Merge pull request #3628 from Sonicadvance1/seccomp

LinuxEmulation: Implement support for seccomp
FEX-Emu · Sep 3, 2024 · b368223 · b368223
2 parents 8fe1e95 + ac32876
commit b368223
Show file tree

Hide file tree

Showing 19 changed files with 1,643 additions and 27 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -49,7 +49,7 @@ endif()
 
 if (NOT MINGW_BUILD)
   message (STATUS "Clang version ${CMAKE_CXX_COMPILER_VERSION}")
-  set (CLANG_MINIMUM_VERSION 12.0)
+  set (CLANG_MINIMUM_VERSION 13.0)
   if (CMAKE_CXX_COMPILER_VERSION VERSION_LESS ${CLANG_MINIMUM_VERSION})
     message (FATAL_ERROR "Clang version too old for FEX. Need at least ${CLANG_MINIMUM_VERSION} but has ${CMAKE_CXX_COMPILER_VERSION}")
   endif()

diff --git a/FEXCore/Source/Interface/Config/Config.json.in b/FEXCore/Source/Interface/Config/Config.json.in
@@ -517,6 +517,13 @@
         "Desc": [
           "Override for a FEXServer socket path. Only useful for chroots."
         ]
+      },
+      "NeedsSeccomp": {
+        "Type": "bool",
+        "Default": "false",
+        "Desc": [
+          "Disables inline syscalls in order to support seccomp handling"
+        ]
       }
     }
   },

diff --git a/Source/Tools/FEXLoader/FEXLoader.cpp b/Source/Tools/FEXLoader/FEXLoader.cpp
@@ -314,6 +314,7 @@ int main(int argc, char** argv, char** const envp) {
   const bool InterpreterInstalled = QueryInterpreterInstalled(ExecutedWithFD, PortableInfo);
 
   int FEXFD {StealFEXFDFromEnv("FEX_EXECVEFD")};
+  int FEXSeccompFD {StealFEXFDFromEnv("FEX_SECCOMPFD")};
 
   LogMan::Throw::InstallHandler(AssertHandler);
   LogMan::Msg::InstallHandler(MsgHandler);
@@ -560,6 +561,8 @@ int main(int argc, char** argv, char** const envp) {
   CTX->AppendThunkDefinitions(FEX::VDSO::GetVDSOThunkDefinitions());
   SignalDelegation->SetVDSOSigReturn();
 
+  SyscallHandler->DeserializeSeccompFD(ParentThread, FEXSeccompFD);
+
   FEXCore::Context::ExitReason ShutdownReason = FEXCore::Context::ExitReason::EXIT_SHUTDOWN;
 
   // There might already be an exit handler, leave it installed

diff --git a/Source/Tools/LinuxEmulation/CMakeLists.txt b/Source/Tools/LinuxEmulation/CMakeLists.txt
@@ -8,6 +8,9 @@ set (SRCS
   LinuxSyscalls/FileManagement.cpp
   LinuxSyscalls/LinuxAllocator.cpp
   LinuxSyscalls/NetStream.cpp
+  LinuxSyscalls/Seccomp/SeccompEmulator.cpp
+  LinuxSyscalls/Seccomp/BPFEmitter.cpp
+  LinuxSyscalls/Seccomp/Dumper.cpp
   LinuxSyscalls/SignalDelegator.cpp
   LinuxSyscalls/Syscalls.cpp
   LinuxSyscalls/SyscallsSMCTracking.cpp