Index: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
index 6b959ac928c0091904c4445dc01685e5ff679925..a04f8462362a48e0886d85700d976297bea9a6fb 100644 |
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
@@ -44,11 +44,33 @@ void WriteToStdErr(const char* error_message, size_t size) { |
} |
} |
+// Invalid syscall values are truncated to zero. |
+// On architectures where base value is zero (Intel and Arm), |
+// syscall number is the same as offset from base. |
+// On architectures where base value is different than zero (Mips), |
+// we are truncating valid syscall value to offset from base. |
jln (very slow on Chromium)
2014/05/28 00:06:57
Let's add the guarantee explicitly that sysno will
nedeljko
2014/05/28 09:33:43
for MIPS 0 to __NR_Linux_syscalls, for Intel/Arm 0
nedeljko
2014/05/29 14:06:45
Done.
|
+uint32_t SyscallNumberToOffsetFromBase(uint32_t sysno) { |
+#if defined(__mips__) |
+ // On MIPS syscall numbers are in different range than on x86 and ARM. |
+ // Valid MIPS O32 ABI syscall __NR_syscall will be truncated to zero for |
+ // simlicity. |
+ if (sysno > __NR_Linux && sysno <= __NR_Linux + __NR_Linux_syscalls) |
+ sysno = sysno - __NR_Linux; |
+ else |
+ sysno = 0; |
+#else |
+ if (sysno >= 1024) |
jln (very slow on Chromium)
2014/05/28 00:06:57
Let's do this unconditionally. On MIPS, this shoul
nedeljko
2014/05/28 09:33:43
I am not sure that I understand you correctly.
If
jln (very slow on Chromium)
2014/06/03 01:00:33
The "if (sysno >= 1024) sysno = 0" should be kept
|
+ sysno = 0; |
+#endif |
+ return sysno; |
+} |
+ |
// Print a seccomp-bpf failure to handle |sysno| to stderr in an |
// async-signal safe way. |
void PrintSyscallError(uint32_t sysno) { |
- if (sysno >= 1024) |
- sysno = 0; |
+ |
+ sysno = SyscallNumberToOffsetFromBase(sysno); |
+ |
// TODO(markus): replace with async-signal safe snprintf when available. |
const size_t kNumDigits = 4; |
char sysno_base10[kNumDigits]; |
@@ -59,8 +81,14 @@ void PrintSyscallError(uint32_t sysno) { |
rem /= 10; |
sysno_base10[i] = '0' + mod; |
} |
+#if defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32) |
+ static const char kSeccompErrorPrefix[] = |
+ __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT |
+ " in syscall 4000 + "; |
+#else |
static const char kSeccompErrorPrefix[] = |
__FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall "; |
+#endif |
static const char kSeccompErrorPostfix[] = "\n"; |
WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); |
WriteToStdErr(sysno_base10, sizeof(sysno_base10)); |
@@ -73,8 +101,7 @@ namespace sandbox { |
intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) { |
uint32_t syscall = args.nr; |
- if (syscall >= 1024) |
- syscall = 0; |
+ |
PrintSyscallError(syscall); |
jln (very slow on Chromium)
2014/05/28 00:06:57
The truncation here is important for security, as
nedeljko
2014/05/28 09:33:43
Calling SyscallNumberToOffsetFromBase() here is a
|
// Encode 8-bits of the 1st two arguments too, so we can discern which socket |