Chromium Code Reviews Chromium Code Reviews
Issue 280303002:
Add sandbox support for AsanCoverage. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <pthread.h> | 10 #include <pthread.h> |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 52 #include <sys/prctl.h> | 52 #include <sys/prctl.h> |
| 53 #include <sys/signal.h> | 53 #include <sys/signal.h> |
| 54 #else | 54 #else |
| 55 #include <signal.h> | 55 #include <signal.h> |
| 56 #endif | 56 #endif |
| 57 | 57 |
| 58 #if defined(ENABLE_WEBRTC) | 58 #if defined(ENABLE_WEBRTC) |
| 59 #include "third_party/libjingle/overrides/init_webrtc.h" | 59 #include "third_party/libjingle/overrides/init_webrtc.h" |
| 60 #endif | 60 #endif |
| 61 | 61 |
| 62 #if defined(ADDRESS_SANITIZER) | |
| 63 #include <sanitizer/asan_interface.h> | |
| 64 #endif | |
| 65 | |
| 62 namespace content { | 66 namespace content { |
| 63 | 67 |
| 64 // See http://code.google.com/p/chromium/wiki/LinuxZygote | 68 // See http://code.google.com/p/chromium/wiki/LinuxZygote |
| 65 | 69 |
| 66 static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output, | 70 static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output, |
| 67 char* timezone_out, | 71 char* timezone_out, |
| 68 size_t timezone_out_len) { | 72 size_t timezone_out_len) { |
| 69 Pickle request; | 73 Pickle request; |
| 70 request.WriteInt(LinuxSandbox::METHOD_LOCALTIME); | 74 request.WriteInt(LinuxSandbox::METHOD_LOCALTIME); |
| 71 request.WriteString( | 75 request.WriteString( |
| (...skipping 342 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 414 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { | 418 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { |
| 415 LOG(ERROR) << "Failed to set non-dumpable flag"; | 419 LOG(ERROR) << "Failed to set non-dumpable flag"; |
| 416 return false; | 420 return false; |
| 417 } | 421 } |
| 418 } | 422 } |
| 419 #endif | 423 #endif |
| 420 | 424 |
| 421 return true; | 425 return true; |
| 422 } | 426 } |
| 423 | 427 |
| 428 #if defined(ADDRESS_SANITIZER) | |
| 429 const size_t kSanitizerMaxMessageLength = 1 * 1024 * 1024; | |
| 430 | |
| 431 static void SanitizerCoverageHelper(int socket_fd) { | |
| 432 int file_fd = -1; | |
| 433 char buffer[kSanitizerMaxMessageLength]; | |
|
jln (very slow on Chromium)
2014/05/14 23:42:24
This is very large, let's get it off the stack.
earthdok
2014/05/20 16:53:57
Done.
| |
| 434 while (true) { | |
| 435 ssize_t received_size = | |
| 436 HANDLE_EINTR(recv(socket_fd, buffer, kSanitizerMaxMessageLength, 0)); | |
| 437 PCHECK(received_size >= 0) | |
| 438 << "Sanitizer coverage helper: failed to read from socket"; | |
| 439 if (received_size > 0) { | |
| 440 if (file_fd < 0) { | |
| 441 const char kZygoteSanCovFileName[] = "zygote.sancov.packed"; | |
| 442 file_fd = | |
| 443 HANDLE_EINTR(open(kZygoteSanCovFileName, O_WRONLY | O_CREAT, 0660)); | |
| 444 PCHECK(file_fd >= 0) | |
| 445 << "Sanitizer coverage helper: failed to open file"; | |
| 446 } | |
| 447 ssize_t written_size = | |
| 448 HANDLE_EINTR(write(file_fd, buffer, received_size)); | |
| 449 PCHECK(written_size == received_size) | |
|
jln (very slow on Chromium)
2014/05/14 21:21:04
You may want to loop here. It can definitely happe
earthdok
2014/05/20 16:53:57
Done.
| |
| 450 << "Sanitizer coverage helper: error writing to file"; | |
| 451 PCHECK(0 == HANDLE_EINTR(fsync(file_fd))) | |
|
jln (very slow on Chromium)
2014/05/14 17:49:41
I don't think fsync can EINTR.
earthdok
2014/05/14 19:21:47
The POSIX standard does mention it:
http://pubs.op
| |
| 452 << "Sanitizer coverage helper: error syncing file"; | |
| 453 } | |
| 454 } | |
| 455 } | |
| 456 | |
| 457 static int ForkSanitizerCoverageHelper() { | |
| 458 int fds[2]; | |
| 459 PCHECK(0 == socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds)) | |
| 460 << "Sanitizer coverage helper: failed to create a socket pair"; | |
| 461 // fds[0] is the read end, fds[1] is the write end. | |
| 462 PCHECK((0 == shutdown(fds[0], SHUT_WR)) && (0 == shutdown(fds[1], SHUT_RD))) | |
| 463 << "Sanitizer coverage helper: shutdown() failed"; | |
| 464 pid_t pid = fork(); | |
| 465 PCHECK(pid >= 0) << "Sanitizer coverage helper: failed to fork"; | |
| 466 if (pid == 0) { | |
| 467 // In the child. | |
| 468 PCHECK(0 == IGNORE_EINTR(close(fds[1]))) | |
| 469 << "Sanitizer coverage helper: child failed to close socket";; | |
|
jln (very slow on Chromium)
2014/05/14 17:49:41
General remark for all the PCHECKs. Feel free to n
earthdok
2014/05/20 16:53:57
Done.
| |
| 470 SanitizerCoverageHelper(fds[0]); | |
| 471 _exit(0); | |
| 472 } else { | |
| 473 // In the parent. | |
| 474 PCHECK(0 == IGNORE_EINTR(close(fds[0]))) | |
| 475 << "Sanitizer coverage helper: parent failed to close socket";; | |
| 476 return fds[1]; | |
| 477 } | |
| 478 } | |
| 479 #endif | |
| 480 | |
| 424 // If |is_suid_sandbox_child|, then make sure that the setuid sandbox is | 481 // If |is_suid_sandbox_child|, then make sure that the setuid sandbox is |
| 425 // engaged. | 482 // engaged. |
| 426 static void EnterLayerOneSandbox(LinuxSandbox* linux_sandbox, | 483 static void EnterLayerOneSandbox(LinuxSandbox* linux_sandbox, |
| 427 bool is_suid_sandbox_child) { | 484 bool is_suid_sandbox_child) { |
| 428 DCHECK(linux_sandbox); | 485 DCHECK(linux_sandbox); |
| 429 | 486 |
| 430 ZygotePreSandboxInit(); | 487 ZygotePreSandboxInit(); |
| 431 | 488 |
| 432 // Check that the pre-sandbox initialization didn't spawn threads. | 489 // Check that the pre-sandbox initialization didn't spawn threads. |
| 433 #if !defined(THREAD_SANITIZER) | 490 #if !defined(THREAD_SANITIZER) |
| 434 DCHECK(linux_sandbox->IsSingleThreaded()); | 491 DCHECK(linux_sandbox->IsSingleThreaded()); |
| 435 #endif | 492 #endif |
| 436 | 493 |
| 437 sandbox::SetuidSandboxClient* setuid_sandbox = | 494 sandbox::SetuidSandboxClient* setuid_sandbox = |
| 438 linux_sandbox->setuid_sandbox_client(); | 495 linux_sandbox->setuid_sandbox_client(); |
| 439 | 496 |
| 440 if (is_suid_sandbox_child) { | 497 if (is_suid_sandbox_child) { |
| 441 CHECK(EnterSuidSandbox(setuid_sandbox)) << "Failed to enter setuid sandbox"; | 498 CHECK(EnterSuidSandbox(setuid_sandbox)) << "Failed to enter setuid sandbox"; |
| 442 } | 499 } |
| 443 } | 500 } |
| 444 | 501 |
| 445 bool ZygoteMain(const MainFunctionParams& params, | 502 bool ZygoteMain(const MainFunctionParams& params, |
| 446 ScopedVector<ZygoteForkDelegate> fork_delegates) { | 503 ScopedVector<ZygoteForkDelegate> fork_delegates) { |
| 447 g_am_zygote_or_renderer = true; | 504 g_am_zygote_or_renderer = true; |
| 448 sandbox::InitLibcUrandomOverrides(); | 505 sandbox::InitLibcUrandomOverrides(); |
| 449 | 506 |
| 450 LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance(); | 507 LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance(); |
| 508 | |
| 509 #if defined(ADDRESS_SANITIZER) | |
| 510 int sancov_helper_fd = ForkSanitizerCoverageHelper(); | |
| 511 linux_sandbox->sanitizer_args()->coverage_sandboxed = 1; | |
| 512 linux_sandbox->sanitizer_args()->coverage_fd = sancov_helper_fd; | |
| 513 linux_sandbox->sanitizer_args()->coverage_max_block_size = | |
| 514 kSanitizerMaxMessageLength; | |
| 515 #endif | |
| 516 | |
| 451 // This will pre-initialize the various sandboxes that need it. | 517 // This will pre-initialize the various sandboxes that need it. |
| 452 linux_sandbox->PreinitializeSandbox(); | 518 linux_sandbox->PreinitializeSandbox(); |
| 453 | 519 |
| 454 const bool must_enable_setuid_sandbox = | 520 const bool must_enable_setuid_sandbox = |
| 455 linux_sandbox->setuid_sandbox_client()->IsSuidSandboxChild(); | 521 linux_sandbox->setuid_sandbox_client()->IsSuidSandboxChild(); |
| 456 if (must_enable_setuid_sandbox) { | 522 if (must_enable_setuid_sandbox) { |
| 457 linux_sandbox->setuid_sandbox_client()->CloseDummyFile(); | 523 linux_sandbox->setuid_sandbox_client()->CloseDummyFile(); |
| 458 | 524 |
| 459 // Let the ZygoteHost know we're booting up. | 525 // Let the ZygoteHost know we're booting up. |
| 460 CHECK(UnixDomainSocket::SendMsg(kZygoteSocketPairFd, | 526 CHECK(UnixDomainSocket::SendMsg(kZygoteSocketPairFd, |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 477 int sandbox_flags = linux_sandbox->GetStatus(); | 543 int sandbox_flags = linux_sandbox->GetStatus(); |
| 478 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; | 544 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; |
| 479 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); | 545 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); |
| 480 | 546 |
| 481 Zygote zygote(sandbox_flags, fork_delegates.Pass()); | 547 Zygote zygote(sandbox_flags, fork_delegates.Pass()); |
| 482 // This function call can return multiple times, once per fork(). | 548 // This function call can return multiple times, once per fork(). |
| 483 return zygote.ProcessRequests(); | 549 return zygote.ProcessRequests(); |
| 484 } | 550 } |
| 485 | 551 |
| 486 } // namespace content | 552 } // namespace content |
| OLD | NEW |
