From b3a14db7637232d30c878cc1f1ad6d8037e81379 Mon Sep 17 00:00:00 2001 From: Shawn Anastasio Date: Tue, 15 Jan 2019 22:42:21 -0600 Subject: [PATCH] linux/seccomp-bpf: ppc64+glibc workaround in SIGSYS handler Workaround for an apparent issue with glibc negating syscall parameters. Observed on a ppc64le machine with glibc. More investigation required. --- sandbox/linux/seccomp-bpf/trap.cc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) Index: chromium-128.0.6613.113/sandbox/linux/seccomp-bpf/trap.cc =================================================================== --- chromium-128.0.6613.113.orig/sandbox/linux/seccomp-bpf/trap.cc +++ chromium-128.0.6613.113/sandbox/linux/seccomp-bpf/trap.cc @@ -236,6 +236,20 @@ void Trap::SigSys(int nr, LinuxSigInfo* SetIsInSigHandler(); } +#if defined(__powerpc64__) + // On ppc64+glibc, some syscalls seem to accidentally negate the first + // parameter which causes checks against it to fail. For now, manually + // negate them back. + // TODO(shawn@anastas.io): investigate this issue further + auto nr = SECCOMP_SYSCALL(ctx); + if (nr == __NR_openat || nr == __NR_mkdirat || nr == __NR_faccessat || nr == __NR_readlinkat || + nr == __NR_renameat || nr == __NR_renameat2 || nr == __NR_newfstatat || nr == __NR_unlinkat) { + if (static_cast(SECCOMP_PARM1(ctx)) > 0) { + SECCOMP_PARM1(ctx) = -SECCOMP_PARM1(ctx); + } + } +#endif + // Copy the seccomp-specific data into a arch_seccomp_data structure. This // is what we are showing to TrapFnc callbacks that the system call // evaluator registered with the sandbox.