diff options
Diffstat (limited to 'sandbox/linux/seccomp/securemem.cc')
| -rw-r--r-- | sandbox/linux/seccomp/securemem.cc | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/sandbox/linux/seccomp/securemem.cc b/sandbox/linux/seccomp/securemem.cc index c8e59f9..2cf6903 100644 --- a/sandbox/linux/seccomp/securemem.cc +++ b/sandbox/linux/seccomp/securemem.cc @@ -16,23 +16,27 @@ void SecureMem::abandonSystemCall(int fd, int err) { } } -void SecureMem::dieIfParentDied(int parentProc) { +void SecureMem::dieIfParentDied(int parentMapsFd) { // The syscall_mutex_ should not be contended. If it is, we are either // experiencing a very unusual load of system calls that the sandbox is not // optimized for; or, more likely, the sandboxed process terminated while the // trusted process was in the middle of waiting for the mutex. We detect // this situation and terminate the trusted process. - char proc[80]; - sprintf(proc, "/proc/self/fd/%d/status", parentProc); - struct stat sb; - if (stat(proc, &sb)) { - Sandbox::die(); + int alive = !lseek(parentMapsFd, 0, SEEK_SET); + if (alive) { + char buf; + do { + alive = read(parentMapsFd, &buf, 1); + } while (alive < 0 && errno == EINTR); + } + if (!alive) { + Sandbox::die(); } } -void SecureMem::lockSystemCall(int parentProc, Args* mem) { +void SecureMem::lockSystemCall(int parentMapsFd, Args* mem) { while (!Mutex::lockMutex(&Sandbox::syscall_mutex_, 500)) { - dieIfParentDied(parentProc); + dieIfParentDied(parentMapsFd); } asm volatile( #if defined(__x86_64__) @@ -47,7 +51,7 @@ void SecureMem::lockSystemCall(int parentProc, Args* mem) { : "memory"); } -void SecureMem::sendSystemCallInternal(int fd, bool locked, int parentProc, +void SecureMem::sendSystemCallInternal(int fd, bool locked, int parentMapsFd, Args* mem, int syscallNum, void* arg1, void* arg2, void* arg3, void* arg4, void* arg5, void* arg6) { @@ -87,9 +91,9 @@ void SecureMem::sendSystemCallInternal(int fd, bool locked, int parentProc, if (Sandbox::write(sys, fd, &data, sizeof(data)) != sizeof(data)) { Sandbox::die("Failed to send system call"); } - if (parentProc >= 0) { + if (parentMapsFd >= 0) { while (!Mutex::waitForUnlock(&Sandbox::syscall_mutex_, 500)) { - dieIfParentDied(parentProc); + dieIfParentDied(parentMapsFd); } } } |