OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/syscall_wrappers.h" | 5 #include "sandbox/linux/services/syscall_wrappers.h" |
6 | 6 |
7 #include <pthread.h> | |
8 #include <sched.h> | |
9 #include <setjmp.h> | |
7 #include <sys/resource.h> | 10 #include <sys/resource.h> |
8 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
9 #include <sys/time.h> | 12 #include <sys/time.h> |
10 #include <sys/types.h> | 13 #include <sys/types.h> |
11 #include <unistd.h> | 14 #include <unistd.h> |
12 | 15 |
13 #include "base/logging.h" | 16 #include "base/logging.h" |
14 #include "build/build_config.h" | 17 #include "build/build_config.h" |
15 #include "sandbox/linux/services/linux_syscalls.h" | 18 #include "sandbox/linux/services/linux_syscalls.h" |
16 | 19 |
17 namespace sandbox { | 20 namespace sandbox { |
18 | 21 |
19 pid_t sys_getpid(void) { | 22 pid_t sys_getpid(void) { |
20 return syscall(__NR_getpid); | 23 return syscall(__NR_getpid); |
21 } | 24 } |
22 | 25 |
23 pid_t sys_gettid(void) { | 26 pid_t sys_gettid(void) { |
24 return syscall(__NR_gettid); | 27 return syscall(__NR_gettid); |
25 } | 28 } |
26 | 29 |
27 long sys_clone(unsigned long flags) { | 30 namespace { |
28 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); | 31 |
32 int clone_helper(void* arg) { | |
jln (very slow on Chromium)
2014/12/15 23:31:35
Style: CloneHelper
Also add a comment to explain
rickyz (no longer on Chrome)
2014/12/16 00:35:09
Done.
| |
33 jmp_buf* env_ptr = reinterpret_cast<jmp_buf*>(arg); | |
34 longjmp(*env_ptr, 1); | |
35 | |
36 NOTREACHED(); | |
jln (very slow on Chromium)
2014/12/15 23:31:35
RAW_CHECK(): probably a good idea to be very conse
rickyz (no longer on Chrome)
2014/12/16 00:35:09
Done.
| |
37 return 1; | |
29 } | 38 } |
30 | 39 |
40 } // namespace | |
41 | |
31 long sys_clone(unsigned long flags, | 42 long sys_clone(unsigned long flags, |
32 void* child_stack, | 43 decltype(nullptr) child_stack, |
33 pid_t* ptid, | 44 pid_t* ptid, |
34 pid_t* ctid, | 45 pid_t* ctid, |
35 decltype(nullptr) tls) { | 46 decltype(nullptr) tls) { |
36 const bool clone_tls_used = flags & CLONE_SETTLS; | 47 const bool clone_tls_used = flags & CLONE_SETTLS; |
37 const bool invalid_ctid = | 48 const bool invalid_ctid = |
38 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; | 49 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; |
39 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; | 50 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; |
40 const bool invalid_stack = (flags & CLONE_VM) && !child_stack; | |
41 | 51 |
42 if (clone_tls_used || invalid_ctid || invalid_ptid || invalid_stack) { | 52 // Since child_stack must be nullptr, we do not support CLONE_VM. |
53 const bool invalid_clone_vm = flags & CLONE_VM; | |
jln (very slow on Chromium)
2014/12/15 23:31:35
maybe rename to clone_vm_used (to be consistent wi
rickyz (no longer on Chrome)
2014/12/16 00:35:09
Done.
| |
54 | |
55 if (clone_tls_used || invalid_ctid || invalid_ptid || invalid_clone_vm) { | |
43 RAW_LOG(FATAL, "Invalid usage of sys_clone"); | 56 RAW_LOG(FATAL, "Invalid usage of sys_clone"); |
44 } | 57 } |
45 | 58 |
46 // See kernel/fork.c in Linux. There is different ordering of sys_clone | 59 char stack[PTHREAD_STACK_MIN]; |
47 // parameters depending on CONFIG_CLONE_BACKWARDS* configuration options. | 60 jmp_buf env; |
48 #if defined(ARCH_CPU_X86_64) | 61 if (setjmp(env) == 0) { |
49 return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); | 62 // We use the libc clone wrapper instead of making the syscall |
50 #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ | 63 // directly because making the syscall may fail to update the libc's |
51 defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_MIPS64_FAMILY) | 64 // internal pid cache. The libc interface unfortunately requires |
52 // CONFIG_CLONE_BACKWARDS defined. | 65 // specifying a new stack, so we use setjmp/longjmp to emulate |
53 return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); | 66 // fork-like behavior. |
54 #endif | 67 return clone(&clone_helper, stack + sizeof(stack), flags, &env, ptid, tls, |
mdempsky
2014/12/15 20:30:08
"stack + sizeof(stack)" is technically wrong on st
jln (very slow on Chromium)
2014/12/15 23:31:35
You mean stack grows-up architecture.
How could w
mdempsky
2014/12/15 23:55:01
Yep, oops.
rickyz (no longer on Chrome)
2014/12/16 00:35:09
Here's a version that detects the direction of sta
jln (very slow on Chromium)
2014/12/16 01:11:22
Yes, I think Matthew's suggestion is best. It's fa
rickyz (no longer on Chrome)
2014/12/16 01:30:08
Done.
| |
68 ctid); | |
69 } | |
70 | |
71 return 0; | |
72 } | |
73 | |
74 long sys_clone(unsigned long flags) { | |
75 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); | |
55 } | 76 } |
56 | 77 |
57 void sys_exit_group(int status) { | 78 void sys_exit_group(int status) { |
58 syscall(__NR_exit_group, status); | 79 syscall(__NR_exit_group, status); |
59 } | 80 } |
60 | 81 |
61 int sys_seccomp(unsigned int operation, | 82 int sys_seccomp(unsigned int operation, |
62 unsigned int flags, | 83 unsigned int flags, |
63 const struct sock_fprog* args) { | 84 const struct sock_fprog* args) { |
64 return syscall(__NR_seccomp, operation, flags, args); | 85 return syscall(__NR_seccomp, operation, flags, args); |
65 } | 86 } |
66 | 87 |
67 int sys_prlimit64(pid_t pid, | 88 int sys_prlimit64(pid_t pid, |
68 int resource, | 89 int resource, |
69 const struct rlimit64* new_limit, | 90 const struct rlimit64* new_limit, |
70 struct rlimit64* old_limit) { | 91 struct rlimit64* old_limit) { |
71 return syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); | 92 return syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); |
72 } | 93 } |
73 | 94 |
74 } // namespace sandbox | 95 } // namespace sandbox |
OLD | NEW |