ntdll-Syscall_Emulation: Also trap syscalls in the top-down reserved area.

Patch from "mkrsym1@gmail.com".

patches/ntdll-Syscall_Emulation/0001-ntdll-Support-x86_64-syscall-emulation.patch

@@ -1,18 +1,18 @@
-From 2cf5a014dcd6f85a1afa76ad8ca6c65f2c17db39 Mon Sep 17 00:00:00 2001
+From fd1785fead39ea0aecaaf4b02b8b62f1b0006332 Mon Sep 17 00:00:00 2001
 From: Paul Gofman <pgofman@codeweavers.com>
 Date: Tue, 14 Jul 2020 15:00:34 +0300
 Subject: [PATCH] ntdll: Support x86_64 syscall emulation.
 
 ---
  configure.ac                    |   1 +
- dlls/ntdll/unix/signal_x86_64.c | 195 ++++++++++++++++++++++++++++++++
- 2 files changed, 196 insertions(+)
+ dlls/ntdll/unix/signal_x86_64.c | 203 ++++++++++++++++++++++++++++++++
+ 2 files changed, 204 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index ef21a4313d4..db709285f79 100644
+index 8192c067e4c..d4abbdb3f37 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -384,6 +384,7 @@ AC_CHECK_HEADERS(\
+@@ -391,6 +391,7 @@ AC_CHECK_HEADERS(\
  	linux/ioctl.h \
  	linux/major.h \
  	linux/param.h \
@@ -21,7 +21,7 @@ index ef21a4313d4..db709285f79 100644
  	linux/types.h \
  	linux/ucdrom.h \
 diff --git a/dlls/ntdll/unix/signal_x86_64.c b/dlls/ntdll/unix/signal_x86_64.c
-index 537e4e1f60e..58397374ea4 100644
+index 26b540bd629..45add085205 100644
 --- a/dlls/ntdll/unix/signal_x86_64.c
 +++ b/dlls/ntdll/unix/signal_x86_64.c
 @@ -27,6 +27,7 @@
@@ -56,7 +56,7 @@ index 537e4e1f60e..58397374ea4 100644
  #include "ntstatus.h"
  #define WIN32_NO_STATUS
  #include "windef.h"
-@@ -1824,6 +1835,186 @@ static inline DWORD is_privileged_instr( CONTEXT *context )
+@@ -1824,6 +1835,194 @@ static inline DWORD is_privileged_instr( CONTEXT *context )
      return 0;
  }
  
@@ -146,14 +146,22 @@ index 537e4e1f60e..58397374ea4 100644
 +
 +    static struct sock_filter filter[] =
 +    {
-+        BPF_STMT(BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, instruction_pointer) + 4),
-+        /* Native libs are loaded at high addresses. */
-+        BPF_JUMP(BPF_JMP | BPF_JGT | BPF_K, NATIVE_SYSCALL_ADDRESS_START >> 32, 0, 1),
-+        BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
 +        /* Allow i386. */
 +        BPF_STMT(BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, arch)),
 +        BPF_JUMP (BPF_JMP | BPF_JEQ | BPF_K, AUDIT_ARCH_X86_64, 1, 0),
 +        BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
++        /* Native libs are loaded at high addresses. */
++        BPF_STMT(BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, instruction_pointer) + 4),
++        BPF_JUMP(BPF_JMP | BPF_JGT | BPF_K, NATIVE_SYSCALL_ADDRESS_START >> 32, 0, 8),
++        /* High addresses may be top-down allocations, trap those */
++        BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x7fff, 1, 0),
++        BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
++        BPF_STMT(BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, instruction_pointer)),
++        BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, 0xfe000000, 1, 0),
++        BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
++        BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, 0xffff0000, 0, 1),
++        BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
++        BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_TRAP),
 +        /* Allow wine64-preloader */
 +        BPF_STMT(BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, instruction_pointer)),
 +        BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, 0x7d400000, 1, 0),
@@ -243,7 +251,7 @@ index 537e4e1f60e..58397374ea4 100644
  
  /***********************************************************************
   *           handle_interrupt
-@@ -2560,10 +2751,14 @@ void signal_init_process(void)
+@@ -2572,10 +2771,14 @@ void signal_init_process(void)
      if (sigaction( SIGSEGV, &sig_act, NULL ) == -1) goto error;
      if (sigaction( SIGILL, &sig_act, NULL ) == -1) goto error;
      if (sigaction( SIGBUS, &sig_act, NULL ) == -1) goto error;
@@ -259,5 +267,5 @@ index 537e4e1f60e..58397374ea4 100644
  
   error:
 -- 
-2.45.2
+2.47.2