Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(307)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

Issue 240613003: Revert of Add seccomp sandbox for non-SFI NaCl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h ('k') | sandbox/linux/seccomp-bpf/bpf_tests.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Note: any code in this file MUST be async-signal safe. 5 // Note: any code in this file MUST be async-signal safe.
6 6
7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
8 8
9 #include <unistd.h> 9 #include <unistd.h>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/posix/eintr_wrapper.h" 12 #include "base/posix/eintr_wrapper.h"
13 #include "build/build_config.h" 13 #include "build/build_config.h"
14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
15 15
16 #define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure"
17 #define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure"
18 #define SECCOMP_MESSAGE_PRCTL_CONTENT "prctl() failure"
19 #define SECCOMP_MESSAGE_IOCTL_CONTENT "ioctl() failure"
20
21 namespace { 16 namespace {
22 17
23 inline bool IsArchitectureX86_64() { 18 inline bool IsArchitectureX86_64() {
24 #if defined(__x86_64__) 19 #if defined(__x86_64__)
25 return true; 20 return true;
26 #else 21 #else
27 return false; 22 return false;
28 #endif 23 #endif
29 } 24 }
30 25
(...skipping 21 matching lines...) Expand all
52 const size_t kNumDigits = 4; 47 const size_t kNumDigits = 4;
53 char sysno_base10[kNumDigits]; 48 char sysno_base10[kNumDigits];
54 uint32_t rem = sysno; 49 uint32_t rem = sysno;
55 uint32_t mod = 0; 50 uint32_t mod = 0;
56 for (int i = kNumDigits - 1; i >= 0; i--) { 51 for (int i = kNumDigits - 1; i >= 0; i--) {
57 mod = rem % 10; 52 mod = rem % 10;
58 rem /= 10; 53 rem /= 10;
59 sysno_base10[i] = '0' + mod; 54 sysno_base10[i] = '0' + mod;
60 } 55 }
61 static const char kSeccompErrorPrefix[] = 56 static const char kSeccompErrorPrefix[] =
62 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall "; 57 __FILE__":**CRASHING**:seccomp-bpf failure in syscall ";
63 static const char kSeccompErrorPostfix[] = "\n"; 58 static const char kSeccompErrorPostfix[] = "\n";
64 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); 59 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1);
65 WriteToStdErr(sysno_base10, sizeof(sysno_base10)); 60 WriteToStdErr(sysno_base10, sizeof(sysno_base10));
66 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1); 61 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1);
67 } 62 }
68 63
69 } // namespace. 64 } // namespace.
70 65
71 namespace sandbox { 66 namespace sandbox {
72 67
(...skipping 20 matching lines...) Expand all
93 addr = reinterpret_cast<volatile char*>(syscall); 88 addr = reinterpret_cast<volatile char*>(syscall);
94 *addr = '\0'; 89 *addr = '\0';
95 for (;;) 90 for (;;)
96 _exit(1); 91 _exit(1);
97 } 92 }
98 93
99 // TODO(jln): refactor the reporting functions. 94 // TODO(jln): refactor the reporting functions.
100 95
101 intptr_t SIGSYSCloneFailure(const struct arch_seccomp_data& args, void* aux) { 96 intptr_t SIGSYSCloneFailure(const struct arch_seccomp_data& args, void* aux) {
102 static const char kSeccompCloneError[] = 97 static const char kSeccompCloneError[] =
103 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_CLONE_CONTENT "\n"; 98 __FILE__":**CRASHING**:clone() failure\n";
104 WriteToStdErr(kSeccompCloneError, sizeof(kSeccompCloneError) - 1); 99 WriteToStdErr(kSeccompCloneError, sizeof(kSeccompCloneError) - 1);
105 // "flags" is the first argument in the kernel's clone(). 100 // "flags" is the first argument in the kernel's clone().
106 // Mark as volatile to be able to find the value on the stack in a minidump. 101 // Mark as volatile to be able to find the value on the stack in a minidump.
107 volatile uint64_t clone_flags = args.args[0]; 102 volatile uint64_t clone_flags = args.args[0];
108 volatile char* addr; 103 volatile char* addr;
109 if (IsArchitectureX86_64()) { 104 if (IsArchitectureX86_64()) {
110 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFFFFF); 105 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFFFFF);
111 *addr = '\0'; 106 *addr = '\0';
112 } 107 }
113 // Hit the NULL page if this fails to fault. 108 // Hit the NULL page if this fails to fault.
114 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFF); 109 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFF);
115 *addr = '\0'; 110 *addr = '\0';
116 for (;;) 111 for (;;)
117 _exit(1); 112 _exit(1);
118 } 113 }
119 114
120 intptr_t SIGSYSPrctlFailure(const struct arch_seccomp_data& args, 115 intptr_t SIGSYSPrctlFailure(const struct arch_seccomp_data& args,
121 void* /* aux */) { 116 void* /* aux */) {
122 static const char kSeccompPrctlError[] = 117 static const char kSeccompPrctlError[] =
123 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_PRCTL_CONTENT "\n"; 118 __FILE__":**CRASHING**:prctl() failure\n";
124 WriteToStdErr(kSeccompPrctlError, sizeof(kSeccompPrctlError) - 1); 119 WriteToStdErr(kSeccompPrctlError, sizeof(kSeccompPrctlError) - 1);
125 // Mark as volatile to be able to find the value on the stack in a minidump. 120 // Mark as volatile to be able to find the value on the stack in a minidump.
126 volatile uint64_t option = args.args[0]; 121 volatile uint64_t option = args.args[0];
127 volatile char* addr = 122 volatile char* addr =
128 reinterpret_cast<volatile char*>(option & 0xFFF); 123 reinterpret_cast<volatile char*>(option & 0xFFF);
129 *addr = '\0'; 124 *addr = '\0';
130 for (;;) 125 for (;;)
131 _exit(1); 126 _exit(1);
132 } 127 }
133 128
134 intptr_t SIGSYSIoctlFailure(const struct arch_seccomp_data& args, 129 intptr_t SIGSYSIoctlFailure(const struct arch_seccomp_data& args,
135 void* /* aux */) { 130 void* /* aux */) {
136 static const char kSeccompIoctlError[] = 131 static const char kSeccompIoctlError[] =
137 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_IOCTL_CONTENT "\n"; 132 __FILE__":**CRASHING**:ioctl() failure\n";
138 WriteToStdErr(kSeccompIoctlError, sizeof(kSeccompIoctlError) - 1); 133 WriteToStdErr(kSeccompIoctlError, sizeof(kSeccompIoctlError) - 1);
139 // Make "request" volatile so that we can see it on the stack in a minidump. 134 // Make "request" volatile so that we can see it on the stack in a minidump.
140 volatile uint64_t request = args.args[1]; 135 volatile uint64_t request = args.args[1];
141 volatile char* addr = reinterpret_cast<volatile char*>(request & 0xFFFF); 136 volatile char* addr = reinterpret_cast<volatile char*>(request & 0xFFFF);
142 *addr = '\0'; 137 *addr = '\0';
143 // Hit the NULL page if this fails. 138 // Hit the NULL page if this fails.
144 addr = reinterpret_cast<volatile char*>(request & 0xFFF); 139 addr = reinterpret_cast<volatile char*>(request & 0xFFF);
145 *addr = '\0'; 140 *addr = '\0';
146 for (;;) 141 for (;;)
147 _exit(1); 142 _exit(1);
148 } 143 }
149 144
150 const char* GetErrorMessageContentForTests() {
151 return SECCOMP_MESSAGE_COMMON_CONTENT;
152 }
153
154 const char* GetCloneErrorMessageContentForTests() {
155 return SECCOMP_MESSAGE_CLONE_CONTENT;
156 }
157
158 const char* GetPrctlErrorMessageContentForTests() {
159 return SECCOMP_MESSAGE_PRCTL_CONTENT;
160 }
161
162 const char* GetIoctlErrorMessageContentForTests() {
163 return SECCOMP_MESSAGE_IOCTL_CONTENT;
164 }
165
166 } // namespace sandbox. 145 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h ('k') | sandbox/linux/seccomp-bpf/bpf_tests.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698