Attachment #768148 for bug #836319

Lines 50-55 Link Here

(-)a/security/sandbox/chromium/sandbox/linux/bpf_dsl/linux_syscall_ranges.h (+7 lines)
50	#define MAX_PUBLIC_SYSCALL 279u	50	#define MAX_PUBLIC_SYSCALL 279u
51	#define MAX_SYSCALL MAX_PUBLIC_SYSCALL	51	#define MAX_SYSCALL MAX_PUBLIC_SYSCALL
52		52
		53	#elif defined(__powerpc64__)
		54
		55	#include <asm/unistd.h>
		56	#define MIN_SYSCALL 0u
		57	#define MAX_PUBLIC_SYSCALL 386u
		58	#define MAX_SYSCALL MAX_PUBLIC_SYSCALL
		59
53	#else	60	#else
54	#error "Unsupported architecture"	61	#error "Unsupported architecture"
55	#endif	62	#endif

Lines 16-21 Link Here

(-)a/security/sandbox/chromium/sandbox/linux/bpf_dsl/seccomp_macros.h (+48 lines)
16	#if defined(__mips__)	16	#if defined(__mips__)
17	// sys/user.h in eglibc misses size_t definition	17	// sys/user.h in eglibc misses size_t definition
18	#include <stddef.h>	18	#include <stddef.h>
		19	#elif defined(__powerpc64__)
		20	// Manually define greg_t on ppc64
		21	typedef unsigned long long greg_t;
19	#endif	22	#endif
20	#endif	23	#endif
21		24
Lines 286-291 struct regs_struct { Link Here
286	#define SECCOMP_PT_PARM4(_regs) (_regs).regs[3]	289	#define SECCOMP_PT_PARM4(_regs) (_regs).regs[3]
287	#define SECCOMP_PT_PARM5(_regs) (_regs).regs[4]	290	#define SECCOMP_PT_PARM5(_regs) (_regs).regs[4]
288	#define SECCOMP_PT_PARM6(_regs) (_regs).regs[5]	291	#define SECCOMP_PT_PARM6(_regs) (_regs).regs[5]
		292
		293	#elif defined(__powerpc64__)
		294	#include <asm/ptrace.h>
		295
		296	typedef struct pt_regs regs_struct;
		297
		298	#ifdef ARCH_CPU_LITTLE_ENDIAN
		299	#define SECCOMP_ARCH AUDIT_ARCH_PPC64LE
		300	#else
		301	#define SECCOMP_ARCH AUDIT_ARCH_PPC64
		302	#endif
		303
		304	#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.regs->gpr[_reg])
		305
		306	#define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, 3)
		307	#define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, 0)
		308	#define SECCOMP_IP(_ctx) (_ctx)->uc_mcontext.regs->nip
		309	#define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, 3)
		310	#define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, 4)
		311	#define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, 5)
		312	#define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, 6)
		313	#define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, 7)
		314	#define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, 8)
		315
		316	#define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr))
		317	#define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch))
		318	#define SECCOMP_IP_MSB_IDX \
		319	(offsetof(struct arch_seccomp_data, instruction_pointer) + 4)
		320	#define SECCOMP_IP_LSB_IDX \
		321	(offsetof(struct arch_seccomp_data, instruction_pointer) + 0)
		322	#define SECCOMP_ARG_MSB_IDX(nr) \
		323	(offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 4)
		324	#define SECCOMP_ARG_LSB_IDX(nr) \
		325	(offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 0)
		326
		327	#define SECCOMP_PT_RESULT(_regs) (_regs).gpr[3]
		328	#define SECCOMP_PT_SYSCALL(_regs) (_regs).gpr[0]
		329	#define SECCOMP_PT_IP(_regs) (_regs).nip
		330	#define SECCOMP_PT_PARM1(_regs) (_regs).gpr[3]
		331	#define SECCOMP_PT_PARM2(_regs) (_regs).gpr[4]
		332	#define SECCOMP_PT_PARM3(_regs) (_regs).gpr[5]
		333	#define SECCOMP_PT_PARM4(_regs) (_regs).gpr[6]
		334	#define SECCOMP_PT_PARM5(_regs) (_regs).gpr[7]
		335	#define SECCOMP_PT_PARM6(_regs) (_regs).gpr[8]
		336
289	#else	337	#else
290	#error Unsupported target platform	338	#error Unsupported target platform
291		339




namespace {

#if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \
    defined(ARCH_CPU_MIPS_FAMILY) || defined (ARCH_CPU_PPC64_FAMILY)
// Number that's not currently used by any Linux kernel ABIs.
const int kInvalidSyscallNumber = 0x351d3;
#else

    // Enter the kernel
    "svc 0\n"
    "2:ret\n"
    ".cfi_endproc\n"
    ".size SyscallAsm, .-SyscallAsm\n"
#elif defined(__powerpc64__)
    ".text\n"
    ".align 4\n"
    ".type SyscallAsm @function\n"
    "SyscallAsm:\n"
    ".cfi_startproc\n"

    // Check if r3 is negative
    "cmpdi 3, 0\n"
    "bgt 2f\n"

    // Load address of 3f into r3 and return
    "mflr 10\n"
    "bl 1f\n"
    "1: mflr 3\n"
    "mtlr 10\n"
    "addi 3, 3, 4*13\n"
    "blr\n"

    // Load arguments from array into r3-8
    // save param 3 in r10
    "2:\n"
    "mr 0, 3\n"
    "ld 3, 0(4)\n"
    "ld 5, 16(4)\n"
    "ld 6, 24(4)\n"
    "ld 7, 32(4)\n"
    "ld 8, 40(4)\n"
    "ld 4, 8(4)\n"
    "li 9, 0\n"

    // Enter kernel
    "sc\n"

    // Magic return address
    "3:\n"
    // Like MIPS, ppc64 return values are always positive.
    // Check for error in cr0.SO and negate upon error
    "bc 4, 3, 4f\n"
    "neg 3, 3\n"
    "4: blr\n"

    ".cfi_endproc\n"
    ".size SyscallAsm, .-SyscallAsm\n"
#endif
    );  // asm

#if defined(__x86_64__) || defined(__powerpc64__)
extern "C" {
intptr_t SyscallAsm(intptr_t nr, const intptr_t args[6]);
}

    ret = inout;
  }

#elif defined(__powerpc64__)
  intptr_t ret = SyscallAsm(nr, args);
#else
#error "Unimplemented architecture"
#endif

    // needs to be changed back.
    ret_val = -ret_val;
    SECCOMP_PARM4(ctx) = 1;
  } else {
    SECCOMP_PARM4(ctx) = 0;
  }
#endif
#if defined(__powerpc64__)
  // Same as MIPS, need to invert ret and set error register (cr0.SO)
  if (ret_val <= -1 && ret_val >= -4095) {
    ret_val = -ret_val;
    ctx->uc_mcontext.regs->ccr |= (1 << 28);
  } else {
    ctx->uc_mcontext.regs->ccr &= ~(1 << 28);
  }
#endif
  SECCOMP_RESULT(ctx) = static_cast<greg_t>(ret_val);
}




      SetIsInSigHandler();
    }

#if defined(__powerpc64__)
    // On ppc64+glibc, some syscalls seem to accidentally negate the first
    // parameter which causes checks against it to fail. For now, manually
    // negate them back.
    // TODO(shawn@anastas.io): investigate this issue further
    auto nr = SECCOMP_SYSCALL(ctx);
    if (nr == __NR_openat || nr == __NR_mkdirat || nr == __NR_faccessat || nr == __NR_readlinkat ||
        nr == __NR_renameat || nr == __NR_renameat2 || nr == __NR_newfstatat || nr == __NR_unlinkat) {
        if (static_cast<int>(SECCOMP_PARM1(ctx)) > 0) {
            SECCOMP_PARM1(ctx) = -SECCOMP_PARM1(ctx);
        }
    }
#endif

    // Copy the seccomp-specific data into a arch_seccomp_data structure. This
    // is what we are showing to TrapFnc callbacks that the system call
    // evaluator registered with the sandbox.

Lines 59-65 long sys_clone(unsigned long flags, Link Here

(-)a/security/sandbox/chromium/sandbox/linux/services/syscall_wrappers.cc (-1 / +1 lines)
59	#if defined(ARCH_CPU_X86_64)	59	#if defined(ARCH_CPU_X86_64)
60	return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls);	60	return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls);
61	#elif defined(ARCH_CPU_X86) \|\| defined(ARCH_CPU_ARM_FAMILY) \|\| \	61	#elif defined(ARCH_CPU_X86) \|\| defined(ARCH_CPU_ARM_FAMILY) \|\| \
62	defined(ARCH_CPU_MIPS_FAMILY)	62	defined(ARCH_CPU_MIPS_FAMILY) \|\| defined(ARCH_CPU_PPC64_FAMILY)
63	// CONFIG_CLONE_BACKWARDS defined.	63	// CONFIG_CLONE_BACKWARDS defined.
64	return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid);	64	return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid);
65	#endif	65	#endif

Lines 29-34 Link Here

(-)a/security/sandbox/chromium/sandbox/linux/system_headers/linux_seccomp.h (+9 lines)
29	#ifndef EM_AARCH64	29	#ifndef EM_AARCH64
30	#define EM_AARCH64 183	30	#define EM_AARCH64 183
31	#endif	31	#endif
		32	#ifndef EM_PPC64
		33	#define EM_PPC64 21
		34	#endif
32		35
33	#ifndef __AUDIT_ARCH_64BIT	36	#ifndef __AUDIT_ARCH_64BIT
34	#define __AUDIT_ARCH_64BIT 0x80000000	37	#define __AUDIT_ARCH_64BIT 0x80000000
Lines 51-56 Link Here
51	#ifndef AUDIT_ARCH_AARCH64	54	#ifndef AUDIT_ARCH_AARCH64
52	#define AUDIT_ARCH_AARCH64 (EM_AARCH64 \| __AUDIT_ARCH_64BIT \| __AUDIT_ARCH_LE)	55	#define AUDIT_ARCH_AARCH64 (EM_AARCH64 \| __AUDIT_ARCH_64BIT \| __AUDIT_ARCH_LE)
53	#endif	56	#endif
		57	#ifndef AUDIT_ARCH_PPC64
		58	#define AUDIT_ARCH_PPC64 (EM_PPC64 \| __AUDIT_ARCH_64BIT)
		59	#endif
		60	#ifndef AUDIT_ARCH_PPC64LE
		61	#define AUDIT_ARCH_PPC64LE (EM_PPC64 \| __AUDIT_ARCH_64BIT \| __AUDIT_ARCH_LE)
		62	#endif
54		63
55	// For prctl.h	64	// For prctl.h
56	#ifndef PR_SET_SECCOMP	65	#ifndef PR_SET_SECCOMP

Lines 11-17 Link Here

(-)a/security/sandbox/chromium/sandbox/linux/system_headers/linux_signal.h (-1 / +1 lines)
11	// (not undefined, but defined different values and in different memory	11	// (not undefined, but defined different values and in different memory
12	// layouts). So, fill the gap here.	12	// layouts). So, fill the gap here.
13	#if defined(__i386__) \|\| defined(__x86_64__) \|\| defined(__arm__) \|\| \	13	#if defined(__i386__) \|\| defined(__x86_64__) \|\| defined(__arm__) \|\| \
14	defined(__aarch64__)	14	defined(__aarch64__) \|\| defined(__powerpc64__)
15		15
16	#define LINUX_SIGHUP 1	16	#define LINUX_SIGHUP 1
17	#define LINUX_SIGINT 2	17	#define LINUX_SIGINT 2

Lines 33-37 Link Here

(-)a/security/sandbox/chromium/sandbox/linux/system_headers/linux_syscalls.h (+4 lines)
33	#include "sandbox/linux/system_headers/arm64_linux_syscalls.h"	33	#include "sandbox/linux/system_headers/arm64_linux_syscalls.h"
34	#endif	34	#endif
35		35
		36	#if defined(__powerpc64__)
		37	#include "sandbox/linux/system_headers/ppc64_linux_syscalls.h"
		38	#endif
		39
36	#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_	40	#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
37		41

Lines 17-22 Link Here

(-)a/security/sandbox/chromium/sandbox/linux/system_headers/linux_ucontext.h (+2 lines)
17	#include "sandbox/linux/system_headers/mips_linux_ucontext.h"	17	#include "sandbox/linux/system_headers/mips_linux_ucontext.h"
18	#elif defined(__aarch64__)	18	#elif defined(__aarch64__)
19	#include "sandbox/linux/system_headers/arm64_linux_ucontext.h"	19	#include "sandbox/linux/system_headers/arm64_linux_ucontext.h"
		20	#elif defined(__powerpc64__)
		21	#include "sandbox/linux/system_headers/ppc64_linux_ucontext.h"
20	#else	22	#else
21	#error "No support for your architecture in Android or PNaCl header"	23	#error "No support for your architecture in Android or PNaCl header"
22	#endif	24	#endif




// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_PPC64_LINUX_SYSCALLS_H_
#define SANDBOX_LINUX_SYSTEM_HEADERS_PPC64_LINUX_SYSCALLS_H_

#include <asm/unistd.h>

//TODO: is it necessary to redefine syscall numbers for PPC64?

#endif  // SANDBOX_LINUX_SYSTEM_HEADERS_PPC64_LINUX_SYSCALLS_H_

Line 0 Link Here

(-)a/security/sandbox/chromium/sandbox/linux/system_headers/ppc64_linux_ucontext.h (-2 / +12 lines)
0	-	1	// Copyright 2014 The Chromium Authors. All rights reserved.
1	--	2	// Use of this source code is governed by a BSD-style license that can be
		3	// found in the LICENSE file.
		4
		5	#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_PPC64_LINUX_UCONTEXT_H_
		6	#define SANDBOX_LINUX_SYSTEM_HEADERS_PPC64_LINUX_UCONTEXT_H_
		7
		8	#include <sys/ucontext.h>
		9
		10	//TODO: is it necessary to redefine ucontext on PPC64?
		11
		12	#endif // SANDBOX_LINUX_SYSTEM_HEADERS_PPC64_LINUX_UCONTEXT_H_
2	.../chromium/sandbox/linux/bpf_dsl/seccomp_macros.h \| 11 +++++++++++	13	.../chromium/sandbox/linux/bpf_dsl/seccomp_macros.h \| 11 +++++++++++
3	1 file changed, 11 insertions(+)	14	1 file changed, 11 insertions(+)





#define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr))
#define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch))
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
#define SECCOMP_IP_MSB_IDX \
  (offsetof(struct arch_seccomp_data, instruction_pointer) + 4)
#define SECCOMP_IP_LSB_IDX \

  (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 4)
#define SECCOMP_ARG_LSB_IDX(nr) \
  (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 0)
#else
#define SECCOMP_IP_MSB_IDX \
  (offsetof(struct arch_seccomp_data, instruction_pointer) + 0)
#define SECCOMP_IP_LSB_IDX \
  (offsetof(struct arch_seccomp_data, instruction_pointer) + 4)
#define SECCOMP_ARG_MSB_IDX(nr) \
  (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 0)
#define SECCOMP_ARG_LSB_IDX(nr) \
  (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 4)
#endif

#define SECCOMP_PT_RESULT(_regs) (_regs).gpr[3]
#define SECCOMP_PT_SYSCALL(_regs) (_regs).gpr[0]
- 
--
security/sandbox/linux/reporter/SandboxReporter.cpp | 2 ++
1 file changed, 2 insertions(+)

Lines 26-31 Link Here

(-)a/security/sandbox/linux/reporter/SandboxReporter.cpp (-1 / +2 lines)
26	#define SANDBOX_ARCH_NAME "x86"	26	#define SANDBOX_ARCH_NAME "x86"
27	#elif defined(__x86_64__)	27	#elif defined(__x86_64__)
28	#define SANDBOX_ARCH_NAME "amd64"	28	#define SANDBOX_ARCH_NAME "amd64"
		29	#elif defined(__powerpc64__)
		30	#define SANDBOX_ARCH_NAME "ppc64"
29	#else	31	#else
30	#error "unrecognized architecture"	32	#error "unrecognized architecture"
31	#endif	33	#endif
32	-

Return to bug 836319

Lines 229-234 void Trap::SigSys(int nr, LinuxSigInfo* info, ucontext_t* ctx) { Link Here

(-)a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc (+14 lines)
229	SetIsInSigHandler();	229	SetIsInSigHandler();
230	}	230	}
231		231
		232	#if defined(__powerpc64__)
		233	// On ppc64+glibc, some syscalls seem to accidentally negate the first
		234	// parameter which causes checks against it to fail. For now, manually
		235	// negate them back.
		236	// TODO(shawn@anastas.io): investigate this issue further
		237	auto nr = SECCOMP_SYSCALL(ctx);
		238	if (nr == __NR_openat \|\| nr == __NR_mkdirat \|\| nr == __NR_faccessat \|\| nr == __NR_readlinkat \|\|
		239	nr == __NR_renameat \|\| nr == __NR_renameat2 \|\| nr == __NR_newfstatat \|\| nr == __NR_unlinkat) {
		240	if (static_cast<int>(SECCOMP_PARM1(ctx)) > 0) {
		241	SECCOMP_PARM1(ctx) = -SECCOMP_PARM1(ctx);
		242	}
		243	}
		244	#endif
		245
232	// Copy the seccomp-specific data into a arch_seccomp_data structure. This	246	// Copy the seccomp-specific data into a arch_seccomp_data structure. This
233	// is what we are showing to TrapFnc callbacks that the system call	247	// is what we are showing to TrapFnc callbacks that the system call
234	// evaluator registered with the sandbox.	248	// evaluator registered with the sandbox.

Lines 15-21 namespace sandbox { Link Here

(-)a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall.cc (-3 / +59 lines)
15	namespace {	15	namespace {
16		16
17	#if defined(ARCH_CPU_X86_FAMILY) \|\| defined(ARCH_CPU_ARM_FAMILY) \|\| \	17	#if defined(ARCH_CPU_X86_FAMILY) \|\| defined(ARCH_CPU_ARM_FAMILY) \|\| \
18	defined(ARCH_CPU_MIPS_FAMILY)	18	defined(ARCH_CPU_MIPS_FAMILY) \|\| defined (ARCH_CPU_PPC64_FAMILY)
19	// Number that's not currently used by any Linux kernel ABIs.	19	// Number that's not currently used by any Linux kernel ABIs.
20	const int kInvalidSyscallNumber = 0x351d3;	20	const int kInvalidSyscallNumber = 0x351d3;
21	#else	21	#else
Lines 260-271 asm(// We need to be able to tell the kernel exactly where we made a Link Here
260	// Enter the kernel	260	// Enter the kernel
261	"svc 0\n"	261	"svc 0\n"
262	"2:ret\n"	262	"2:ret\n"
		263	".cfi_endproc\n"
		264	".size SyscallAsm, .-SyscallAsm\n"
		265	#elif defined(__powerpc64__)
		266	".text\n"
		267	".align 4\n"
		268	".type SyscallAsm @function\n"
		269	"SyscallAsm:\n"
		270	".cfi_startproc\n"
		271
		272	// Check if r3 is negative
		273	"cmpdi 3, 0\n"
		274	"bgt 2f\n"
		275
		276	// Load address of 3f into r3 and return
		277	"mflr 10\n"
		278	"bl 1f\n"
		279	"1: mflr 3\n"
		280	"mtlr 10\n"
		281	"addi 3, 3, 4*13\n"
		282	"blr\n"
		283
		284	// Load arguments from array into r3-8
		285	// save param 3 in r10
		286	"2:\n"
		287	"mr 0, 3\n"
		288	"ld 3, 0(4)\n"
		289	"ld 5, 16(4)\n"
		290	"ld 6, 24(4)\n"
		291	"ld 7, 32(4)\n"
		292	"ld 8, 40(4)\n"
		293	"ld 4, 8(4)\n"
		294	"li 9, 0\n"
		295
		296	// Enter kernel
		297	"sc\n"
		298
		299	// Magic return address
		300	"3:\n"
		301	// Like MIPS, ppc64 return values are always positive.
		302	// Check for error in cr0.SO and negate upon error
		303	"bc 4, 3, 4f\n"
		304	"neg 3, 3\n"
		305	"4: blr\n"
		306
263	".cfi_endproc\n"	307	".cfi_endproc\n"
264	".size SyscallAsm, .-SyscallAsm\n"	308	".size SyscallAsm, .-SyscallAsm\n"
265	#endif	309	#endif
266	); // asm	310	); // asm
267		311
268	#if defined(__x86_64__)	312	#if defined(__x86_64__) \|\| defined(__powerpc64__)
269	extern "C" {	313	extern "C" {
270	intptr_t SyscallAsm(intptr_t nr, const intptr_t args[6]);	314	intptr_t SyscallAsm(intptr_t nr, const intptr_t args[6]);
271	}	315	}
Lines 379-384 intptr_t Syscall::Call(int nr, Link Here
379	ret = inout;	423	ret = inout;
380	}	424	}
381		425
		426	#elif defined(__powerpc64__)
		427	intptr_t ret = SyscallAsm(nr, args);
382	#else	428	#else
383	#error "Unimplemented architecture"	429	#error "Unimplemented architecture"
384	#endif	430	#endif
Lines 395-402 void Syscall::PutValueInUcontext(intptr_t ret_val, ucontext_t* ctx) { Link Here
395	// needs to be changed back.	441	// needs to be changed back.
396	ret_val = -ret_val;	442	ret_val = -ret_val;
397	SECCOMP_PARM4(ctx) = 1;	443	SECCOMP_PARM4(ctx) = 1;
398	} else	444	} else {
399	SECCOMP_PARM4(ctx) = 0;	445	SECCOMP_PARM4(ctx) = 0;
		446	}
		447	#endif
		448	#if defined(__powerpc64__)
		449	// Same as MIPS, need to invert ret and set error register (cr0.SO)
		450	if (ret_val <= -1 && ret_val >= -4095) {
		451	ret_val = -ret_val;
		452	ctx->uc_mcontext.regs->ccr \|= (1 << 28);
		453	} else {
		454	ctx->uc_mcontext.regs->ccr &= ~(1 << 28);
		455	}
400	#endif	456	#endif
401	SECCOMP_RESULT(ctx) = static_cast<greg_t>(ret_val);	457	SECCOMP_RESULT(ctx) = static_cast<greg_t>(ret_val);
402	}	458	}