OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf/trap.h" | 5 #include "sandbox/linux/seccomp-bpf/trap.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <signal.h> | 8 #include <signal.h> |
9 #include <string.h> | 9 #include <string.h> |
10 #include <sys/prctl.h> | 10 #include <sys/prctl.h> |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
152 | 152 |
153 // Some more sanity checks. | 153 // Some more sanity checks. |
154 if (sigsys.ip != reinterpret_cast<void*>(SECCOMP_IP(ctx)) || | 154 if (sigsys.ip != reinterpret_cast<void*>(SECCOMP_IP(ctx)) || |
155 sigsys.nr != static_cast<int>(SECCOMP_SYSCALL(ctx)) || | 155 sigsys.nr != static_cast<int>(SECCOMP_SYSCALL(ctx)) || |
156 sigsys.arch != SECCOMP_ARCH) { | 156 sigsys.arch != SECCOMP_ARCH) { |
157 // TODO(markus): | 157 // TODO(markus): |
158 // SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal | 158 // SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal |
159 // safe and can lead to bugs. We should eventually implement a different | 159 // safe and can lead to bugs. We should eventually implement a different |
160 // logging and reporting mechanism that is safe to be called from | 160 // logging and reporting mechanism that is safe to be called from |
161 // the sigSys() handler. | 161 // the sigSys() handler. |
162 #if defined (__mips__) | |
jln (very slow on Chromium)
2014/05/02 20:42:04
style: #if defined(), no space.
nedeljko
2014/05/07 15:40:05
Done.
| |
163 // When indirect syscall (syscall(__NR_foo, ...)) is made on Mips, number | |
164 // in register SECCOMP_SYSCALL(ctx) is always __NR_syscall and real | |
165 // number of a syscall (__NR_foo) is in SECCOMP_PARM1(ctx) | |
166 if (sigsys.nr != static_cast<int>(SECCOMP_PARM1(ctx))) | |
167 RAW_SANDBOX_DIE("Sanity checks are failing after receiving SIGSYS."); | |
jln (very slow on Chromium)
2014/05/02 20:42:04
I don't think this is correct. The code is no long
nedeljko
2014/05/07 15:40:05
Done.
| |
168 #else | |
162 RAW_SANDBOX_DIE("Sanity checks are failing after receiving SIGSYS."); | 169 RAW_SANDBOX_DIE("Sanity checks are failing after receiving SIGSYS."); |
170 #endif | |
163 } | 171 } |
164 | 172 |
165 intptr_t rc; | 173 intptr_t rc; |
166 if (has_unsafe_traps_ && GetIsInSigHandler(ctx)) { | 174 if (has_unsafe_traps_ && GetIsInSigHandler(ctx)) { |
167 errno = old_errno; | 175 errno = old_errno; |
168 if (sigsys.nr == __NR_clone) { | 176 if (sigsys.nr == __NR_clone) { |
169 RAW_SANDBOX_DIE("Cannot call clone() from an UnsafeTrap() handler."); | 177 RAW_SANDBOX_DIE("Cannot call clone() from an UnsafeTrap() handler."); |
170 } | 178 } |
171 rc = SandboxSyscall(sigsys.nr, | 179 rc = SandboxSyscall(SECCOMP_SYSCALL(ctx), |
172 SECCOMP_PARM1(ctx), | 180 SECCOMP_PARM1(ctx), |
173 SECCOMP_PARM2(ctx), | 181 SECCOMP_PARM2(ctx), |
174 SECCOMP_PARM3(ctx), | 182 SECCOMP_PARM3(ctx), |
175 SECCOMP_PARM4(ctx), | 183 SECCOMP_PARM4(ctx), |
176 SECCOMP_PARM5(ctx), | 184 SECCOMP_PARM5(ctx), |
177 SECCOMP_PARM6(ctx)); | 185 SECCOMP_PARM6(ctx)); |
178 } else { | 186 } else { |
179 const ErrorCode& err = trap_array_[info->si_errno - 1]; | 187 const ErrorCode& err = trap_array_[info->si_errno - 1]; |
180 if (!err.safe_) { | 188 if (!err.safe_) { |
181 SetIsInSigHandler(); | 189 SetIsInSigHandler(); |
182 } | 190 } |
183 | 191 |
184 // Copy the seccomp-specific data into a arch_seccomp_data structure. This | 192 // Copy the seccomp-specific data into a arch_seccomp_data structure. This |
185 // is what we are showing to TrapFnc callbacks that the system call | 193 // is what we are showing to TrapFnc callbacks that the system call |
186 // evaluator registered with the sandbox. | 194 // evaluator registered with the sandbox. |
187 struct arch_seccomp_data data = { | 195 struct arch_seccomp_data data = { |
188 sigsys.nr, SECCOMP_ARCH, reinterpret_cast<uint64_t>(sigsys.ip), | 196 static_cast<int>SECCOMP_SYSCALL(ctx), SECCOMP_ARCH, |
197 reinterpret_cast<uint64_t>(sigsys.ip), | |
189 {static_cast<uint64_t>(SECCOMP_PARM1(ctx)), | 198 {static_cast<uint64_t>(SECCOMP_PARM1(ctx)), |
190 static_cast<uint64_t>(SECCOMP_PARM2(ctx)), | 199 static_cast<uint64_t>(SECCOMP_PARM2(ctx)), |
191 static_cast<uint64_t>(SECCOMP_PARM3(ctx)), | 200 static_cast<uint64_t>(SECCOMP_PARM3(ctx)), |
192 static_cast<uint64_t>(SECCOMP_PARM4(ctx)), | 201 static_cast<uint64_t>(SECCOMP_PARM4(ctx)), |
193 static_cast<uint64_t>(SECCOMP_PARM5(ctx)), | 202 static_cast<uint64_t>(SECCOMP_PARM5(ctx)), |
194 static_cast<uint64_t>(SECCOMP_PARM6(ctx))}}; | 203 static_cast<uint64_t>(SECCOMP_PARM6(ctx))}}; |
195 | 204 |
196 // Now call the TrapFnc callback associated with this particular instance | 205 // Now call the TrapFnc callback associated with this particular instance |
197 // of SECCOMP_RET_TRAP. | 206 // of SECCOMP_RET_TRAP. |
198 rc = err.fnc_(data, err.aux_); | 207 rc = err.fnc_(data, err.aux_); |
199 } | 208 } |
200 | 209 |
210 #if defined(__mips__) | |
211 // Mips ABI states that on error a3 CPU register should be set to one | |
212 // and if there is no error, it should be zero. | |
213 // The other difference from Intel and Arm is in that on error kernel | |
214 // returns positive value of errno. | |
215 if(rc < 0) { | |
216 rc = -rc; | |
jln (very slow on Chromium)
2014/05/02 20:42:04
Let's use a wrapper for this (see comment in other
nedeljko
2014/05/07 15:40:05
Done.
| |
217 SECCOMP_PARM4(ctx) = 1; | |
218 } else { | |
219 SECCOMP_PARM4(ctx) = 0; | |
220 } | |
221 #endif | |
201 // Update the CPU register that stores the return code of the system call | 222 // Update the CPU register that stores the return code of the system call |
202 // that we just handled, and restore "errno" to the value that it had | 223 // that we just handled, and restore "errno" to the value that it had |
203 // before entering the signal handler. | 224 // before entering the signal handler. |
204 SECCOMP_RESULT(ctx) = static_cast<greg_t>(rc); | 225 SECCOMP_RESULT(ctx) = static_cast<greg_t>(rc); |
205 errno = old_errno; | 226 errno = old_errno; |
206 | 227 |
207 return; | 228 return; |
208 } | 229 } |
209 | 230 |
210 bool Trap::TrapKey::operator<(const TrapKey& o) const { | 231 bool Trap::TrapKey::operator<(const TrapKey& o) const { |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
348 if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) { | 369 if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) { |
349 return global_trap_->trap_array_[id - 1]; | 370 return global_trap_->trap_array_[id - 1]; |
350 } else { | 371 } else { |
351 return ErrorCode(); | 372 return ErrorCode(); |
352 } | 373 } |
353 } | 374 } |
354 | 375 |
355 Trap* Trap::global_trap_; | 376 Trap* Trap::global_trap_; |
356 | 377 |
357 } // namespace sandbox | 378 } // namespace sandbox |
OLD | NEW |