seccomp-tools 1.2.0 → 1.3.0

data/lib/seccomp-tools/consts/{amd64.rb → sys_nr/amd64.rb}

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 {
   read: 0,
   write: 1,
@@ -16,8 +18,8 @@
   rt_sigprocmask: 14,
   rt_sigreturn: 15,
   ioctl: 16,
-  pread: 17,
-  pwrite: 18,
+  pread64: 17,
+  pwrite64: 18,
   readv: 19,
   writev: 20,
   access: 21,

data/lib/seccomp-tools/consts/{i386.rb → sys_nr/i386.rb}

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 {
+  setup: 0,
   exit: 1,
   fork: 2,
   read: 3,
@@ -178,8 +181,8 @@
   rt_sigtimedwait: 177,
   rt_sigqueueinfo: 178,
   rt_sigsuspend: 179,
-  pread: 180,
-  pwrite: 181,
+  pread64: 180,
+  pwrite64: 181,
   chown: 182,
   getcwd: 183,
   capget: 184,

data/lib/seccomp-tools/disasm/context.rb

@@ -1,79 +1,170 @@
+# frozen_string_literal: true
+
 module SeccompTools
   module Disasm
+    # @private
+    #
     # Context for disassembler to analyze.
     #
-    # This context only care if +reg/mem+ can be one of +data[*]+.
+    # This class maintains:
+    # * if +reg/mem+ can be one of +data[*]+
+    # * if +data[0]+ (i.e. sys_number) is a known value
     class Context
-      # @return [Hash{Integer, Symbol => Integer?}] Records reg and mem values.
+      # @private
+      #
+      # Records the type and value.
+      class Value
+        attr_reader :val # @return [Integer]
+
+        # @param [:imm, :data, :mem] rel
+        # @param [Integer?] val
+        def initialize(rel: :imm, val: nil)
+          @rel = rel
+          @val = val
+        end
+
+        # @return [Boolean]
+        def data?
+          @rel == :data
+        end
+
+        # @return [Boolean]
+        def imm?
+          @rel == :imm && @val.is_a?(Integer)
+        end
+
+        # Defines hash function.
+        # @return [Integer]
+        def hash
+          @rel.hash ^ @val.hash
+        end
+
+        # Defines +eql?+.
+        #
+        # @param [Context::Value] other
+        # @return [Boolean]
+        def eql?(other)
+          @val == other.val && @rel == other.instance_variable_get(:@rel)
+        end
+      end
+
+      # @return [{Integer, Symbol => Context::Value}] Records reg and mem values.
       attr_reader :values
+      # @return [Array<Integer?>] Records the known value of data.
+      attr_reader :known_data
 
       # Instantiate a {Context} object.
-      # @param [Integer?] a
-      #   Value to be set to +A+ register.
-      # @param [Integer?] x
-      #   Value to be set to +X+ register.
-      # @param [Hash{Integer => Integer?}] mem
-      #   Value to be set to +mem+.
-      def initialize(a: nil, x: nil, mem: {})
-        @values = mem
-        16.times { |i| @values[i] ||= nil } # make @values always has all keys
-        @values[:a] = a
-        @values[:x] = x
+      # @param [{Integer, Symbol => Context::Value?}] values
+      #   Value to be set to +reg/mem+.
+      # @param [Array<Integer?>] known_data
+      #   Records which index of data is known.
+      #   It's used for tracking if the syscall number is known, which can be used to display argument names of the
+      #   syscall.
+      def initialize(values: {}, known_data: [])
+        @values = values
+        16.times { |i| @values[i] ||= Value.new(rel: :mem, val: i) } # make @values always has all keys
+        @values[:a] ||= Value.new
+        @values[:x] ||= Value.new
+        @known_data = known_data
       end
 
-      # Implement a deep dup.
+      # Is used for the ld/ldx instructions.
+      #
+      # @param [#downcase, :a, :x] reg
+      #   Register to be set
+      # @return [void]
+      def load(reg, rel: nil, val: nil)
+        reg = reg.downcase.to_sym
+        values[reg] = if rel == :mem
+                        values[val]
+                      else
+                        Value.new(rel: rel, val: val)
+                      end
+      end
+
+      # Is used for the st/stx instructions.
+      #
+      # @param [Integer] idx
+      #   Index of +mem+ array.
+      # @param [#downcase, :a, :x] reg
+      #   Register.
+      #
+      # @return [void]
+      def store(idx, reg)
+        raise RangeError, "Expect 0 <= idx < 16, got #{idx}." unless idx.between?(0, 15)
+
+        values[idx] = values[reg.downcase.to_sym]
+      end
+
+      # Hints context that current value of register A equals to +val+.
+      #
+      # @param [Integer, :x] val
+      #   An immediate value or the symbol x.
+      # @return [self]
+      #   Returns the object itself.
+      def eql!(val)
+        tap do
+          # only cares if A is fetched from data
+          next unless a.data?
+          next known_data[a.val] = val if val.is_a?(Integer)
+          # A == X, we can handle these cases:
+          # * X is an immi
+          # * X is a known data
+          next unless x.data? || x.imm?
+          next known_data[a.val] = x.val if x.imm?
+
+          known_data[a.val] = known_data[x.val]
+        end
+      end
+
+      # Implements a deep dup.
       # @return [Context]
       def dup
-        Context.new(a: a, x: x, mem: values.dup)
+        Context.new(values: values.dup, known_data: known_data.dup)
       end
 
       # Register A.
-      # @return [Integer?]
+      # @return [Context::Value]
       def a
         values[:a]
       end
 
       # Register X.
-      # @return [Integer?]
+      # @return [Context::Value]
       def x
         values[:x]
       end
 
       # For conveniently get instance variable.
       # @param [String, Symbol, Integer] key
-      # @return [Integer?]
+      # @return [Context::Value]
       def [](key)
         return values[key] if key.is_a?(Integer) # mem
+
         values[key.downcase.to_sym]
       end
 
-      # For conveniently set instance variable.
-      # @param [#downcase, Integer] key
-      #   Can be +'A', 'a', :a, 'X', 'x', :x+ or an integer.
-      # @param [Integer?] val
+      # For conveniently set an instance variable.
+      # @param [#downcase, :a, :x] reg
+      #   Can be +'A', 'a', :a, 'X', 'x', :x+.
+      # @param [Value] val
       #   Value to set.
       # @return [void]
-      def []=(key, val)
-        if key.is_a?(Integer)
-          raise RangeError, "Expect 0 <= key < 16, got #{key}." unless key.between?(0, 15)
-          raise RangeError, "Expect 0 <= val < 64, got #{val}." unless val.nil? || val.between?(0, 63)
-          values[key] = val
-        else
-          values[key.downcase.to_sym] = val
-        end
+      def []=(reg, val)
+        values[reg.downcase.to_sym] = val
       end
 
-      # For +Set+ to compare two {Context} object.
+      # For +Set+ to compare two {Context} objects.
       # @param [Context] other
       # @return [Boolean]
       def eql?(other)
-        values.eql?(other.values)
+        values.eql?(other.values) && known_data.eql?(other.known_data)
       end
 
-      # For +Set+ to get hash key.
+      # For +Set+ to get the hash value.
       # @return [Integer]
       def hash
-        values.hash
+        values.hash ^ known_data.hash
       end
     end
   end

data/lib/seccomp-tools/disasm/disasm.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'set'
 
 require 'seccomp-tools/bpf'
@@ -28,10 +30,10 @@ module SeccompTools
         code.contexts = ctxs
         code.disasm
       end.join("\n")
-      <<EOS + dis + "\n"
+      <<-EOS + dis + "\n"
  line  CODE  JT   JF      K
 =================================
-EOS
+      EOS
     end
 
     # Convert raw bpf string to array of {BPF}.

data/lib/seccomp-tools/dumper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/ptrace'
 require 'seccomp-tools/syscall'
 
@@ -54,6 +56,8 @@ module SeccompTools
       #   Child will be killed when number of calling +prctl(SET_SECCOMP)+ reaches +limit+.
       # @yieldparam [String] bpf
       #   Seccomp bpf in raw bytes.
+      # @yieldparam [Symbol] arch
+      #   Architecture, either :i386 or :amd64.
       # @return [Array<Object>, Array<String>]
       #   Return the block returned. If block is not given, array of raw bytes will be returned.
       def handle(limit, &block)

data/lib/seccomp-tools/emulator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/const'
 
 module SeccompTools
@@ -31,6 +33,7 @@ module SeccompTools
       @values = { pc: 0, a: 0, x: 0 }
       loop do
         break if @values[:ret] # break when returned
+
         yield(@values) if block_given?
         inst = @instructions[pc]
         op, *args = inst.symbolize
@@ -79,6 +82,7 @@ module SeccompTools
 
     def st(reg, index)
       raise IndexError, "Expect 0 <= index < 16, got: #{index}" unless index.between?(0, 15)
+
       set(:mem, index, get(reg))
     end
 
@@ -86,6 +90,7 @@ module SeccompTools
       set(:pc, get(:pc) + k + 1)
     end
 
+    # Emulates cmp instruction.
     def cmp(op, src, jt, jf)
       src = get(:x) if src == :x
       a = get(:a)
@@ -115,10 +120,12 @@ module SeccompTools
       if arg.size == 1
         arg = arg.first
         raise ArgumentError, "Invalid #{arg}" unless %i[a x pc ret].include?(arg)
+
         @values[arg] = val & 0xffffffff
       else
         raise ArgumentError, arg.to_s unless arg.first == :mem
         raise IndexError, "Invalid index: #{arg[1]}" unless arg[1].between?(0, 15)
+
         @values[arg[1]] = val & 0xffffffff
       end
     end
@@ -127,15 +134,18 @@ module SeccompTools
       if arg.size == 1
         arg = arg.first
         raise ArgumentError, "Invalid #{arg}" unless %i[a x pc ret].include?(arg)
+
         undefined(arg.upcase) if @values[arg].nil?
         return @values[arg]
       end
       return @values[arg[1]] if arg.first == :mem
+
       data_of(arg[1])
     end
 
     def data_of(index)
       raise IndexError, "Invalid index: #{index}" unless (index & 3).zero? && index.between?(0, 63)
+
       index /= 4
       case index
       when 0 then @sys_nr || undefined('sys_number')

data/lib/seccomp-tools/instruction/alu.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/instruction/base'
 
 module SeccompTools
@@ -21,6 +23,7 @@ module SeccompTools
       # Decompile instruction.
       def decompile
         return 'A = -A' if op == :neg
+
         "A #{op_sym}= #{src_str}"
       end
 
@@ -28,6 +31,7 @@ module SeccompTools
       # @return [[:alu, Symbol, (:x, Integer, nil)]]
       def symbolize
         return [:alu, :neg, nil] if op == :neg
+
         [:alu, op_sym, src]
       end
 
@@ -37,7 +41,7 @@ module SeccompTools
       # @return [Array<(Integer, Context)>]
       def branch(context)
         ctx = context.dup
-        ctx[:a] = nil
+        ctx[:a] = Disasm::Context::Value.new
         [[line + 1, ctx]]
       end
 
@@ -55,6 +59,7 @@ module SeccompTools
 
       def src_str
         return 'X' if src == :x
+
         case op
         when :lsh, :rsh then src.to_s
         else '0x' + src.to_s(16)

data/lib/seccomp-tools/instruction/base.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/const'
 
 module SeccompTools
   # For instructions' class.
   module Instruction
-    # Base class for different instruction.
+    # Base class of instructions.
     class Base
       include SeccompTools::Const::BPF
 
@@ -22,7 +24,7 @@ module SeccompTools
         raise ArgumentError, "Line #{line} is invalid: #{msg}"
       end
 
-      # Return the possible branches after executing this instruction.
+      # Returns the possible branches after executing this instruction.
       # @param [Context] _context
       #   Current context.
       # @return [Array<(Integer, Context)>]

data/lib/seccomp-tools/instruction/instruction.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/instruction/alu'
 require 'seccomp-tools/instruction/jmp'
 require 'seccomp-tools/instruction/ld'

data/lib/seccomp-tools/instruction/jmp.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/const'
 require 'seccomp-tools/instruction/base'
 
@@ -15,6 +17,7 @@ module SeccompTools
         return '/* no-op */' if jt.zero? && jf.zero?
         return goto(jt) if jt == jf
         return if_str(true) + goto(jf) if jt.zero?
+
         if_str + goto(jt) + (jf.zero? ? '' : ' else ' + goto(jf))
       end
 
@@ -22,6 +25,7 @@ module SeccompTools
       # @return [[:cmp, Symbol, (:x, Integer), Integer, Integer], [:jmp, Integer]]
       def symbolize
         return [:jmp, k] if jop == :none
+
         [:cmp, jop, src, jt, jf]
       end
 
@@ -32,6 +36,8 @@ module SeccompTools
       def branch(context)
         return [[at(k), context]] if jop == :none
         return [[at(jt), context]] if jt == jf
+        return [[at(jt), context.dup.eql!(src)], [at(jf), context]] if jop == :==
+
         [[at(jt), context], [at(jf), context]]
       end
 
@@ -50,13 +56,16 @@ module SeccompTools
 
       def src_str
         return 'X' if src == :x
+
         # if A in all contexts are same
         a = contexts.map(&:a).uniq
         return k.to_s if a.size != 1
+
         a = a[0]
-        return k.to_s if a.nil?
+        return k.to_s unless a.data?
+
         hex = '0x' + k.to_s(16)
-        case a
+        case a.val
         when 0 then Util.colorize(Const::Syscall.const_get(arch.upcase.to_sym).invert[k] || hex, t: :syscall)
         when 4 then Util.colorize(Const::Audit::ARCH.invert[k] || hex, t: :arch)
         else hex
@@ -78,6 +87,7 @@ module SeccompTools
       def if_str(neg = false)
         return "if (A #{jop} #{src_str}) " unless neg
         return "if (!(A & #{src_str})) " if jop == :&
+
         op = case jop
              when :>= then :<
              when :> then :<=