OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/syscall_wrappers.h" | 5 #include "sandbox/linux/services/syscall_wrappers.h" |
6 | 6 |
7 #include <pthread.h> | |
8 #include <sched.h> | |
9 #include <setjmp.h> | |
10 #include <sys/resource.h> | 7 #include <sys/resource.h> |
11 #include <sys/syscall.h> | 8 #include <sys/syscall.h> |
12 #include <sys/time.h> | 9 #include <sys/time.h> |
13 #include <sys/types.h> | 10 #include <sys/types.h> |
14 #include <unistd.h> | 11 #include <unistd.h> |
15 | 12 |
16 #include "base/logging.h" | 13 #include "base/logging.h" |
17 #include "build/build_config.h" | 14 #include "build/build_config.h" |
18 #include "sandbox/linux/services/linux_syscalls.h" | 15 #include "sandbox/linux/services/linux_syscalls.h" |
19 | 16 |
20 namespace sandbox { | 17 namespace sandbox { |
21 | 18 |
22 pid_t sys_getpid(void) { | 19 pid_t sys_getpid(void) { |
23 return syscall(__NR_getpid); | 20 return syscall(__NR_getpid); |
24 } | 21 } |
25 | 22 |
26 pid_t sys_gettid(void) { | 23 pid_t sys_gettid(void) { |
27 return syscall(__NR_gettid); | 24 return syscall(__NR_gettid); |
28 } | 25 } |
29 | 26 |
30 namespace { | 27 long sys_clone(unsigned long flags) { |
31 | 28 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); |
32 int CloneHelper(void* arg) { | |
33 jmp_buf* env_ptr = reinterpret_cast<jmp_buf*>(arg); | |
34 // This function runs on the stack specified on the clone call. Use longjmp to | |
35 // switch back to the original stack so the child can return from sys_clone. | |
36 longjmp(*env_ptr, 1); | |
37 | |
38 // Should not be reached. | |
39 RAW_CHECK(false); | |
40 return 1; | |
41 } | 29 } |
42 | 30 |
43 } // namespace | |
44 | |
45 long sys_clone(unsigned long flags, | 31 long sys_clone(unsigned long flags, |
46 decltype(nullptr) child_stack, | 32 void* child_stack, |
47 pid_t* ptid, | 33 pid_t* ptid, |
48 pid_t* ctid, | 34 pid_t* ctid, |
49 decltype(nullptr) tls) { | 35 decltype(nullptr) tls) { |
50 const bool clone_tls_used = flags & CLONE_SETTLS; | 36 const bool clone_tls_used = flags & CLONE_SETTLS; |
51 const bool invalid_ctid = | 37 const bool invalid_ctid = |
52 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; | 38 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; |
53 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; | 39 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; |
| 40 const bool invalid_stack = (flags & CLONE_VM) && !child_stack; |
54 | 41 |
55 // Since child_stack must be nullptr, we do not support CLONE_VM. | 42 if (clone_tls_used || invalid_ctid || invalid_ptid || invalid_stack) { |
56 const bool clone_vm_used = flags & CLONE_VM; | |
57 | |
58 if (clone_tls_used || invalid_ctid || invalid_ptid || clone_vm_used) { | |
59 RAW_LOG(FATAL, "Invalid usage of sys_clone"); | 43 RAW_LOG(FATAL, "Invalid usage of sys_clone"); |
60 } | 44 } |
61 | 45 |
62 jmp_buf env; | 46 // See kernel/fork.c in Linux. There is different ordering of sys_clone |
63 if (setjmp(env) == 0) { | 47 // parameters depending on CONFIG_CLONE_BACKWARDS* configuration options. |
64 // We use the libc clone wrapper instead of making the syscall | 48 #if defined(ARCH_CPU_X86_64) |
65 // directly because making the syscall may fail to update the libc's | 49 return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); |
66 // internal pid cache. The libc interface unfortunately requires | 50 #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ |
67 // specifying a new stack, so we use setjmp/longjmp to emulate | 51 defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_MIPS64_FAMILY) |
68 // fork-like behavior. | 52 // CONFIG_CLONE_BACKWARDS defined. |
69 char stack_buf[PTHREAD_STACK_MIN]; | 53 return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); |
70 #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \ | |
71 defined(ARCH_CPU_MIPS64_FAMILY) || defined(ARCH_CPU_MIPS_FAMILY) | |
72 // The stack grows downward. | |
73 void* stack = stack_buf + sizeof(stack_buf); | |
74 #else | |
75 #error "Unsupported architecture" | |
76 #endif | 54 #endif |
77 return clone(&CloneHelper, stack, flags, &env, ptid, tls, ctid); | |
78 } | |
79 | |
80 return 0; | |
81 } | |
82 | |
83 long sys_clone(unsigned long flags) { | |
84 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); | |
85 } | 55 } |
86 | 56 |
87 void sys_exit_group(int status) { | 57 void sys_exit_group(int status) { |
88 syscall(__NR_exit_group, status); | 58 syscall(__NR_exit_group, status); |
89 } | 59 } |
90 | 60 |
91 int sys_seccomp(unsigned int operation, | 61 int sys_seccomp(unsigned int operation, |
92 unsigned int flags, | 62 unsigned int flags, |
93 const struct sock_fprog* args) { | 63 const struct sock_fprog* args) { |
94 return syscall(__NR_seccomp, operation, flags, args); | 64 return syscall(__NR_seccomp, operation, flags, args); |
95 } | 65 } |
96 | 66 |
97 int sys_prlimit64(pid_t pid, | 67 int sys_prlimit64(pid_t pid, |
98 int resource, | 68 int resource, |
99 const struct rlimit64* new_limit, | 69 const struct rlimit64* new_limit, |
100 struct rlimit64* old_limit) { | 70 struct rlimit64* old_limit) { |
101 return syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); | 71 return syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); |
102 } | 72 } |
103 | 73 |
104 } // namespace sandbox | 74 } // namespace sandbox |
OLD | NEW |