Merge pull request #21 from stupendoussuperpowers/double-free-fix

grate-rs: Add syscall constants, fix memory management

Author: rennergade

lib/grate-rs/examples/make_syscall.rs

@@ -3,7 +3,8 @@
 //! Here, the geteuid calls are redirected to the grate for logging purposes.
 //!
 //! The syscall wrapper here uses make_threei_call to call geteuid() as the cage and logs the return value.
-use grate_rs::GrateBuilder;
+use grate_rs::constants::SYS_GETEUID;
+use grate_rs::{GrateBuilder, GrateError};
 
 extern "C" fn geteuid_syscall(
     cageid: u64,
@@ -43,17 +44,13 @@ extern "C" fn geteuid_syscall(
 }
 
 fn main() {
-    let builder = GrateBuilder::new().register(107, geteuid_syscall);
+    let builder = GrateBuilder::new()
+        .register(SYS_GETEUID, geteuid_syscall)
+        .teardown(|result: Result<i32, GrateError>| {
+            println!("Result: {:#?}", result);
+        });
 
     let argv = std::env::args().skip(1).collect::<Vec<_>>();
 
-    match builder.run(argv) {
-        Ok(status) => {
-            println!("[grate_teardown] Cage exited with: {status}.");
-        }
-        Err(e) => {
-            eprintln!("[grate_error] Failed to run grate: {:?}", e);
-            std::process::exit(1);
-        }
-    }
+    builder.run(argv);
 }

lib/grate-rs/examples/read_syscall.rs

@@ -6,7 +6,7 @@
 //! - `getcageid()`: obtain the current cage id from inside a handler.
 //! - `copy_data_between_cages(...)`: copy memory between cages.
 
-use grate_rs::{GrateBuilder, copy_data_between_cages, getcageid};
+use grate_rs::{GrateBuilder, GrateError, constants::SYS_READ, copy_data_between_cages, getcageid};
 use std::cmp::min;
 
 fn imfs_read(_cageid: u64, _fd: u64, buf: &mut [u8], count: usize) -> i32 {
@@ -60,19 +60,13 @@ fn main() {
         "[grate_init] Run all required initializations before calling builder.run(), such as imfs_init() or preloads()"
     );
 
-    let builder = GrateBuilder::new().register(0, read_syscall);
+    let builder = GrateBuilder::new()
+        .register(SYS_READ, read_syscall)
+        .teardown(|result: Result<i32, GrateError>| {
+            println!("Result: {:#?}", result);
+        });
 
     let argv = std::env::args().skip(1).collect::<Vec<_>>();
 
-    match builder.run(argv) {
-        Ok(status) => {
-            println!(
-                "[grate_teardown] Cage exited with: {status}. Safe to run teardown functions such as dump_file()"
-            );
-        }
-        Err(e) => {
-            eprintln!("[grate_error] Failed to run grate: {:?}", e);
-            std::process::exit(1);
-        }
-    }
+    builder.run(argv);
 }

lib/grate-rs/src/constants/mod.rs

@@ -0,0 +1,3 @@
+pub mod syscall_numbers;
+
+pub use syscall_numbers::*;

lib/grate-rs/src/constants/syscall_numbers.rs

@@ -0,0 +1,103 @@
+pub const SYS_READ: u64 = 0;
+pub const SYS_WRITE: u64 = 1;
+pub const SYS_OPEN: u64 = 2;
+pub const SYS_CLOSE: u64 = 3;
+pub const SYS_XSTAT: u64 = 4;
+pub const SYS_FXSTAT: u64 = 5;
+pub const SYS_POLL: u64 = 7;
+pub const SYS_LSEEK: u64 = 8;
+pub const SYS_MMAP: u64 = 9;
+pub const SYS_MPROTECT: u64 = 10;
+pub const SYS_MUNMAP: u64 = 11;
+pub const SYS_BRK: u64 = 12;
+pub const SYS_SIGACTION: u64 = 13;
+pub const SYS_SIGPROCMASK: u64 = 14;
+
+pub const SYS_IOCTL: u64 = 16;
+pub const SYS_PREAD: u64 = 17;
+pub const SYS_PWRITE: u64 = 18;
+pub const SYS_WRITEV: u64 = 20;
+pub const SYS_ACCESS: u64 = 21;
+pub const SYS_PIPE: u64 = 22;
+pub const SYS_SELECT: u64 = 23;
+pub const SYS_SCHED_YIELD: u64 = 24;
+
+pub const SYS_SHMGET: u64 = 29;
+pub const SYS_SHMAT: u64 = 30;
+pub const SYS_SHMCTL: u64 = 31;
+
+pub const SYS_DUP: u64 = 32;
+pub const SYS_DUP2: u64 = 33;
+
+pub const SYS_NANOSLEEP_TIME64: u64 = 35;
+pub const SYS_SETITIMER: u64 = 38;
+
+pub const SYS_GETPID: u64 = 39;
+
+pub const SYS_SOCKET: u64 = 41;
+pub const SYS_CONNECT: u64 = 42;
+pub const SYS_ACCEPT: u64 = 43;
+pub const SYS_SENDTO: u64 = 44;
+pub const SYS_RECVFROM: u64 = 45;
+pub const SYS_SENDMSG: u64 = 46;
+pub const SYS_RECVMSG: u64 = 47;
+pub const SYS_SHUTDOWN: u64 = 48;
+pub const SYS_BIND: u64 = 49;
+pub const SYS_LISTEN: u64 = 50;
+pub const SYS_GETSOCKNAME: u64 = 51;
+pub const SYS_GETPEERNAME: u64 = 52;
+pub const SYS_SOCKETPAIR: u64 = 53;
+pub const SYS_SETSOCKOPT: u64 = 54;
+pub const SYS_GETSOCKOPT: u64 = 55;
+
+pub const SYS_CLONE: u64 = 56;
+pub const SYS_FORK: u64 = 57;
+pub const SYS_EXEC: u64 = 59;
+pub const SYS_EXECVE: u64 = 59;
+pub const SYS_EXIT: u64 = 60;
+pub const SYS_WAITPID: u64 = 61;
+pub const SYS_KILL: u64 = 62;
+
+pub const SYS_SHMDT: u64 = 67;
+
+pub const SYS_FCNTL: u64 = 72;
+pub const SYS_FLOCK: u64 = 73;
+pub const SYS_FSYNC: u64 = 74;
+pub const SYS_FDATASYNC: u64 = 75;
+pub const SYS_TRUNCATE: u64 = 76;
+pub const SYS_FTRUNCATE: u64 = 77;
+pub const SYS_GETDENTS: u64 = 78;
+pub const SYS_GETCWD: u64 = 79;
+pub const SYS_CHDIR: u64 = 80;
+pub const SYS_FCHDIR: u64 = 81;
+pub const SYS_RENAME: u64 = 82;
+pub const SYS_UNLINK: u64 = 87;
+pub const SYS_READLINK: u64 = 89;
+
+pub const SYS_CHMOD: u64 = 90;
+pub const SYS_FCHMOD: u64 = 91;
+pub const SYS_GETUID: u64 = 102;
+pub const SYS_GETGID: u64 = 104;
+pub const SYS_GETEUID: u64 = 107;
+pub const SYS_GETEGID: u64 = 108;
+pub const SYS_GETPPID: u64 = 110;
+
+pub const SYS_STATFS: u64 = 137;
+pub const SYS_FSTATFS: u64 = 138;
+
+pub const SYS_GETHOSTNAME: u64 = 170;
+pub const SYS_FUTEX: u64 = 202;
+pub const SYS_EPOLL_CREATE: u64 = 213;
+
+pub const SYS_CLOCK_GETTIME: u64 = 228;
+pub const SYS_EPOLL_WAIT: u64 = 232;
+pub const SYS_EPOLL_CTL: u64 = 233;
+pub const SYS_UNLINKAT: u64 = 263;
+pub const SYS_READLINKAT: u64 = 267;
+pub const SYS_SYNC_FILE_RANGE: u64 = 277;
+
+pub const SYS_EPOLL_CREATE1: u64 = 291;
+pub const SYS_DUP3: u64 = 292;
+pub const SYS_PIPE2: u64 = 293;
+
+pub const SYS_GETRANDOM: u64 = 318;