1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Note: any code in this file MUST be async-signal safe.
7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
11 #include "base/basictypes.h"
12 #include "base/posix/eintr_wrapper.h"
13 #include "build/build_config.h"
14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
16 #define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure"
17 #define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure"
18 #define SECCOMP_MESSAGE_PRCTL_CONTENT "prctl() failure"
19 #define SECCOMP_MESSAGE_IOCTL_CONTENT "ioctl() failure"
20 #define SECCOMP_MESSAGE_KILL_CONTENT "(tg)kill() failure"
24 inline bool IsArchitectureX86_64() {
25 #if defined(__x86_64__)
32 // Write |error_message| to stderr. Similar to RawLog(), but a bit more careful
33 // about async-signal safety. |size| is the size to write and should typically
34 // not include a terminating \0.
35 void WriteToStdErr(const char* error_message, size_t size) {
37 // TODO(jln): query the current policy to check if send() is available and
38 // use it to perform a non-blocking write.
39 const int ret = HANDLE_EINTR(write(STDERR_FILENO, error_message, size));
40 // We can't handle any type of error here.
41 if (ret <= 0 || static_cast<size_t>(ret) > size) break;
47 // Print a seccomp-bpf failure to handle |sysno| to stderr in an
48 // async-signal safe way.
49 void PrintSyscallError(uint32_t sysno) {
52 // TODO(markus): replace with async-signal safe snprintf when available.
53 const size_t kNumDigits = 4;
54 char sysno_base10[kNumDigits];
57 for (int i = kNumDigits - 1; i >= 0; i--) {
60 sysno_base10[i] = '0' + mod;
62 static const char kSeccompErrorPrefix[] =
63 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall ";
64 static const char kSeccompErrorPostfix[] = "\n";
65 WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1);
66 WriteToStdErr(sysno_base10, sizeof(sysno_base10));
67 WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1);
74 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {
75 uint32_t syscall = args.nr;
78 PrintSyscallError(syscall);
80 // Encode 8-bits of the 1st two arguments too, so we can discern which socket
81 // type, which fcntl, ... etc., without being likely to hit a mapped
83 // Do not encode more bits here without thinking about increasing the
84 // likelihood of collision with mapped pages.
85 syscall |= ((args.args[0] & 0xffUL) << 12);
86 syscall |= ((args.args[1] & 0xffUL) << 20);
87 // Purposefully dereference the syscall as an address so it'll show up very
88 // clearly and easily in crash dumps.
89 volatile char* addr = reinterpret_cast<volatile char*>(syscall);
91 // In case we hit a mapped address, hit the null page with just the syscall,
94 addr = reinterpret_cast<volatile char*>(syscall);
100 // TODO(jln): refactor the reporting functions.
102 intptr_t SIGSYSCloneFailure(const struct arch_seccomp_data& args, void* aux) {
103 static const char kSeccompCloneError[] =
104 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_CLONE_CONTENT "\n";
105 WriteToStdErr(kSeccompCloneError, sizeof(kSeccompCloneError) - 1);
106 // "flags" is the first argument in the kernel's clone().
107 // Mark as volatile to be able to find the value on the stack in a minidump.
108 volatile uint64_t clone_flags = args.args[0];
110 if (IsArchitectureX86_64()) {
111 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFFFFF);
114 // Hit the NULL page if this fails to fault.
115 addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFF);
121 intptr_t SIGSYSPrctlFailure(const struct arch_seccomp_data& args,
123 static const char kSeccompPrctlError[] =
124 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_PRCTL_CONTENT "\n";
125 WriteToStdErr(kSeccompPrctlError, sizeof(kSeccompPrctlError) - 1);
126 // Mark as volatile to be able to find the value on the stack in a minidump.
127 volatile uint64_t option = args.args[0];
128 volatile char* addr =
129 reinterpret_cast<volatile char*>(option & 0xFFF);
135 intptr_t SIGSYSIoctlFailure(const struct arch_seccomp_data& args,
137 static const char kSeccompIoctlError[] =
138 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_IOCTL_CONTENT "\n";
139 WriteToStdErr(kSeccompIoctlError, sizeof(kSeccompIoctlError) - 1);
140 // Make "request" volatile so that we can see it on the stack in a minidump.
141 volatile uint64_t request = args.args[1];
142 volatile char* addr = reinterpret_cast<volatile char*>(request & 0xFFFF);
144 // Hit the NULL page if this fails.
145 addr = reinterpret_cast<volatile char*>(request & 0xFFF);
151 intptr_t SIGSYSKillFailure(const struct arch_seccomp_data& args,
153 static const char kSeccompKillError[] =
154 __FILE__":**CRASHING**:" SECCOMP_MESSAGE_KILL_CONTENT "\n";
155 WriteToStdErr(kSeccompKillError, sizeof(kSeccompKillError) - 1);
156 // Make "request" volatile so that we can see it on the stack in a minidump.
157 volatile uint64_t pid = args.args[0];
158 volatile char* addr = reinterpret_cast<volatile char*>(pid & 0xFFF);
160 // Hit the NULL page if this fails.
161 addr = reinterpret_cast<volatile char*>(pid & 0xFFF);
167 const char* GetErrorMessageContentForTests() {
168 return SECCOMP_MESSAGE_COMMON_CONTENT;
171 const char* GetCloneErrorMessageContentForTests() {
172 return SECCOMP_MESSAGE_CLONE_CONTENT;
175 const char* GetPrctlErrorMessageContentForTests() {
176 return SECCOMP_MESSAGE_PRCTL_CONTENT;
179 const char* GetIoctlErrorMessageContentForTests() {
180 return SECCOMP_MESSAGE_IOCTL_CONTENT;
183 } // namespace sandbox.