Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(869)

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

Issue 260793003: [MIPS] Add seccomp bpf support (Closed) Base URL: https://git.chromium.org/git/chromium/src.git@master
Patch Set: Update per code review Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Note: any code in this file MUST be async-signal safe. 5 // Note: any code in this file MUST be async-signal safe.
6 6
7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
8 8
9 #include <unistd.h> 9 #include <unistd.h>
10 10
(...skipping 27 matching lines...) Expand all
38 // TODO(jln): query the current policy to check if send() is available and 38 // TODO(jln): query the current policy to check if send() is available and
39 // use it to perform a non-blocking write. 39 // use it to perform a non-blocking write.
40 const int ret = HANDLE_EINTR(write(STDERR_FILENO, error_message, size)); 40 const int ret = HANDLE_EINTR(write(STDERR_FILENO, error_message, size));
41 // We can't handle any type of error here. 41 // We can't handle any type of error here.
42 if (ret <= 0 || static_cast<size_t>(ret) > size) break; 42 if (ret <= 0 || static_cast<size_t>(ret) > size) break;
43 size -= ret; 43 size -= ret;
44 error_message += ret; 44 error_message += ret;
45 } 45 }
46 } 46 }
47 47
48 // Invalid syscall values are truncated to zero.
49 // On architectures where base value is zero (Intel and Arm),
50 // syscall number is the same as offset from base.
51 // This function returns values between 0 and 1023 on all architectures.
52 // On architectures where base value is different than zero (currently only
53 // Mips), we are truncating valid syscall values to offset from base.
54 uint32_t SyscallNumberToOffsetFromBase(uint32_t sysno) {
55 #if defined(__mips__)
56 // On MIPS syscall numbers are in different range than on x86 and ARM.
57 // Valid MIPS O32 ABI syscall __NR_syscall will be truncated to zero for
58 // simplicity.
59 sysno = sysno - __NR_Linux;
60 #endif
61
62 if (sysno >= 1024)
63 sysno = 0;
64
65 return sysno;
66 }
67
48 // Print a seccomp-bpf failure to handle |sysno| to stderr in an 68 // Print a seccomp-bpf failure to handle |sysno| to stderr in an
49 // async-signal safe way. 69 // async-signal safe way.
50 void PrintSyscallError(uint32_t sysno) { 70 void PrintSyscallError(uint32_t sysno) {
51 if (sysno >= 1024) 71 if (sysno >= 1024)
52 sysno = 0; 72 sysno = 0;
53 // TODO(markus): replace with async-signal safe snprintf when available. 73 // TODO(markus): replace with async-signal safe snprintf when available.
54 const size_t kNumDigits = 4; 74 const size_t kNumDigits = 4;
55 char sysno_base10[kNumDigits]; 75 char sysno_base10[kNumDigits];
56 uint32_t rem = sysno; 76 uint32_t rem = sysno;
57 uint32_t mod = 0; 77 uint32_t mod = 0;
58 for (int i = kNumDigits - 1; i >= 0; i--) { 78 for (int i = kNumDigits - 1; i >= 0; i--) {
59 mod = rem % 10; 79 mod = rem % 10;
60 rem /= 10; 80 rem /= 10;
61 sysno_base10[i] = '0' + mod; 81 sysno_base10[i] = '0' + mod;
62 } 82 }
83 #if defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32)
84 static const char kSeccompErrorPrefix[] = __FILE__
85 ":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall 4000 + ";
86 #else
63 static const char kSeccompErrorPrefix[] = 87 static const char kSeccompErrorPrefix[] =
64 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall "; 88 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall ";
89 #endif
65 static const char kSeccompErrorPostfix[] = "\n"; 90 static const char kSeccompErrorPostfix[] = "\n";
66 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); 91 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1);
67 WriteToStdErr(sysno_base10, sizeof(sysno_base10)); 92 WriteToStdErr(sysno_base10, sizeof(sysno_base10));
68 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1); 93 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1);
69 } 94 }
70 95
71 } // namespace. 96 } // namespace.
72 97
73 namespace sandbox { 98 namespace sandbox {
74 99
75 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) { 100 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {
76 uint32_t syscall = args.nr; 101 uint32_t syscall = SyscallNumberToOffsetFromBase(args.nr);
77 if (syscall >= 1024) 102
78 syscall = 0;
79 PrintSyscallError(syscall); 103 PrintSyscallError(syscall);
80 104
81 // Encode 8-bits of the 1st two arguments too, so we can discern which socket 105 // Encode 8-bits of the 1st two arguments too, so we can discern which socket
82 // type, which fcntl, ... etc., without being likely to hit a mapped 106 // type, which fcntl, ... etc., without being likely to hit a mapped
83 // address. 107 // address.
84 // Do not encode more bits here without thinking about increasing the 108 // Do not encode more bits here without thinking about increasing the
85 // likelihood of collision with mapped pages. 109 // likelihood of collision with mapped pages.
86 syscall |= ((args.args[0] & 0xffUL) << 12); 110 syscall |= ((args.args[0] & 0xffUL) << 12);
87 syscall |= ((args.args[1] & 0xffUL) << 20); 111 syscall |= ((args.args[1] & 0xffUL) << 20);
88 // Purposefully dereference the syscall as an address so it'll show up very 112 // Purposefully dereference the syscall as an address so it'll show up very
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
195 219
196 const char* GetKillErrorMessageContentForTests() { 220 const char* GetKillErrorMessageContentForTests() {
197 return SECCOMP_MESSAGE_KILL_CONTENT; 221 return SECCOMP_MESSAGE_KILL_CONTENT;
198 } 222 }
199 223
200 const char* GetFutexErrorMessageContentForTests() { 224 const char* GetFutexErrorMessageContentForTests() {
201 return SECCOMP_MESSAGE_FUTEX_CONTENT; 225 return SECCOMP_MESSAGE_FUTEX_CONTENT;
202 } 226 }
203 227
204 } // namespace sandbox. 228 } // namespace sandbox.
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698