OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/syscall_wrappers.h" | 5 #include "sandbox/linux/services/syscall_wrappers.h" |
6 | 6 |
7 #include <pthread.h> | |
8 #include <sched.h> | |
9 #include <setjmp.h> | |
7 #include <sys/resource.h> | 10 #include <sys/resource.h> |
8 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
9 #include <sys/time.h> | 12 #include <sys/time.h> |
10 #include <sys/types.h> | 13 #include <sys/types.h> |
11 #include <unistd.h> | 14 #include <unistd.h> |
12 | 15 |
16 #include "base/compiler_specific.h" | |
13 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #include "base/third_party/valgrind/valgrind.h" | |
14 #include "build/build_config.h" | 19 #include "build/build_config.h" |
15 #include "sandbox/linux/services/linux_syscalls.h" | 20 #include "sandbox/linux/services/linux_syscalls.h" |
16 | 21 |
17 namespace sandbox { | 22 namespace sandbox { |
18 | 23 |
19 pid_t sys_getpid(void) { | 24 pid_t sys_getpid(void) { |
20 return syscall(__NR_getpid); | 25 return syscall(__NR_getpid); |
21 } | 26 } |
22 | 27 |
23 pid_t sys_gettid(void) { | 28 pid_t sys_gettid(void) { |
24 return syscall(__NR_gettid); | 29 return syscall(__NR_gettid); |
25 } | 30 } |
26 | 31 |
27 long sys_clone(unsigned long flags) { | 32 namespace { |
28 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); | |
29 } | |
30 | 33 |
31 long sys_clone(unsigned long flags, | 34 bool CloneArgumentsValid(unsigned long flags, pid_t* ptid, pid_t* ctid) { |
32 void* child_stack, | |
33 pid_t* ptid, | |
34 pid_t* ctid, | |
35 decltype(nullptr) tls) { | |
36 const bool clone_tls_used = flags & CLONE_SETTLS; | 35 const bool clone_tls_used = flags & CLONE_SETTLS; |
37 const bool invalid_ctid = | 36 const bool invalid_ctid = |
38 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; | 37 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; |
39 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; | 38 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; |
40 const bool invalid_stack = (flags & CLONE_VM) && !child_stack; | |
41 | 39 |
42 if (clone_tls_used || invalid_ctid || invalid_ptid || invalid_stack) { | 40 // We do not support CLONE_VM. |
41 const bool clone_vm_used = flags & CLONE_VM; | |
42 | |
43 return !(clone_tls_used || invalid_ctid || invalid_ptid || clone_vm_used); | |
44 } | |
45 | |
46 } // namespace | |
47 | |
48 long sys_clone(unsigned long flags, | |
49 decltype(nullptr) child_stack, | |
50 pid_t* ptid, | |
51 pid_t* ctid, | |
52 decltype(nullptr) tls) { | |
53 | |
54 if (!CloneArgumentsValid(flags, ptid, ctid)) { | |
43 RAW_LOG(FATAL, "Invalid usage of sys_clone"); | 55 RAW_LOG(FATAL, "Invalid usage of sys_clone"); |
44 } | 56 } |
45 | 57 |
46 // See kernel/fork.c in Linux. There is different ordering of sys_clone | 58 // See kernel/fork.c in Linux. There is different ordering of sys_clone |
47 // parameters depending on CONFIG_CLONE_BACKWARDS* configuration options. | 59 // parameters depending on CONFIG_CLONE_BACKWARDS* configuration options. |
48 #if defined(ARCH_CPU_X86_64) | 60 #if defined(ARCH_CPU_X86_64) |
49 return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); | 61 return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); |
50 #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ | 62 #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ |
51 defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_MIPS64_FAMILY) | 63 defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_MIPS64_FAMILY) |
52 // CONFIG_CLONE_BACKWARDS defined. | 64 // CONFIG_CLONE_BACKWARDS defined. |
53 return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); | 65 return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); |
54 #endif | 66 #endif |
55 } | 67 } |
56 | 68 |
69 long sys_clone(unsigned long flags) { | |
70 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); | |
71 } | |
72 | |
73 namespace { | |
jln (very slow on Chromium)
2014/12/17 02:23:42
It's not typical to have multiple anonymous namesp
rickyz (no longer on Chrome)
2014/12/17 02:31:34
Done.
| |
74 | |
75 bool IsRunningOnValgrind() { | |
76 return RUNNING_ON_VALGRIND; | |
77 } | |
78 | |
79 int CloneHelper(void* arg) { | |
80 jmp_buf* env_ptr = reinterpret_cast<jmp_buf*>(arg); | |
81 // This function runs on the stack specified on the clone call. Use longjmp to | |
82 // switch back to the original stack so the child can return from sys_clone. | |
jln (very slow on Chromium)
2014/12/17 02:23:42
Nit: let's move this comment above the function de
rickyz (no longer on Chrome)
2014/12/17 02:31:34
Done.
| |
83 longjmp(*env_ptr, 1); | |
84 | |
85 // Should not be reached. | |
86 RAW_CHECK(false); | |
87 return 1; | |
88 } | |
89 | |
90 // This function is noinline to ensure that stack_buf is below the stack pointer | |
91 // that is saved when setjmp is called below. This is needed because when | |
92 // compiled with FORTIFY_SOURCE, glibc's longjmp checks that the stack is moved | |
93 // upwards. | |
jln (very slow on Chromium)
2014/12/17 02:23:42
Nit: add a https://crbug.com/ link
rickyz (no longer on Chrome)
2014/12/17 02:31:34
Done.
| |
94 NOINLINE pid_t CloneAndLongjmpInChild(unsigned long flags, | |
95 pid_t* ptid, | |
96 pid_t* ctid, | |
97 jmp_buf* env) { | |
98 // We use the libc clone wrapper instead of making the syscall | |
99 // directly because making the syscall may fail to update the libc's | |
100 // internal pid cache. The libc interface unfortunately requires | |
101 // specifying a new stack, so we use setjmp/longjmp to emulate | |
102 // fork-like behavior. | |
103 char stack_buf[PTHREAD_STACK_MIN]; | |
104 #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \ | |
105 defined(ARCH_CPU_MIPS64_FAMILY) || defined(ARCH_CPU_MIPS_FAMILY) | |
106 // The stack grows downward. | |
107 void* stack = stack_buf + sizeof(stack_buf); | |
108 #else | |
109 #error "Unsupported architecture" | |
110 #endif | |
111 return clone(&CloneHelper, stack, flags, env, ptid, nullptr, ctid); | |
112 } | |
113 | |
114 } // namespace | |
115 | |
116 pid_t ForkWithFlags(unsigned long flags, pid_t* ptid, pid_t* ctid) { | |
117 // Valgrind's clone implementation does not support specifiying a child_stack | |
118 // without CLONE_VM, so we cannot use libc's clone wrapper when running under | |
119 // Valgrind. As a result, the libc pid cache may be incorrect under Valgrind. | |
120 // See crbug.com/442817 for more details. | |
121 if (IsRunningOnValgrind()) { | |
122 return sys_clone(flags, nullptr, ptid, ctid, nullptr); | |
123 } | |
124 | |
125 if (!CloneArgumentsValid(flags, ptid, ctid)) { | |
jln (very slow on Chromium)
2014/12/17 02:23:42
This should be above, no? (And run also on Valgrin
rickyz (no longer on Chrome)
2014/12/17 02:31:34
Done.
rickyz (no longer on Chrome)
2014/12/17 02:31:34
Oops, I had left it below since sys_clone has the
| |
126 RAW_LOG(FATAL, "Invalid usage of ForkWithFlags"); | |
127 } | |
128 | |
129 jmp_buf env; | |
130 if (setjmp(env) == 0) { | |
131 return CloneAndLongjmpInChild(flags, ptid, ctid, &env); | |
132 } | |
133 | |
134 return 0; | |
135 } | |
136 | |
57 void sys_exit_group(int status) { | 137 void sys_exit_group(int status) { |
58 syscall(__NR_exit_group, status); | 138 syscall(__NR_exit_group, status); |
59 } | 139 } |
60 | 140 |
61 int sys_seccomp(unsigned int operation, | 141 int sys_seccomp(unsigned int operation, |
62 unsigned int flags, | 142 unsigned int flags, |
63 const struct sock_fprog* args) { | 143 const struct sock_fprog* args) { |
64 return syscall(__NR_seccomp, operation, flags, args); | 144 return syscall(__NR_seccomp, operation, flags, args); |
65 } | 145 } |
66 | 146 |
67 int sys_prlimit64(pid_t pid, | 147 int sys_prlimit64(pid_t pid, |
68 int resource, | 148 int resource, |
69 const struct rlimit64* new_limit, | 149 const struct rlimit64* new_limit, |
70 struct rlimit64* old_limit) { | 150 struct rlimit64* old_limit) { |
71 return syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); | 151 return syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); |
72 } | 152 } |
73 | 153 |
74 } // namespace sandbox | 154 } // namespace sandbox |
OLD | NEW |