sandbox/linux/seccomp-bpf/sandbox_bpf.cc - Issue 11446011: sandbox-bpf: more robust probe process in release mode

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

Issue 11446011: sandbox-bpf: more robust probe process in release mode (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

index ff855b8a9cb131119963fd0829544b5f00e41b2b..0f144ce89c1b24d43b26ecb78a041dd7459686fc 100644

--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

@@ -20,6 +20,11 @@

#error Big endian operation is untested and expected to be broken

#endif

+#ifndef SECCOMP_BPF_STANDALONE

+#include "base/logging.h"

+#include "base/posix/eintr_wrapper.h"

+#endif

#include "sandbox/linux/seccomp-bpf/codegen.h"

#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"

#include "sandbox/linux/seccomp-bpf/syscall.h"

@@ -30,7 +35,9 @@ namespace {

void WriteFailedStderrSetupMessage(int out_fd) {

const char* error_string = strerror(errno);

- static const char msg[] = "Failed to set up stderr: ";

+ static const char msg[] = "You have reproduced a puzzling issue.\n"

+ "Please, report to crbug.com/152530!\n"

+ "Failed to set up stderr: ";

if (HANDLE_EINTR(write(out_fd, msg, sizeof(msg)-1)) > 0 && error_string &&

HANDLE_EINTR(write(out_fd, error_string, strlen(error_string))) > 0 &&

HANDLE_EINTR(write(out_fd, "\n", 1))) {

@@ -151,9 +158,14 @@ bool Sandbox::RunFunctionInPolicy(void (*CodeInSandbox)(),

// successfully turn on sandboxing.

Die::EnableSimpleExit();

+ errno = 0;

if (HANDLE_EINTR(close(fds[0]))) {

+ // This call to close() has been failing in strange ways. See

+ // crbug.com/152530. So we only fail in debug mode now.

+#if !defined(NDEBUG)

WriteFailedStderrSetupMessage(fds[1]);

SANDBOX_DIE(NULL);

+#endif

}

if (HANDLE_EINTR(dup2(fds[1], 2)) != 2) {

// Stderr could very well be a file descriptor to .xsession-errors, or

@@ -163,10 +175,19 @@ bool Sandbox::RunFunctionInPolicy(void (*CodeInSandbox)(),

// If dup2 fails here, we will continue normally, this means that our

// parent won't cause a fatal failure if something writes to stderr in

// this child.

+#if !defined(NDEBUG)

+ // In DEBUG builds, we still want to get a report.

+ WriteFailedStderrSetupMessage(fds[1]);

+ SANDBOX_DIE(NULL);

+#endif

}

if (HANDLE_EINTR(close(fds[1]))) {

+ // This call to close() has been failing in strange ways. See

+ // crbug.com/152530. So we only fail in debug mode now.

+#if !defined(NDEBUG)

WriteFailedStderrSetupMessage(fds[1]);

SANDBOX_DIE(NULL);

+#endif

}

evaluators_.clear();

« no previous file with comments | « no previous file | no next file » | no next file with comments »