1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/linux/services/syscall_wrappers.h" 6 7 #include <pthread.h> 8 #include <sched.h> 9 #include <setjmp.h> 10 #include <sys/resource.h> 11 #include <sys/syscall.h> 12 #include <sys/time.h> 13 #include <sys/types.h> 14 #include <unistd.h> 15 #include <cstring> 16 17 #include "base/compiler_specific.h" 18 #include "base/logging.h" 19 #include "base/third_party/valgrind/valgrind.h" 20 #include "build/build_config.h" 21 #include "sandbox/linux/system_headers/capability.h" 22 #include "sandbox/linux/system_headers/linux_signal.h" 23 #include "sandbox/linux/system_headers/linux_syscalls.h" 24 25 namespace sandbox { 26 27 pid_t sys_getpid(void) { 28 return syscall(__NR_getpid); 29 } 30 31 pid_t sys_gettid(void) { 32 return syscall(__NR_gettid); 33 } 34 35 long sys_clone(unsigned long flags, 36 std::nullptr_t child_stack, 37 pid_t* ptid, 38 pid_t* ctid, 39 std::nullptr_t tls) { 40 const bool clone_tls_used = flags & CLONE_SETTLS; 41 const bool invalid_ctid = 42 (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid; 43 const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid; 44 45 // We do not support CLONE_VM. 46 const bool clone_vm_used = flags & CLONE_VM; 47 if (clone_tls_used || invalid_ctid || invalid_ptid || clone_vm_used) { 48 RAW_LOG(FATAL, "Invalid usage of sys_clone"); 49 } 50 51 if (ptid) MSAN_UNPOISON(ptid, sizeof(*ptid)); 52 if (ctid) MSAN_UNPOISON(ctid, sizeof(*ctid)); 53 // See kernel/fork.c in Linux. There is different ordering of sys_clone 54 // parameters depending on CONFIG_CLONE_BACKWARDS* configuration options. 55 #if defined(ARCH_CPU_X86_64) 56 return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); 57 #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ 58 defined(ARCH_CPU_MIPS_FAMILY) 59 // CONFIG_CLONE_BACKWARDS defined. 60 return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); 61 #endif 62 } 63 64 long sys_clone(unsigned long flags) { 65 return sys_clone(flags, nullptr, nullptr, nullptr, nullptr); 66 } 67 68 void sys_exit_group(int status) { 69 syscall(__NR_exit_group, status); 70 } 71 72 int sys_seccomp(unsigned int operation, 73 unsigned int flags, 74 const struct sock_fprog* args) { 75 return syscall(__NR_seccomp, operation, flags, args); 76 } 77 78 int sys_prlimit64(pid_t pid, 79 int resource, 80 const struct rlimit64* new_limit, 81 struct rlimit64* old_limit) { 82 int res = syscall(__NR_prlimit64, pid, resource, new_limit, old_limit); 83 if (res == 0 && old_limit) MSAN_UNPOISON(old_limit, sizeof(*old_limit)); 84 return res; 85 } 86 87 int sys_capget(cap_hdr* hdrp, cap_data* datap) { 88 int res = syscall(__NR_capget, hdrp, datap); 89 if (res == 0) { 90 if (hdrp) MSAN_UNPOISON(hdrp, sizeof(*hdrp)); 91 if (datap) MSAN_UNPOISON(datap, sizeof(*datap)); 92 } 93 return res; 94 } 95 96 int sys_capset(cap_hdr* hdrp, const cap_data* datap) { 97 return syscall(__NR_capset, hdrp, datap); 98 } 99 100 int sys_getresuid(uid_t* ruid, uid_t* euid, uid_t* suid) { 101 int res; 102 #if defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARMEL) 103 // On 32-bit x86 or 32-bit arm, getresuid supports 16bit values only. 104 // Use getresuid32 instead. 105 res = syscall(__NR_getresuid32, ruid, euid, suid); 106 #else 107 res = syscall(__NR_getresuid, ruid, euid, suid); 108 #endif 109 if (res == 0) { 110 if (ruid) MSAN_UNPOISON(ruid, sizeof(*ruid)); 111 if (euid) MSAN_UNPOISON(euid, sizeof(*euid)); 112 if (suid) MSAN_UNPOISON(suid, sizeof(*suid)); 113 } 114 return res; 115 } 116 117 int sys_getresgid(gid_t* rgid, gid_t* egid, gid_t* sgid) { 118 int res; 119 #if defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARMEL) 120 // On 32-bit x86 or 32-bit arm, getresgid supports 16bit values only. 121 // Use getresgid32 instead. 122 res = syscall(__NR_getresgid32, rgid, egid, sgid); 123 #else 124 res = syscall(__NR_getresgid, rgid, egid, sgid); 125 #endif 126 if (res == 0) { 127 if (rgid) MSAN_UNPOISON(rgid, sizeof(*rgid)); 128 if (egid) MSAN_UNPOISON(egid, sizeof(*egid)); 129 if (sgid) MSAN_UNPOISON(sgid, sizeof(*sgid)); 130 } 131 return res; 132 } 133 134 int sys_chroot(const char* path) { 135 return syscall(__NR_chroot, path); 136 } 137 138 int sys_unshare(int flags) { 139 return syscall(__NR_unshare, flags); 140 } 141 142 int sys_sigprocmask(int how, const sigset_t* set, std::nullptr_t oldset) { 143 // In some toolchain (in particular Android and PNaCl toolchain), 144 // sigset_t is 32 bits, but the Linux ABI uses more. 145 LinuxSigSet linux_value; 146 std::memset(&linux_value, 0, sizeof(LinuxSigSet)); 147 std::memcpy(&linux_value, set, std::min(sizeof(sigset_t), 148 sizeof(LinuxSigSet))); 149 150 return syscall(__NR_rt_sigprocmask, how, &linux_value, nullptr, 151 sizeof(linux_value)); 152 } 153 154 // When this is built with PNaCl toolchain, we should always use sys_sigaction 155 // below, because sigaction() provided by the toolchain is incompatible with 156 // Linux's ABI. 157 #if !defined(OS_NACL_NONSFI) 158 int sys_sigaction(int signum, 159 const struct sigaction* act, 160 struct sigaction* oldact) { 161 return sigaction(signum, act, oldact); 162 } 163 #else 164 #if defined(ARCH_CPU_X86_FAMILY) 165 166 // On x86_64, sa_restorer is required. We specify it on x86 as well in order to 167 // support kernels with VDSO disabled. 168 #if !defined(SA_RESTORER) 169 #define SA_RESTORER 0x04000000 170 #endif 171 172 // XSTR(__NR_foo) expands to a string literal containing the value value of 173 // __NR_foo. 174 #define STR(x) #x 175 #define XSTR(x) STR(x) 176 177 // rt_sigreturn is a special system call that interacts with the user land 178 // stack. Thus, here prologue must not be created, which implies syscall() 179 // does not work properly, too. Note that rt_sigreturn does not return. 180 // TODO(rickyz): These assembly functions may still break stack unwinding on 181 // nonsfi NaCl builds. 182 #if defined(ARCH_CPU_X86_64) 183 184 extern "C" { 185 void sys_rt_sigreturn(); 186 } 187 188 asm( 189 ".text\n" 190 "sys_rt_sigreturn:\n" 191 "mov $" XSTR(__NR_rt_sigreturn) ", %eax\n" 192 "syscall\n"); 193 194 #elif defined(ARCH_CPU_X86) 195 extern "C" { 196 void sys_sigreturn(); 197 void sys_rt_sigreturn(); 198 } 199 200 asm( 201 ".text\n" 202 "sys_rt_sigreturn:\n" 203 "mov $" XSTR(__NR_rt_sigreturn) ", %eax\n" 204 "int $0x80\n" 205 206 "sys_sigreturn:\n" 207 "pop %eax\n" 208 "mov $" XSTR(__NR_sigreturn) ", %eax\n" 209 "int $0x80\n"); 210 #else 211 #error "Unsupported architecture." 212 #endif 213 214 #undef STR 215 #undef XSTR 216 217 #endif 218 219 int sys_sigaction(int signum, 220 const struct sigaction* act, 221 struct sigaction* oldact) { 222 LinuxSigAction linux_act = {}; 223 if (act) { 224 linux_act.kernel_handler = act->sa_handler; 225 std::memcpy(&linux_act.sa_mask, &act->sa_mask, 226 std::min(sizeof(linux_act.sa_mask), sizeof(act->sa_mask))); 227 linux_act.sa_flags = act->sa_flags; 228 229 #if defined(ARCH_CPU_X86_FAMILY) 230 if (!(linux_act.sa_flags & SA_RESTORER)) { 231 linux_act.sa_flags |= SA_RESTORER; 232 #if defined(ARCH_CPU_X86_64) 233 linux_act.sa_restorer = sys_rt_sigreturn; 234 #elif defined(ARCH_CPU_X86) 235 linux_act.sa_restorer = 236 linux_act.sa_flags & SA_SIGINFO ? sys_rt_sigreturn : sys_sigreturn; 237 #else 238 #error "Unsupported architecture." 239 #endif 240 } 241 #endif 242 } 243 244 LinuxSigAction linux_oldact = {}; 245 int result = syscall(__NR_rt_sigaction, signum, act ? &linux_act : nullptr, 246 oldact ? &linux_oldact : nullptr, 247 sizeof(LinuxSigSet)); 248 249 if (result == 0 && oldact) { 250 oldact->sa_handler = linux_oldact.kernel_handler; 251 sigemptyset(&oldact->sa_mask); 252 std::memcpy(&oldact->sa_mask, &linux_oldact.sa_mask, 253 std::min(sizeof(linux_act.sa_mask), sizeof(act->sa_mask))); 254 oldact->sa_flags = linux_oldact.sa_flags; 255 } 256 return result; 257 } 258 259 #endif // defined(MEMORY_SANITIZER) 260 261 } // namespace sandbox 262
