sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc - Issue 260793003: [MIPS] Add seccomp bpf support

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

Issue 260793003: [MIPS] Add seccomp bpf support (Closed) Base URL: https://git.chromium.org/git/chromium/src.git@master

Patch Set: Update per code review Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

index 57dc24e8f880c1e8cb608a949aabb09771882ab6..39fa3f9ad4f7f7ac33f5420ba7cd6232c06ab5b6 100644

--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

@@ -45,6 +45,26 @@ void WriteToStdErr(const char* error_message, size_t size) {

}

+// Invalid syscall values are truncated to zero.

+// On architectures where base value is zero (Intel and Arm),

+// syscall number is the same as offset from base.

+// This function returns values between 0 and 1023 on all architectures.

+// On architectures where base value is different than zero (currently only

+// Mips), we are truncating valid syscall values to offset from base.

+uint32_t SyscallNumberToOffsetFromBase(uint32_t sysno) {

+#if defined(__mips__)

+ // On MIPS syscall numbers are in different range than on x86 and ARM.

+ // Valid MIPS O32 ABI syscall __NR_syscall will be truncated to zero for

+ // simplicity.

+ sysno = sysno - __NR_Linux;

+#endif

+ if (sysno >= 1024)

+ sysno = 0;

+ return sysno;

// Print a seccomp-bpf failure to handle |sysno| to stderr in an

// async-signal safe way.

void PrintSyscallError(uint32_t sysno) {

@@ -60,8 +80,13 @@ void PrintSyscallError(uint32_t sysno) {

rem /= 10;

sysno_base10[i] = '0' + mod;

}

+#if defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32)

+ static const char kSeccompErrorPrefix[] = __FILE__

+ ":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall 4000 + ";

+#else

static const char kSeccompErrorPrefix[] =

__FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall ";

+#endif

static const char kSeccompErrorPostfix[] = "\n";

WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1);

WriteToStdErr(sysno_base10, sizeof(sysno_base10));

@@ -73,9 +98,8 @@ void PrintSyscallError(uint32_t sysno) {

namespace sandbox {

intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {

- uint32_t syscall = args.nr;

- if (syscall >= 1024)

- syscall = 0;

+ uint32_t syscall = SyscallNumberToOffsetFromBase(args.nr);

PrintSyscallError(syscall);

// Encode 8-bits of the 1st two arguments too, so we can discern which socket