)
97
+ return __PNR_msgsnd;
98
+ else if (strcmp(name, "msgrcv") == 0)
99
+ return __PNR_msgrcv;
100
+ else if (strcmp(name, "msgget") == 0)
101
+ return __PNR_msgget;
102
+ else if (strcmp(name, "msgctl") == 0)
103
+ return __PNR_msgctl;
104
+ else if (strcmp(name, "shmat") == 0)
105
+ return __PNR_shmat;
106
+ else if (strcmp(name, "shmdt") == 0)
107
+ return __PNR_shmdt;
108
+ else if (strcmp(name, "shmget") == 0)
109
+ return __PNR_shmget;
110
+ else if (strcmp(name, "shmctl") == 0)
111
+ return __PNR_shmctl;
112
+
113
+ return x86_syscall_resolve_name(name);
114
+ }
115
+
116
+ /**
117
+ * Resolve a syscall number to a name
118
+ * @param num the syscall number
119
+ *
120
+ * Resolve the given syscall number to the syscall name using the syscall table.
121
+ * Returns a pointer to the syscall name string on success, including pseudo
122
+ * syscall names; returns NULL on failure.
123
+ *
124
+ */
125
+ const char *x86_syscall_resolve_num_munge(int num)
126
+ {
127
+ if (num == __PNR_accept)
128
+ return "accept";
129
+ else if (num == __PNR_accept4)
130
+ return "accept4";
131
+ else if (num == __PNR_bind)
132
+ return "bind";
133
+ else if (num == __PNR_connect)
134
+ return "connect";
135
+ else if (num == __PNR_getpeername)
136
+ return "getpeername";
137
+ else if (num == __PNR_getsockname)
138
+ return "getsockname";
139
+ else if (num == __PNR_getsockopt)
140
+ return "getsockopt";
141
+ else if (num == __PNR_listen)
142
+ return "listen";
143
+ else if (num == __PNR_recv)
144
+ return "recv";
145
+ else if (num == __PNR_recvfrom)
146
+ return "recvfrom";
147
+ else if (num == __PNR_recvmsg)
148
+ return "recvmsg";
149
+ else if (num == __PNR_recvmmsg)
150
+ return "recvmmsg";
151
+ else if (num == __PNR_send)
152
+ return "send";
153
+ else if (num == __PNR_sendmsg)
154
+ return "sendmsg";
155
+ else if (num == __PNR_sendmmsg)
156
+ return "sendmmsg";
157
+ else if (num == __PNR_sendto)
158
+ return "sendto";
159
+ else if (num == __PNR_setsockopt)
160
+ return "setsockopt";
161
+ else if (num == __PNR_shutdown)
162
+ return "shutdown";
163
+ else if (num == __PNR_socket)
164
+ return "socket";
165
+ else if (num == __PNR_socketpair)
166
+ return "socketpair";
167
+
168
+ if (num == __PNR_semop)
169
+ return "semop";
170
+ else if (num == __PNR_semget)
171
+ return "semget";
172
+ else if (num == __PNR_semctl)
173
+ return "semctl";
174
+ else if (num == __PNR_semtimedop)
175
+ return "semtimedop";
176
+ else if (num == __PNR_msgsnd)
177
+ return "msgsnd";
178
+ else if (num == __PNR_msgrcv)
179
+ return "msgrcv";
180
+ else if (num == __PNR_msgget)
181
+ return "msgget";
182
+ else if (num == __PNR_msgctl)
183
+ return "msgctl";
184
+ else if (num == __PNR_shmat)
185
+ return "shmat";
186
+ else if (num == __PNR_shmdt)
187
+ return "shmdt";
188
+ else if (num == __PNR_shmget)
189
+ return "shmget";
190
+ else if (num == __PNR_shmctl)
191
+ return "shmctl";
192
+
193
+ return x86_syscall_resolve_num(num);
194
+ }
44
195
 
45
196
  /**
46
197
  * Convert a multiplexed pseudo syscall into a direct syscall
@@ -461,3 +612,14 @@ add_return:
461
612
  free(rule_dup);
462
613
  return rc;
463
614
  }
615
+
616
+ const struct arch_def arch_def_x86 = {
617
+ .token = SCMP_ARCH_X86,
618
+ .token_bpf = AUDIT_ARCH_I386,
619
+ .size = ARCH_SIZE_32,
620
+ .endian = ARCH_ENDIAN_LITTLE,
621
+ .syscall_resolve_name = x86_syscall_resolve_name_munge,
622
+ .syscall_resolve_num = x86_syscall_resolve_num_munge,
623
+ .syscall_rewrite = x86_syscall_rewrite,
624
+ .rule_add = x86_rule_add,
625
+ };
@@ -22,21 +22,8 @@
22
22
  #ifndef _ARCH_X86_H
23
23
  #define _ARCH_X86_H
24
24
 
25
- #include <stdbool.h>
26
-
27
25
  #include "arch.h"
28
- #include "db.h"
29
- #include "system.h"
30
-
31
- extern const struct arch_def arch_def_x86;
32
-
33
- int x86_syscall_resolve_name(const char *name);
34
- const char *x86_syscall_resolve_num(int num);
35
-
36
- const struct arch_syscall_def *x86_syscall_iterate(unsigned int spot);
37
-
38
- int x86_syscall_rewrite(int *syscall);
39
26
 
40
- int x86_rule_add(struct db_filter *db, struct db_api_rule_list *rule);
27
+ ARCH_DECL(x86)
41
28
 
42
29
  #endif
@@ -22,16 +22,8 @@
22
22
  #ifndef _ARCH_x86_64_H
23
23
  #define _ARCH_x86_64_H
24
24
 
25
- #include <inttypes.h>
26
-
27
25
  #include "arch.h"
28
- #include "system.h"
29
-
30
- extern const struct arch_def arch_def_x86_64;
31
-
32
- int x86_64_syscall_resolve_name(const char *name);
33
- const char *x86_64_syscall_resolve_num(int num);
34
26
 
35
- const struct arch_syscall_def *x86_64_syscall_iterate(unsigned int spot);
27
+ ARCH_DECL(x86_64)
36
28
 
37
29
  #endif
@@ -39,8 +39,10 @@
39
39
  #include "arch-mips64.h"
40
40
  #include "arch-mips64n32.h"
41
41
  #include "arch-parisc.h"
42
+ #include "arch-parisc64.h"
42
43
  #include "arch-ppc.h"
43
44
  #include "arch-ppc64.h"
45
+ #include "arch-riscv64.h"
44
46
  #include "arch-s390.h"
45
47
  #include "arch-s390x.h"
46
48
  #include "db.h"
@@ -94,6 +96,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc;
94
96
  const struct arch_def *arch_def_native = &arch_def_s390x;
95
97
  #elif __s390__
96
98
  const struct arch_def *arch_def_native = &arch_def_s390;
99
+ #elif __riscv && __riscv_xlen == 64
100
+ const struct arch_def *arch_def_native = &arch_def_riscv64;
97
101
  #else
98
102
  #error the arch code needs to know about your machine type
99
103
  #endif /* machine type guess */
@@ -156,6 +160,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
156
160
  return &arch_def_s390;
157
161
  case SCMP_ARCH_S390X:
158
162
  return &arch_def_s390x;
163
+ case SCMP_ARCH_RISCV64:
164
+ return &arch_def_riscv64;
159
165
  }
160
166
 
161
167
  return NULL;
@@ -206,6 +212,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
206
212
  return &arch_def_s390;
207
213
  else if (strcmp(arch_name, "s390x") == 0)
208
214
  return &arch_def_s390x;
215
+ else if (strcmp(arch_name, "riscv64") == 0)
216
+ return &arch_def_riscv64;
209
217
 
210
218
  return NULL;
211
219
  }
@@ -367,10 +375,10 @@ int arch_syscall_rewrite(const struct arch_def *arch, int *syscall)
367
375
  if (sys >= -1) {
368
376
  /* we shouldn't be here - no rewrite needed */
369
377
  return 0;
370
- } else if (sys < -1 && sys > -100) {
371
- /* reserved values */
378
+ } else if (sys > -100) {
379
+ /* -2 to -99 are reserved values */
372
380
  return -EINVAL;
373
- } else if (sys <= -100 && sys > -10000) {
381
+ } else if (sys > -10000) {
374
382
  /* rewritable syscalls */
375
383
  if (arch->syscall_rewrite)
376
384
  (*arch->syscall_rewrite)(syscall);
@@ -59,6 +59,13 @@ struct arch_def {
59
59
  /* arch_def for the current architecture */
60
60
  extern const struct arch_def *arch_def_native;
61
61
 
62
+ /* macro to declare the arch specific structures and functions */
63
+ #define ARCH_DECL(NAME) \
64
+ extern const struct arch_def arch_def_##NAME; \
65
+ int NAME##_syscall_resolve_name(const char *name); \
66
+ const char *NAME##_syscall_resolve_num(int num); \
67
+ const struct arch_syscall_def *NAME##_syscall_iterate(unsigned int spot);
68
+
62
69
  /* syscall name/num mapping */
63
70
  struct arch_syscall_def {
64
71
  const char *name;
@@ -841,6 +841,7 @@ static void _db_reset(struct db_filter *db)
841
841
  }
842
842
  db->syscalls = NULL;
843
843
  }
844
+ db->syscall_cnt = 0;
844
845
 
845
846
  /* free any rules */
846
847
  if (db->rules != NULL) {
@@ -909,6 +910,9 @@ static void _db_snap_release(struct db_filter_snap *snap)
909
910
  {
910
911
  unsigned int iter;
911
912
 
913
+ if (snap == NULL)
914
+ return;
915
+
912
916
  if (snap->filter_cnt > 0) {
913
917
  for (iter = 0; iter < snap->filter_cnt; iter++) {
914
918
  if (snap->filters[iter])
@@ -1053,6 +1057,7 @@ int db_col_reset(struct db_filter_col *col, uint32_t def_action)
1053
1057
  if (col->filters)
1054
1058
  free(col->filters);
1055
1059
  col->filters = NULL;
1060
+ col->notify_fd = -1;
1056
1061
 
1057
1062
  /* set the endianess to undefined */
1058
1063
  col->endian = 0;
@@ -1064,9 +1069,16 @@ int db_col_reset(struct db_filter_col *col, uint32_t def_action)
1064
1069
  col->attr.tsync_enable = 0;
1065
1070
  col->attr.api_tskip = 0;
1066
1071
  col->attr.log_enable = 0;
1072
+ col->attr.spec_allow = 0;
1073
+ col->attr.optimize = 1;
1074
+ col->attr.api_sysrawrc = 0;
1067
1075
 
1068
1076
  /* set the state */
1069
1077
  col->state = _DB_STA_VALID;
1078
+ if (def_action == SCMP_ACT_NOTIFY)
1079
+ col->notify_used = true;
1080
+ else
1081
+ col->notify_used = false;
1070
1082
 
1071
1083
  /* reset the initial db */
1072
1084
  db = _db_init(arch_def_native);
@@ -1128,6 +1140,7 @@ init_failure:
1128
1140
  void db_col_release(struct db_filter_col *col)
1129
1141
  {
1130
1142
  unsigned int iter;
1143
+ struct db_filter_snap *snap;
1131
1144
 
1132
1145
  if (col == NULL)
1133
1146
  return;
@@ -1135,6 +1148,13 @@ void db_col_release(struct db_filter_col *col)
1135
1148
  /* set the state, just in case */
1136
1149
  col->state = _DB_STA_FREED;
1137
1150
 
1151
+ /* free any snapshots */
1152
+ while (col->snapshots != NULL) {
1153
+ snap = col->snapshots;
1154
+ col->snapshots = snap->next;
1155
+ _db_snap_release(snap);
1156
+ }
1157
+
1138
1158
  /* free any filters */
1139
1159
  for (iter = 0; iter < col->filter_cnt; iter++)
1140
1160
  _db_release(col->filters[iter]);
@@ -1148,30 +1168,42 @@ void db_col_release(struct db_filter_col *col)
1148
1168
  }
1149
1169
 
1150
1170
  /**
1151
- * Validate the seccomp action
1152
- * @param action the seccomp action
1171
+ * Validate a filter collection
1172
+ * @param col the seccomp filter collection
1173
+ *
1174
+ * This function validates a seccomp filter collection. Returns zero if the
1175
+ * collection is valid, negative values on failure.
1153
1176
  *
1154
- * Verify that the given action is a valid seccomp action; return zero if
1155
- * valid, -EINVAL if invalid.
1156
1177
  */
1157
- int db_action_valid(uint32_t action)
1178
+ int db_col_valid(struct db_filter_col *col)
1158
1179
  {
1159
- if (sys_chk_seccomp_action(action) == 1)
1180
+ if (col != NULL && col->state == _DB_STA_VALID && col->filter_cnt > 0)
1160
1181
  return 0;
1161
1182
  return -EINVAL;
1162
1183
  }
1163
1184
 
1164
1185
  /**
1165
- * Validate a filter collection
1186
+ * Validate the seccomp action
1166
1187
  * @param col the seccomp filter collection
1188
+ * @param action the seccomp action
1167
1189
  *
1168
- * This function validates a seccomp filter collection. Returns zero if the
1169
- * collection is valid, negative values on failure.
1170
- *
1190
+ * Verify that the given action is a valid seccomp action; return zero if
1191
+ * valid, -EINVAL if invalid.
1171
1192
  */
1172
- int db_col_valid(struct db_filter_col *col)
1193
+ int db_col_action_valid(const struct db_filter_col *col, uint32_t action)
1173
1194
  {
1174
- if (col != NULL && col->state == _DB_STA_VALID && col->filter_cnt > 0)
1195
+ if (col != NULL) {
1196
+ /* NOTE: in some cases we don't have a filter collection yet,
1197
+ * but when we do we need to do the following checks */
1198
+
1199
+ /* kernel disallows TSYNC and NOTIFY in one filter unless we
1200
+ * have the TSYNC_ESRCH flag */
1201
+ if (sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC_ESRCH) < 1 &&
1202
+ col->attr.tsync_enable && action == SCMP_ACT_NOTIFY)
1203
+ return -EINVAL;
1204
+ }
1205
+
1206
+ if (sys_chk_seccomp_action(action) == 1)
1175
1207
  return 0;
1176
1208
  return -EINVAL;
1177
1209
  }
@@ -1281,14 +1313,42 @@ int db_col_attr_get(const struct db_filter_col *col,
1281
1313
  case SCMP_FLTATR_CTL_LOG:
1282
1314
  *value = col->attr.log_enable;
1283
1315
  break;
1316
+ case SCMP_FLTATR_CTL_SSB:
1317
+ *value = col->attr.spec_allow;
1318
+ break;
1319
+ case SCMP_FLTATR_CTL_OPTIMIZE:
1320
+ *value = col->attr.optimize;
1321
+ break;
1322
+ case SCMP_FLTATR_API_SYSRAWRC:
1323
+ *value = col->attr.api_sysrawrc;
1324
+ break;
1284
1325
  default:
1285
- rc = -EEXIST;
1326
+ rc = -EINVAL;
1286
1327
  break;
1287
1328
  }
1288
1329
 
1289
1330
  return rc;
1290
1331
  }
1291
1332
 
1333
+ /**
1334
+ * Get a filter attribute
1335
+ * @param col the seccomp filter collection
1336
+ * @param attr the filter attribute
1337
+ *
1338
+ * Returns the requested filter attribute value with zero on any error.
1339
+ * Special care must be given with this function as error conditions can be
1340
+ * hidden from the caller.
1341
+ *
1342
+ */
1343
+ uint32_t db_col_attr_read(const struct db_filter_col *col,
1344
+ enum scmp_filter_attr attr)
1345
+ {
1346
+ uint32_t value = 0;
1347
+
1348
+ db_col_attr_get(col, attr, &value);
1349
+ return value;
1350
+ }
1351
+
1292
1352
  /**
1293
1353
  * Set a filter attribute
1294
1354
  * @param col the seccomp filter collection
@@ -1310,7 +1370,7 @@ int db_col_attr_set(struct db_filter_col *col,
1310
1370
  return -EACCES;
1311
1371
  break;
1312
1372
  case SCMP_FLTATR_ACT_BADARCH:
1313
- if (db_action_valid(value) == 0)
1373
+ if (db_col_action_valid(col, value) == 0)
1314
1374
  col->attr.act_badarch = value;
1315
1375
  else
1316
1376
  return -EINVAL;
@@ -1323,6 +1383,11 @@ int db_col_attr_set(struct db_filter_col *col,
1323
1383
  if (rc == 1) {
1324
1384
  /* supported */
1325
1385
  rc = 0;
1386
+ /* kernel disallows TSYNC and NOTIFY in one filter
1387
+ * unless we have TSYNC_ESRCH */
1388
+ if (sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC_ESRCH) < 1 &&
1389
+ value && col->notify_used)
1390
+ return -EINVAL;
1326
1391
  col->attr.tsync_enable = (value ? 1 : 0);
1327
1392
  } else if (rc == 0)
1328
1393
  /* unsupported */
@@ -1342,8 +1407,33 @@ int db_col_attr_set(struct db_filter_col *col,
1342
1407
  rc = -EOPNOTSUPP;
1343
1408
  }
1344
1409
  break;
1410
+ case SCMP_FLTATR_CTL_SSB:
1411
+ rc = sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_SPEC_ALLOW);
1412
+ if (rc == 1) {
1413
+ /* supported */
1414
+ rc = 0;
1415
+ col->attr.spec_allow = (value ? 1 : 0);
1416
+ } else if (rc == 0) {
1417
+ /* unsupported */
1418
+ rc = -EOPNOTSUPP;
1419
+ }
1420
+ break;
1421
+ case SCMP_FLTATR_CTL_OPTIMIZE:
1422
+ switch (value) {
1423
+ case 1:
1424
+ case 2:
1425
+ col->attr.optimize = value;
1426
+ break;
1427
+ default:
1428
+ rc = -EOPNOTSUPP;
1429
+ break;
1430
+ }
1431
+ break;
1432
+ case SCMP_FLTATR_API_SYSRAWRC:
1433
+ col->attr.api_sysrawrc = (value ? 1 : 0);
1434
+ break;
1345
1435
  default:
1346
- rc = -EEXIST;
1436
+ rc = -EINVAL;
1347
1437
  break;
1348
1438
  }
1349
1439
 
@@ -2008,6 +2098,7 @@ add_reset:
2008
2098
  s_new->next = db->syscalls;
2009
2099
  db->syscalls = s_new;
2010
2100
  }
2101
+ db->syscall_cnt++;
2011
2102
  return 0;
2012
2103
  } else if (s_iter->chains == NULL) {
2013
2104
  if (rm_flag || !s_iter->valid) {
@@ -2146,6 +2237,44 @@ priority_failure:
2146
2237
  return rc;
2147
2238
  }
2148
2239
 
2240
+ /**
2241
+ * Add a new rule to a single filter
2242
+ * @param filter the filter
2243
+ * @param rule the filter rule
2244
+ *
2245
+ * This is a helper function for db_col_rule_add() and similar functions, it
2246
+ * isn't generally useful. Returns zero on success, negative values on error.
2247
+ *
2248
+ */
2249
+ static int _db_col_rule_add(struct db_filter *filter,
2250
+ struct db_api_rule_list *rule)
2251
+ {
2252
+ int rc;
2253
+ struct db_api_rule_list *iter;
2254
+
2255
+ /* add the rule to the filter */
2256
+ rc = arch_filter_rule_add(filter, rule);
2257
+ if (rc != 0)
2258
+ return rc;
2259
+
2260
+ /* insert the chain to the end of the rule list */
2261
+ iter = rule;
2262
+ while (iter->next)
2263
+ iter = iter->next;
2264
+ if (filter->rules != NULL) {
2265
+ rule->prev = filter->rules->prev;
2266
+ iter->next = filter->rules;
2267
+ filter->rules->prev->next = rule;
2268
+ filter->rules->prev = iter;
2269
+ } else {
2270
+ rule->prev = iter;
2271
+ iter->next = rule;
2272
+ filter->rules = rule;
2273
+ }
2274
+
2275
+ return 0;
2276
+ }
2277
+
2149
2278
  /**
2150
2279
  * Add a new rule to the current filter
2151
2280
  * @param col the filter collection
@@ -2174,7 +2303,7 @@ int db_col_rule_add(struct db_filter_col *col,
2174
2303
  size_t chain_size;
2175
2304
  struct db_api_arg *chain = NULL;
2176
2305
  struct scmp_arg_cmp arg_data;
2177
- struct db_api_rule_list *rule, *rule_tmp;
2306
+ struct db_api_rule_list *rule;
2178
2307
  struct db_filter *db;
2179
2308
 
2180
2309
  /* collect the arguments for the filter rule */
@@ -2222,9 +2351,6 @@ int db_col_rule_add(struct db_filter_col *col,
2222
2351
 
2223
2352
  /* add the rule to the different filters in the collection */
2224
2353
  for (iter = 0; iter < col->filter_cnt; iter++) {
2225
-
2226
- /* TODO: consolidate with db_col_transaction_start() */
2227
-
2228
2354
  db = col->filters[iter];
2229
2355
 
2230
2356
  /* create the rule */
@@ -2235,24 +2361,10 @@ int db_col_rule_add(struct db_filter_col *col,
2235
2361
  }
2236
2362
 
2237
2363
  /* add the rule */
2238
- rc_tmp = arch_filter_rule_add(db, rule);
2239
- if (rc_tmp == 0) {
2240
- /* insert the chain to the end of the rule list */
2241
- rule_tmp = rule;
2242
- while (rule_tmp->next)
2243
- rule_tmp = rule_tmp->next;
2244
- if (db->rules != NULL) {
2245
- rule->prev = db->rules->prev;
2246
- rule_tmp->next = db->rules;
2247
- db->rules->prev->next = rule;
2248
- db->rules->prev = rule_tmp;
2249
- } else {
2250
- rule->prev = rule_tmp;
2251
- rule_tmp->next = rule;
2252
- db->rules = rule;
2253
- }
2254
- } else
2364
+ rc_tmp = _db_col_rule_add(db, rule);
2365
+ if (rc_tmp != 0)
2255
2366
  free(rule);
2367
+
2256
2368
  add_arch_fail:
2257
2369
  if (rc_tmp != 0 && rc == 0)
2258
2370
  rc = rc_tmp;
@@ -2265,6 +2377,9 @@ add_arch_fail:
2265
2377
  db_col_transaction_abort(col);
2266
2378
 
2267
2379
  add_return:
2380
+ /* update the misc state */
2381
+ if (rc == 0 && action == SCMP_ACT_NOTIFY)
2382
+ col->notify_used = true;
2268
2383
  if (chain != NULL)
2269
2384
  free(chain);
2270
2385
  return rc;
@@ -2284,7 +2399,21 @@ int db_col_transaction_start(struct db_filter_col *col)
2284
2399
  unsigned int iter;
2285
2400
  struct db_filter_snap *snap;
2286
2401
  struct db_filter *filter_o, *filter_s;
2287
- struct db_api_rule_list *rule_o, *rule_s = NULL, *rule_tmp;
2402
+ struct db_api_rule_list *rule_o, *rule_s = NULL;
2403
+
2404
+ /* check to see if a shadow snapshot exists */
2405
+ if (col->snapshots && col->snapshots->shadow) {
2406
+ /* we have a shadow! this will be easy */
2407
+
2408
+ /* NOTE: we don't bother to do any verification of the shadow
2409
+ * because we start a new transaction every time we add
2410
+ * a new rule to the filter(s); if this ever changes we
2411
+ * will need to add a mechanism to verify that the shadow
2412
+ * transaction is current/correct */
2413
+
2414
+ col->snapshots->shadow = false;
2415
+ return 0;
2416
+ }
2288
2417
 
2289
2418
  /* allocate the snapshot */
2290
2419
  snap = zmalloc(sizeof(*snap));
@@ -2314,33 +2443,15 @@ int db_col_transaction_start(struct db_filter_col *col)
2314
2443
  if (rule_o == NULL)
2315
2444
  continue;
2316
2445
  do {
2317
-
2318
- /* TODO: consolidate with db_col_rule_add() */
2319
-
2320
2446
  /* duplicate the rule */
2321
2447
  rule_s = db_rule_dup(rule_o);
2322
2448
  if (rule_s == NULL)
2323
2449
  goto trans_start_failure;
2324
2450
 
2325
2451
  /* add the rule */
2326
- rc = arch_filter_rule_add(filter_s, rule_s);
2452
+ rc = _db_col_rule_add(filter_s, rule_s);
2327
2453
  if (rc != 0)
2328
2454
  goto trans_start_failure;
2329
-
2330
- /* insert the chain to the end of the rule list */
2331
- rule_tmp = rule_s;
2332
- while (rule_tmp->next)
2333
- rule_tmp = rule_tmp->next;
2334
- if (filter_s->rules != NULL) {
2335
- rule_s->prev = filter_s->rules->prev;
2336
- rule_tmp->next = filter_s->rules;
2337
- filter_s->rules->prev->next = rule_s;
2338
- filter_s->rules->prev = rule_tmp;
2339
- } else {
2340
- rule_s->prev = rule_tmp;
2341
- rule_tmp->next = rule_s;
2342
- filter_s->rules = rule_s;
2343
- }
2344
2455
  rule_s = NULL;
2345
2456
 
2346
2457
  /* next rule */
@@ -2397,14 +2508,114 @@ void db_col_transaction_abort(struct db_filter_col *col)
2397
2508
  * Commit the top most seccomp filter transaction
2398
2509
  * @param col the filter collection
2399
2510
  *
2400
- * This function commits the most recent seccomp filter transaction.
2511
+ * This function commits the most recent seccomp filter transaction and
2512
+ * attempts to create a shadow transaction that is a duplicate of the current
2513
+ * filter to speed up future transactions.
2401
2514
  *
2402
2515
  */
2403
2516
  void db_col_transaction_commit(struct db_filter_col *col)
2404
2517
  {
2518
+ int rc;
2519
+ unsigned int iter;
2405
2520
  struct db_filter_snap *snap;
2521
+ struct db_filter *filter_o, *filter_s;
2522
+ struct db_api_rule_list *rule_o, *rule_s;
2406
2523
 
2407
2524
  snap = col->snapshots;
2525
+ if (snap == NULL)
2526
+ return;
2527
+
2528
+ /* check for a shadow set by a higher transaction commit */
2529
+ if (snap->shadow) {
2530
+ /* leave the shadow intact, but drop the next snapshot */
2531
+ if (snap->next) {
2532
+ snap->next = snap->next->next;
2533
+ _db_snap_release(snap->next);
2534
+ }
2535
+ return;
2536
+ }
2537
+
2538
+ /* adjust the number of filters if needed */
2539
+ if (col->filter_cnt > snap->filter_cnt) {
2540
+ unsigned int tmp_i;
2541
+ struct db_filter **tmp_f;
2542
+
2543
+ /* add filters */
2544
+ tmp_f = realloc(snap->filters,
2545
+ sizeof(struct db_filter *) * col->filter_cnt);
2546
+ if (tmp_f == NULL)
2547
+ goto shadow_err;
2548
+ snap->filters = tmp_f;
2549
+ do {
2550
+ tmp_i = snap->filter_cnt;
2551
+ snap->filters[tmp_i] =
2552
+ _db_init(col->filters[tmp_i]->arch);
2553
+ if (snap->filters[tmp_i] == NULL)
2554
+ goto shadow_err;
2555
+ snap->filter_cnt++;
2556
+ } while (snap->filter_cnt < col->filter_cnt);
2557
+ } else if (col->filter_cnt < snap->filter_cnt) {
2558
+ /* remove filters */
2559
+
2560
+ /* NOTE: while we release the filters we no longer need, we
2561
+ * don't bother to resize the filter array, we just
2562
+ * adjust the filter counter, this *should* be harmless
2563
+ * at the cost of a not reaping all the memory possible */
2564
+
2565
+ do {
2566
+ _db_release(snap->filters[snap->filter_cnt--]);
2567
+ } while (snap->filter_cnt > col->filter_cnt);
2568
+ }
2569
+
2570
+ /* loop through each filter and update the rules on the snapshot */
2571
+ for (iter = 0; iter < col->filter_cnt; iter++) {
2572
+ filter_o = col->filters[iter];
2573
+ filter_s = snap->filters[iter];
2574
+
2575
+ /* skip ahead to the new rule(s) */
2576
+ rule_o = filter_o->rules;
2577
+ rule_s = filter_s->rules;
2578
+ if (rule_o == NULL)
2579
+ /* nothing to shadow */
2580
+ continue;
2581
+ if (rule_s != NULL) {
2582
+ do {
2583
+ rule_o = rule_o->next;
2584
+ rule_s = rule_s->next;
2585
+ } while (rule_s != filter_s->rules);
2586
+
2587
+ /* did we actually add any rules? */
2588
+ if (rule_o == filter_o->rules)
2589
+ /* no, we are done in this case */
2590
+ continue;
2591
+ }
2592
+
2593
+ /* update the old snapshot to make it a shadow */
2594
+ do {
2595
+ /* duplicate the rule */
2596
+ rule_s = db_rule_dup(rule_o);
2597
+ if (rule_s == NULL)
2598
+ goto shadow_err;
2599
+
2600
+ /* add the rule */
2601
+ rc = _db_col_rule_add(filter_s, rule_s);
2602
+ if (rc != 0) {
2603
+ free(rule_s);
2604
+ goto shadow_err;
2605
+ }
2606
+
2607
+ /* next rule */
2608
+ rule_o = rule_o->next;
2609
+ } while (rule_o != filter_o->rules);
2610
+ }
2611
+
2612
+ /* success, mark the snapshot as a shadow and return */
2613
+ snap->shadow = true;
2614
+ return;
2615
+
2616
+ shadow_err:
2617
+ /* we failed making a shadow, cleanup and return */
2408
2618
  col->snapshots = snap->next;
2409
2619
  _db_snap_release(snap);
2620
+ return;
2410
2621
  }