Index: sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
index 6b959ac928c0091904c4445dc01685e5ff679925..e82eb0dd1d5633895334dbf8e0df25110d231c2c 100644 |
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
@@ -44,11 +44,35 @@ void WriteToStdErr(const char* error_message, size_t size) { |
} |
} |
+// Invalid syscall values are truncated to zero. |
+// On architectures where base value is zero (Intel and Arm), |
+// syscall number is the same as offset from base. |
+// This function returns values between 0 an 1023 on archs other than Mips. |
jln (very slow on Chromium)
2014/06/03 01:00:33
s/an/and/
Also, this statement should be "on all
nedeljko
2014/06/03 15:32:18
Done.
|
+// On architectures where base value is different than zero (currently only |
+// Mips), we are truncating valid syscall value to offset from base. |
+// This function returns values between 0 and 350 on Mips (O32 ABI). |
+uint32_t SyscallNumberToOffsetFromBase(uint32_t sysno) { |
+#if defined(__mips__) |
+ // On MIPS syscall numbers are in different range than on x86 and ARM. |
+ // Valid MIPS O32 ABI syscall __NR_syscall will be truncated to zero for |
+ // simlicity. |
+ if (sysno > __NR_Linux && sysno <= __NR_Linux + __NR_Linux_syscalls) |
+ sysno = sysno - __NR_Linux; |
+ else |
+ sysno = 0; |
+#else |
+ if (sysno >= 1024) |
+ sysno = 0; |
+#endif |
+ return sysno; |
+} |
+ |
// Print a seccomp-bpf failure to handle |sysno| to stderr in an |
// async-signal safe way. |
void PrintSyscallError(uint32_t sysno) { |
if (sysno >= 1024) |
sysno = 0; |
+ |
// TODO(markus): replace with async-signal safe snprintf when available. |
const size_t kNumDigits = 4; |
char sysno_base10[kNumDigits]; |
@@ -59,8 +83,14 @@ void PrintSyscallError(uint32_t sysno) { |
rem /= 10; |
sysno_base10[i] = '0' + mod; |
} |
+#if defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32) |
+ static const char kSeccompErrorPrefix[] = |
+ __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT |
+ " in syscall 4000 + "; |
+#else |
static const char kSeccompErrorPrefix[] = |
__FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall "; |
+#endif |
static const char kSeccompErrorPostfix[] = "\n"; |
WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1); |
WriteToStdErr(sysno_base10, sizeof(sysno_base10)); |
@@ -72,9 +102,8 @@ void PrintSyscallError(uint32_t sysno) { |
namespace sandbox { |
intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) { |
- uint32_t syscall = args.nr; |
- if (syscall >= 1024) |
- syscall = 0; |
+ uint32_t syscall = SyscallNumberToOffsetFromBase(args.nr); |
+ |
PrintSyscallError(syscall); |
// Encode 8-bits of the 1st two arguments too, so we can discern which socket |