From cf98bc28d39d6df5386ac57375af1b60af5d6bb3 Mon Sep 17 00:00:00 2001 From: David Chisnall Date: Sat, 10 Jul 2021 17:19:52 +0100 Subject: Pass the syscall number to capsicum permission-denied signals The syscall number is stored in the same register as the syscall return on amd64 (and possibly other architectures) and so it is impossible to recover in the signal handler after the call has returned. This small tweak delivers it in the `si_value` field of the signal, which is sufficient to catch capability violations and emulate them with a call to a more-privileged process in the signal handler. This reapplies 3a522ba1bc852c3d4660a4fa32e4a94999d09a47 with a fix for the static assertion failure on i386. Approved by: markj (mentor) Reviewed by: kib, bcr (manpages) Differential Revision: https://reviews.freebsd.org/D29185 --- sys/sys/signal.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'sys/sys') diff --git a/sys/sys/signal.h b/sys/sys/signal.h index 8b45a521c3ee..9dae3ce04745 100644 --- a/sys/sys/signal.h +++ b/sys/sys/signal.h @@ -255,6 +255,12 @@ typedef struct __siginfo { struct { long _band; /* band event for SIGPOLL */ } _poll; /* was this ever used ? */ + struct { + int _syscall; /* Syscall number for signals + * delivered as a result of + * system calls denied by + * Capsicum. */ + } _capsicum; struct { long __spare1__; int __spare2__[7]; @@ -267,6 +273,7 @@ typedef struct __siginfo { #define si_overrun _reason._timer._overrun #define si_mqd _reason._mesgq._mqd #define si_band _reason._poll._band +#define si_syscall _reason._capsicum._syscall #if defined(_WANT_LWPINFO32) || (defined(_KERNEL) && defined(__LP64__)) struct siginfo32 { -- cgit v1.2.3