OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <errno.h> | 5 #include <errno.h> |
6 #include <pthread.h> | 6 #include <pthread.h> |
7 #include <sched.h> | 7 #include <sched.h> |
8 #include <signal.h> | 8 #include <signal.h> |
9 #include <sys/prctl.h> | 9 #include <sys/prctl.h> |
10 #include <sys/ptrace.h> | 10 #include <sys/ptrace.h> |
11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
12 #include <sys/time.h> | 12 #include <sys/time.h> |
13 #include <sys/types.h> | 13 #include <sys/types.h> |
14 #include <sys/utsname.h> | 14 #include <sys/utsname.h> |
15 #include <unistd.h> | 15 #include <unistd.h> |
| 16 #include <sys/socket.h> |
16 | 17 |
17 #if defined(ANDROID) | 18 #if defined(ANDROID) |
18 // Work-around for buggy headers in Android's NDK | 19 // Work-around for buggy headers in Android's NDK |
19 #define __user | 20 #define __user |
20 #endif | 21 #endif |
21 #include <linux/futex.h> | 22 #include <linux/futex.h> |
22 | 23 |
23 #include <ostream> | 24 #include <ostream> |
24 | 25 |
25 #include "base/bind.h" | 26 #include "base/bind.h" |
(...skipping 629 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
655 | 656 |
656 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { | 657 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { |
657 // We use the SIGBUS bit in the signal mask as a thread-local boolean | 658 // We use the SIGBUS bit in the signal mask as a thread-local boolean |
658 // value in the implementation of UnsafeTrap(). This is obviously a bit | 659 // value in the implementation of UnsafeTrap(). This is obviously a bit |
659 // of a hack that could conceivably interfere with code that uses SIGBUS | 660 // of a hack that could conceivably interfere with code that uses SIGBUS |
660 // in more traditional ways. This test verifies that basic functionality | 661 // in more traditional ways. This test verifies that basic functionality |
661 // of SIGBUS is not impacted, but it is certainly possibly to construe | 662 // of SIGBUS is not impacted, but it is certainly possibly to construe |
662 // more complex uses of signals where our use of the SIGBUS mask is not | 663 // more complex uses of signals where our use of the SIGBUS mask is not |
663 // 100% transparent. This is expected behavior. | 664 // 100% transparent. This is expected behavior. |
664 int fds[2]; | 665 int fds[2]; |
665 BPF_ASSERT(pipe(fds) == 0); | 666 BPF_ASSERT(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0); |
666 bus_handler_fd_ = fds[1]; | 667 bus_handler_fd_ = fds[1]; |
667 struct sigaction sa = {}; | 668 struct sigaction sa = {}; |
668 sa.sa_sigaction = SigBusHandler; | 669 sa.sa_sigaction = SigBusHandler; |
669 sa.sa_flags = SA_SIGINFO; | 670 sa.sa_flags = SA_SIGINFO; |
670 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); | 671 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); |
671 raise(SIGBUS); | 672 raise(SIGBUS); |
672 char c = '\000'; | 673 char c = '\000'; |
673 BPF_ASSERT(read(fds[0], &c, 1) == 1); | 674 BPF_ASSERT(read(fds[0], &c, 1) == 1); |
674 BPF_ASSERT(close(fds[0]) == 0); | 675 BPF_ASSERT(close(fds[0]) == 0); |
675 BPF_ASSERT(close(fds[1]) == 0); | 676 BPF_ASSERT(close(fds[1]) == 0); |
(...skipping 1307 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1983 if (SandboxBPF::SupportsSeccompSandbox(-1) != | 1984 if (SandboxBPF::SupportsSeccompSandbox(-1) != |
1984 sandbox::SandboxBPF::STATUS_AVAILABLE) { | 1985 sandbox::SandboxBPF::STATUS_AVAILABLE) { |
1985 return; | 1986 return; |
1986 } | 1987 } |
1987 | 1988 |
1988 #if defined(__arm__) | 1989 #if defined(__arm__) |
1989 printf("This test is currently disabled on ARM due to a kernel bug."); | 1990 printf("This test is currently disabled on ARM due to a kernel bug."); |
1990 return; | 1991 return; |
1991 #endif | 1992 #endif |
1992 | 1993 |
| 1994 #if defined(__mips__) |
| 1995 // TODO: Figure out how to support specificity of handling indirect syscalls |
| 1996 // in this test and enable it. |
| 1997 printf("This test is currently disabled on MIPS."); |
| 1998 return; |
| 1999 #endif |
| 2000 |
1993 pid_t pid = fork(); | 2001 pid_t pid = fork(); |
1994 BPF_ASSERT_NE(-1, pid); | 2002 BPF_ASSERT_NE(-1, pid); |
1995 if (pid == 0) { | 2003 if (pid == 0) { |
1996 pid_t my_pid = getpid(); | 2004 pid_t my_pid = getpid(); |
1997 BPF_ASSERT_NE(-1, ptrace(PTRACE_TRACEME, -1, NULL, NULL)); | 2005 BPF_ASSERT_NE(-1, ptrace(PTRACE_TRACEME, -1, NULL, NULL)); |
1998 BPF_ASSERT_EQ(0, raise(SIGSTOP)); | 2006 BPF_ASSERT_EQ(0, raise(SIGSTOP)); |
1999 SandboxBPF sandbox; | 2007 SandboxBPF sandbox; |
2000 sandbox.SetSandboxPolicy(new TraceAllPolicy); | 2008 sandbox.SetSandboxPolicy(new TraceAllPolicy); |
2001 BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); | 2009 BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); |
2002 | 2010 |
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2146 kLargeOffset)); | 2154 kLargeOffset)); |
2147 BPF_ASSERT_EQ(0, memcmp(kTestString, read_test_string, sizeof(kTestString))); | 2155 BPF_ASSERT_EQ(0, memcmp(kTestString, read_test_string, sizeof(kTestString))); |
2148 BPF_ASSERT(pread_64_was_forwarded); | 2156 BPF_ASSERT(pread_64_was_forwarded); |
2149 } | 2157 } |
2150 | 2158 |
2151 #endif // !defined(OS_ANDROID) | 2159 #endif // !defined(OS_ANDROID) |
2152 | 2160 |
2153 } // namespace | 2161 } // namespace |
2154 | 2162 |
2155 } // namespace sandbox | 2163 } // namespace sandbox |
OLD | NEW |