Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(181)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 293463002: Add SandboxBPFPolicy::InvalidSyscall() to simplify writing policies (Closed)

Created:
6 years, 7 months ago by mdempsky
Modified:
6 years, 7 months ago
CC:
chromium-reviews, agl, jln+watch_chromium.org
Visibility:
Public.

Description

Add SandboxBPFPolicy::InvalidSyscall() to simplify writing policies Instead of requiring every BPF policy to check IsValidSyscallNumber() and return a fixed value when it's true, provide an alternative entry point and guarantee that EvaluateSyscall() will only be called for valid syscall numbers. Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=271256

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+50 lines, -24 lines) Patch
M sandbox/linux/sandbox_linux.gypi View 1 chunk +1 line, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf.cc View 4 chunks +21 lines, -22 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h View 1 chunk +1 line, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h View 3 chunks +7 lines, -1 line 0 comments Download
A sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc View 1 chunk +17 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf/verifier.cc View 1 chunk +3 lines, -1 line 0 comments Download

Messages

Total messages: 7 (0 generated)
mdempsky
6 years, 7 months ago (2014-05-16 21:42:51 UTC) #1
jln (very slow on Chromium)
Thanks, it's much saner to have the policy express what to do for invalid system ...
6 years, 7 months ago (2014-05-16 22:09:54 UTC) #2
mdempsky
The CQ bit was checked by mdempsky@chromium.org
6 years, 7 months ago (2014-05-16 22:17:57 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mdempsky@chromium.org/293463002/1
6 years, 7 months ago (2014-05-16 23:34:07 UTC) #4
commit-bot: I haz the power
Change committed as 271256
6 years, 7 months ago (2014-05-17 19:10:11 UTC) #5
mdempsky
On 2014/05/17 19:10:11, I haz the power (commit-bot) wrote: > Change committed as 271256 While ...
6 years, 7 months ago (2014-05-19 18:52:17 UTC) #6
jln (very slow on Chromium)
6 years, 7 months ago (2014-05-19 19:05:49 UTC) #7
Message was sent while issue was closed. 
On 2014/05/19 18:52:17, mdempsky wrote:
> On 2014/05/17 19:10:11, I haz the power (commit-bot) wrote:
> > Change committed as 271256
> 
> While looking at policies to cleanup after this change, I just noticed that
most
> of the production policies actually use Trap(SIGSYS_Handler) as the invalid
> syscall number behavior instead of ErrorCode(ENOSYS), and this change silently
> changed the behavior for those policies.
> 
> I plan on fixing those shortly anyway, but I thought I'd point it out now in
> case you think we should instead revert this for now and re-land alongside
> proper policy changes.

It doesn't matter too much. ENOSYS is fine I think. It's in theory possible that
we would catch bugs with a crashing signal handlers, but it has been two years
no and we never have.

It's possible that on the upper end of the spectrum we could catch calling a
system call that is yet-unknown to us, but IIRC we have at least a few hundreds
syscall numbers as a buffer for what we consider valid syscall numbers.

Powered by Google App Engine
This is Rietveld 408576698