Chromium Code Reviews Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf/trap.h" | 5 #include "sandbox/linux/seccomp-bpf/trap.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <signal.h> | 8 #include <signal.h> |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 #include <sys/prctl.h> | 10 #include <sys/prctl.h> |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 152 | 152 |
| 153 // Some more sanity checks. | 153 // Some more sanity checks. |
| 154 if (sigsys.ip != reinterpret_cast<void*>(SECCOMP_IP(ctx)) || | 154 if (sigsys.ip != reinterpret_cast<void*>(SECCOMP_IP(ctx)) || |
| 155 sigsys.nr != static_cast<int>(SECCOMP_SYSCALL(ctx)) || | 155 sigsys.nr != static_cast<int>(SECCOMP_SYSCALL(ctx)) || |
| 156 sigsys.arch != SECCOMP_ARCH) { | 156 sigsys.arch != SECCOMP_ARCH) { |
| 157 // TODO(markus): | 157 // TODO(markus): |
| 158 // SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal | 158 // SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal |
| 159 // safe and can lead to bugs. We should eventually implement a different | 159 // safe and can lead to bugs. We should eventually implement a different |
| 160 // logging and reporting mechanism that is safe to be called from | 160 // logging and reporting mechanism that is safe to be called from |
| 161 // the sigSys() handler. | 161 // the sigSys() handler. |
| 162 #if defined (__mips__) | |
|
jln (very slow on Chromium)
2014/05/02 20:42:04
style: #if defined(), no space.
nedeljko
2014/05/07 15:40:05
Done.
| |
| 163 // When indirect syscall (syscall(__NR_foo, ...)) is made on Mips, number | |
| 164 // in register SECCOMP_SYSCALL(ctx) is always __NR_syscall and real | |
| 165 // number of a syscall (__NR_foo) is in SECCOMP_PARM1(ctx) | |
| 166 if (sigsys.nr != static_cast<int>(SECCOMP_PARM1(ctx))) | |
| 167 RAW_SANDBOX_DIE("Sanity checks are failing after receiving SIGSYS."); | |
|
jln (very slow on Chromium)
2014/05/02 20:42:04
I don't think this is correct. The code is no long
nedeljko
2014/05/07 15:40:05
Done.
| |
| 168 #else | |
| 162 RAW_SANDBOX_DIE("Sanity checks are failing after receiving SIGSYS."); | 169 RAW_SANDBOX_DIE("Sanity checks are failing after receiving SIGSYS."); |
| 170 #endif | |
| 163 } | 171 } |
| 164 | 172 |
| 165 intptr_t rc; | 173 intptr_t rc; |
| 166 if (has_unsafe_traps_ && GetIsInSigHandler(ctx)) { | 174 if (has_unsafe_traps_ && GetIsInSigHandler(ctx)) { |
| 167 errno = old_errno; | 175 errno = old_errno; |
| 168 if (sigsys.nr == __NR_clone) { | 176 if (sigsys.nr == __NR_clone) { |
| 169 RAW_SANDBOX_DIE("Cannot call clone() from an UnsafeTrap() handler."); | 177 RAW_SANDBOX_DIE("Cannot call clone() from an UnsafeTrap() handler."); |
| 170 } | 178 } |
| 171 rc = SandboxSyscall(sigsys.nr, | 179 rc = SandboxSyscall(SECCOMP_SYSCALL(ctx), |
| 172 SECCOMP_PARM1(ctx), | 180 SECCOMP_PARM1(ctx), |
| 173 SECCOMP_PARM2(ctx), | 181 SECCOMP_PARM2(ctx), |
| 174 SECCOMP_PARM3(ctx), | 182 SECCOMP_PARM3(ctx), |
| 175 SECCOMP_PARM4(ctx), | 183 SECCOMP_PARM4(ctx), |
| 176 SECCOMP_PARM5(ctx), | 184 SECCOMP_PARM5(ctx), |
| 177 SECCOMP_PARM6(ctx)); | 185 SECCOMP_PARM6(ctx)); |
| 178 } else { | 186 } else { |
| 179 const ErrorCode& err = trap_array_[info->si_errno - 1]; | 187 const ErrorCode& err = trap_array_[info->si_errno - 1]; |
| 180 if (!err.safe_) { | 188 if (!err.safe_) { |
| 181 SetIsInSigHandler(); | 189 SetIsInSigHandler(); |
| 182 } | 190 } |
| 183 | 191 |
| 184 // Copy the seccomp-specific data into a arch_seccomp_data structure. This | 192 // Copy the seccomp-specific data into a arch_seccomp_data structure. This |
| 185 // is what we are showing to TrapFnc callbacks that the system call | 193 // is what we are showing to TrapFnc callbacks that the system call |
| 186 // evaluator registered with the sandbox. | 194 // evaluator registered with the sandbox. |
| 187 struct arch_seccomp_data data = { | 195 struct arch_seccomp_data data = { |
| 188 sigsys.nr, SECCOMP_ARCH, reinterpret_cast<uint64_t>(sigsys.ip), | 196 static_cast<int>SECCOMP_SYSCALL(ctx), SECCOMP_ARCH, |
| 197 reinterpret_cast<uint64_t>(sigsys.ip), | |
| 189 {static_cast<uint64_t>(SECCOMP_PARM1(ctx)), | 198 {static_cast<uint64_t>(SECCOMP_PARM1(ctx)), |
| 190 static_cast<uint64_t>(SECCOMP_PARM2(ctx)), | 199 static_cast<uint64_t>(SECCOMP_PARM2(ctx)), |
| 191 static_cast<uint64_t>(SECCOMP_PARM3(ctx)), | 200 static_cast<uint64_t>(SECCOMP_PARM3(ctx)), |
| 192 static_cast<uint64_t>(SECCOMP_PARM4(ctx)), | 201 static_cast<uint64_t>(SECCOMP_PARM4(ctx)), |
| 193 static_cast<uint64_t>(SECCOMP_PARM5(ctx)), | 202 static_cast<uint64_t>(SECCOMP_PARM5(ctx)), |
| 194 static_cast<uint64_t>(SECCOMP_PARM6(ctx))}}; | 203 static_cast<uint64_t>(SECCOMP_PARM6(ctx))}}; |
| 195 | 204 |
| 196 // Now call the TrapFnc callback associated with this particular instance | 205 // Now call the TrapFnc callback associated with this particular instance |
| 197 // of SECCOMP_RET_TRAP. | 206 // of SECCOMP_RET_TRAP. |
| 198 rc = err.fnc_(data, err.aux_); | 207 rc = err.fnc_(data, err.aux_); |
| 199 } | 208 } |
| 200 | 209 |
| 210 #if defined(__mips__) | |
| 211 // Mips ABI states that on error a3 CPU register should be set to one | |
| 212 // and if there is no error, it should be zero. | |
| 213 // The other difference from Intel and Arm is in that on error kernel | |
| 214 // returns positive value of errno. | |
| 215 if(rc < 0) { | |
| 216 rc = -rc; | |
|
jln (very slow on Chromium)
2014/05/02 20:42:04
Let's use a wrapper for this (see comment in other
nedeljko
2014/05/07 15:40:05
Done.
| |
| 217 SECCOMP_PARM4(ctx) = 1; | |
| 218 } else { | |
| 219 SECCOMP_PARM4(ctx) = 0; | |
| 220 } | |
| 221 #endif | |
| 201 // Update the CPU register that stores the return code of the system call | 222 // Update the CPU register that stores the return code of the system call |
| 202 // that we just handled, and restore "errno" to the value that it had | 223 // that we just handled, and restore "errno" to the value that it had |
| 203 // before entering the signal handler. | 224 // before entering the signal handler. |
| 204 SECCOMP_RESULT(ctx) = static_cast<greg_t>(rc); | 225 SECCOMP_RESULT(ctx) = static_cast<greg_t>(rc); |
| 205 errno = old_errno; | 226 errno = old_errno; |
| 206 | 227 |
| 207 return; | 228 return; |
| 208 } | 229 } |
| 209 | 230 |
| 210 bool Trap::TrapKey::operator<(const TrapKey& o) const { | 231 bool Trap::TrapKey::operator<(const TrapKey& o) const { |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 348 if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) { | 369 if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) { |
| 349 return global_trap_->trap_array_[id - 1]; | 370 return global_trap_->trap_array_[id - 1]; |
| 350 } else { | 371 } else { |
| 351 return ErrorCode(); | 372 return ErrorCode(); |
| 352 } | 373 } |
| 353 } | 374 } |
| 354 | 375 |
| 355 Trap* Trap::global_trap_; | 376 Trap* Trap::global_trap_; |
| 356 | 377 |
| 357 } // namespace sandbox | 378 } // namespace sandbox |
| OLD | NEW |
