OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Note: any code in this file MUST be async-signal safe. | 5 // Note: any code in this file MUST be async-signal safe. |
6 | 6 |
7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
8 | 8 |
9 #include <unistd.h> | 9 #include <unistd.h> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/posix/eintr_wrapper.h" | 12 #include "base/posix/eintr_wrapper.h" |
13 #include "build/build_config.h" | 13 #include "build/build_config.h" |
14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
15 | 15 |
| 16 #define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure" |
| 17 #define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure" |
| 18 #define SECCOMP_MESSAGE_PRCTL_CONTENT "prctl() failure" |
| 19 #define SECCOMP_MESSAGE_IOCTL_CONTENT "ioctl() failure" |
| 20 |
16 namespace { | 21 namespace { |
17 | 22 |
18 inline bool IsArchitectureX86_64() { | 23 inline bool IsArchitectureX86_64() { |
19 #if defined(__x86_64__) | 24 #if defined(__x86_64__) |
20 return true; | 25 return true; |
21 #else | 26 #else |
22 return false; | 27 return false; |
23 #endif | 28 #endif |
24 } | 29 } |
25 | 30 |
(...skipping 21 matching lines...) Expand all Loading... |
47 const size_t kNumDigits = 4; | 52 const size_t kNumDigits = 4; |
48 char sysno_base10[kNumDigits]; | 53 char sysno_base10[kNumDigits]; |
49 uint32_t rem = sysno; | 54 uint32_t rem = sysno; |
50 uint32_t mod = 0; | 55 uint32_t mod = 0; |
51 for (int i = kNumDigits - 1; i >= 0; i--) { | 56 for (int i = kNumDigits - 1; i >= 0; i--) { |
52 mod = rem % 10; | 57 mod = rem % 10; |
53 rem /= 10; | 58 rem /= 10; |
54 sysno_base10[i] = '0' + mod; | 59 sysno_base10[i] = '0' + mod; |
55 } | 60 } |
56 static const char kSeccompErrorPrefix[] = | 61 static const char kSeccompErrorPrefix[] = |
57 __FILE__":**CRASHING**:seccomp-bpf failure in syscall "; | 62 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall "; |
58 static const char kSeccompErrorPostfix[] = "\n"; | 63 static const char kSeccompErrorPostfix[] = "\n"; |
59 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); | 64 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); |
60 WriteToStdErr(sysno_base10, sizeof(sysno_base10)); | 65 WriteToStdErr(sysno_base10, sizeof(sysno_base10)); |
61 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1); | 66 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1); |
62 } | 67 } |
63 | 68 |
64 } // namespace. | 69 } // namespace. |
65 | 70 |
66 namespace sandbox { | 71 namespace sandbox { |
67 | 72 |
(...skipping 20 matching lines...) Expand all Loading... |
88 addr = reinterpret_cast<volatile char*>(syscall); | 93 addr = reinterpret_cast<volatile char*>(syscall); |
89 *addr = '\0'; | 94 *addr = '\0'; |
90 for (;;) | 95 for (;;) |
91 _exit(1); | 96 _exit(1); |
92 } | 97 } |
93 | 98 |
94 // TODO(jln): refactor the reporting functions. | 99 // TODO(jln): refactor the reporting functions. |
95 | 100 |
96 intptr_t SIGSYSCloneFailure(const struct arch_seccomp_data& args, void* aux) { | 101 intptr_t SIGSYSCloneFailure(const struct arch_seccomp_data& args, void* aux) { |
97 static const char kSeccompCloneError[] = | 102 static const char kSeccompCloneError[] = |
98 __FILE__":**CRASHING**:clone() failure\n"; | 103 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_CLONE_CONTENT "\n"; |
99 WriteToStdErr(kSeccompCloneError, sizeof(kSeccompCloneError) - 1); | 104 WriteToStdErr(kSeccompCloneError, sizeof(kSeccompCloneError) - 1); |
100 // "flags" is the first argument in the kernel's clone(). | 105 // "flags" is the first argument in the kernel's clone(). |
101 // Mark as volatile to be able to find the value on the stack in a minidump. | 106 // Mark as volatile to be able to find the value on the stack in a minidump. |
102 volatile uint64_t clone_flags = args.args[0]; | 107 volatile uint64_t clone_flags = args.args[0]; |
103 volatile char* addr; | 108 volatile char* addr; |
104 if (IsArchitectureX86_64()) { | 109 if (IsArchitectureX86_64()) { |
105 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFFFFF); | 110 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFFFFF); |
106 *addr = '\0'; | 111 *addr = '\0'; |
107 } | 112 } |
108 // Hit the NULL page if this fails to fault. | 113 // Hit the NULL page if this fails to fault. |
109 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFF); | 114 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFF); |
110 *addr = '\0'; | 115 *addr = '\0'; |
111 for (;;) | 116 for (;;) |
112 _exit(1); | 117 _exit(1); |
113 } | 118 } |
114 | 119 |
115 intptr_t SIGSYSPrctlFailure(const struct arch_seccomp_data& args, | 120 intptr_t SIGSYSPrctlFailure(const struct arch_seccomp_data& args, |
116 void* /* aux */) { | 121 void* /* aux */) { |
117 static const char kSeccompPrctlError[] = | 122 static const char kSeccompPrctlError[] = |
118 __FILE__":**CRASHING**:prctl() failure\n"; | 123 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_PRCTL_CONTENT "\n"; |
119 WriteToStdErr(kSeccompPrctlError, sizeof(kSeccompPrctlError) - 1); | 124 WriteToStdErr(kSeccompPrctlError, sizeof(kSeccompPrctlError) - 1); |
120 // Mark as volatile to be able to find the value on the stack in a minidump. | 125 // Mark as volatile to be able to find the value on the stack in a minidump. |
121 volatile uint64_t option = args.args[0]; | 126 volatile uint64_t option = args.args[0]; |
122 volatile char* addr = | 127 volatile char* addr = |
123 reinterpret_cast<volatile char*>(option & 0xFFF); | 128 reinterpret_cast<volatile char*>(option & 0xFFF); |
124 *addr = '\0'; | 129 *addr = '\0'; |
125 for (;;) | 130 for (;;) |
126 _exit(1); | 131 _exit(1); |
127 } | 132 } |
128 | 133 |
129 intptr_t SIGSYSIoctlFailure(const struct arch_seccomp_data& args, | 134 intptr_t SIGSYSIoctlFailure(const struct arch_seccomp_data& args, |
130 void* /* aux */) { | 135 void* /* aux */) { |
131 static const char kSeccompIoctlError[] = | 136 static const char kSeccompIoctlError[] = |
132 __FILE__":**CRASHING**:ioctl() failure\n"; | 137 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_IOCTL_CONTENT "\n"; |
133 WriteToStdErr(kSeccompIoctlError, sizeof(kSeccompIoctlError) - 1); | 138 WriteToStdErr(kSeccompIoctlError, sizeof(kSeccompIoctlError) - 1); |
134 // Make "request" volatile so that we can see it on the stack in a minidump. | 139 // Make "request" volatile so that we can see it on the stack in a minidump. |
135 volatile uint64_t request = args.args[1]; | 140 volatile uint64_t request = args.args[1]; |
136 volatile char* addr = reinterpret_cast<volatile char*>(request & 0xFFFF); | 141 volatile char* addr = reinterpret_cast<volatile char*>(request & 0xFFFF); |
137 *addr = '\0'; | 142 *addr = '\0'; |
138 // Hit the NULL page if this fails. | 143 // Hit the NULL page if this fails. |
139 addr = reinterpret_cast<volatile char*>(request & 0xFFF); | 144 addr = reinterpret_cast<volatile char*>(request & 0xFFF); |
140 *addr = '\0'; | 145 *addr = '\0'; |
141 for (;;) | 146 for (;;) |
142 _exit(1); | 147 _exit(1); |
143 } | 148 } |
144 | 149 |
| 150 const char* GetErrorMessageContentForTests() { |
| 151 return SECCOMP_MESSAGE_COMMON_CONTENT; |
| 152 } |
| 153 |
| 154 const char* GetCloneErrorMessageContentForTests() { |
| 155 return SECCOMP_MESSAGE_CLONE_CONTENT; |
| 156 } |
| 157 |
| 158 const char* GetPrctlErrorMessageContentForTests() { |
| 159 return SECCOMP_MESSAGE_PRCTL_CONTENT; |
| 160 } |
| 161 |
| 162 const char* GetIoctlErrorMessageContentForTests() { |
| 163 return SECCOMP_MESSAGE_IOCTL_CONTENT; |
| 164 } |
| 165 |
145 } // namespace sandbox. | 166 } // namespace sandbox. |
OLD | NEW |