WIP: SECCOMP

FEX-Emu · May 17, 2024 · aca37b9 · aca37b9
1 parent 048c8de
commit aca37b9
Show file tree

Hide file tree

Showing 18 changed files with 1,523 additions and 61 deletions.
diff --git a/FEXCore/Source/Interface/IR/PassManager.cpp b/FEXCore/Source/Interface/IR/PassManager.cpp
@@ -84,7 +84,7 @@ void PassManager::AddDefaultPasses(FEXCore::Context::ContextImpl* ctx, bool Inli
 
     InsertPass(CreateDeadFlagCalculationEliminination());
 
-    InsertPass(CreateInlineCallOptimization(&ctx->CPUID));
+    // InsertPass(CreateInlineCallOptimization(&ctx->CPUID));
     InsertPass(CreatePassDeadCodeElimination());
   }
 

diff --git a/Source/Common/Config.cpp b/Source/Common/Config.cpp
@@ -282,15 +282,14 @@ fextl::unique_ptr<FEXCore::Config::Layer> CreateEnvironmentLayer(char* const _en
   return fextl::make_unique<EnvLoader>(_envp);
 }
 
-fextl::string RecoverGuestProgramFilename(fextl::string Program, bool ExecFDInterp, const std::string_view ProgramFDFromEnv) {
+fextl::string RecoverGuestProgramFilename(fextl::string Program, bool ExecFDInterp, const int ProgramFDFromEnv) {
   // If executed with a FEX FD then the Program argument might be empty.
   // In this case we need to scan the FD node to recover the application binary that exists on disk.
   // Only do this if the Program argument is empty, since we would prefer the application's expectation
   // of application name.
-  if (!ProgramFDFromEnv.empty() && Program.empty()) {
+  if (ProgramFDFromEnv != -1 && Program.empty()) {
     // Get the `dev` node of the execveat fd string.
-    Program = "/dev/fd/";
-    Program += ProgramFDFromEnv;
+    Program = fextl::fmt::format("/dev/fd/{}", ProgramFDFromEnv);
   }
 
   // If we were provided a relative path then we need to canonicalize it to become absolute.
@@ -328,7 +327,7 @@ fextl::string RecoverGuestProgramFilename(fextl::string Program, bool ExecFDInte
   //  - Regular execveat with FD. FD points to file on disk that has been deleted.
   //    execveat binfmt_misc args layout: `FEXInterpreter /dev/fd/<FD> <user provided argv[0]> <user provided argv[n]>...`
 #ifndef _WIN32
-  if (ExecFDInterp || !ProgramFDFromEnv.empty()) {
+  if (ExecFDInterp || ProgramFDFromEnv != -1) {
     // Only in the case that FEX is executing an FD will the program argument potentially be a symlink.
     // This symlink will be in the style of `/dev/fd/<FD>`.
     //
@@ -350,7 +349,7 @@ fextl::string RecoverGuestProgramFilename(fextl::string Program, bool ExecFDInte
 }
 
 ApplicationNames LoadConfig(bool NoFEXArguments, bool LoadProgramConfig, int argc, char** argv, char** const envp, bool ExecFDInterp,
-                            const std::string_view ProgramFDFromEnv) {
+                            const int ProgramFDFromEnv) {
   FEX::Config::InitializeConfigs();
   FEXCore::Config::Initialize();
   FEXCore::Config::AddLayer(CreateGlobalMainLayer());

diff --git a/Source/Common/Config.h b/Source/Common/Config.h
@@ -39,7 +39,7 @@ struct ApplicationNames {
  * @return The application name and path structure
  */
 ApplicationNames LoadConfig(bool NoFEXArguments, bool LoadProgramConfig, int argc, char** argv, char** const envp, bool ExecFDInterp,
-                            const std::string_view ProgramFDFromEnv);
+                            const int ProgramFDFromEnv);
 
 const char* GetHomeDirectory();
 

diff --git a/Source/Tools/FEXLoader/ELFCodeLoader.h b/Source/Tools/FEXLoader/ELFCodeLoader.h
@@ -231,23 +231,17 @@ class ELFCodeLoader final : public FEX::CodeLoader {
 
   fextl::vector<LoadedSection> Sections;
 
-  ELFCodeLoader(const fextl::string& Filename, const std::string_view FEXFDString, const fextl::string& RootFS,
+  ELFCodeLoader(const fextl::string& Filename, const int FEXFD, const fextl::string& RootFS,
                 [[maybe_unused]] const fextl::vector<fextl::string>& args, const fextl::vector<fextl::string>& ParsedArgs,
                 char** const envp = nullptr, FEXCore::Config::Value<fextl::string>* AdditionalEnvp = nullptr)
     : Args {args} {
 
     bool LoadedWithFD = false;
     int FD = getauxval(AT_EXECFD);
 
-    if (!FEXFDString.empty()) {
+    if (FEXFD != -1) {
       // If we passed the execve FD to us then use that.
-      const char* StartPtr = FEXFDString.data();
-      char* EndPtr {};
-      FD = ::strtol(StartPtr, &EndPtr, 10);
-      if (EndPtr == StartPtr) {
-        LogMan::Msg::AFmt("FEXInterpreter passed invalid FD to exececute: {}", FEXFDString);
-        return;
-      }
+      FD = FEXFD;
       unsetenv("FEX_EXECVEFD");
     }
 

diff --git a/Source/Tools/FEXLoader/FEXLoader.cpp b/Source/Tools/FEXLoader/FEXLoader.cpp
@@ -251,13 +251,24 @@ int main(int argc, char** argv, char** const envp) {
   const bool IsInterpreter = RanAsInterpreter(argv[0]);
 
   ExecutedWithFD = getauxval(AT_EXECFD) != 0;
-  const char* FEXFD = getenv("FEX_EXECVEFD");
-  const std::string_view FEXFDView = FEXFD ? std::string_view {FEXFD} : std::string_view {};
+  const char* FEXFDStr = getenv("FEX_EXECVEFD");
+  int FEXFD{-1};
+  if (FEXFDStr) {
+    const std::string_view FEXFDView {FEXFDStr};
+    std::from_chars(FEXFDView.data(), FEXFDView.data() + FEXFDView.size(), FEXFD, 10);
+  }
+
+  const char* FEXSeccompFDStr = getenv("FEX_SECCOMPFD");
+  int FEXSeccompFD {-1};
+  if (FEXSeccompFDStr) {
+    const std::string_view FEXSeccompFDView {FEXSeccompFDStr};
+    std::from_chars(FEXSeccompFDView.data(), FEXSeccompFDView.data() + FEXSeccompFDView.size(), FEXSeccompFD, 10);
+  }
 
   LogMan::Throw::InstallHandler(AssertHandler);
   LogMan::Msg::InstallHandler(MsgHandler);
 
-  auto Program = FEX::Config::LoadConfig(IsInterpreter, true, argc, argv, envp, ExecutedWithFD, FEXFDView);
+  auto Program = FEX::Config::LoadConfig(IsInterpreter, true, argc, argv, envp, ExecutedWithFD, FEXFD);
 
   if (Program.ProgramPath.empty() && !FEXFD) {
     // Early exit if we weren't passed an argument
@@ -365,7 +376,7 @@ int main(int argc, char** argv, char** const envp) {
     putenv(HostEnv.data());
   }
 
-  ELFCodeLoader Loader {Program.ProgramPath, FEXFDView, LDPath(), Args, ParsedArgs, envp, &Environment};
+  ELFCodeLoader Loader {Program.ProgramPath, FEXFD, LDPath(), Args, ParsedArgs, envp, &Environment};
 
   if (!Loader.ELFWasLoaded()) {
     // Loader couldn't load this program for some reason
@@ -495,6 +506,8 @@ int main(int argc, char** argv, char** const envp) {
   CTX->AppendThunkDefinitions(FEX::VDSO::GetVDSOThunkDefinitions());
   SignalDelegation->SetVDSOSigReturn();
 
+  SyscallHandler->DeserializeSeccompFD(ParentThread, FEXSeccompFD);
+
   FEXCore::Context::ExitReason ShutdownReason = FEXCore::Context::ExitReason::EXIT_SHUTDOWN;
 
   // There might already be an exit handler, leave it installed

diff --git a/Source/Tools/LinuxEmulation/CMakeLists.txt b/Source/Tools/LinuxEmulation/CMakeLists.txt
@@ -8,6 +8,7 @@ set (SRCS
   LinuxSyscalls/FileManagement.cpp
   LinuxSyscalls/LinuxAllocator.cpp
   LinuxSyscalls/NetStream.cpp
+  LinuxSyscalls/SeccompEmulator.cpp
   LinuxSyscalls/SignalDelegator.cpp
   LinuxSyscalls/Syscalls.cpp
   LinuxSyscalls/SyscallsSMCTracking.cpp