| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. | 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. |
| 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ | 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ |
| 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) | 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) |
| 8 | 8 |
| 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
| 10 | 10 |
| 11 #include <errno.h> | 11 #include <errno.h> |
| 12 #include <fcntl.h> | 12 #include <fcntl.h> |
| 13 #include <linux/net.h> | 13 #include <linux/net.h> |
| 14 #include <pthread.h> | 14 #include <pthread.h> |
| 15 #include <sched.h> | 15 #include <sched.h> |
| 16 #include <signal.h> | 16 #include <signal.h> |
| 17 #include <stdlib.h> | 17 #include <stdlib.h> |
| 18 #include <string.h> | 18 #include <string.h> |
| 19 #include <sys/mman.h> | 19 #include <sys/mman.h> |
| 20 #include <sys/prctl.h> | 20 #include <sys/prctl.h> |
| 21 #include <sys/socket.h> | 21 #include <sys/socket.h> |
| 22 #include <sys/syscall.h> | 22 #include <sys/syscall.h> |
| 23 #include <sys/types.h> | 23 #include <sys/types.h> |
| 24 #include <sys/wait.h> | 24 #include <sys/wait.h> |
| 25 #include <time.h> | 25 #include <time.h> |
| 26 #include <unistd.h> | 26 #include <unistd.h> |
| 27 | 27 |
| 28 #include "base/at_exit.h" |
| 28 #include "base/bind.h" | 29 #include "base/bind.h" |
| 29 #include "base/callback.h" | 30 #include "base/callback.h" |
| 30 #include "base/compiler_specific.h" | 31 #include "base/compiler_specific.h" |
| 31 #include "base/files/scoped_file.h" | 32 #include "base/files/scoped_file.h" |
| 32 #include "base/logging.h" | 33 #include "base/logging.h" |
| 33 #include "base/posix/eintr_wrapper.h" | 34 #include "base/posix/eintr_wrapper.h" |
| 34 #include "base/sys_info.h" | 35 #include "base/sys_info.h" |
| 35 #include "base/threading/thread.h" | 36 #include "base/threading/thread.h" |
| 36 #include "base/time/time.h" | 37 #include "base/time/time.h" |
| 37 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 38 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 38 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 39 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 39 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 40 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 40 #include "sandbox/linux/seccomp-bpf/syscall.h" | 41 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 41 #include "sandbox/linux/system_headers/linux_futex.h" | 42 #include "sandbox/linux/system_headers/linux_futex.h" |
| 42 #include "sandbox/linux/system_headers/linux_signal.h" | 43 #include "sandbox/linux/system_headers/linux_signal.h" |
| 43 #include "sandbox/linux/system_headers/linux_syscalls.h" | 44 #include "sandbox/linux/system_headers/linux_syscalls.h" |
| 44 | 45 |
| 46 #if !defined(F_DUPFD_CLOEXEC) |
| 47 #define F_DUPFD_CLOEXEC 1030 |
| 48 #endif |
| 49 |
| 50 #if !defined(MAP_POPULATE) |
| 51 #define MAP_POPULATE 0x8000 |
| 52 #endif |
| 53 |
| 54 #if !defined(PROT_GROWSDOWN) |
| 55 #define PROT_GROWSDOWN 0x01000000 |
| 56 #endif |
| 57 |
| 58 #if !defined(CLOCK_MONOTONIC_RAW) |
| 59 #define CLOCK_MONOTONIC_RAW 4 |
| 60 #endif |
| 61 |
| 62 #if !defined(AF_INET) |
| 63 #define AF_INET 2 |
| 64 #endif |
| 65 |
| 66 #if defined(__i386__) |
| 67 #if !defined(SYS_SOCKET) |
| 68 #define SYS_SOCKET 1 |
| 69 #endif |
| 70 |
| 71 #if !defined(SYS_BIND) |
| 72 #define SYS_BIND 2 |
| 73 #endif |
| 74 |
| 75 #if !defined(SYS_CONNECT) |
| 76 #define SYS_CONNECT 3 |
| 77 #endif |
| 78 |
| 79 #if !defined(SYS_LISTEN) |
| 80 #define SYS_LISTEN 4 |
| 81 #endif |
| 82 |
| 83 #if !defined(SYS_ACCEPT) |
| 84 #define SYS_ACCEPT 5 |
| 85 #endif |
| 86 |
| 87 #if !defined(SYS_GETSOCKNAME) |
| 88 #define SYS_GETSOCKNAME 6 |
| 89 #endif |
| 90 |
| 91 #if !defined(SYS_GETPEERNAME) |
| 92 #define SYS_GETPEERNAME 7 |
| 93 #endif |
| 94 |
| 95 #if !defined(SYS_SETSOCKOPT) |
| 96 #define SYS_SETSOCKOPT 14 |
| 97 #endif |
| 98 |
| 99 #if !defined(SYS_GETSOCKOPT) |
| 100 #define SYS_GETSOCKOPT 15 |
| 101 #endif |
| 102 #endif // defined(__i386__) |
| 103 |
| 45 namespace { | 104 namespace { |
| 46 | 105 |
| 47 void DoPipe(base::ScopedFD* fds) { | 106 void DoPipe(base::ScopedFD* fds) { |
| 48 int tmp_fds[2]; | 107 int tmp_fds[2]; |
| 49 BPF_ASSERT_EQ(0, pipe(tmp_fds)); | 108 BPF_ASSERT_EQ(0, pipe(tmp_fds)); |
| 50 fds[0].reset(tmp_fds[0]); | 109 fds[0].reset(tmp_fds[0]); |
| 51 fds[1].reset(tmp_fds[1]); | 110 fds[1].reset(tmp_fds[1]); |
| 52 } | 111 } |
| 53 | 112 |
| 54 void DoSocketpair(base::ScopedFD* fds) { | 113 void DoSocketpair(base::ScopedFD* fds) { |
| (...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 361 | 420 |
| 362 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 421 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 363 fcntl_GETFL_SETFL, | 422 fcntl_GETFL_SETFL, |
| 364 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 423 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 365 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 424 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 366 base::ScopedFD fds[2]; | 425 base::ScopedFD fds[2]; |
| 367 DoSocketpair(fds); | 426 DoSocketpair(fds); |
| 368 fcntl(fds[0].get(), F_SETFL, O_APPEND); | 427 fcntl(fds[0].get(), F_SETFL, O_APPEND); |
| 369 } | 428 } |
| 370 | 429 |
| 430 void DoFcntl(int fd, int cmd) { |
| 431 // fcntl in PNaCl toolchian returns an error without calling actual system |
| 432 // call for unknown |cmd|. So, instead, here we use syscall(). |
| 433 #if defined(OS_NACL_NONSFI) |
| 434 syscall(__NR_fcntl64, fd, cmd); |
| 435 #else |
| 436 fcntl(fd, cmd); |
| 437 #endif |
| 438 } |
| 439 |
| 371 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 440 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 372 fcntl_DUPFD, | 441 fcntl_DUPFD, |
| 373 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 442 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 374 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 443 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 375 fcntl(0, F_DUPFD); | 444 DoFcntl(0, F_DUPFD); |
| 376 } | 445 } |
| 377 | 446 |
| 378 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 447 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 379 fcntl_DUPFD_CLOEXEC, | 448 fcntl_DUPFD_CLOEXEC, |
| 380 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 449 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 381 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 450 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 382 fcntl(0, F_DUPFD_CLOEXEC); | 451 DoFcntl(0, F_DUPFD_CLOEXEC); |
| 383 } | 452 } |
| 384 | 453 |
| 385 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 454 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 386 FutexWithRequeuePriorityInheritence, | 455 FutexWithRequeuePriorityInheritence, |
| 387 DEATH_SEGV_MESSAGE( | 456 DEATH_SEGV_MESSAGE( |
| 388 sandbox::GetFutexErrorMessageContentForTests()), | 457 sandbox::GetFutexErrorMessageContentForTests()), |
| 389 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 458 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 390 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0); | 459 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0); |
| 391 _exit(1); | 460 _exit(1); |
| 392 } | 461 } |
| 393 | 462 |
| 394 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 463 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 395 FutexWithRequeuePriorityInheritencePrivate, | 464 FutexWithRequeuePriorityInheritencePrivate, |
| 396 DEATH_SEGV_MESSAGE( | 465 DEATH_SEGV_MESSAGE( |
| 397 sandbox::GetFutexErrorMessageContentForTests()), | 466 sandbox::GetFutexErrorMessageContentForTests()), |
| 398 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 467 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 399 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI_PRIVATE, 0, NULL, NULL, 0); | 468 syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI_PRIVATE, 0, NULL, NULL, 0); |
| 400 _exit(1); | 469 _exit(1); |
| 401 } | 470 } |
| 402 | 471 |
| 403 BPF_TEST_C(NaClNonSfiSandboxTest, | 472 BPF_TEST_C(NaClNonSfiSandboxTest, |
| 404 StartingAndJoiningThreadWorks, | 473 StartingAndJoiningThreadWorks, |
| 405 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 474 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 475 #if defined(OS_NACL_NONSFI) |
| 476 // base::Thread internally uses LazyInstance, which registers callback to |
| 477 // AtExitManager. However, with PNaCl toolchain build, it is not instantiated |
| 478 // here, unlike host toolchain build. So declare the variable here, so that |
| 479 // the LazyInstance will work properly. |
| 480 base::AtExitManager at_exit; |
| 481 #endif |
| 482 |
| 406 base::Thread thread("sandbox_tests"); | 483 base::Thread thread("sandbox_tests"); |
| 407 BPF_ASSERT(thread.Start()); | 484 BPF_ASSERT(thread.Start()); |
| 408 // |thread|'s destructor will join the thread. | 485 // |thread|'s destructor will join the thread. |
| 409 } | 486 } |
| 410 | 487 |
| 411 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 488 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 412 FutexWithUnlockPIPrivate, | 489 FutexWithUnlockPIPrivate, |
| 413 DEATH_SEGV_MESSAGE( | 490 DEATH_SEGV_MESSAGE( |
| 414 sandbox::GetFutexErrorMessageContentForTests()), | 491 sandbox::GetFutexErrorMessageContentForTests()), |
| 415 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 492 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 416 syscall(__NR_futex, NULL, FUTEX_UNLOCK_PI_PRIVATE, 0, NULL, NULL, 0); | 493 syscall(__NR_futex, NULL, FUTEX_UNLOCK_PI_PRIVATE, 0, NULL, NULL, 0); |
| 417 _exit(1); | 494 _exit(1); |
| 418 } | 495 } |
| 419 | 496 |
| 497 void* DoMmap(int prot, int flags) { |
| 498 // In PNaCl toolchain's mmap(), when PROT_EXEC is set, two system calls, |
| 499 // __NR_mmap2 and __NR_mprotect, are used, so that we cannot test the |
| 500 // sandbox with the wrapper. Instead, we use syscall(), here. |
| 501 #if defined(OS_NACL_NONSFI) |
| 502 return reinterpret_cast<void*>( |
| 503 syscall(__NR_mmap2, NULL, getpagesize(), prot, flags, -1, 0)); |
| 504 #else |
| 505 return mmap(NULL, getpagesize(), prot, flags, -1, 0); |
| 506 #endif |
| 507 } |
| 508 |
| 420 void* DoAllowedAnonymousMmap() { | 509 void* DoAllowedAnonymousMmap() { |
| 421 return mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, | 510 return DoMmap(PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED); |
| 422 MAP_ANONYMOUS | MAP_SHARED, -1, 0); | |
| 423 } | 511 } |
| 424 | 512 |
| 425 BPF_TEST_C(NaClNonSfiSandboxTest, | 513 BPF_TEST_C(NaClNonSfiSandboxTest, |
| 426 mmap_allowed, | 514 mmap_allowed, |
| 427 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 515 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 428 void* ptr = DoAllowedAnonymousMmap(); | 516 void* ptr = DoAllowedAnonymousMmap(); |
| 429 BPF_ASSERT_NE(MAP_FAILED, ptr); | 517 BPF_ASSERT_NE(MAP_FAILED, ptr); |
| 430 BPF_ASSERT_EQ(0, munmap(ptr, getpagesize())); | 518 BPF_ASSERT_EQ(0, munmap(ptr, getpagesize())); |
| 431 } | 519 } |
| 432 | 520 |
| 433 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 521 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 434 mmap_unallowed_flag, | 522 mmap_unallowed_flag, |
| 435 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 523 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 436 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 524 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 437 mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, | 525 DoMmap(PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_POPULATE); |
| 438 MAP_ANONYMOUS | MAP_POPULATE, -1, 0); | |
| 439 } | 526 } |
| 440 | 527 |
| 441 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 528 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 442 mmap_unallowed_prot, | 529 mmap_unallowed_prot, |
| 443 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 530 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 444 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 531 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 445 mmap(NULL, getpagesize(), PROT_READ | PROT_GROWSDOWN, | 532 DoMmap(PROT_READ | PROT_GROWSDOWN, MAP_ANONYMOUS); |
| 446 MAP_ANONYMOUS, -1, 0); | |
| 447 } | 533 } |
| 448 | 534 |
| 449 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 535 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 450 mmap_exec, | 536 mmap_exec, |
| 451 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 537 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 452 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 538 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 453 mmap(NULL, getpagesize(), PROT_EXEC, MAP_ANONYMOUS, -1, 0); | 539 DoMmap(PROT_EXEC, MAP_ANONYMOUS); |
| 454 } | 540 } |
| 455 | 541 |
| 456 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 542 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 457 mmap_read_exec, | 543 mmap_read_exec, |
| 458 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 544 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 459 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 545 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 460 mmap(NULL, getpagesize(), PROT_READ | PROT_EXEC, MAP_ANONYMOUS, -1, 0); | 546 DoMmap(PROT_READ | PROT_EXEC, MAP_ANONYMOUS); |
| 461 } | 547 } |
| 462 | 548 |
| 463 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 549 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 464 mmap_write_exec, | 550 mmap_write_exec, |
| 465 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 551 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 466 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 552 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 467 mmap(NULL, getpagesize(), PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS, -1, 0); | 553 DoMmap(PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS); |
| 468 } | 554 } |
| 469 | 555 |
| 470 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 556 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 471 mmap_read_write_exec, | 557 mmap_read_write_exec, |
| 472 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 558 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 473 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 559 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 474 mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC, | 560 DoMmap(PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS); |
| 475 MAP_ANONYMOUS, -1, 0); | |
| 476 } | 561 } |
| 477 | 562 |
| 478 BPF_TEST_C(NaClNonSfiSandboxTest, | 563 BPF_TEST_C(NaClNonSfiSandboxTest, |
| 479 mprotect_allowed, | 564 mprotect_allowed, |
| 480 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 565 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 481 void* ptr = DoAllowedAnonymousMmap(); | 566 void* ptr = DoAllowedAnonymousMmap(); |
| 482 BPF_ASSERT_NE(MAP_FAILED, ptr); | 567 BPF_ASSERT_NE(MAP_FAILED, ptr); |
| 483 BPF_ASSERT_EQ(0, mprotect(ptr, getpagesize(), PROT_READ)); | 568 BPF_ASSERT_EQ(0, mprotect(ptr, getpagesize(), PROT_READ)); |
| 484 BPF_ASSERT_EQ(0, munmap(ptr, getpagesize())); | 569 BPF_ASSERT_EQ(0, munmap(ptr, getpagesize())); |
| 485 } | 570 } |
| 486 | 571 |
| 487 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 572 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 488 mprotect_unallowed_prot, | 573 mprotect_unallowed_prot, |
| 489 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 574 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 490 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 575 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 491 // We have tested DoAllowedAnonymousMmap is allowed in | 576 // We have tested DoAllowedAnonymousMmap is allowed in |
| 492 // mmap_allowed, so we can make sure the following mprotect call | 577 // mmap_allowed, so we can make sure the following mprotect call |
| 493 // kills the process. | 578 // kills the process. |
| 494 void* ptr = DoAllowedAnonymousMmap(); | 579 void* ptr = DoAllowedAnonymousMmap(); |
| 495 BPF_ASSERT_NE(MAP_FAILED, ptr); | 580 BPF_ASSERT_NE(MAP_FAILED, ptr); |
| 496 mprotect(ptr, getpagesize(), PROT_READ | PROT_GROWSDOWN); | 581 mprotect(ptr, getpagesize(), PROT_READ | PROT_GROWSDOWN); |
| 497 } | 582 } |
| 498 | 583 |
| 499 BPF_TEST_C(NaClNonSfiSandboxTest, | 584 BPF_TEST_C(NaClNonSfiSandboxTest, |
| 500 brk, | 585 brk, |
| 501 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 586 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 502 char* next_brk = static_cast<char*>(sbrk(0)) + getpagesize(); | 587 char* next_brk = static_cast<char*>(sbrk(0)) + getpagesize(); |
| 503 // The kernel interface must return zero for brk. | 588 // The kernel interface must return zero for brk. |
| 504 BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk)); | 589 BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk)); |
| 590 |
| 591 // PNaCl toolchain does not provide brk() system call wrapper. |
| 592 #if !defined(OS_NACL_NONSFI) |
| 505 // The libc wrapper translates it to ENOMEM. | 593 // The libc wrapper translates it to ENOMEM. |
| 506 errno = 0; | 594 errno = 0; |
| 507 BPF_ASSERT_EQ(-1, brk(next_brk)); | 595 BPF_ASSERT_EQ(-1, brk(next_brk)); |
| 508 BPF_ASSERT_EQ(ENOMEM, errno); | 596 BPF_ASSERT_EQ(ENOMEM, errno); |
| 597 #endif |
| 509 } | 598 } |
| 510 | 599 |
| 511 // clockid restrictions are mostly tested in sandbox/ with the | 600 // clockid restrictions are mostly tested in sandbox/ with the |
| 512 // RestrictClockID() unittests. Some basic tests are duplicated here as | 601 // RestrictClockID() unittests. Some basic tests are duplicated here as |
| 513 // a precaution. | 602 // a precaution. |
| 514 | 603 |
| 515 void CheckClock(clockid_t clockid) { | 604 void CheckClock(clockid_t clockid) { |
| 516 struct timespec ts; | 605 struct timespec ts; |
| 517 ts.tv_sec = ts.tv_nsec = -1; | 606 ts.tv_sec = ts.tv_nsec = -1; |
| 518 BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); | 607 BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 572 RESTRICT_SYSCALL_EPERM_TEST(ptrace); | 661 RESTRICT_SYSCALL_EPERM_TEST(ptrace); |
| 573 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); | 662 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); |
| 574 #if defined(__i386__) || defined(__x86_64__) | 663 #if defined(__i386__) || defined(__x86_64__) |
| 575 RESTRICT_SYSCALL_EPERM_TEST(time); | 664 RESTRICT_SYSCALL_EPERM_TEST(time); |
| 576 #endif | 665 #endif |
| 577 | 666 |
| 578 } // namespace | 667 } // namespace |
| 579 | 668 |
| 580 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && | 669 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && |
| 581 // !MEMORY_SANITIZER && !LEAK_SANITIZER | 670 // !MEMORY_SANITIZER && !LEAK_SANITIZER |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1133483002:
WIP: Non-SFI mode: Enable nacl_helper_nonsfi_unittests.
Base URL: https://chromium.googlesource.com/chromium/src.git@master