Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(149)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp/sandbox.cc

Issue 320008: Add assembly constraints to disable some overly aggressive GCC optimizations (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 11 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp/linux_syscall_support.h ('k') | sandbox/linux/seccomp/trusted_thread.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #include "library.h" 1 #include "library.h"
2 #include "sandbox_impl.h" 2 #include "sandbox_impl.h"
3 #include "syscall_table.h" 3 #include "syscall_table.h"
4 4
5 namespace playground { 5 namespace playground {
6 6
7 // Global variables 7 // Global variables
8 int Sandbox::pid_; 8 int Sandbox::pid_;
9 int Sandbox::processFdPub_; 9 int Sandbox::processFdPub_;
10 int Sandbox::cloneFdPub_; 10 int Sandbox::cloneFdPub_;
(...skipping 311 matching lines...) Expand 10 before | Expand all | Expand 10 after
322 ".pushsection \".rodata\"\n" 322 ".pushsection \".rodata\"\n"
323 #ifndef NDEBUG 323 #ifndef NDEBUG
324 "100:.asciz \"RDTSC(P): Executing handler\\n\"\n" 324 "100:.asciz \"RDTSC(P): Executing handler\\n\"\n"
325 "200:.asciz \"INT $0x0: Executing handler\\n\"\n" 325 "200:.asciz \"INT $0x0: Executing handler\\n\"\n"
326 #endif 326 #endif
327 "300:.ascii \"Segmentation fault\\n\"\n" 327 "300:.ascii \"Segmentation fault\\n\"\n"
328 "301:\n" 328 "301:\n"
329 ".popsection\n" 329 ".popsection\n"
330 "999:pop %0\n" 330 "999:pop %0\n"
331 : "=g"(fnc) 331 : "=g"(fnc)
332 :
333 : "memory"
334 #if defined(__x86_64__)
335 , "rsp"
336 #elif defined(__i386__)
337 , "esp"
338 #endif
332 ); 339 );
333 return fnc; 340 return fnc;
334 } 341 }
335 342
336 void Sandbox::snapshotMemoryMappings(int processFd) { 343 void Sandbox::snapshotMemoryMappings(int processFd) {
337 SysCalls sys; 344 SysCalls sys;
338 int mapsFd = sys.open("/proc/self/maps", O_RDONLY, 0); 345 int mapsFd = sys.open("/proc/self/maps", O_RDONLY, 0);
339 if (mapsFd < 0 || !sendFd(processFd, mapsFd, -1, NULL, 0)) { 346 if (mapsFd < 0 || !sendFd(processFd, mapsFd, -1, NULL, 0)) {
340 failure: 347 failure:
341 die("Cannot access /proc/self/maps"); 348 die("Cannot access /proc/self/maps");
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
414 421
415 // Take a snapshot of the current memory mappings. These mappings will be 422 // Take a snapshot of the current memory mappings. These mappings will be
416 // off-limits to all future mmap(), munmap(), mremap(), and mprotect() calls. 423 // off-limits to all future mmap(), munmap(), mremap(), and mprotect() calls.
417 snapshotMemoryMappings(processFdPub_); 424 snapshotMemoryMappings(processFdPub_);
418 425
419 // Creating the trusted thread enables sandboxing 426 // Creating the trusted thread enables sandboxing
420 createTrustedThread(processFdPub_, cloneFdPub_, secureMem); 427 createTrustedThread(processFdPub_, cloneFdPub_, secureMem);
421 } 428 }
422 429
423 } // namespace 430 } // namespace
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp/linux_syscall_support.h ('k') | sandbox/linux/seccomp/trusted_thread.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698