Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(950)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/services/yama.cc

Issue 371113003: Disable yama on 3.2 kernels with 32bit userland and 64bit kernel. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/linux/services/yama.h ('K') | « sandbox/linux/services/yama.h ('k') | sandbox/linux/services/yama_unittests.cc » ('j') | sandbox/linux/services/yama_unittests.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/services/yama.cc
diff --git a/sandbox/linux/services/yama.cc b/sandbox/linux/services/yama.cc
index 49e1b36aab3c015e4bc1ca46a35740c28742a386..8f5d1c867f86cf2c2518f804de9cd82374243585 100644
--- a/sandbox/linux/services/yama.cc
+++ b/sandbox/linux/services/yama.cc
@@ -15,6 +15,8 @@
#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "base/posix/eintr_wrapper.h"
+#include "base/strings/string_util.h"
+#include "base/sys_info.h"
#if !defined(PR_SET_PTRACER_ANY)
#define PR_SET_PTRACER_ANY ((unsigned long)-1)
@@ -31,6 +33,10 @@ namespace {
// Enable or disable the Yama ptracers restrictions.
// Return false if Yama is not present on this kernel.
bool SetYamaPtracersRestriction(bool enable_restrictions) {
+ if (enable_restrictions && Yama::HasLinux32Bug()) {
Jorge Lucangeli Obes 2014/07/08 04:14:28 This doesn't really make sense. The problem is whe
+ return false;
+ }
+
unsigned long set_ptracer_arg;
if (enable_restrictions) {
set_ptracer_arg = 0;
@@ -77,6 +83,10 @@ int Yama::GetStatus() {
return 0;
}
+ if (HasLinux32Bug()) {
+ return 0;
Jorge Lucangeli Obes 2014/07/08 04:14:28 As above.
+ }
+
static const char kPtraceScopePath[] = "/proc/sys/kernel/yama/ptrace_scope";
base::ScopedFD yama_scope(HANDLE_EINTR(open(kPtraceScopePath, O_RDONLY)));
@@ -113,4 +123,20 @@ bool Yama::IsPresent() { return GetStatus() & STATUS_PRESENT; }
// static
bool Yama::IsEnforcing() { return GetStatus() & STATUS_ENFORCING; }
+// static
+bool Yama::HasLinux32Bug() {
+#if defined(__i386__)
+ // On 3.2 kernels, yama doesn't work for 32bit binaries on 64bit kernels.
Jorge Lucangeli Obes 2014/07/08 04:14:28 32-bit, 64-bit
+ // This is fixed in 3.4.
+ bool is_kernel_64bit =
+ base::SysInfo::OperatingSystemArchitecture() == "x86_64";
+ bool is_linux = base::SysInfo::OperatingSystemName() == "Linux";
+ bool is_3_dot_2 = StartsWithASCII(
+ base::SysInfo::OperatingSystemVersion(), "3.2", /*case_sensitive=*/false);
Jorge Lucangeli Obes 2014/07/08 04:14:28 'false /* case_sensitive */'
Nico 2014/07/08 04:24:43 This is somewhat common style: https://code.google
+ if (is_kernel_64bit && is_linux && is_3_dot_2)
+ return true;
+#endif // defined(__i386__)
+ return false;
+}
+
} // namespace sandbox
« sandbox/linux/services/yama.h ('K') | « sandbox/linux/services/yama.h ('k') | sandbox/linux/services/yama_unittests.cc » ('j') | sandbox/linux/services/yama_unittests.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698