summaryrefslogtreecommitdiffstats
path: root/content/common/sandbox_init_linux.cc
diff options
context:
space:
mode:
authorcevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-19 21:48:44 +0000
committercevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-19 21:48:44 +0000
commita42fcc2457e77f0b9947fed4131bc5d8720b31a8 (patch)
tree8c468a3975d6bc2dfed511163dddb892054d250d /content/common/sandbox_init_linux.cc
parenta417100144c4b7d0d48be6eed4dda8556c8be1fd (diff)
downloadchromium_src-a42fcc2457e77f0b9947fed4131bc5d8720b31a8.zip
chromium_src-a42fcc2457e77f0b9947fed4131bc5d8720b31a8.tar.gz
chromium_src-a42fcc2457e77f0b9947fed4131bc5d8720b31a8.tar.bz2
Handle three syscalls seen so far in crash logs.
socket() is interesting; best guess would be trying to connect to nscd? Easily could happen in logging or error code due to getpwnam() or similar. For now, fail it out to see if any other syscall pops up next. Review URL: https://chromiumcodereview.appspot.com/10041046 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@133064 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_init_linux.cc')
-rw-r--r--content/common/sandbox_init_linux.cc16
1 files changed, 15 insertions, 1 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index 5ae816f..b44034f 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -66,13 +66,25 @@ static void SIGSYS_Handler(int signal, siginfo_t* info, void* void_context) {
if (!void_context)
return;
ucontext_t* context = reinterpret_cast<ucontext_t*>(void_context);
- unsigned int syscall = context->uc_mcontext.gregs[REG_RAX];
+ uintptr_t syscall = context->uc_mcontext.gregs[REG_RAX];
if (syscall >= 1024)
syscall = 0;
+ // Encode 8-bits of the 1st two arguments too, so we can discern which socket
+ // type, which fcntl, ... etc., without being likely to hit a mapped
+ // address.
+ // Do not encode more bits here without thinking about increasing the
+ // likelihood of collision with mapped pages.
+ syscall |= ((context->uc_mcontext.gregs[REG_RDI] & 0xffUL) << 12);
+ syscall |= ((context->uc_mcontext.gregs[REG_RSI] & 0xffUL) << 20);
// Purposefully dereference the syscall as an address so it'll show up very
// clearly and easily in crash dumps.
volatile char* addr = reinterpret_cast<volatile char*>(syscall);
*addr = '\0';
+ // In case we hit a mapped address, hit the null page with just the syscall,
+ // for paranoia.
+ syscall &= 0xfffUL;
+ addr = reinterpret_cast<volatile char*>(syscall);
+ *addr = '\0';
_exit(1);
}
@@ -191,6 +203,8 @@ static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) {
EmitAllowSyscall(__NR_munlock, program);
EmitAllowSyscall(__NR_exit, program);
EmitAllowSyscall(__NR_exit_group, program);
+ EmitAllowSyscall(__NR_getpid, program);
+ EmitAllowSyscall(__NR_getppid, program);
EmitFailSyscall(__NR_open, ENOENT, program);
EmitFailSyscall(__NR_access, ENOENT, program);