| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <errno.h> | |
| 6 #include <fcntl.h> | |
| 7 #include <linux/unistd.h> | |
| 8 #include <signal.h> | |
| 9 #include <stdarg.h> | |
| 10 #include <stdlib.h> | |
| 11 #include <sys/ptrace.h> | |
| 12 #include <sys/types.h> | |
| 13 #include <sys/wait.h> | |
| 14 | |
| 15 #include "library.h" | |
| 16 #include "maps.h" | |
| 17 #include "sandbox_impl.h" | |
| 18 | |
| 19 namespace playground { | |
| 20 | |
| 21 Maps::Maps(int proc_self_maps) : | |
| 22 proc_self_maps_(proc_self_maps), | |
| 23 begin_iter_(this, true, false), | |
| 24 end_iter_(this, false, true), | |
| 25 vsyscall_(0) { | |
| 26 Sandbox::SysCalls sys; | |
| 27 if (proc_self_maps_ >= 0 && | |
| 28 !sys.lseek(proc_self_maps_, 0, SEEK_SET)) { | |
| 29 char buf[256] = { 0 }; | |
| 30 int len = 0, rc = 1; | |
| 31 bool long_line = false; | |
| 32 do { | |
| 33 if (rc > 0) { | |
| 34 rc = Sandbox::read(sys, proc_self_maps_, buf + len, | |
| 35 sizeof(buf) - len - 1); | |
| 36 if (rc > 0) { | |
| 37 len += rc; | |
| 38 } | |
| 39 } | |
| 40 char *ptr = buf; | |
| 41 if (!long_line) { | |
| 42 long_line = true; | |
| 43 unsigned long start = strtoul(ptr, &ptr, 16); | |
| 44 unsigned long stop = strtoul(ptr + 1, &ptr, 16); | |
| 45 while (*ptr == ' ' || *ptr == '\t') ++ptr; | |
| 46 char *perm_ptr = ptr; | |
| 47 while (*ptr && *ptr != ' ' && *ptr != '\t') ++ptr; | |
| 48 string perm(perm_ptr, ptr - perm_ptr); | |
| 49 unsigned long offset = strtoul(ptr, &ptr, 16); | |
| 50 while (*ptr == ' ' || *ptr == '\t') ++ptr; | |
| 51 char *id_ptr = ptr; | |
| 52 while (*ptr && *ptr != ' ' && *ptr != '\t') ++ptr; | |
| 53 while (*ptr == ' ' || *ptr == '\t') ++ptr; | |
| 54 while (*ptr && *ptr != ' ' && *ptr != '\t') ++ptr; | |
| 55 string id(id_ptr, ptr - id_ptr); | |
| 56 while (*ptr == ' ' || *ptr == '\t') ++ptr; | |
| 57 char *library_ptr = ptr; | |
| 58 while (*ptr && *ptr != ' ' && *ptr != '\t' && *ptr != '\n') ++ptr; | |
| 59 string library(library_ptr, ptr - library_ptr); | |
| 60 bool isVDSO = false; | |
| 61 if (library == "[vdso]") { | |
| 62 // /proc/self/maps has a misleading file offset in the [vdso] entry. | |
| 63 // Override it with a sane value. | |
| 64 offset = 0; | |
| 65 isVDSO = true; | |
| 66 } else if (library == "[vsyscall]") { | |
| 67 vsyscall_ = reinterpret_cast<char *>(start); | |
| 68 } else if (library.empty() || library[0] == '[') { | |
| 69 goto skip_entry; | |
| 70 } | |
| 71 int prot = 0; | |
| 72 if (perm.find('r') != string::npos) { | |
| 73 prot |= PROT_READ; | |
| 74 } | |
| 75 if (perm.find('w') != string::npos) { | |
| 76 prot |= PROT_WRITE; | |
| 77 } | |
| 78 if (perm.find('x') != string::npos) { | |
| 79 prot |= PROT_EXEC; | |
| 80 } | |
| 81 if ((prot & (PROT_EXEC | PROT_READ)) == 0) { | |
| 82 goto skip_entry; | |
| 83 } | |
| 84 Library* lib = &libs_[id + ' ' + library]; | |
| 85 lib->setLibraryInfo(this); | |
| 86 lib->addMemoryRange(reinterpret_cast<void *>(start), | |
| 87 reinterpret_cast<void *>(stop), | |
| 88 Elf_Addr(offset), | |
| 89 prot, isVDSO); | |
| 90 } | |
| 91 skip_entry: | |
| 92 for (;;) { | |
| 93 if (!*ptr || *ptr++ == '\n') { | |
| 94 long_line = false; | |
| 95 memmove(buf, ptr, len - (ptr - buf)); | |
| 96 memset(buf + len - (ptr - buf), 0, ptr - buf); | |
| 97 len -= (ptr - buf); | |
| 98 break; | |
| 99 } | |
| 100 } | |
| 101 } while (len || long_line); | |
| 102 } | |
| 103 } | |
| 104 | |
| 105 Maps::Iterator::Iterator(Maps* maps, bool at_beginning, bool at_end) | |
| 106 : maps_(maps), | |
| 107 at_beginning_(at_beginning), | |
| 108 at_end_(at_end) { | |
| 109 } | |
| 110 | |
| 111 Maps::LibraryMap::iterator& Maps::Iterator::getIterator() const { | |
| 112 if (at_beginning_) { | |
| 113 iter_ = maps_->libs_.begin(); | |
| 114 } else if (at_end_) { | |
| 115 iter_ = maps_->libs_.end(); | |
| 116 } | |
| 117 return iter_; | |
| 118 } | |
| 119 | |
| 120 Maps::Iterator Maps::Iterator::begin() { | |
| 121 return maps_->begin_iter_; | |
| 122 } | |
| 123 | |
| 124 Maps::Iterator Maps::Iterator::end() { | |
| 125 return maps_->end_iter_; | |
| 126 } | |
| 127 | |
| 128 Maps::Iterator& Maps::Iterator::operator++() { | |
| 129 getIterator().operator++(); | |
| 130 at_beginning_ = false; | |
| 131 return *this; | |
| 132 } | |
| 133 | |
| 134 Maps::Iterator Maps::Iterator::operator++(int i) { | |
| 135 getIterator().operator++(i); | |
| 136 at_beginning_ = false; | |
| 137 return *this; | |
| 138 } | |
| 139 | |
| 140 Library* Maps::Iterator::operator*() const { | |
| 141 return &getIterator().operator*().second; | |
| 142 } | |
| 143 | |
| 144 bool Maps::Iterator::operator==(const Maps::Iterator& iter) const { | |
| 145 return getIterator().operator==(iter.getIterator()); | |
| 146 } | |
| 147 | |
| 148 bool Maps::Iterator::operator!=(const Maps::Iterator& iter) const { | |
| 149 return !operator==(iter); | |
| 150 } | |
| 151 | |
| 152 Maps::string Maps::Iterator::name() const { | |
| 153 return getIterator()->first; | |
| 154 } | |
| 155 | |
| 156 // Test whether a line ends with "[stack]"; used for identifying the | |
| 157 // stack entry of /proc/self/maps. | |
| 158 static bool isStackLine(char* buf, char* end) { | |
| 159 char* ptr = buf; | |
| 160 for ( ; *ptr != '\n' && ptr < end; ++ptr) | |
| 161 ; | |
| 162 if (ptr < end && ptr - 7 > buf) { | |
| 163 return (memcmp(ptr - 7, "[stack]", 7) == 0); | |
| 164 } | |
| 165 return false; | |
| 166 } | |
| 167 | |
| 168 char* Maps::allocNearAddr(char* addr_target, size_t size, int prot) const { | |
| 169 // We try to allocate memory within 1.5GB of a target address. This means, | |
| 170 // we will be able to perform relative 32bit jumps from the target address. | |
| 171 const unsigned long kMaxDistance = 1536 << 20; | |
| 172 // In most of the code below, we just care about the numeric value of | |
| 173 // the address. | |
| 174 const long addr = reinterpret_cast<long>(addr_target); | |
| 175 size = (size + 4095) & ~4095; | |
| 176 Sandbox::SysCalls sys; | |
| 177 if (sys.lseek(proc_self_maps_, 0, SEEK_SET)) { | |
| 178 return NULL; | |
| 179 } | |
| 180 | |
| 181 // Iterate through lines of /proc/self/maps to consider each mapped | |
| 182 // region one at a time, looking for a gap between regions to allocate. | |
| 183 char buf[256] = { 0 }; | |
| 184 int len = 0, rc = 1; | |
| 185 bool long_line = false; | |
| 186 unsigned long gap_start = 0x10000; | |
| 187 void* new_addr; | |
| 188 do { | |
| 189 if (rc > 0) { | |
| 190 do { | |
| 191 rc = Sandbox::read(sys, proc_self_maps_, buf + len, | |
| 192 sizeof(buf) - len - 1); | |
| 193 if (rc > 0) { | |
| 194 len += rc; | |
| 195 } | |
| 196 } while (rc > 0 && len < (int)sizeof(buf) - 1); | |
| 197 } | |
| 198 char *ptr = buf; | |
| 199 if (!long_line) { | |
| 200 long_line = true; | |
| 201 // Maps lines have the form "<start address>-<end address> ... <name>". | |
| 202 unsigned long gap_end = strtoul(ptr, &ptr, 16); | |
| 203 unsigned long map_end = strtoul(ptr + 1, &ptr, 16); | |
| 204 | |
| 205 // gap_start to gap_end now covers the region of empty space before | |
| 206 // the current line. Now we try to see if there's a place within the | |
| 207 // gap we can use. | |
| 208 | |
| 209 if (gap_end - gap_start >= size) { | |
| 210 // Is the gap before our target address? | |
| 211 if (addr - static_cast<long>(gap_end) >= 0) { | |
| 212 if (addr - (gap_end - size) < kMaxDistance) { | |
| 213 unsigned long position; | |
| 214 if (isStackLine(ptr, buf + len)) { | |
| 215 // If we're adjacent to the stack, try to stay away from | |
| 216 // the GROWS_DOWN region. Pick the farthest away region that | |
| 217 // is still within the gap. | |
| 218 | |
| 219 if (static_cast<unsigned long>(addr) < kMaxDistance || // Underfl
ow protection. | |
| 220 static_cast<unsigned long>(addr) - kMaxDistance < gap_start) { | |
| 221 position = gap_start; | |
| 222 } else { | |
| 223 position = (addr - kMaxDistance) & ~4095; | |
| 224 if (position < gap_start) { | |
| 225 position = gap_start; | |
| 226 } | |
| 227 } | |
| 228 } else { | |
| 229 // Otherwise, take the end of the region. | |
| 230 position = gap_end - size; | |
| 231 } | |
| 232 new_addr = reinterpret_cast<char *>(sys.MMAP | |
| 233 (reinterpret_cast<void *>(position), size, prot, | |
| 234 MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0)); | |
| 235 if (new_addr != MAP_FAILED) { | |
| 236 goto done; | |
| 237 } | |
| 238 } | |
| 239 } else if (gap_start + size - addr < kMaxDistance) { | |
| 240 // Gap is after the address. Above checks that we can wrap around | |
| 241 // through 0 to a space we'd use. | |
| 242 new_addr = reinterpret_cast<char *>(sys.MMAP | |
| 243 (reinterpret_cast<void *>(gap_start), size, prot, | |
| 244 MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1 ,0)); | |
| 245 if (new_addr != MAP_FAILED) { | |
| 246 goto done; | |
| 247 } | |
| 248 } | |
| 249 } | |
| 250 gap_start = map_end; | |
| 251 } | |
| 252 for (;;) { | |
| 253 if (!*ptr || *ptr++ == '\n') { | |
| 254 long_line = false; | |
| 255 memmove(buf, ptr, len - (ptr - buf)); | |
| 256 memset(buf + len - (ptr - buf), 0, ptr - buf); | |
| 257 len -= (ptr - buf); | |
| 258 break; | |
| 259 } | |
| 260 } | |
| 261 } while (len || long_line); | |
| 262 new_addr = NULL; | |
| 263 done: | |
| 264 return reinterpret_cast<char*>(new_addr); | |
| 265 } | |
| 266 | |
| 267 } // namespace | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3225010:
Pull seccomp-sandbox in via DEPS rather than using an in-tree copy... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/