| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/syscall_wrappers.h" | 5 #include "sandbox/linux/services/syscall_wrappers.h" |
| 6 | 6 |
| 7 #include <pthread.h> | 7 #include <pthread.h> |
| 8 #include <sched.h> | 8 #include <sched.h> |
| 9 #include <setjmp.h> | 9 #include <setjmp.h> |
| 10 #include <sys/resource.h> | 10 #include <sys/resource.h> |
| 11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
| 12 #include <sys/time.h> | 12 #include <sys/time.h> |
| 13 #include <sys/types.h> | 13 #include <sys/types.h> |
| 14 #include <unistd.h> | 14 #include <unistd.h> |
| 15 #include <cstring> |
| 15 | 16 |
| 16 #include "base/compiler_specific.h" | 17 #include "base/compiler_specific.h" |
| 17 #include "base/logging.h" | 18 #include "base/logging.h" |
| 18 #include "base/third_party/valgrind/valgrind.h" | 19 #include "base/third_party/valgrind/valgrind.h" |
| 19 #include "build/build_config.h" | 20 #include "build/build_config.h" |
| 21 #include "sandbox/linux/system_headers/capability.h" |
| 22 #include "sandbox/linux/system_headers/linux_signal.h" |
| 20 #include "sandbox/linux/system_headers/linux_syscalls.h" | 23 #include "sandbox/linux/system_headers/linux_syscalls.h" |
| 21 | 24 |
| 22 namespace sandbox { | 25 namespace sandbox { |
| 23 | 26 |
| 24 pid_t sys_getpid(void) { | 27 pid_t sys_getpid(void) { |
| 25 return syscall(__NR_getpid); | 28 return syscall(__NR_getpid); |
| 26 } | 29 } |
| 27 | 30 |
| 28 pid_t sys_gettid(void) { | 31 pid_t sys_gettid(void) { |
| 29 return syscall(__NR_gettid); | 32 return syscall(__NR_gettid); |
| 30 } | 33 } |
| 31 | 34 |
| 32 long sys_clone(unsigned long flags, | 35 long sys_clone(unsigned long flags, |
| 33 decltype(nullptr) child_stack, | 36 decltype(nullptr) child_stack, |
| 34 pid_t* ptid, | 37 pid_t* ptid, |
| 35 pid_t* ctid, | 38 pid_t* ctid, |
| 36 decltype(nullptr) tls) { | 39 decltype(nullptr) tls) { |
| 37 const bool clone_tls_used = flags & CLONE_SETTLS; | 40 const bool clone_tls_used = flags & CLONE_SETTLS; |
| 38 const bool invalid_ctid = | 41 const bool invalid_ctid = |
| 39 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; | 42 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; |
| 40 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; | 43 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; |
| 41 | 44 |
| 42 // We do not support CLONE_VM. | 45 // We do not support CLONE_VM. |
| 43 const bool clone_vm_used = flags & CLONE_VM; | 46 const bool clone_vm_used = flags & CLONE_VM; |
| 44 if (clone_tls_used || invalid_ctid || invalid_ptid || clone_vm_used) { | 47 if (clone_tls_used || invalid_ctid || invalid_ptid || clone_vm_used) { |
| 45 RAW_LOG(FATAL, "Invalid usage of sys_clone"); | 48 RAW_LOG(FATAL, "Invalid usage of sys_clone"); |
| 46 } | 49 } |
| 47 | 50 |
| 51 if (ptid) MSAN_UNPOISON(ptid, sizeof(*ptid)); |
| 52 if (ctid) MSAN_UNPOISON(ctid, sizeof(*ctid)); |
| 48 // See kernel/fork.c in Linux. There is different ordering of sys_clone | 53 // See kernel/fork.c in Linux. There is different ordering of sys_clone |
| 49 // parameters depending on CONFIG_CLONE_BACKWARDS* configuration options. | 54 // parameters depending on CONFIG_CLONE_BACKWARDS* configuration options. |
| 50 #if defined(ARCH_CPU_X86_64) | 55 #if defined(ARCH_CPU_X86_64) |
| 51 return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); | 56 return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); |
| 52 #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ | 57 #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ |
| 53 defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_MIPS64_FAMILY) | 58 defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_MIPS64_FAMILY) |
| 54 // CONFIG_CLONE_BACKWARDS defined. | 59 // CONFIG_CLONE_BACKWARDS defined. |
| 55 return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); | 60 return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); |
| 56 #endif | 61 #endif |
| 57 } | 62 } |
| 58 | 63 |
| 59 long sys_clone(unsigned long flags) { | 64 long sys_clone(unsigned long flags) { |
| 60 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); | 65 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); |
| 61 } | 66 } |
| 62 | 67 |
| 63 void sys_exit_group(int status) { | 68 void sys_exit_group(int status) { |
| 64 syscall(__NR_exit_group, status); | 69 syscall(__NR_exit_group, status); |
| 65 } | 70 } |
| 66 | 71 |
| 67 int sys_seccomp(unsigned int operation, | 72 int sys_seccomp(unsigned int operation, |
| 68 unsigned int flags, | 73 unsigned int flags, |
| 69 const struct sock_fprog* args) { | 74 const struct sock_fprog* args) { |
| 70 return syscall(__NR_seccomp, operation, flags, args); | 75 return syscall(__NR_seccomp, operation, flags, args); |
| 71 } | 76 } |
| 72 | 77 |
| 73 int sys_prlimit64(pid_t pid, | 78 int sys_prlimit64(pid_t pid, |
| 74 int resource, | 79 int resource, |
| 75 const struct rlimit64* new_limit, | 80 const struct rlimit64* new_limit, |
| 76 struct rlimit64* old_limit) { | 81 struct rlimit64* old_limit) { |
| 77 return syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); | 82 int res = syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); |
| 83 if (res == 0 && old_limit) MSAN_UNPOISON(old_limit, sizeof(*old_limit)); |
| 84 return res; |
| 78 } | 85 } |
| 79 | 86 |
| 80 int sys_capget(cap_hdr* hdrp, cap_data* datap) { | 87 int sys_capget(cap_hdr* hdrp, cap_data* datap) { |
| 81 return syscall(__NR_capget, hdrp, datap); | 88 int res = syscall(__NR_capget, hdrp, datap); |
| 89 if (res == 0) { |
| 90 if (hdrp) MSAN_UNPOISON(hdrp, sizeof(*hdrp)); |
| 91 if (datap) MSAN_UNPOISON(datap, sizeof(*datap)); |
| 92 } |
| 93 return res; |
| 82 } | 94 } |
| 83 | 95 |
| 84 int sys_capset(cap_hdr* hdrp, const cap_data* datap) { | 96 int sys_capset(cap_hdr* hdrp, const cap_data* datap) { |
| 85 return syscall(__NR_capset, hdrp, datap); | 97 return syscall(__NR_capset, hdrp, datap); |
| 86 } | 98 } |
| 87 | 99 |
| 100 int sys_getresuid(uid_t* ruid, uid_t* euid, uid_t* suid) { |
| 101 int res; |
| 102 #if defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARMEL) |
| 103 // On 32-bit x86 or 32-bit arm, getresuid supports 16bit values only. |
| 104 // Use getresuid32 instead. |
| 105 res = syscall(__NR_getresuid32, ruid, euid, suid); |
| 106 #else |
| 107 res = syscall(__NR_getresuid, ruid, euid, suid); |
| 108 #endif |
| 109 if (res == 0) { |
| 110 if (ruid) MSAN_UNPOISON(ruid, sizeof(*ruid)); |
| 111 if (euid) MSAN_UNPOISON(euid, sizeof(*euid)); |
| 112 if (suid) MSAN_UNPOISON(suid, sizeof(*suid)); |
| 113 } |
| 114 return res; |
| 115 } |
| 116 |
| 117 int sys_getresgid(gid_t* rgid, gid_t* egid, gid_t* sgid) { |
| 118 int res; |
| 119 #if defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARMEL) |
| 120 // On 32-bit x86 or 32-bit arm, getresgid supports 16bit values only. |
| 121 // Use getresgid32 instead. |
| 122 res = syscall(__NR_getresgid32, rgid, egid, sgid); |
| 123 #else |
| 124 res = syscall(__NR_getresgid, rgid, egid, sgid); |
| 125 #endif |
| 126 if (res == 0) { |
| 127 if (rgid) MSAN_UNPOISON(rgid, sizeof(*rgid)); |
| 128 if (egid) MSAN_UNPOISON(egid, sizeof(*egid)); |
| 129 if (sgid) MSAN_UNPOISON(sgid, sizeof(*sgid)); |
| 130 } |
| 131 return res; |
| 132 } |
| 133 |
| 134 int sys_chroot(const char* path) { |
| 135 return syscall(__NR_chroot, path); |
| 136 } |
| 137 |
| 138 int sys_unshare(int flags) { |
| 139 return syscall(__NR_unshare, flags); |
| 140 } |
| 141 |
| 142 int sys_sigprocmask(int how, const sigset_t* set, decltype(nullptr) oldset) { |
| 143 // In some toolchain (in particular Android and PNaCl toolchain), |
| 144 // sigset_t is 32 bits, but Linux ABI requires 64 bits. |
| 145 uint64_t linux_value = 0; |
| 146 std::memcpy(&linux_value, set, std::min(sizeof(sigset_t), sizeof(uint64_t))); |
| 147 return syscall(__NR_rt_sigprocmask, how, &linux_value, nullptr, |
| 148 sizeof(linux_value)); |
| 149 } |
| 150 |
| 151 #if defined(MEMORY_SANITIZER) || \ |
| 152 (defined(ARCH_CPU_X86_64) && defined(__GNUC__) && !defined(__clang__)) |
| 153 // If MEMORY_SANITIZER is enabled, it is necessary to call sigaction() here, |
| 154 // rather than the direct syscall (sys_sigaction() defined by ourselves). |
| 155 // It is because, if MEMORY_SANITIZER is enabled, sigaction is wrapped, and |
| 156 // |act->sa_handler| is injected in order to unpoisonize the memory passed via |
| 157 // callback's arguments. Please see msan_interceptors.cc for more details. |
| 158 // So, if the direct syscall is used, as MEMORY_SANITIZER does not know about |
| 159 // it, sigaction() invocation in other places would be broken (in more precise, |
| 160 // returned |oldact| would have a broken |sa_handler| callback). |
| 161 // Practically, it would break NaCl's signal handler installation. |
| 162 // cf) native_client/src/trusted/service_runtime/linux/nacl_signal.c. |
| 163 // |
| 164 // Also on x86_64 architecture, we need naked function for rt_sigreturn. |
| 165 // However, there is no simple way to define it with GCC. Note that the body |
| 166 // of function is actually very small (only two instructions), but we need to |
| 167 // define much debug information in addition, otherwise backtrace() used by |
| 168 // base::StackTrace would not work so that some tests would fail. |
| 169 int sys_sigaction(int signum, |
| 170 const struct sigaction* act, |
| 171 struct sigaction* oldact) { |
| 172 return sigaction(signum, act, oldact); |
| 173 } |
| 174 #else |
| 175 // struct sigaction is different ABI from the Linux's. |
| 176 struct KernelSigAction { |
| 177 void (*kernel_handler)(int); |
| 178 uint32_t sa_flags; |
| 179 void (*sa_restorer)(void); |
| 180 uint64_t sa_mask; |
| 181 }; |
| 182 |
| 183 // On X86_64 arch, it is necessary to set sa_restorer always. |
| 184 #if defined(ARCH_CPU_X86_64) |
| 185 #if !defined(SA_RESTORER) |
| 186 #define SA_RESTORER 0x04000000 |
| 187 #endif |
| 188 |
| 189 // rt_sigreturn is a special system call that interacts with the user land |
| 190 // stack. Thus, here prologue must not be created, which implies syscall() |
| 191 // does not work properly, too. Note that rt_sigreturn will never return. |
| 192 static __attribute__((naked)) void sys_rt_sigreturn() { |
| 193 // Just invoke rt_sigreturn system call. |
| 194 asm volatile ("syscall\n" |
| 195 :: "a"(__NR_rt_sigreturn)); |
| 196 } |
| 197 #endif |
| 198 |
| 199 int sys_sigaction(int signum, |
| 200 const struct sigaction* act, |
| 201 struct sigaction* oldact) { |
| 202 KernelSigAction kernel_act = {}; |
| 203 if (act) { |
| 204 kernel_act.kernel_handler = act->sa_handler; |
| 205 std::memcpy(&kernel_act.sa_mask, &act->sa_mask, |
| 206 std::min(sizeof(kernel_act.sa_mask), sizeof(act->sa_mask))); |
| 207 kernel_act.sa_flags = act->sa_flags; |
| 208 |
| 209 #if defined(ARCH_CPU_X86_64) |
| 210 if (!(kernel_act.sa_flags & SA_RESTORER)) { |
| 211 kernel_act.sa_flags |= SA_RESTORER; |
| 212 kernel_act.sa_restorer = sys_rt_sigreturn; |
| 213 } |
| 214 #endif |
| 215 } |
| 216 |
| 217 KernelSigAction kernel_oldact = {}; |
| 218 int result = syscall(__NR_rt_sigaction, signum, act ? &kernel_act : nullptr, |
| 219 oldact ? &kernel_oldact : nullptr, sizeof(uint64_t)); |
| 220 if (result == 0 && oldact) { |
| 221 oldact->sa_handler = kernel_oldact.kernel_handler; |
| 222 sigemptyset(&oldact->sa_mask); |
| 223 std::memcpy(&oldact->sa_mask, &kernel_oldact.sa_mask, |
| 224 std::min(sizeof(kernel_act.sa_mask), sizeof(act->sa_mask))); |
| 225 oldact->sa_flags = kernel_oldact.sa_flags; |
| 226 } |
| 227 return result; |
| 228 } |
| 229 |
| 230 #endif // defined(MEMORY_SANITIZER) |
| 231 |
| 88 } // namespace sandbox | 232 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1124763003:
Update from https://crrev.com/327068 (Closed)
Base URL: git@github.com:domokit/mojo.git@master