Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(783)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

Issue 317373003: Merge 274934 "Linux sandbox: restrict futex operations." (Closed) Base URL: svn://svn.chromium.org/chrome/branches/1985/src/
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Note: any code in this file MUST be async-signal safe. 5 // Note: any code in this file MUST be async-signal safe.
6 6
7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
8 8
9 #include <unistd.h> 9 #include <unistd.h>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/posix/eintr_wrapper.h" 12 #include "base/posix/eintr_wrapper.h"
13 #include "build/build_config.h" 13 #include "build/build_config.h"
14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
15 15
16 #define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure" 16 #define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure"
17 #define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure" 17 #define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure"
18 #define SECCOMP_MESSAGE_PRCTL_CONTENT "prctl() failure" 18 #define SECCOMP_MESSAGE_PRCTL_CONTENT "prctl() failure"
19 #define SECCOMP_MESSAGE_IOCTL_CONTENT "ioctl() failure" 19 #define SECCOMP_MESSAGE_IOCTL_CONTENT "ioctl() failure"
20 #define SECCOMP_MESSAGE_KILL_CONTENT "(tg)kill() failure" 20 #define SECCOMP_MESSAGE_KILL_CONTENT "(tg)kill() failure"
21 #define SECCOMP_MESSAGE_FUTEX_CONTENT "futex() failure"
21 22
22 namespace { 23 namespace {
23 24
24 inline bool IsArchitectureX86_64() { 25 inline bool IsArchitectureX86_64() {
25 #if defined(__x86_64__) 26 #if defined(__x86_64__)
26 return true; 27 return true;
27 #else 28 #else
28 return false; 29 return false;
29 #endif 30 #endif
30 } 31 }
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after
157 volatile uint64_t pid = args.args[0]; 158 volatile uint64_t pid = args.args[0];
158 volatile char* addr = reinterpret_cast<volatile char*>(pid & 0xFFF); 159 volatile char* addr = reinterpret_cast<volatile char*>(pid & 0xFFF);
159 *addr = '\0'; 160 *addr = '\0';
160 // Hit the NULL page if this fails. 161 // Hit the NULL page if this fails.
161 addr = reinterpret_cast<volatile char*>(pid & 0xFFF); 162 addr = reinterpret_cast<volatile char*>(pid & 0xFFF);
162 *addr = '\0'; 163 *addr = '\0';
163 for (;;) 164 for (;;)
164 _exit(1); 165 _exit(1);
165 } 166 }
166 167
168 intptr_t SIGSYSFutexFailure(const struct arch_seccomp_data& args,
169 void* /* aux */) {
170 static const char kSeccompFutexError[] =
171 __FILE__ ":**CRASHING**:" SECCOMP_MESSAGE_FUTEX_CONTENT "\n";
172 WriteToStdErr(kSeccompFutexError, sizeof(kSeccompFutexError) - 1);
173 volatile int futex_op = args.args[1];
174 volatile char* addr = reinterpret_cast<volatile char*>(futex_op & 0xFFF);
175 *addr = '\0';
176 for (;;)
177 _exit(1);
178 }
179
167 const char* GetErrorMessageContentForTests() { 180 const char* GetErrorMessageContentForTests() {
168 return SECCOMP_MESSAGE_COMMON_CONTENT; 181 return SECCOMP_MESSAGE_COMMON_CONTENT;
169 } 182 }
170 183
171 const char* GetCloneErrorMessageContentForTests() { 184 const char* GetCloneErrorMessageContentForTests() {
172 return SECCOMP_MESSAGE_CLONE_CONTENT; 185 return SECCOMP_MESSAGE_CLONE_CONTENT;
173 } 186 }
174 187
175 const char* GetPrctlErrorMessageContentForTests() { 188 const char* GetPrctlErrorMessageContentForTests() {
176 return SECCOMP_MESSAGE_PRCTL_CONTENT; 189 return SECCOMP_MESSAGE_PRCTL_CONTENT;
177 } 190 }
178 191
179 const char* GetIoctlErrorMessageContentForTests() { 192 const char* GetIoctlErrorMessageContentForTests() {
180 return SECCOMP_MESSAGE_IOCTL_CONTENT; 193 return SECCOMP_MESSAGE_IOCTL_CONTENT;
181 } 194 }
182 195
196 const char* GetFutexErrorMessageContentForTests() {
197 return SECCOMP_MESSAGE_FUTEX_CONTENT;
198 }
199
183 } // namespace sandbox. 200 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698