sandbox/linux/seccomp-bpf/sandbox_bpf.cc - Issue 1095133003: Linux sandbox: workaround colliding system call.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

Issue 1095133003: Linux sandbox: workaround colliding system call. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Better comments Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

index af397dfaa35b8c583b4c450bf69e1192d3a72bc9..f940337623b73088d0878b9eb15c0a0ff9285435 100644

--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

@@ -59,9 +59,40 @@ bool KernelSupportsSeccompBPF() {

return false;

}

+// LG introduced a buggy syscall, sys_set_media_ext with the same number as

palmer 2015/04/23 18:20:23 Nit: "...syscall, sys_set_media_ext, with..."

jln (very slow on Chromium) 2015/04/23 18:23:00 Done.

+// seccomp. Return true if the current kernel has this buggy syscall.

+//

+// We want this to work with upcoming versions of seccomp, so we pass bogus

+// flags that are unlikely to ever be used by the kernel. A normal kernel would

+// return -EINVAL, but a buggy LG kernel would return 1.

+bool KernelHasLGBug() {

+#if defined(OS_ANDROID)

+ // sys_set_media will see this as NULL, which should be a safe (non-crashing)

+ // way to invoke it. A genuine seccomp syscall will see it as

+ // SECCOMP_SET_MODE_STRICT.

+ const unsigned int operation = 0;

+ // Chosen by fair dice roll. Guaranteed to be random.

+ const unsigned int flags = 0xf7a46a5c;

+ const int rv = sys_seccomp(operation, flags, nullptr);

+ // A genuine kernel would return -EINVAL (which would set rv to -1 and errno

+ // to EINVAL), or at the very least return some kind of error (which would

+ // set rv to -1). Any other behavior indicates that whatever code received

+ // our syscall was not the real seccomp.

+ if (rv != -1) {

+ return true;

+ }

+#endif // defined(OS_ANDROID)

+ return false;

// Check if the kernel supports seccomp-filter via the seccomp system call

// and the TSYNC feature to enable seccomp on all threads.

bool KernelSupportsSeccompTsync() {

+ if (KernelHasLGBug()) {

+ return false;

+ }

errno = 0;

const int rv =

sys_seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, nullptr);

« no previous file with comments | « no previous file | no next file » | no next file with comments »