sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc - Issue 260793003: [MIPS] Add seccomp bpf support

Unified Diff: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

Issue 260793003: [MIPS] Add seccomp bpf support (Closed) Base URL: https://git.chromium.org/git/chromium/src.git@master

Patch Set: Update per code review Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | sandbox/linux/seccomp-bpf/kernel_return_value_helpers.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

index 6b959ac928c0091904c4445dc01685e5ff679925..a04f8462362a48e0886d85700d976297bea9a6fb 100644

--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

@@ -44,11 +44,33 @@ void WriteToStdErr(const char* error_message, size_t size) {

}

+// Invalid syscall values are truncated to zero.

+// On architectures where base value is zero (Intel and Arm),

+// syscall number is the same as offset from base.

+// On architectures where base value is different than zero (Mips),

+// we are truncating valid syscall value to offset from base.

jln (very slow on Chromium) 2014/05/28 00:06:57 Let's add the guarantee explicitly that sysno will

nedeljko 2014/05/28 09:33:43 for MIPS 0 to __NR_Linux_syscalls, for Intel/Arm 0

nedeljko 2014/05/29 14:06:45 Done.

+uint32_t SyscallNumberToOffsetFromBase(uint32_t sysno) {

+#if defined(__mips__)

+ // On MIPS syscall numbers are in different range than on x86 and ARM.

+ // Valid MIPS O32 ABI syscall __NR_syscall will be truncated to zero for

+ // simlicity.

+ if (sysno > __NR_Linux && sysno <= __NR_Linux + __NR_Linux_syscalls)

+ sysno = sysno - __NR_Linux;

+ else

+ sysno = 0;

+#else

+ if (sysno >= 1024)

jln (very slow on Chromium) 2014/05/28 00:06:57 Let's do this unconditionally. On MIPS, this shoul

nedeljko 2014/05/28 09:33:43 I am not sure that I understand you correctly. If

jln (very slow on Chromium) 2014/06/03 01:00:33 The "if (sysno >= 1024) sysno = 0" should be kept

+ sysno = 0;

+#endif

+ return sysno;

// Print a seccomp-bpf failure to handle |sysno| to stderr in an

// async-signal safe way.

void PrintSyscallError(uint32_t sysno) {

- if (sysno >= 1024)

- sysno = 0;

+ sysno = SyscallNumberToOffsetFromBase(sysno);

// TODO(markus): replace with async-signal safe snprintf when available.

const size_t kNumDigits = 4;

char sysno_base10[kNumDigits];

@@ -59,8 +81,14 @@ void PrintSyscallError(uint32_t sysno) {

rem /= 10;

sysno_base10[i] = '0' + mod;

}

+#if defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32)

+ static const char kSeccompErrorPrefix[] =

+ __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT

+ " in syscall 4000 + ";

+#else

static const char kSeccompErrorPrefix[] =

__FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall ";

+#endif

static const char kSeccompErrorPostfix[] = "\n";

WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1);

WriteToStdErr(sysno_base10, sizeof(sysno_base10));

@@ -73,8 +101,7 @@ namespace sandbox {

intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {

uint32_t syscall = args.nr;

- if (syscall >= 1024)

- syscall = 0;

PrintSyscallError(syscall);

jln (very slow on Chromium) 2014/05/28 00:06:57 The truncation here is important for security, as

nedeljko 2014/05/28 09:33:43 Calling SyscallNumberToOffsetFromBase() here is a

// Encode 8-bits of the 1st two arguments too, so we can discern which socket