From 97a37b1baa49fcfe683c466c7ae711c46f0fc121 Mon Sep 17 00:00:00 2001
From: edef <edef@unfathomable.blue>
Date: Mon, 27 Dec 2021 14:03:31 +0000
Subject: ripple/minitrace: enforce permitted syscall numbers

This doesn't discriminate between muxed syscalls yet,
but at least bounds the available syscalls to the ones
`cc1 hello.c` invokes.

Change-Id: I1965f27746b509b32d5e86510e803038765c11dd
---
 ripple/minitrace/src/main.rs | 72 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 68 insertions(+), 4 deletions(-)

(limited to 'ripple')

diff --git a/ripple/minitrace/src/main.rs b/ripple/minitrace/src/main.rs
index 362be9c..60ef287 100644
--- a/ripple/minitrace/src/main.rs
+++ b/ripple/minitrace/src/main.rs
@@ -106,7 +106,6 @@ fn main() -> anyhow::Result<()> {
 		}
 
 		let status = waitpid(tid.as_pid(), Some(WaitPidFlag::__WALL))?;
-		println!("{:?}", status);
 
 		match (syscall_state, status) {
 			(None, WaitStatus::PtraceSyscall(event_tid)) => {
@@ -117,7 +116,11 @@ fn main() -> anyhow::Result<()> {
 				let entry = SyscallEntry::from_regs(regs);
 
 				syscall_state = Some(EntryExit::Entry(entry));
-				println!("entry: {:?}", regs);
+
+				if !check_syscall(entry) {
+					ptrace::kill(event_tid.as_pid())?;
+					panic!("unsupported syscall {:?}", entry);
+				}
 			}
 			(Some(EntryExit::Entry(entry)), WaitStatus::PtraceSyscall(event_tid)) => {
 				let event_tid = Tid(event_tid.as_raw());
@@ -126,8 +129,6 @@ fn main() -> anyhow::Result<()> {
 				let regs = ptrace::getregs(event_tid.as_pid())?;
 				let ret = regs.rax as i64;
 				syscall_state = Some(EntryExit::Exit(entry, ret));
-
-				println!("syscall returned {:?} with {:?}", ret, regs);
 			}
 			(_, WaitStatus::Exited(event_tid, _)) => {
 				let event_tid = Tid(event_tid.as_raw());
@@ -145,3 +146,66 @@ fn main() -> anyhow::Result<()> {
 
 	Ok(())
 }
+
+fn check_syscall(entry: SyscallEntry) -> bool {
+	match entry.number {
+		// read
+		0 => {}
+
+		// write
+		1 => {}
+
+		// close
+		3 => {}
+
+		// mmap
+		9 => {}
+
+		// mprotect
+		10 => {}
+
+		// brk
+		12 => {}
+
+		// rt_sigaction
+		13 => {}
+
+		// ioctl
+		16 => {}
+
+		// pread64
+		17 => {}
+
+		// access
+		21 => {}
+
+		// getcwd
+		79 => {}
+
+		// readlink
+		89 => {}
+
+		// sysinfo
+		99 => {}
+
+		// times
+		100 => {}
+
+		// arch_prctl
+		158 => {}
+
+		// exit_group
+		231 => {}
+
+		// openat
+		257 => {}
+
+		// newfstatat
+		262 => {}
+
+		// prlimit64
+		302 => {}
+		_ => return false,
+	}
+	true
+}
-- 
cgit 1.4.1