1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "sandbox/linux/services/syscall_wrappers.h"
6 
7 #include <pthread.h>
8 #include <sched.h>
9 #include <setjmp.h>
10 #include <sys/resource.h>
11 #include <sys/syscall.h>
12 #include <sys/time.h>
13 #include <sys/types.h>
14 #include <unistd.h>
15 #include <cstring>
16 
17 #include "base/compiler_specific.h"
18 #include "base/logging.h"
19 #include "build/build_config.h"
20 #include "sandbox/linux/system_headers/capability.h"
21 #include "sandbox/linux/system_headers/linux_signal.h"
22 #include "sandbox/linux/system_headers/linux_syscalls.h"
23 
24 namespace sandbox {
25 
sys_getpid(void)26 pid_t sys_getpid(void) {
27   return syscall(__NR_getpid);
28 }
29 
sys_gettid(void)30 pid_t sys_gettid(void) {
31   return syscall(__NR_gettid);
32 }
33 
sys_write(int fd,const char * buffer,size_t buffer_size)34 ssize_t sys_write(int fd, const char* buffer, size_t buffer_size) {
35   return syscall(__NR_write, fd, buffer, buffer_size);
36 }
37 
sys_clone(unsigned long flags,std::nullptr_t child_stack,pid_t * ptid,pid_t * ctid,std::nullptr_t tls)38 long sys_clone(unsigned long flags,
39                std::nullptr_t child_stack,
40                pid_t* ptid,
41                pid_t* ctid,
42                std::nullptr_t tls) {
43   const bool clone_tls_used = flags & CLONE_SETTLS;
44   const bool invalid_ctid =
45       (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid;
46   const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid;
47 
48   // We do not support CLONE_VM.
49   const bool clone_vm_used = flags & CLONE_VM;
50   if (clone_tls_used || invalid_ctid || invalid_ptid || clone_vm_used) {
51     RAW_LOG(FATAL, "Invalid usage of sys_clone");
52   }
53 
54   if (ptid) MSAN_UNPOISON(ptid, sizeof(*ptid));
55   if (ctid) MSAN_UNPOISON(ctid, sizeof(*ctid));
56   // See kernel/fork.c in Linux. There is different ordering of sys_clone
57   // parameters depending on CONFIG_CLONE_BACKWARDS* configuration options.
58 #if defined(ARCH_CPU_X86_64)
59   return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls);
60 #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \
61     defined(ARCH_CPU_MIPS_FAMILY)
62   // CONFIG_CLONE_BACKWARDS defined.
63   return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid);
64 #endif
65 }
66 
sys_clone(unsigned long flags)67 long sys_clone(unsigned long flags) {
68   return sys_clone(flags, nullptr, nullptr, nullptr, nullptr);
69 }
70 
sys_exit_group(int status)71 void sys_exit_group(int status) {
72   syscall(__NR_exit_group, status);
73 }
74 
sys_seccomp(unsigned int operation,unsigned int flags,const struct sock_fprog * args)75 int sys_seccomp(unsigned int operation,
76                 unsigned int flags,
77                 const struct sock_fprog* args) {
78   return syscall(__NR_seccomp, operation, flags, args);
79 }
80 
sys_prlimit64(pid_t pid,int resource,const struct rlimit64 * new_limit,struct rlimit64 * old_limit)81 int sys_prlimit64(pid_t pid,
82                   int resource,
83                   const struct rlimit64* new_limit,
84                   struct rlimit64* old_limit) {
85   int res = syscall(__NR_prlimit64, pid, resource, new_limit, old_limit);
86   if (res == 0 && old_limit) MSAN_UNPOISON(old_limit, sizeof(*old_limit));
87   return res;
88 }
89 
sys_capget(cap_hdr * hdrp,cap_data * datap)90 int sys_capget(cap_hdr* hdrp, cap_data* datap) {
91   int res = syscall(__NR_capget, hdrp, datap);
92   if (res == 0) {
93     if (hdrp) MSAN_UNPOISON(hdrp, sizeof(*hdrp));
94     if (datap) MSAN_UNPOISON(datap, sizeof(*datap));
95   }
96   return res;
97 }
98 
sys_capset(cap_hdr * hdrp,const cap_data * datap)99 int sys_capset(cap_hdr* hdrp, const cap_data* datap) {
100   return syscall(__NR_capset, hdrp, datap);
101 }
102 
sys_getresuid(uid_t * ruid,uid_t * euid,uid_t * suid)103 int sys_getresuid(uid_t* ruid, uid_t* euid, uid_t* suid) {
104   int res;
105 #if defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARMEL)
106   // On 32-bit x86 or 32-bit arm, getresuid supports 16bit values only.
107   // Use getresuid32 instead.
108   res = syscall(__NR_getresuid32, ruid, euid, suid);
109 #else
110   res = syscall(__NR_getresuid, ruid, euid, suid);
111 #endif
112   if (res == 0) {
113     if (ruid) MSAN_UNPOISON(ruid, sizeof(*ruid));
114     if (euid) MSAN_UNPOISON(euid, sizeof(*euid));
115     if (suid) MSAN_UNPOISON(suid, sizeof(*suid));
116   }
117   return res;
118 }
119 
sys_getresgid(gid_t * rgid,gid_t * egid,gid_t * sgid)120 int sys_getresgid(gid_t* rgid, gid_t* egid, gid_t* sgid) {
121   int res;
122 #if defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARMEL)
123   // On 32-bit x86 or 32-bit arm, getresgid supports 16bit values only.
124   // Use getresgid32 instead.
125   res = syscall(__NR_getresgid32, rgid, egid, sgid);
126 #else
127   res = syscall(__NR_getresgid, rgid, egid, sgid);
128 #endif
129   if (res == 0) {
130     if (rgid) MSAN_UNPOISON(rgid, sizeof(*rgid));
131     if (egid) MSAN_UNPOISON(egid, sizeof(*egid));
132     if (sgid) MSAN_UNPOISON(sgid, sizeof(*sgid));
133   }
134   return res;
135 }
136 
sys_chroot(const char * path)137 int sys_chroot(const char* path) {
138   return syscall(__NR_chroot, path);
139 }
140 
sys_unshare(int flags)141 int sys_unshare(int flags) {
142   return syscall(__NR_unshare, flags);
143 }
144 
sys_sigprocmask(int how,const sigset_t * set,std::nullptr_t oldset)145 int sys_sigprocmask(int how, const sigset_t* set, std::nullptr_t oldset) {
146   // In some toolchain (in particular Android and PNaCl toolchain),
147   // sigset_t is 32 bits, but the Linux ABI uses more.
148   LinuxSigSet linux_value;
149   std::memset(&linux_value, 0, sizeof(LinuxSigSet));
150   std::memcpy(&linux_value, set, std::min(sizeof(sigset_t),
151                                           sizeof(LinuxSigSet)));
152 
153   return syscall(__NR_rt_sigprocmask, how, &linux_value, nullptr,
154                  sizeof(linux_value));
155 }
156 
157 // When this is built with PNaCl toolchain, we should always use sys_sigaction
158 // below, because sigaction() provided by the toolchain is incompatible with
159 // Linux's ABI.
160 #if !defined(OS_NACL_NONSFI)
sys_sigaction(int signum,const struct sigaction * act,struct sigaction * oldact)161 int sys_sigaction(int signum,
162                   const struct sigaction* act,
163                   struct sigaction* oldact) {
164   return sigaction(signum, act, oldact);
165 }
166 #else
167 #if defined(ARCH_CPU_X86_FAMILY)
168 
169 // On x86_64, sa_restorer is required. We specify it on x86 as well in order to
170 // support kernels with VDSO disabled.
171 #if !defined(SA_RESTORER)
172 #define SA_RESTORER 0x04000000
173 #endif
174 
175 // XSTR(__NR_foo) expands to a string literal containing the value value of
176 // __NR_foo.
177 #define STR(x) #x
178 #define XSTR(x) STR(x)
179 
180 // rt_sigreturn is a special system call that interacts with the user land
181 // stack. Thus, here prologue must not be created, which implies syscall()
182 // does not work properly, too. Note that rt_sigreturn does not return.
183 // TODO(rickyz): These assembly functions may still break stack unwinding on
184 // nonsfi NaCl builds.
185 #if defined(ARCH_CPU_X86_64)
186 
187 extern "C" {
188   void sys_rt_sigreturn();
189 }
190 
191 asm(
192     ".text\n"
193     "sys_rt_sigreturn:\n"
194     "mov $" XSTR(__NR_rt_sigreturn) ", %eax\n"
195     "syscall\n");
196 
197 #elif defined(ARCH_CPU_X86)
198 extern "C" {
199   void sys_sigreturn();
200   void sys_rt_sigreturn();
201 }
202 
203 asm(
204     ".text\n"
205     "sys_rt_sigreturn:\n"
206     "mov $" XSTR(__NR_rt_sigreturn) ", %eax\n"
207     "int $0x80\n"
208 
209     "sys_sigreturn:\n"
210     "pop %eax\n"
211     "mov $" XSTR(__NR_sigreturn) ", %eax\n"
212     "int $0x80\n");
213 #else
214 #error "Unsupported architecture."
215 #endif
216 
217 #undef STR
218 #undef XSTR
219 
220 #endif
221 
sys_sigaction(int signum,const struct sigaction * act,struct sigaction * oldact)222 int sys_sigaction(int signum,
223                   const struct sigaction* act,
224                   struct sigaction* oldact) {
225   LinuxSigAction linux_act = {};
226   if (act) {
227     linux_act.kernel_handler = act->sa_handler;
228     std::memcpy(&linux_act.sa_mask, &act->sa_mask,
229                 std::min(sizeof(linux_act.sa_mask), sizeof(act->sa_mask)));
230     linux_act.sa_flags = act->sa_flags;
231 
232 #if defined(ARCH_CPU_X86_FAMILY)
233     if (!(linux_act.sa_flags & SA_RESTORER)) {
234       linux_act.sa_flags |= SA_RESTORER;
235 #if defined(ARCH_CPU_X86_64)
236       linux_act.sa_restorer = sys_rt_sigreturn;
237 #elif defined(ARCH_CPU_X86)
238       linux_act.sa_restorer =
239           linux_act.sa_flags & SA_SIGINFO ? sys_rt_sigreturn : sys_sigreturn;
240 #else
241 #error "Unsupported architecture."
242 #endif
243     }
244 #endif
245   }
246 
247   LinuxSigAction linux_oldact = {};
248   int result = syscall(__NR_rt_sigaction, signum, act ? &linux_act : nullptr,
249                        oldact ? &linux_oldact : nullptr,
250                        sizeof(LinuxSigSet));
251 
252   if (result == 0 && oldact) {
253     oldact->sa_handler = linux_oldact.kernel_handler;
254     sigemptyset(&oldact->sa_mask);
255     std::memcpy(&oldact->sa_mask, &linux_oldact.sa_mask,
256                 std::min(sizeof(linux_act.sa_mask), sizeof(act->sa_mask)));
257     oldact->sa_flags = linux_oldact.sa_flags;
258   }
259   return result;
260 }
261 
262 #endif  // defined(MEMORY_SANITIZER)
263 
264 }  // namespace sandbox
265