[MIPS] Add seccomp bpf support

sandbox/linux/seccomp-bpf/trap.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/seccomp-bpf/trap.h"
 
 #include <errno.h>
 #include <signal.h>
 #include <string.h>
 #include <sys/prctl.h>
 #include <sys/syscall.h>
 
 #include <limits>
 
 #include "base/logging.h"
 #include "sandbox/linux/seccomp-bpf/codegen.h"
 #include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/kernel_return_value_helpers.h"
 #include "sandbox/linux/seccomp-bpf/syscall.h"
 
 // Android's signal.h doesn't define ucontext etc.
 #if defined(OS_ANDROID)
 #include "sandbox/linux/services/android_ucontext.h"
 #endif
 
 namespace {
 
 const int kCapacityIncrement = 20;
@@ skipping 115 matching lines @@
   // Obtain the signal context. This, most notably, gives us access to
   // all CPU registers at the time of the signal.
   ucontext_t* ctx = reinterpret_cast<ucontext_t*>(void_context);
 
   // Obtain the siginfo information that is specific to SIGSYS. Unfortunately,
   // most versions of glibc don't include this information in siginfo_t. So,
   // we need to explicitly copy it into a arch_sigsys structure.
   struct arch_sigsys sigsys;
   memcpy(&sigsys, &info->_sifields, sizeof(sigsys));
 
+  bool sigsys_nr_is_bad = true;
+#if defined(__mips__)
+  // When indirect syscall (syscall(__NR_foo, ...)) is made on Mips, the
+  // number in register SECCOMP_SYSCALL(ctx) is always __NR_syscall and the
+  // real number of a syscall (__NR_foo) is in SECCOMP_PARM1(ctx)
+  sigsys_nr_is_bad = sigsys.nr != static_cast<int>(SECCOMP_SYSCALL(ctx)) &&
+                     sigsys.nr != static_cast<int>(SECCOMP_PARM1(ctx));
+#else
+  sigsys_nr_is_bad = sigsys.nr != static_cast<int>(SECCOMP_SYSCALL(ctx));
+#endif
+
   // Some more sanity checks.
   if (sigsys.ip != reinterpret_cast<void*>(SECCOMP_IP(ctx)) ||
-      sigsys.nr != static_cast<int>(SECCOMP_SYSCALL(ctx)) ||
+      sigsys_nr_is_bad ||
       sigsys.arch != SECCOMP_ARCH) {
     // TODO(markus):
     // SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal
     // safe and can lead to bugs. We should eventually implement a different
     // logging and reporting mechanism that is safe to be called from
     // the sigSys() handler.
     RAW_SANDBOX_DIE("Sanity checks are failing after receiving SIGSYS.");
   }
 
   intptr_t rc;
   if (has_unsafe_traps_ && GetIsInSigHandler(ctx)) {
     errno = old_errno;
     if (sigsys.nr == __NR_clone) {
       RAW_SANDBOX_DIE("Cannot call clone() from an UnsafeTrap() handler.");
     }
-    rc = SandboxSyscall(sigsys.nr,
+    rc = SandboxSyscall(SECCOMP_SYSCALL(ctx),
                         SECCOMP_PARM1(ctx),
                         SECCOMP_PARM2(ctx),
                         SECCOMP_PARM3(ctx),
                         SECCOMP_PARM4(ctx),
                         SECCOMP_PARM5(ctx),
                         SECCOMP_PARM6(ctx));
   } else {
     const ErrorCode& err = trap_array_[info->si_errno - 1];
     if (!err.safe_) {
       SetIsInSigHandler();
     }
 
     // Copy the seccomp-specific data into a arch_seccomp_data structure. This
     // is what we are showing to TrapFnc callbacks that the system call
     // evaluator registered with the sandbox.
     struct arch_seccomp_data data = {
-        sigsys.nr, SECCOMP_ARCH, reinterpret_cast<uint64_t>(sigsys.ip),
+        static_cast<int>SECCOMP_SYSCALL(ctx), SECCOMP_ARCH,
+        reinterpret_cast<uint64_t>(sigsys.ip),
         {static_cast<uint64_t>(SECCOMP_PARM1(ctx)),
          static_cast<uint64_t>(SECCOMP_PARM2(ctx)),
          static_cast<uint64_t>(SECCOMP_PARM3(ctx)),
          static_cast<uint64_t>(SECCOMP_PARM4(ctx)),
          static_cast<uint64_t>(SECCOMP_PARM5(ctx)),
          static_cast<uint64_t>(SECCOMP_PARM6(ctx))}};
 
     // Now call the TrapFnc callback associated with this particular instance
     // of SECCOMP_RET_TRAP.
     rc = err.fnc_(data, err.aux_);

[jln (very slow on Chromium), 2014/06/03 01:00:33]

I think we'll need to change the interface of the trap handlers unfortunately :(

From (const struct arch_seccomp_data& args, void* aux) to something like:

(const struct arch_seccomp_data& args, bool* is_error, void* aux).

This will require quite a bit of refactor, sorry about that.

   }
 
   // Update the CPU register that stores the return code of the system call
   // that we just handled, and restore "errno" to the value that it had
   // before entering the signal handler.
-  SECCOMP_RESULT(ctx) = static_cast<greg_t>(rc);
+  PutValueInUcontext(static_cast<int>(rc), ctx);

[jln (very slow on Chromium), 2014/06/03 01:00:33]

You're silently truncating |rc|. This is not correct on 64 bits architectures.

[nedeljko, 2014/06/03 15:32:18]

I changed this.

   errno = old_errno;
 
   return;
 }
 
 bool Trap::TrapKey::operator<(const TrapKey& o) const {
   if (fnc != o.fnc) {
     return fnc < o.fnc;
   } else if (aux != o.aux) {
     return aux < o.aux;
@@ skipping 133 matching lines @@
   if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) {
     return global_trap_->trap_array_[id - 1];
   } else {
     return ErrorCode();
   }
 }
 
 Trap* Trap::global_trap_;
 
 }  // namespace sandbox