OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Note: any code in this file MUST be async-signal safe. | 5 // Note: any code in this file MUST be async-signal safe. |
6 | 6 |
7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
8 | 8 |
9 #include <unistd.h> | 9 #include <unistd.h> |
10 | 10 |
(...skipping 29 matching lines...) Expand all Loading... | |
40 // We can't handle any type of error here. | 40 // We can't handle any type of error here. |
41 if (ret <= 0 || static_cast<size_t>(ret) > size) break; | 41 if (ret <= 0 || static_cast<size_t>(ret) > size) break; |
42 size -= ret; | 42 size -= ret; |
43 error_message += ret; | 43 error_message += ret; |
44 } | 44 } |
45 } | 45 } |
46 | 46 |
47 // Print a seccomp-bpf failure to handle |sysno| to stderr in an | 47 // Print a seccomp-bpf failure to handle |sysno| to stderr in an |
48 // async-signal safe way. | 48 // async-signal safe way. |
49 void PrintSyscallError(uint32_t sysno) { | 49 void PrintSyscallError(uint32_t sysno) { |
50 #if defined(__mips__) | |
51 // On MIPS syscall numbers are in different range than on x86 and ARM | |
52 if ((sysno < __NR_Linux) || (sysno >= __NR_Linux + __NR_Linux_syscalls)) | |
jln (very slow on Chromium)
2014/05/02 20:42:04
What is the value of __NR_linux?
We need to make
nedeljko
2014/05/07 15:40:05
Value of __NR_Linux for is either 4000, 5000 or 60
| |
53 sysno = 0; | |
54 #else | |
50 if (sysno >= 1024) | 55 if (sysno >= 1024) |
51 sysno = 0; | 56 sysno = 0; |
57 #endif | |
52 // TODO(markus): replace with async-signal safe snprintf when available. | 58 // TODO(markus): replace with async-signal safe snprintf when available. |
53 const size_t kNumDigits = 4; | 59 const size_t kNumDigits = 4; |
54 char sysno_base10[kNumDigits]; | 60 char sysno_base10[kNumDigits]; |
55 uint32_t rem = sysno; | 61 uint32_t rem = sysno; |
56 uint32_t mod = 0; | 62 uint32_t mod = 0; |
57 for (int i = kNumDigits - 1; i >= 0; i--) { | 63 for (int i = kNumDigits - 1; i >= 0; i--) { |
58 mod = rem % 10; | 64 mod = rem % 10; |
59 rem /= 10; | 65 rem /= 10; |
60 sysno_base10[i] = '0' + mod; | 66 sysno_base10[i] = '0' + mod; |
61 } | 67 } |
62 static const char kSeccompErrorPrefix[] = | 68 static const char kSeccompErrorPrefix[] = |
63 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall "; | 69 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall "; |
64 static const char kSeccompErrorPostfix[] = "\n"; | 70 static const char kSeccompErrorPostfix[] = "\n"; |
65 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); | 71 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); |
66 WriteToStdErr(sysno_base10, sizeof(sysno_base10)); | 72 WriteToStdErr(sysno_base10, sizeof(sysno_base10)); |
67 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1); | 73 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1); |
68 } | 74 } |
69 | 75 |
70 } // namespace. | 76 } // namespace. |
71 | 77 |
72 namespace sandbox { | 78 namespace sandbox { |
73 | 79 |
74 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) { | 80 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) { |
75 uint32_t syscall = args.nr; | 81 uint32_t syscall = args.nr; |
82 #if defined(__mips__) | |
83 // On MIPS syscall numbers are in different range than on x86 and ARM | |
jln (very slow on Chromium)
2014/05/02 20:42:04
Let's make a function TruncSysnoToValu(int sysno,
nedeljko
2014/05/07 15:40:05
Done.
| |
84 if ((syscall < __NR_Linux) || (syscall >= __NR_Linux + __NR_Linux_syscalls)) | |
85 syscall = 0; | |
86 #else | |
76 if (syscall >= 1024) | 87 if (syscall >= 1024) |
77 syscall = 0; | 88 syscall = 0; |
89 #endif | |
78 PrintSyscallError(syscall); | 90 PrintSyscallError(syscall); |
79 | 91 |
80 // Encode 8-bits of the 1st two arguments too, so we can discern which socket | 92 // Encode 8-bits of the 1st two arguments too, so we can discern which socket |
81 // type, which fcntl, ... etc., without being likely to hit a mapped | 93 // type, which fcntl, ... etc., without being likely to hit a mapped |
82 // address. | 94 // address. |
83 // Do not encode more bits here without thinking about increasing the | 95 // Do not encode more bits here without thinking about increasing the |
84 // likelihood of collision with mapped pages. | 96 // likelihood of collision with mapped pages. |
85 syscall |= ((args.args[0] & 0xffUL) << 12); | 97 syscall |= ((args.args[0] & 0xffUL) << 12); |
86 syscall |= ((args.args[1] & 0xffUL) << 20); | 98 syscall |= ((args.args[1] & 0xffUL) << 20); |
87 // Purposefully dereference the syscall as an address so it'll show up very | 99 // Purposefully dereference the syscall as an address so it'll show up very |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
174 | 186 |
175 const char* GetPrctlErrorMessageContentForTests() { | 187 const char* GetPrctlErrorMessageContentForTests() { |
176 return SECCOMP_MESSAGE_PRCTL_CONTENT; | 188 return SECCOMP_MESSAGE_PRCTL_CONTENT; |
177 } | 189 } |
178 | 190 |
179 const char* GetIoctlErrorMessageContentForTests() { | 191 const char* GetIoctlErrorMessageContentForTests() { |
180 return SECCOMP_MESSAGE_IOCTL_CONTENT; | 192 return SECCOMP_MESSAGE_IOCTL_CONTENT; |
181 } | 193 } |
182 | 194 |
183 } // namespace sandbox. | 195 } // namespace sandbox. |
OLD | NEW |