Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1165)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/trap.cc

Issue 18656004: Added a new SafeSPrintf() function that implements snprintf() in an async-safe-fashion (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressed Jeffrey's comments Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« base/debug/stack_trace_unittest.cc ('K') | « sandbox/linux/seccomp-bpf/die.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <errno.h> 5 #include <errno.h>
6 #include <signal.h> 6 #include <signal.h>
7 #include <string.h> 7 #include <string.h>
8 #include <sys/prctl.h> 8 #include <sys/prctl.h>
9 #include <sys/syscall.h> 9 #include <sys/syscall.h>
10 10
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 SANDBOX_DIE("This can't happen. Found no global singleton instance " 107 SANDBOX_DIE("This can't happen. Found no global singleton instance "
108 "for Trap() handling."); 108 "for Trap() handling.");
109 } 109 }
110 global_trap_->SigSys(nr, info, void_context); 110 global_trap_->SigSys(nr, info, void_context);
111 } 111 }
112 112
113 void Trap::SigSys(int nr, siginfo_t *info, void *void_context) { 113 void Trap::SigSys(int nr, siginfo_t *info, void *void_context) {
114 // Various sanity checks to make sure we actually received a signal 114 // Various sanity checks to make sure we actually received a signal
115 // triggered by a BPF filter. If something else triggered SIGSYS 115 // triggered by a BPF filter. If something else triggered SIGSYS
116 // (e.g. kill()), there is really nothing we can do with this signal. 116 // (e.g. kill()), there is really nothing we can do with this signal.
117 if (nr != SIGSYS || info->si_code != SYS_SECCOMP || !void_context || 117 // NOTE: SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal
118 info->si_errno <= 0 || 118 // safe and can lead to bugs. We should eventually implement a different
119 // logging and reporting mechanism that is safe to be called from
120 // the sigSys() handler.
121 // TODO: If we feel confident that our code otherwise works correctly, we
122 // could actually make an argument that spurious SIGSYS should
123 // just get silently ignored. TBD
124 if (nr != SIGSYS) {
125 SANDBOX_DIE("SIGSYS handler called with unexpected signal number %d.", nr);
126 }
127 if (info->si_code != SYS_SECCOMP) {
128 SANDBOX_DIE("SIGSYS handler called with unexpected signal code %x "
129 "(expected %x).", info->si_code, SYS_SECCOMP);
130 }
131 if (!void_context) {
132 SANDBOX_DIE("SIGSYS handler called without a signal context.");
133 }
134 if (info->si_errno <= 0 ||
119 static_cast<size_t>(info->si_errno) > trap_array_size_) { 135 static_cast<size_t>(info->si_errno) > trap_array_size_) {
120 // SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal 136 SANDBOX_DIE("SIGSYS handler called for unexpected trap number %d. We "
121 // safe and can lead to bugs. We should eventually implement a different 137 "expect traps to be bigger than 0 and less or equal to %d.",
122 // logging and reporting mechanism that is safe to be called from 138 info->si_errno, trap_array_size_);
123 // the sigSys() handler.
124 // TODO: If we feel confident that our code otherwise works correctly, we
125 // could actually make an argument that spurious SIGSYS should
126 // just get silently ignored. TBD
127 SANDBOX_DIE("Unexpected SIGSYS received.");
128 } 139 }
129 140
130 // Signal handlers should always preserve "errno". Otherwise, we could 141 // Signal handlers should always preserve "errno". Otherwise, we could
131 // trigger really subtle bugs. 142 // trigger really subtle bugs.
132 const int old_errno = errno; 143 const int old_errno = errno;
133 144
134 // Obtain the signal context. This, most notably, gives us access to 145 // Obtain the signal context. This, most notably, gives us access to
135 // all CPU registers at the time of the signal. 146 // all CPU registers at the time of the signal.
136 ucontext_t *ctx = reinterpret_cast<ucontext_t *>(void_context); 147 ucontext_t *ctx = reinterpret_cast<ucontext_t *>(void_context);
137 148
(...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after
335 if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) { 346 if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) {
336 return global_trap_->trap_array_[id - 1]; 347 return global_trap_->trap_array_[id - 1];
337 } else { 348 } else {
338 return ErrorCode(); 349 return ErrorCode();
339 } 350 }
340 } 351 }
341 352
342 Trap *Trap::global_trap_; 353 Trap *Trap::global_trap_;
343 354
344 } // namespace playground2 355 } // namespace playground2
OLDNEW
« base/debug/stack_trace_unittest.cc ('K') | « sandbox/linux/seccomp-bpf/die.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698