| Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
|
| diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
|
| index f5cbef00855d2945e7340e51444d2bba3fccaa88..3a09a4f5e5b282221a817e1a9197128e86d60454 100644
|
| --- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
|
| +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
|
| @@ -22,8 +22,10 @@
|
|
|
| #include "base/logging.h"
|
| #include "base/macros.h"
|
| +#include "base/synchronization/lock.h"
|
| #include "build/build_config.h"
|
| #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
|
| +#include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
|
| #include "sandbox/linux/bpf_dsl/seccomp_macros.h"
|
| #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
|
| #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
|
| @@ -65,6 +67,19 @@
|
| #if defined(__mips__) && !defined(MAP_STACK)
|
| #define MAP_STACK 0x40000
|
| #endif
|
| +
|
| +#define CASES SANDBOX_BPF_DSL_CASES
|
| +
|
| +using sandbox::bpf_dsl::Allow;
|
| +using sandbox::bpf_dsl::Arg;
|
| +using sandbox::bpf_dsl::BoolExpr;
|
| +using sandbox::bpf_dsl::Error;
|
| +using sandbox::bpf_dsl::If;
|
| +using sandbox::bpf_dsl::Kill;
|
| +using sandbox::bpf_dsl::ResultExpr;
|
| +
|
| +namespace sandbox {
|
| +
|
| namespace {
|
|
|
| inline bool IsArchitectureX86_64() {
|
| @@ -99,30 +114,21 @@ inline bool IsArchitectureMips() {
|
| #endif
|
| }
|
|
|
| +// Default case for futexes since they occur twice, once when priority
|
| +// inheritance is disallowed and again for the disallowed futex op.
|
| +inline sandbox::bpf_dsl::ResultExpr DisallowFutexOp() {
|
| // Ubuntu's version of glibc has a race condition in sem_post that can cause
|
| // it to call futex(2) with bogus op arguments. To workaround this, we need
|
| // to allow those futex(2) calls to fail with EINVAL, instead of crashing the
|
| // process. See crbug.com/598471.
|
| -inline bool IsBuggyGlibcSemPost() {
|
| #if defined(LIBC_GLIBC) && !defined(OS_CHROMEOS)
|
| - return true;
|
| + return Error(EINVAL);
|
| #else
|
| - return false;
|
| + return CrashSIGSYSFutex();
|
| #endif
|
| }
|
|
|
| -} // namespace.
|
| -
|
| -#define CASES SANDBOX_BPF_DSL_CASES
|
| -
|
| -using sandbox::bpf_dsl::Allow;
|
| -using sandbox::bpf_dsl::Arg;
|
| -using sandbox::bpf_dsl::BoolExpr;
|
| -using sandbox::bpf_dsl::Error;
|
| -using sandbox::bpf_dsl::If;
|
| -using sandbox::bpf_dsl::ResultExpr;
|
| -
|
| -namespace sandbox {
|
| +} // namespace
|
|
|
| #if !defined(OS_NACL_NONSFI)
|
| // Allow Glibc's and Android pthread creation flags, crash on any other
|
| @@ -266,9 +272,15 @@ ResultExpr RestrictFutex() {
|
| const Arg<int> op(1);
|
| return Switch(op & ~kAllowedFutexFlags)
|
| .CASES((FUTEX_WAIT, FUTEX_WAKE, FUTEX_REQUEUE, FUTEX_CMP_REQUEUE,
|
| - FUTEX_WAKE_OP, FUTEX_WAIT_BITSET, FUTEX_WAKE_BITSET),
|
| - Allow())
|
| - .Default(IsBuggyGlibcSemPost() ? Error(EINVAL) : CrashSIGSYSFutex());
|
| + FUTEX_WAKE_OP, FUTEX_WAIT_BITSET, FUTEX_WAKE_BITSET), Allow())
|
| +#if PRIORITY_INHERITANCE_LOCKS_POSSIBLE()
|
| + .CASES((FUTEX_LOCK_PI, FUTEX_UNLOCK_PI, FUTEX_WAIT_REQUEUE_PI,
|
| + FUTEX_CMP_REQUEUE_PI),
|
| + base::Lock::PriorityInheritanceAvailable()
|
| + ? Allow()
|
| + : DisallowFutexOp())
|
| +#endif
|
| + .Default(DisallowFutexOp());
|
| }
|
|
|
| ResultExpr RestrictGetSetpriority(pid_t target_pid) {
|
|
|
Chromium Code Reviews
Issue 2028303005:
Add PTHREAD_PRIO_INHERIT to POSIX Locks (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master