Bug 1273852 - Always add seccomp-bpf socketcall dispatcher. r=jld
authorGian-Carlo Pascutto <gcp@mozilla.com>
Wed, 29 Jun 2016 20:34:40 +0200
changeset 303550 289f630f3b0b818d581dfbd32dd6a97038a558e0
parent 303549 cc14db2645218df5f292f1eb00fdd1e9d7d83486
child 303551 35575b3633f7b9521a82b5a0dd20c372f79b1973
push id30394
push userphilringnalda@gmail.com
push dateMon, 04 Jul 2016 22:02:32 +0000
treeherdermozilla-central@c9a70b64f2fa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1273852
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1273852 - Always add seccomp-bpf socketcall dispatcher. r=jld For 32-bit Linux 4.3+, always add socketcall dispatcher even if relevant syscalls are known, because both entry points will exist. See Linux kernel commit: commit 9dea5dc921b5f4045a18c63eb92e84dc274d17eb Author: Andy Lutomirski <luto@kernel.org> Date: Tue Jul 14 15:24:24 2015 -0700 x86/entry/syscalls: Wire up 32-bit direct socket calls MozReview-Commit-ID: I3GEvolGfsR
security/sandbox/linux/SandboxFilterUtil.cpp
--- a/security/sandbox/linux/SandboxFilterUtil.cpp
+++ b/security/sandbox/linux/SandboxFilterUtil.cpp
@@ -57,25 +57,28 @@ SandboxPolicyBase::EvaluateSyscall(int a
         // Optimize out cases that are equal to the default.
         if (thisCase) {
           acc.reset(new Caser<int>(acc->Case(i, *thisCase)));
         }
       }
       return acc->Default(InvalidSyscall());
     }
 #endif // ANDROID
-#else // __NR_socketcall
-#define DISPATCH_SOCKETCALL(sysnum, socketnum)         \
-    case sysnum:                                       \
+#endif // __NR_socketcall
+#define DISPATCH_SOCKETCALL(sysnum, socketnum)                       \
+    case sysnum:                                                     \
       return EvaluateSocketCall(socketnum).valueOr(InvalidSyscall())
+#ifdef __NR_socket
       DISPATCH_SOCKETCALL(__NR_socket,      SYS_SOCKET);
       DISPATCH_SOCKETCALL(__NR_bind,        SYS_BIND);
       DISPATCH_SOCKETCALL(__NR_connect,     SYS_CONNECT);
       DISPATCH_SOCKETCALL(__NR_listen,      SYS_LISTEN);
+#ifdef __NR_accept
       DISPATCH_SOCKETCALL(__NR_accept,      SYS_ACCEPT);
+#endif
       DISPATCH_SOCKETCALL(__NR_getsockname, SYS_GETSOCKNAME);
       DISPATCH_SOCKETCALL(__NR_getpeername, SYS_GETPEERNAME);
       DISPATCH_SOCKETCALL(__NR_socketpair,  SYS_SOCKETPAIR);
 #ifdef __NR_send
       DISPATCH_SOCKETCALL(__NR_send,        SYS_SEND);
       DISPATCH_SOCKETCALL(__NR_recv,        SYS_RECV);
 #endif // __NR_send
       DISPATCH_SOCKETCALL(__NR_sendto,      SYS_SENDTO);
@@ -83,17 +86,19 @@ SandboxPolicyBase::EvaluateSyscall(int a
       DISPATCH_SOCKETCALL(__NR_shutdown,    SYS_SHUTDOWN);
       DISPATCH_SOCKETCALL(__NR_setsockopt,  SYS_SETSOCKOPT);
       DISPATCH_SOCKETCALL(__NR_getsockopt,  SYS_GETSOCKOPT);
       DISPATCH_SOCKETCALL(__NR_sendmsg,     SYS_SENDMSG);
       DISPATCH_SOCKETCALL(__NR_recvmsg,     SYS_RECVMSG);
       DISPATCH_SOCKETCALL(__NR_accept4,     SYS_ACCEPT4);
       DISPATCH_SOCKETCALL(__NR_recvmmsg,    SYS_RECVMMSG);
       DISPATCH_SOCKETCALL(__NR_sendmmsg,    SYS_SENDMMSG);
+#endif // __NR_socket
 #undef DISPATCH_SOCKETCALL
+#ifndef __NR_socketcall
 #ifndef ANDROID
 #define DISPATCH_SYSVCALL(sysnum, ipcnum)         \
     case sysnum:                                  \
       return EvaluateIpcCall(ipcnum).valueOr(InvalidSyscall())
       DISPATCH_SYSVCALL(__NR_semop,       SEMOP);
       DISPATCH_SYSVCALL(__NR_semget,      SEMGET);
       DISPATCH_SYSVCALL(__NR_semctl,      SEMCTL);
       DISPATCH_SYSVCALL(__NR_semtimedop,  SEMTIMEDOP);