Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp
authorJed Davis <jld@mozilla.com>
Fri, 27 Oct 2017 20:51:25 -0600
changeset 441163 48b83b14ff3d1c47481980b5ec0b091d26d3d4c9
parent 441162 565d98335e7e83699c3237b40b2af2273fc6d488
child 441164 eeb1aae7683bac5303976c8ebd425f632ecb0b9b
push id8127
push userryanvm@gmail.com
push dateTue, 07 Nov 2017 22:38:50 +0000
treeherdermozilla-beta@692b6712f560 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1412480
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp The values in arch_seccomp_data::args are uint64_t even on 32-bit platforms, and syscall takes varargs, so the arguments need to be explicitly cast to the word size in order to be passed correctly. MozReview-Commit-ID: 5ldv6WbL2Z3
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -107,20 +107,21 @@ protected:
   static intptr_t DoSyscall(long nr, Args... args) {
     return ConvertError(syscall(nr, args...));
   }
 
 private:
   // Bug 1093893: Translate tkill to tgkill for pthread_kill; fixed in
   // bionic commit 10c8ce59a (in JB and up; API level 16 = Android 4.1).
   // Bug 1376653: musl also needs this, and security-wise it's harmless.
-  static intptr_t TKillCompatTrap(const sandbox::arch_seccomp_data& aArgs,
-                                  void *aux)
+  static intptr_t TKillCompatTrap(ArgsRef aArgs, void *aux)
   {
-    return DoSyscall(__NR_tgkill, getpid(), aArgs.args[0], aArgs.args[1]);
+    auto tid = static_cast<pid_t>(aArgs.args[0]);
+    auto sig = static_cast<int>(aArgs.args[1]);
+    return DoSyscall(__NR_tgkill, getpid(), tid, sig);
   }
 
   static intptr_t SetNoNewPrivsTrap(ArgsRef& aArgs, void* aux) {
     if (gSetSandboxFilter == nullptr) {
       // Called after BroadcastSetThreadSandbox finished, therefore
       // not our doing and not expected.
       return BlockedSyscallTrap(aArgs, nullptr);
     }
@@ -1050,28 +1051,27 @@ class GMPSandboxPolicy : public SandboxP
     int fd = files->GetDesc(path);
     if (fd < 0) {
       // SandboxOpenedFile::GetDesc already logged about this, if appropriate.
       return -ENOENT;
     }
     return fd;
   }
 
-  static intptr_t SchedTrap(const sandbox::arch_seccomp_data& aArgs,
-                            void* aux)
+  static intptr_t SchedTrap(ArgsRef aArgs, void* aux)
   {
     const pid_t tid = syscall(__NR_gettid);
     if (aArgs.args[0] == static_cast<uint64_t>(tid)) {
       return DoSyscall(aArgs.nr,
                        0,
-                       aArgs.args[1],
-                       aArgs.args[2],
-                       aArgs.args[3],
-                       aArgs.args[4],
-                       aArgs.args[5]);
+                       static_cast<uintptr_t>(aArgs.args[1]),
+                       static_cast<uintptr_t>(aArgs.args[2]),
+                       static_cast<uintptr_t>(aArgs.args[3]),
+                       static_cast<uintptr_t>(aArgs.args[4]),
+                       static_cast<uintptr_t>(aArgs.args[5]));
     }
     SANDBOX_LOG_ERROR("unsupported tid in SchedTrap");
     return BlockedSyscallTrap(aArgs, nullptr);
   }
 
   static intptr_t UnameTrap(const sandbox::arch_seccomp_data& aArgs,
                             void* aux)
   {