OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <errno.h> | 5 #include <errno.h> |
6 #include <signal.h> | 6 #include <signal.h> |
7 #include <string.h> | 7 #include <string.h> |
8 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
9 #include <sys/syscall.h> | 9 #include <sys/syscall.h> |
10 | 10 |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
107 SANDBOX_DIE("This can't happen. Found no global singleton instance " | 107 SANDBOX_DIE("This can't happen. Found no global singleton instance " |
108 "for Trap() handling."); | 108 "for Trap() handling."); |
109 } | 109 } |
110 global_trap_->SigSys(nr, info, void_context); | 110 global_trap_->SigSys(nr, info, void_context); |
111 } | 111 } |
112 | 112 |
113 void Trap::SigSys(int nr, siginfo_t *info, void *void_context) { | 113 void Trap::SigSys(int nr, siginfo_t *info, void *void_context) { |
114 // Various sanity checks to make sure we actually received a signal | 114 // Various sanity checks to make sure we actually received a signal |
115 // triggered by a BPF filter. If something else triggered SIGSYS | 115 // triggered by a BPF filter. If something else triggered SIGSYS |
116 // (e.g. kill()), there is really nothing we can do with this signal. | 116 // (e.g. kill()), there is really nothing we can do with this signal. |
117 if (nr != SIGSYS || info->si_code != SYS_SECCOMP || !void_context || | 117 // NOTE: SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal |
118 info->si_errno <= 0 || | 118 // safe and can lead to bugs. We should eventually implement a different |
| 119 // logging and reporting mechanism that is safe to be called from |
| 120 // the sigSys() handler. |
| 121 // TODO: If we feel confident that our code otherwise works correctly, we |
| 122 // could actually make an argument that spurious SIGSYS should |
| 123 // just get silently ignored. TBD |
| 124 if (nr != SIGSYS) { |
| 125 SANDBOX_DIE("SIGSYS handler called with unexpected signal number %d.", nr); |
| 126 } |
| 127 if (info->si_code != SYS_SECCOMP) { |
| 128 SANDBOX_DIE("SIGSYS handler called with unexpected signal code %x " |
| 129 "(expected %x).", info->si_code, SYS_SECCOMP); |
| 130 } |
| 131 if (!void_context) { |
| 132 SANDBOX_DIE("SIGSYS handler called without a signal context."); |
| 133 } |
| 134 if (info->si_errno <= 0 || |
119 static_cast<size_t>(info->si_errno) > trap_array_size_) { | 135 static_cast<size_t>(info->si_errno) > trap_array_size_) { |
120 // SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal | 136 SANDBOX_DIE("SIGSYS handler called for unexpected trap number %d. We " |
121 // safe and can lead to bugs. We should eventually implement a different | 137 "expect traps to be bigger than 0 and less or equal to %d.", |
122 // logging and reporting mechanism that is safe to be called from | 138 info->si_errno, trap_array_size_); |
123 // the sigSys() handler. | |
124 // TODO: If we feel confident that our code otherwise works correctly, we | |
125 // could actually make an argument that spurious SIGSYS should | |
126 // just get silently ignored. TBD | |
127 SANDBOX_DIE("Unexpected SIGSYS received."); | |
128 } | 139 } |
129 | 140 |
130 // Signal handlers should always preserve "errno". Otherwise, we could | 141 // Signal handlers should always preserve "errno". Otherwise, we could |
131 // trigger really subtle bugs. | 142 // trigger really subtle bugs. |
132 const int old_errno = errno; | 143 const int old_errno = errno; |
133 | 144 |
134 // Obtain the signal context. This, most notably, gives us access to | 145 // Obtain the signal context. This, most notably, gives us access to |
135 // all CPU registers at the time of the signal. | 146 // all CPU registers at the time of the signal. |
136 ucontext_t *ctx = reinterpret_cast<ucontext_t *>(void_context); | 147 ucontext_t *ctx = reinterpret_cast<ucontext_t *>(void_context); |
137 | 148 |
(...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
335 if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) { | 346 if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) { |
336 return global_trap_->trap_array_[id - 1]; | 347 return global_trap_->trap_array_[id - 1]; |
337 } else { | 348 } else { |
338 return ErrorCode(); | 349 return ErrorCode(); |
339 } | 350 } |
340 } | 351 } |
341 | 352 |
342 Trap *Trap::global_trap_; | 353 Trap *Trap::global_trap_; |
343 | 354 |
344 } // namespace playground2 | 355 } // namespace playground2 |
OLD | NEW |