Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(75)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 22349002: Linux Sandbox: print to stderr in CrashSIGSYS_Handler (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Small nits. Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <asm/unistd.h> 5 #include <asm/unistd.h>
6 #include <dlfcn.h> 6 #include <dlfcn.h>
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <linux/audit.h> 9 #include <linux/audit.h>
10 #include <linux/filter.h> 10 #include <linux/filter.h>
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
98 } 98 }
99 99
100 inline bool IsUsingToolKitGtk() { 100 inline bool IsUsingToolKitGtk() {
101 #if defined(TOOLKIT_GTK) 101 #if defined(TOOLKIT_GTK)
102 return true; 102 return true;
103 #else 103 #else
104 return false; 104 return false;
105 #endif 105 #endif
106 } 106 }
107 107
108 // Write |error_message| to stderr. Similar to RawLog(), but a bit more careful
109 // about async-signal safety. |size| is the size to write and should typically
110 // not include a terminating \0.
111 void WriteToStdErr(const char* error_message, size_t size) {
112 while (size > 0) {
113 // TODO(jln): query the current policy to check if send() is available and
114 // use it to perform a non blocking write.
115 const int ret = HANDLE_EINTR(write(STDERR_FILENO, error_message, size));
116 // We can't handle any type of error here.
117 if (ret <= 0 || static_cast<size_t>(ret) > size) break;
118 size -= ret;
119 error_message += ret;
120 }
121 }
122
123 // Print a seccomp-bpf failure to handle |sysno| to stderr in an
124 // async-signal safe way.
125 void PrintSyscallError(uint32_t sysno) {
126 if (sysno >= 1024)
127 sysno = 0;
128 // TODO(markus): replace with async-signal safe snprintf when available.
129 const size_t kNumDigits = 4;
130 char sysno_base10[kNumDigits];
131 uint32_t rem = sysno;
132 uint32_t mod = 0;
133 for (int i = kNumDigits - 1; i >= 0; i--) {
134 mod = rem % 10;
135 rem /= 10;
136 sysno_base10[i] = '0' + mod;
137 }
138 static const char kSeccompErrorPrefix[] =
139 __FILE__":**CRASHING**:seccomp-bpf failure in syscall ";
140 static const char kSeccompErrorPostfix[] = "\n";
141 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1);
142 WriteToStdErr(sysno_base10, sizeof(sysno_base10));
143 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1);
144 }
145
108 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) { 146 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {
109 uint32_t syscall = args.nr; 147 uint32_t syscall = args.nr;
110 if (syscall >= 1024) 148 if (syscall >= 1024)
111 syscall = 0; 149 syscall = 0;
150 PrintSyscallError(syscall);
151
112 // Encode 8-bits of the 1st two arguments too, so we can discern which socket 152 // Encode 8-bits of the 1st two arguments too, so we can discern which socket
113 // type, which fcntl, ... etc., without being likely to hit a mapped 153 // type, which fcntl, ... etc., without being likely to hit a mapped
114 // address. 154 // address.
115 // Do not encode more bits here without thinking about increasing the 155 // Do not encode more bits here without thinking about increasing the
116 // likelihood of collision with mapped pages. 156 // likelihood of collision with mapped pages.
117 syscall |= ((args.args[0] & 0xffUL) << 12); 157 syscall |= ((args.args[0] & 0xffUL) << 12);
118 syscall |= ((args.args[1] & 0xffUL) << 20); 158 syscall |= ((args.args[1] & 0xffUL) << 20);
119 // Purposefully dereference the syscall as an address so it'll show up very 159 // Purposefully dereference the syscall as an address so it'll show up very
120 // clearly and easily in crash dumps. 160 // clearly and easily in crash dumps.
121 volatile char* addr = reinterpret_cast<volatile char*>(syscall); 161 volatile char* addr = reinterpret_cast<volatile char*>(syscall);
(...skipping 1902 matching lines...) Expand 10 before | Expand all | Expand 10 after
2024 return false; 2064 return false;
2025 } 2065 }
2026 2066
2027 #if defined(SECCOMP_BPF_SANDBOX) 2067 #if defined(SECCOMP_BPF_SANDBOX)
2028 playground2::BpfSandboxPolicyCallback SandboxSeccompBpf::GetBaselinePolicy() { 2068 playground2::BpfSandboxPolicyCallback SandboxSeccompBpf::GetBaselinePolicy() {
2029 return base::Bind(&BaselinePolicyWithAux); 2069 return base::Bind(&BaselinePolicyWithAux);
2030 } 2070 }
2031 #endif // defined(SECCOMP_BPF_SANDBOX) 2071 #endif // defined(SECCOMP_BPF_SANDBOX)
2032 2072
2033 } // namespace content 2073 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698