Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(135)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

Issue 260793003: [MIPS] Add seccomp bpf support (Closed) Base URL: https://git.chromium.org/git/chromium/src.git@master
Patch Set: Fix problem with truncation of syscall value in CrashSIGSYS_Handler Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/common/sandbox_linux/bpf_gpu_policy_linux.cc ('K') | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Note: any code in this file MUST be async-signal safe. 5 // Note: any code in this file MUST be async-signal safe.
6 6
7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
8 8
9 #include <unistd.h> 9 #include <unistd.h>
10 10
(...skipping 26 matching lines...) Expand all
37 // TODO(jln): query the current policy to check if send() is available and 37 // TODO(jln): query the current policy to check if send() is available and
38 // use it to perform a non-blocking write. 38 // use it to perform a non-blocking write.
39 const int ret = HANDLE_EINTR(write(STDERR_FILENO, error_message, size)); 39 const int ret = HANDLE_EINTR(write(STDERR_FILENO, error_message, size));
40 // We can't handle any type of error here. 40 // We can't handle any type of error here.
41 if (ret <= 0 || static_cast<size_t>(ret) > size) break; 41 if (ret <= 0 || static_cast<size_t>(ret) > size) break;
42 size -= ret; 42 size -= ret;
43 error_message += ret; 43 error_message += ret;
44 } 44 }
45 } 45 }
46 46
47 uint32_t TruncSysnoToValue(uint32_t sysno) {
48 #if defined(__mips__)
49 // On MIPS syscall numbers are in different range than on x86 and ARM
50 if (sysno < __NR_Linux || sysno > __NR_Linux + __NR_Linux_syscalls)
51 // 4000 (truncated to zero) is valid syscall number on mips O32 ABI.
52 // Invalid syscall will be printed with a value that is out of range
53 // on apropriate ABI.
54 sysno = sysno - __NR_Linux + 1000;
jln (very slow on Chromium) 2014/05/16 19:30:17 I don't understand what this does. Please documen
nedeljko 2014/05/19 17:37:23 On MIPS O32 ABI value of __NR_Linux is 4000. The
nedeljko 2014/05/22 17:38:55 Done.
55 else
56 sysno = sysno - __NR_Linux;
57 #else
58 if (sysno >= 1024)
59 sysno = 0;
60 #endif
61 return sysno;
62 }
63
47 // Print a seccomp-bpf failure to handle |sysno| to stderr in an 64 // Print a seccomp-bpf failure to handle |sysno| to stderr in an
48 // async-signal safe way. 65 // async-signal safe way.
49 void PrintSyscallError(uint32_t sysno) { 66 void PrintSyscallError(uint32_t sysno) {
50 if (sysno >= 1024) 67
51 sysno = 0; 68 sysno = TruncSysnoToValue(sysno);
69
52 // TODO(markus): replace with async-signal safe snprintf when available. 70 // TODO(markus): replace with async-signal safe snprintf when available.
53 const size_t kNumDigits = 4; 71 const size_t kNumDigits = 4;
54 char sysno_base10[kNumDigits]; 72 char sysno_base10[kNumDigits];
55 uint32_t rem = sysno; 73 uint32_t rem = sysno;
56 uint32_t mod = 0; 74 uint32_t mod = 0;
57 for (int i = kNumDigits - 1; i >= 0; i--) { 75 for (int i = kNumDigits - 1; i >= 0; i--) {
58 mod = rem % 10; 76 mod = rem % 10;
59 rem /= 10; 77 rem /= 10;
60 sysno_base10[i] = '0' + mod; 78 sysno_base10[i] = '0' + mod;
61 } 79 }
80 #if defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32)
81 static const char kSeccompErrorPrefix[] =
82 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT
83 " in syscall 4000 + ";
84 #else
62 static const char kSeccompErrorPrefix[] = 85 static const char kSeccompErrorPrefix[] =
63 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall "; 86 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall ";
87 #endif
64 static const char kSeccompErrorPostfix[] = "\n"; 88 static const char kSeccompErrorPostfix[] = "\n";
65 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); 89 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1);
66 WriteToStdErr(sysno_base10, sizeof(sysno_base10)); 90 WriteToStdErr(sysno_base10, sizeof(sysno_base10));
67 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1); 91 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1);
68 } 92 }
69 93
70 } // namespace. 94 } // namespace.
71 95
72 namespace sandbox { 96 namespace sandbox {
73 97
74 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) { 98 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {
75 uint32_t syscall = args.nr; 99 uint32_t syscall = args.nr;
76 if (syscall >= 1024) 100
77 syscall = 0;
78 PrintSyscallError(syscall); 101 PrintSyscallError(syscall);
79 102
80 // Encode 8-bits of the 1st two arguments too, so we can discern which socket 103 // Encode 8-bits of the 1st two arguments too, so we can discern which socket
81 // type, which fcntl, ... etc., without being likely to hit a mapped 104 // type, which fcntl, ... etc., without being likely to hit a mapped
82 // address. 105 // address.
83 // Do not encode more bits here without thinking about increasing the 106 // Do not encode more bits here without thinking about increasing the
84 // likelihood of collision with mapped pages. 107 // likelihood of collision with mapped pages.
85 syscall |= ((args.args[0] & 0xffUL) << 12); 108 syscall |= ((args.args[0] & 0xffUL) << 12);
86 syscall |= ((args.args[1] & 0xffUL) << 20); 109 syscall |= ((args.args[1] & 0xffUL) << 20);
87 // Purposefully dereference the syscall as an address so it'll show up very 110 // Purposefully dereference the syscall as an address so it'll show up very
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
174 197
175 const char* GetPrctlErrorMessageContentForTests() { 198 const char* GetPrctlErrorMessageContentForTests() {
176 return SECCOMP_MESSAGE_PRCTL_CONTENT; 199 return SECCOMP_MESSAGE_PRCTL_CONTENT;
177 } 200 }
178 201
179 const char* GetIoctlErrorMessageContentForTests() { 202 const char* GetIoctlErrorMessageContentForTests() {
180 return SECCOMP_MESSAGE_IOCTL_CONTENT; 203 return SECCOMP_MESSAGE_IOCTL_CONTENT;
181 } 204 }
182 205
183 } // namespace sandbox. 206 } // namespace sandbox.
OLDNEW
« content/common/sandbox_linux/bpf_gpu_policy_linux.cc ('K') | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698