From nobody Mon Apr 17 15:47:51 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q0WfJ2NrVz44pr9; Mon, 17 Apr 2023 15:47:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q0WfH6nq7z49NF; Mon, 17 Apr 2023 15:47:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681746472; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8w72pL5D0gfVLWnahsFt641B9xogEpSuFBbCrMIocnQ=; b=XVaq9U2nMhhNt+L4HGqxcTaMRkth9/ygNIGqzonpI78l0xjtNnFDvXF0XopecnVia2mnkM oizZcVuNNqb4WsqpWGEdoaTMdURcjDaPj3yYeVTPontcF17HKJzkxzbuBcS2Bp48dkicFp sI6QdqiCkHN8q9kqGJc3IZBIB+eOs7RrXfcz0M8NNh9zMS0e972AFL4fKpYHUF2LdSAL5U lc+yifjspSB59VBlhI/cT7aGbxs78+Ql3YkNRB5iUYxrhA/9cfODe6DvUlIEXehnfsFwmT PnrotCXzNE/QlXdsyW9G7tU860NnkY8ydsauXzyTMpurAeC0kkOndJIQyli1xA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681746472; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8w72pL5D0gfVLWnahsFt641B9xogEpSuFBbCrMIocnQ=; b=FIBVNe/wSNA2lcex8ueCL3Uf8pczZOBFfycYKMv1jgiLc5veaSQPfehSLgBUgeYHAFB0nZ I/BG9V4d/UT+KcAd9gwXaU2ELJ83dlDox6l2OGwlK/e/RM4mGZ8qC4hxej8B9aTxDi0kMf IwzzcZVDjvDgIvtpAzP/8sYqbOVYSa5Ld8aG1Ld0V0MyH+GhYah7gM7WaJfQGbsaoKwb4M bPXmWbWU5uPQSTlqW5mg5JcPb/GcyBPG+hdTDRolpftm42sQIMsIbCNI/dE9dIH8+wvBzg ngb8BjvmhP8GGida3MWURueFr1xfBwJR06ZAZIMdNcwm/H1+YqVQrZn17oknog== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681746472; a=rsa-sha256; cv=none; b=J3uHpNjGF2WO7Pk/Kv0eGkXt3nH1wyOs7IKxvjLNAbYWcU5RA+qm0/ceoYe2RNo3geDMfi itVVvA7glDpayIjMJd3jl61D0y9dtCtNotSy9L9fA3VBZABn9M9Xxx8yRE9KsG1BD4xGoL 6ca7Ef9RUGKJIwVrqr769iziXMKZk10z0tM7K6yV7QQoDzy/JYK4AvI2jLvrPK27cp38Cs 1fEGuzKwHE+vT7dQiErSAIL5qHJEKTorLRGY59b+l3sH8H2UAtth6Jqg0Ke1h/E+3fm3BR u9K8muTZWBux7ulbQZY4+lploReGb9F9Yq5nzb3bva9ZmrtEkqXkX/mkMK2MDQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q0WfH39YBzZsN; Mon, 17 Apr 2023 15:47:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33HFlpg3070475; Mon, 17 Apr 2023 15:47:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33HFlpGj070474; Mon, 17 Apr 2023 15:47:51 GMT (envelope-from git) Date: Mon, 17 Apr 2023 15:47:51 GMT Message-Id: <202304171547.33HFlpGj070474@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Stephen J. Kiernan" Subject: git: 8c3e263dc1e1 - main - veriexec: mac_veriexec_syscall compat32 support List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: stevek X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8c3e263dc1e1deb5e76b794943337404841410ee Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by stevek: URL: https://cgit.FreeBSD.org/src/commit/?id=8c3e263dc1e1deb5e76b794943337404841410ee commit 8c3e263dc1e1deb5e76b794943337404841410ee Author: Simon J. Gerraty AuthorDate: 2021-12-11 02:32:35 +0000 Commit: Stephen J. Kiernan CommitDate: 2023-04-17 15:47:32 +0000 veriexec: mac_veriexec_syscall compat32 support Some 32bit apps may need to be able to use MAC_VERIEXEC_GET_PARAMS_PID_SYSCALL MAC_VERIEXEC_GET_PARAMS_PATH_SYSCALL Therefore compat32 support is required. Obtained from: Juniper Networks, Inc. --- sys/security/mac_veriexec/mac_veriexec.c | 62 ++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c index bae8c2b9055c..d61943479ad6 100644 --- a/sys/security/mac_veriexec/mac_veriexec.c +++ b/sys/security/mac_veriexec/mac_veriexec.c @@ -50,6 +50,11 @@ #include #include #include +#ifdef COMPAT_FREEBSD32 +#include +#include +#include +#endif #include #include #include @@ -805,6 +810,24 @@ mac_veriexec_init(struct mac_policy_conf *mpc __unused) mac_veriexec_ops.mpo_vnode_check_unlink = NULL; } +#ifdef COMPAT_FREEBSD32 +struct mac_veriexec_syscall_params32 { + char fp_type[VERIEXEC_FPTYPELEN]; + unsigned char fingerprint[MAXFINGERPRINTLEN]; + char label[MAXLABELLEN]; + uint32_t labellen; + unsigned char flags; +}; + +struct mac_veriexec_syscall_params_args32 { + union { + pid_t pid; + uint32_t filename; + } u; /* input only */ + uint32_t params; /* result */ +}; +#endif + /** * @internal * @brief MAC policy-specific syscall for mac_veriexec @@ -830,6 +853,10 @@ mac_veriexec_syscall(struct thread *td, int call, void *arg) struct file *fp; struct mac_veriexec_syscall_params_args pargs; struct mac_veriexec_syscall_params result; +#ifdef COMPAT_FREEBSD32 + struct mac_veriexec_syscall_params_args32 pargs32; + struct mac_veriexec_syscall_params32 result32; +#endif struct mac_veriexec_file_info *ip; struct proc *proc; struct vnode *textvp; @@ -841,6 +868,23 @@ mac_veriexec_syscall(struct thread *td, int call, void *arg) switch (call) { case MAC_VERIEXEC_GET_PARAMS_PID_SYSCALL: case MAC_VERIEXEC_GET_PARAMS_PATH_SYSCALL: +#ifdef COMPAT_FREEBSD32 + if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { + error = copyin(arg, &pargs32, sizeof(pargs32)); + if (error) + return error; + bzero(&pargs, sizeof(pargs)); + switch (call) { + case MAC_VERIEXEC_GET_PARAMS_PID_SYSCALL: + CP(pargs32, pargs, u.pid); + break; + case MAC_VERIEXEC_GET_PARAMS_PATH_SYSCALL: + PTRIN_CP(pargs32, pargs, u.filename); + break; + } + PTRIN_CP(pargs32, pargs, params); + } else +#endif error = copyin(arg, &pargs, sizeof(pargs)); if (error) return error; @@ -941,6 +985,24 @@ cleanup_file: if (error != 0) break; +#ifdef COMPAT_FREEBSD32 + if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { + bzero(&result32, sizeof(result32)); + result32.flags = ip->flags; + strlcpy(result32.fp_type, ip->ops->type, sizeof(result32.fp_type)); + result.labellen = ip->labellen; + CP(result, result32, labellen); + if (ip->labellen > 0) + strlcpy(result32.label, ip->label, sizeof(result32.label)); + result32.label[result.labellen] = '\0'; + memcpy(result32.fingerprint, ip->fingerprint, + ip->ops->digest_len); + + error = copyout(&result32, pargs.params, sizeof(result32)); + break; /* yes */ + } +#endif + bzero(&result, sizeof(result)); result.flags = ip->flags; strlcpy(result.fp_type, ip->ops->type, sizeof(result.fp_type)); result.labellen = ip->labellen;