diff options
-rw-r--r-- | sandbox/linux/seccomp/linux_syscall_support.h | 10 | ||||
-rw-r--r-- | sandbox/linux/seccomp/sandbox.cc | 7 | ||||
-rw-r--r-- | sandbox/linux/seccomp/trusted_thread.cc | 4 |
3 files changed, 14 insertions, 7 deletions
diff --git a/sandbox/linux/seccomp/linux_syscall_support.h b/sandbox/linux/seccomp/linux_syscall_support.h index 0d2e529..ee1c657 100644 --- a/sandbox/linux/seccomp/linux_syscall_support.h +++ b/sandbox/linux/seccomp/linux_syscall_support.h @@ -1446,7 +1446,7 @@ struct kernel_statfs { "int $0x80\n" \ "pop %%ebx" \ args \ - : "memory"); \ + : "esp", "memory"); \ LSS_RETURN(type,__res) #undef _syscall0 #define _syscall0(type,name) \ @@ -1503,7 +1503,7 @@ struct kernel_statfs { : "i" (__NR_##name), "ri" ((long)(arg1)), \ "c" ((long)(arg2)), "d" ((long)(arg3)), \ "S" ((long)(arg4)), "D" ((long)(arg5)) \ - : "memory"); \ + : "esp", "memory"); \ LSS_RETURN(type,__res); \ } #undef _syscall6 @@ -1525,7 +1525,7 @@ struct kernel_statfs { : "i" (__NR_##name), "0" ((long)(&__s)), \ "c" ((long)(arg2)), "d" ((long)(arg3)), \ "S" ((long)(arg4)), "D" ((long)(arg5)) \ - : "memory"); \ + : "esp", "memory"); \ LSS_RETURN(type,__res); \ } LSS_INLINE int LSS_NAME(clone)(int (*fn)(void *), void *child_stack, @@ -1611,7 +1611,7 @@ struct kernel_statfs { : "0"(-EINVAL), "i"(__NR_clone), "m"(fn), "m"(child_stack), "m"(flags), "m"(arg), "m"(parent_tidptr), "m"(newtls), "m"(child_tidptr) - : "memory", "ecx", "edx", "esi", "edi"); + : "esp", "memory", "ecx", "edx", "esi", "edi"); LSS_RETURN(int, __res); } @@ -1820,7 +1820,7 @@ struct kernel_statfs { : "0"(-EINVAL), "i"(__NR_clone), "i"(__NR_exit), "r"(fn), "S"(child_stack), "D"(flags), "r"(arg), "d"(parent_tidptr), "r"(__tls), "r"(__ctid) - : "memory", "r11", "rcx"); + : "rsp", "memory", "r11", "rcx"); } LSS_RETURN(int, __res); } diff --git a/sandbox/linux/seccomp/sandbox.cc b/sandbox/linux/seccomp/sandbox.cc index 810f295..1da17d3 100644 --- a/sandbox/linux/seccomp/sandbox.cc +++ b/sandbox/linux/seccomp/sandbox.cc @@ -329,6 +329,13 @@ void (*Sandbox::segv())(int signo) { ".popsection\n" "999:pop %0\n" : "=g"(fnc) + : + : "memory" +#if defined(__x86_64__) + , "rsp" +#elif defined(__i386__) + , "esp" +#endif ); return fnc; } diff --git a/sandbox/linux/seccomp/trusted_thread.cc b/sandbox/linux/seccomp/trusted_thread.cc index 25797cc..6edc05d 100644 --- a/sandbox/linux/seccomp/trusted_thread.cc +++ b/sandbox/linux/seccomp/trusted_thread.cc @@ -586,7 +586,7 @@ void Sandbox::createTrustedThread(int processFdPub, int cloneFdPub, : : "g"(&args) : "rax", "rcx", "rdx", "rdi", "rsi", "r8", "r9", "r10", "r11", "r12", - "r13", "r14", "r15" + "r13", "r14", "r15", "rsp", "memory" #elif defined(__i386__) struct user_desc u; u.entry_number = (typeof u.entry_number)-1; @@ -1197,7 +1197,7 @@ void Sandbox::createTrustedThread(int processFdPub, int cloneFdPub, "pop %%ebx\n" : : "g"(&args) - : "eax", "ecx", "edx", "edi", "esi" + : "eax", "ecx", "edx", "edi", "esi", "esp", "memory" #else #error Unsupported target platform #endif |