Merge bitcoin#24369: util: Add missing rseq to syscall sandbox

fanquake · fanquake · commit ffcbaf569eaa · 2022-02-20T11:29:29.000Z
6c4fd36 util: Add missing rseq to syscall sandbox (laanwj) Pull request description: Fixes bitcoin#24368. ACKs for top commit: prusnak: Approach ACK 6c4fd36 Tree-SHA512: fc01b99483581280fc5dcbd3367975677849eadf2aabb66850dd0fa40bba9c3979c67d96427c1f4feff948b68744797c4a3ec0a12fc983d91642da794fcea824
diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp
@@ -68,6 +68,10 @@ bool g_syscall_sandbox_log_violation_before_terminating{false};
 #define __NR_copy_file_range 326
 #endif
 
+#ifndef  __NR_rseq
+#define __NR_rseq 334
+#endif
+
 // This list of syscalls in LINUX_SYSCALLS is only used to map syscall numbers to syscall names in
 // order to be able to print user friendly error messages which include the syscall name in addition
 // to the syscall number.
@@ -327,6 +331,7 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
     {__NR_request_key, "request_key"},
     {__NR_restart_syscall, "restart_syscall"},
     {__NR_rmdir, "rmdir"},
+    {__NR_rseq, "rseq"},
     {__NR_rt_sigaction, "rt_sigaction"},
     {__NR_rt_sigpending, "rt_sigpending"},
     {__NR_rt_sigprocmask, "rt_sigprocmask"},
@@ -723,6 +728,7 @@ class SeccompPolicyBuilder
         allowed_syscalls.insert(__NR_fork);       // create a child process
         allowed_syscalls.insert(__NR_tgkill);     // send a signal to a thread
         allowed_syscalls.insert(__NR_wait4);      // wait for process to change state, BSD style
+        allowed_syscalls.insert(__NR_rseq);       // register restartable sequence for thread
     }
 
     void AllowScheduling()
