diff options
author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-19 21:48:44 +0000 |
---|---|---|
committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-19 21:48:44 +0000 |
commit | a42fcc2457e77f0b9947fed4131bc5d8720b31a8 (patch) | |
tree | 8c468a3975d6bc2dfed511163dddb892054d250d /content/common/sandbox_init_linux.cc | |
parent | a417100144c4b7d0d48be6eed4dda8556c8be1fd (diff) | |
download | chromium_src-a42fcc2457e77f0b9947fed4131bc5d8720b31a8.zip chromium_src-a42fcc2457e77f0b9947fed4131bc5d8720b31a8.tar.gz chromium_src-a42fcc2457e77f0b9947fed4131bc5d8720b31a8.tar.bz2 |
Handle three syscalls seen so far in crash logs.
socket() is interesting; best guess would be trying to connect to nscd? Easily
could happen in logging or error code due to getpwnam() or similar. For now,
fail it out to see if any other syscall pops up next.
Review URL: https://chromiumcodereview.appspot.com/10041046
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@133064 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_init_linux.cc')
-rw-r--r-- | content/common/sandbox_init_linux.cc | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc index 5ae816f..b44034f 100644 --- a/content/common/sandbox_init_linux.cc +++ b/content/common/sandbox_init_linux.cc @@ -66,13 +66,25 @@ static void SIGSYS_Handler(int signal, siginfo_t* info, void* void_context) { if (!void_context) return; ucontext_t* context = reinterpret_cast<ucontext_t*>(void_context); - unsigned int syscall = context->uc_mcontext.gregs[REG_RAX]; + uintptr_t syscall = context->uc_mcontext.gregs[REG_RAX]; if (syscall >= 1024) syscall = 0; + // Encode 8-bits of the 1st two arguments too, so we can discern which socket + // type, which fcntl, ... etc., without being likely to hit a mapped + // address. + // Do not encode more bits here without thinking about increasing the + // likelihood of collision with mapped pages. + syscall |= ((context->uc_mcontext.gregs[REG_RDI] & 0xffUL) << 12); + syscall |= ((context->uc_mcontext.gregs[REG_RSI] & 0xffUL) << 20); // Purposefully dereference the syscall as an address so it'll show up very // clearly and easily in crash dumps. volatile char* addr = reinterpret_cast<volatile char*>(syscall); *addr = '\0'; + // In case we hit a mapped address, hit the null page with just the syscall, + // for paranoia. + syscall &= 0xfffUL; + addr = reinterpret_cast<volatile char*>(syscall); + *addr = '\0'; _exit(1); } @@ -191,6 +203,8 @@ static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) { EmitAllowSyscall(__NR_munlock, program); EmitAllowSyscall(__NR_exit, program); EmitAllowSyscall(__NR_exit_group, program); + EmitAllowSyscall(__NR_getpid, program); + EmitAllowSyscall(__NR_getppid, program); EmitFailSyscall(__NR_open, ENOENT, program); EmitFailSyscall(__NR_access, ENOENT, program); |