Home | History | Annotate | Download | only in seccomp-bpf 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "sandbox/linux/seccomp-bpf/die.h"
      6 
      7 #include <errno.h>
      8 #include <signal.h>
      9 #include <stdio.h>
     10 #include <sys/prctl.h>
     11 #include <sys/syscall.h>
     12 #include <unistd.h>
     13 
     14 #include <string>
     15 
     16 #include "base/logging.h"
     17 #include "base/posix/eintr_wrapper.h"
     18 #include "sandbox/linux/seccomp-bpf/syscall.h"
     19 
     20 namespace sandbox {
     21 
     22 void Die::ExitGroup() {
     23   // exit_group() should exit our program. After all, it is defined as a
     24   // function that doesn't return. But things can theoretically go wrong.
     25   // Especially, since we are dealing with system call filters. Continuing
     26   // execution would be very bad in most cases where ExitGroup() gets called.
     27   // So, we'll try a few other strategies too.
     28   Syscall::Call(__NR_exit_group, 1);
     29 
     30   // We have no idea what our run-time environment looks like. So, signal
     31   // handlers might or might not do the right thing. Try to reset settings
     32   // to a defined state; but we have not way to verify whether we actually
     33   // succeeded in doing so. Nonetheless, triggering a fatal signal could help
     34   // us terminate.
     35   signal(SIGSEGV, SIG_DFL);
     36   Syscall::Call(__NR_prctl, PR_SET_DUMPABLE, (void*)0, (void*)0, (void*)0);
     37   if (*(volatile char*)0) {
     38   }
     39 
     40   // If there is no way for us to ask for the program to exit, the next
     41   // best thing we can do is to loop indefinitely. Maybe, somebody will notice
     42   // and file a bug...
     43   // We in fact retry the system call inside of our loop so that it will
     44   // stand out when somebody tries to diagnose the problem by using "strace".
     45   for (;;) {
     46     Syscall::Call(__NR_exit_group, 1);
     47   }
     48 }
     49 
     50 void Die::SandboxDie(const char* msg, const char* file, int line) {
     51   if (simple_exit_) {
     52     LogToStderr(msg, file, line);
     53   } else {
     54     logging::LogMessage(file, line, logging::LOG_FATAL).stream() << msg;
     55   }
     56   ExitGroup();
     57 }
     58 
     59 void Die::RawSandboxDie(const char* msg) {
     60   if (!msg)
     61     msg = "";
     62   RAW_LOG(FATAL, msg);
     63   ExitGroup();
     64 }
     65 
     66 void Die::SandboxInfo(const char* msg, const char* file, int line) {
     67   if (!suppress_info_) {
     68     logging::LogMessage(file, line, logging::LOG_INFO).stream() << msg;
     69   }
     70 }
     71 
     72 void Die::LogToStderr(const char* msg, const char* file, int line) {
     73   if (msg) {
     74     char buf[40];
     75     snprintf(buf, sizeof(buf), "%d", line);
     76     std::string s = std::string(file) + ":" + buf + ":" + msg + "\n";
     77 
     78     // No need to loop. Short write()s are unlikely and if they happen we
     79     // probably prefer them over a loop that blocks.
     80     ignore_result(
     81         HANDLE_EINTR(Syscall::Call(__NR_write, 2, s.c_str(), s.length())));
     82   }
     83 }
     84 
     85 bool Die::simple_exit_ = false;
     86 bool Die::suppress_info_ = false;
     87 
     88 }  // namespace sandbox
     89