diff options
| author | David Chisnall <theraven@FreeBSD.org> | 2021-07-10 16:19:52 +0000 |
|---|---|---|
| committer | David Chisnall <theraven@FreeBSD.org> | 2021-07-10 16:19:52 +0000 |
| commit | 3a522ba1bc852c3d4660a4fa32e4a94999d09a47 (patch) | |
| tree | bc54f3286f7e98b8903873c8e3ece1bb8c3374b1 /lib/libc | |
| parent | 476ef25d321c4eb9fffe91265a03960983332bc2 (diff) | |
| download | src-3a522ba1bc852c3d4660a4fa32e4a94999d09a47.tar.gz src-3a522ba1bc852c3d4660a4fa32e4a94999d09a47.zip | |
Pass the syscall number to capsicum permission-denied signals
The syscall number is stored in the same register as the syscall return
on amd64 (and possibly other architectures) and so it is impossible to
recover in the signal handler after the call has returned. This small
tweak delivers it in the `si_value` field of the signal, which is
sufficient to catch capability violations and emulate them with a call
to a more-privileged process in the signal handler.
Approved by: markj (mentor)
Reviewed by: kib, bcr (manpages)
Differential Revision: https://reviews.freebsd.org/D29185
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/sys/procctl.2 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/libc/sys/procctl.2 b/lib/libc/sys/procctl.2 index 432ed5919a81..ce7a2be5d5e4 100644 --- a/lib/libc/sys/procctl.2 +++ b/lib/libc/sys/procctl.2 @@ -454,6 +454,16 @@ and the .Va si_code member is set to .Dv TRAP_CAP . +The system call number is stored in the +.Va si_syscall +field of the +.Fa siginfo +signal handler parameter. +The other system call parameters can be read from the +.Fa ucontext_t +but the system call number is typically stored in the register +that also contains the return value and so is unavailable in the +signal handler. .Pp See .Xr capsicum 4 |