From da52663deec77f705d7d58b18484c3e28e563f10 Mon Sep 17 00:00:00 2001 From: Shawn Anastasio <shawnanastasio@yahoo.com> Date: Tue, 18 Sep 2018 18:39:28 -0500 Subject: [PATCH] sandbox/linux: Update syscall helpers/lists for ppc64 --- .../seccomp-bpf-helpers/baseline_policy.cc | 8 +- .../syscall_parameters_restrictions.cc | 2 +- .../syscall_parameters_restrictions.h | 2 +- .../linux/seccomp-bpf-helpers/syscall_sets.cc | 108 ++++++++++-------- .../linux/seccomp-bpf-helpers/syscall_sets.h | 6 +- sandbox/linux/services/syscall_wrappers.cc | 2 +- 6 files changed, 73 insertions(+), 55 deletions(-) Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc =================================================================== --- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc @@ -90,7 +90,8 @@ bool IsBaselinePolicyWatched(int sysno) SyscallSets::IsPrctl(sysno) || SyscallSets::IsProcessGroupOrSession(sysno) || #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) SyscallSets::IsSocketCall(sysno) || #endif #if defined(__arm__) @@ -255,7 +256,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de } #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) if (sysno == __NR_mmap) return RestrictMmapFlags(); #endif @@ -276,7 +277,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de return RestrictPrctl(); #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) if (sysno == __NR_socketpair) { // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. static_assert(AF_UNIX == PF_UNIX, @@ -340,7 +341,8 @@ ResultExpr EvaluateSyscallImpl(int fs_de } #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) if (SyscallSets::IsSocketCall(sysno)) return RestrictSocketcallCommand(); #endif Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc =================================================================== --- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc @@ -36,7 +36,7 @@ #include "sandbox/linux/system_headers/linux_time.h" #if (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS)) && \ - !defined(__arm__) && !defined(__aarch64__) && \ + !defined(__arm__) && !defined(__aarch64__) && !defined(__powerpc64__) && \ !defined(PTRACE_GET_THREAD_AREA) // Also include asm/ptrace-abi.h since ptrace.h in older libc (for instance // the one in Ubuntu 16.04 LTS) is missing PTRACE_GET_THREAD_AREA. @@ -45,6 +45,11 @@ #include <asm/ptrace-abi.h> #endif +// On PPC64, TCGETS is defined in terms of struct termios, so we must include termios.h +#ifdef __powerpc64__ +#include <termios.h> +#endif + #if BUILDFLAG(IS_ANDROID) #if !defined(F_DUPFD_CLOEXEC) @@ -102,6 +107,15 @@ inline bool IsArchitectureMips() { #endif } +inline bool IsArchitecturePPC64() { +#if defined(__powerpc64__) + return true; +#else + return false; +#endif +} + + // Ubuntu's version of glibc has a race condition in sem_post that can cause // it to call futex(2) with bogus op arguments. To workaround this, we need // to allow those futex(2) calls to fail with EINVAL, instead of crashing the @@ -269,9 +283,11 @@ ResultExpr RestrictFcntlCommands() { // operator. // Glibc overrides the kernel's O_LARGEFILE value. Account for this. uint64_t kOLargeFileFlag = O_LARGEFILE; - if (IsArchitectureX86_64() || IsArchitectureI386() || IsArchitectureMips()) + if (IsArchitectureX86_64() || IsArchitectureI386() || IsArchitectureMips() \ + || IsArchitecturePPC64()) kOLargeFileFlag = 0100000; + const Arg<int> cmd(1); const Arg<long> long_arg(2); @@ -294,8 +310,17 @@ ResultExpr RestrictFcntlCommands() { F_SETLKW, F_GETLK, F_DUPFD, - F_DUPFD_CLOEXEC}, - Allow()) + F_DUPFD_CLOEXEC +#if defined(__powerpc64__) +// On PPC64, F_SETLK, F_GETLK, F_SETLKW are defined as the 64-bit variants +// but glibc will sometimes still use the 32-bit versions. Allow both. + , + 5, /* F_GETLK (32) */ + 6, /* F_SETLK (32) */ + 7 /* F_SETLKW (32) */ +#endif + }, + Allow()) .Case(F_SETFL, If((long_arg & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS())) .Case(F_ADD_SEALS, @@ -304,7 +329,7 @@ ResultExpr RestrictFcntlCommands() { // clang-format on } -#if defined(__i386__) || defined(__mips__) +#if defined(__i386__) || defined(__mips__) || defined(__powerpc64__) ResultExpr RestrictSocketcallCommand() { // Unfortunately, we are unable to restrict the first parameter to // socketpair(2). Whilst initially sounding bad, it's noteworthy that very @@ -459,7 +484,7 @@ ResultExpr RestrictPtrace() { #endif return Switch(request) .Cases({ -#if !defined(__aarch64__) +#if !defined(__aarch64__) && !defined(__powerpc64__) PTRACE_GETREGS, PTRACE_GETFPREGS, PTRACE_GET_THREAD_AREA, PTRACE_GETREGSET, #endif Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h =================================================================== --- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h +++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h @@ -52,7 +52,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Restr // O_NONBLOCK | O_SYNC | O_LARGEFILE | O_CLOEXEC | O_NOATIME. SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictFcntlCommands(); -#if defined(__i386__) || defined(__mips__) +#if defined(__i386__) || defined(__mips__) || defined(__powerpc64__) // Restrict socketcall(2) to only allow socketpair(2), send(2), recv(2), // sendto(2), recvfrom(2), shutdown(2), sendmsg(2) and recvmsg(2). SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictSocketcallCommand(); Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc =================================================================== --- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc @@ -29,7 +29,8 @@ bool SyscallSets::IsAllowedGettime(int s switch (sysno) { case __NR_gettimeofday: #if defined(__i386__) || defined(__x86_64__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_time: #endif return true; @@ -52,12 +53,14 @@ bool SyscallSets::IsAllowedGettime(int s case __NR_clock_nanosleep_time64: // Parameters filtered by RestrictClockID(). #endif #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_ftime: // Obsolete. #endif case __NR_settimeofday: // Privileged. #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_stime: #endif default: @@ -136,7 +139,7 @@ bool SyscallSets::IsFileSystem(int sysno case __NR_faccessat2: case __NR_fchmodat: case __NR_fchownat: // Should be called chownat ? -#if defined(__x86_64__) || defined(__aarch64__) +#if defined(__x86_64__) || defined(__aarch64__) || defined(__powerpc64__) case __NR_newfstatat: // fstatat(). EPERM not a valid errno. #elif defined(__i386__) || defined(__arm__) || \ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) @@ -155,7 +158,7 @@ bool SyscallSets::IsFileSystem(int sysno case __NR_memfd_create: case __NR_mkdirat: case __NR_mknodat: -#if defined(__i386__) +#if defined(__i386__) || defined(__powerpc64__) case __NR_oldlstat: case __NR_oldstat: #endif @@ -169,7 +172,8 @@ bool SyscallSets::IsFileSystem(int sysno #endif case __NR_statfs: // EPERM not a valid errno. #if defined(__i386__) || defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_statfs64: #endif case __NR_statx: // EPERM not a valid errno. @@ -180,7 +184,8 @@ bool SyscallSets::IsFileSystem(int sysno case __NR_truncate64: #endif case __NR_unlinkat: -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__powerpc64__) case __NR_utime: #endif case __NR_utimensat: // New. @@ -220,7 +225,8 @@ bool SyscallSets::IsAllowedFileSystemAcc #endif return true; // TODO(jln): these should be denied gracefully as well (moved below). -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__powerpc64__) case __NR_fadvise64: // EPERM not a valid errno. #endif #if defined(__i386__) @@ -233,11 +239,12 @@ bool SyscallSets::IsAllowedFileSystemAcc case __NR_flock: // EPERM not a valid errno. case __NR_fstatfs: // Give information about the whole filesystem. #if defined(__i386__) || defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_fstatfs64: #endif case __NR_fsync: // EPERM not a valid errno. -#if defined(__i386__) +#if defined(__i386__) || defined(__powerpc64__) case __NR_oldfstat: #endif #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ @@ -245,6 +252,8 @@ bool SyscallSets::IsAllowedFileSystemAcc case __NR_sync_file_range: // EPERM not a valid errno. #elif defined(__arm__) case __NR_arm_sync_file_range: // EPERM not a valid errno. +#elif defined(__powerpc64__) + case __NR_sync_file_range2: // EPERM not a valid errno. #endif default: return false; @@ -265,7 +274,8 @@ bool SyscallSets::IsDeniedFileSystemAcce #endif case __NR_getdents64: // EPERM not a valid errno. #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_readdir: #endif return true; @@ -306,7 +316,7 @@ bool SyscallSets::IsGetSimpleId(int sysn bool SyscallSets::IsProcessPrivilegeChange(int sysno) { switch (sysno) { case __NR_capset: -#if defined(__i386__) || defined(__x86_64__) +#if defined(__i386__) || defined(__x86_64__) || defined(__powerpc64__) case __NR_ioperm: // Intel privilege. case __NR_iopl: // Intel privilege. #endif @@ -362,7 +372,8 @@ bool SyscallSets::IsAllowedSignalHandlin // overflow. case __NR_sigaltstack: #if defined(__i386__) || defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_rt_sigtimedwait_time64: case __NR_sigaction: case __NR_sigprocmask: @@ -378,7 +389,8 @@ bool SyscallSets::IsAllowedSignalHandlin #endif case __NR_signalfd4: #if defined(__i386__) || defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_sigpending: case __NR_sigsuspend: #endif @@ -402,7 +414,7 @@ bool SyscallSets::IsAllowedOperationOnFd #endif case __NR_dup3: #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_shutdown: #endif return true; @@ -435,7 +447,7 @@ bool SyscallSets::IsAllowedProcessStartO case __NR_exit_group: case __NR_wait4: case __NR_waitid: -#if defined(__i386__) +#if defined(__i386__) || defined(__powerpc64__) case __NR_waitpid: #endif return true; @@ -452,7 +464,7 @@ bool SyscallSets::IsAllowedProcessStartO #endif case __NR_set_tid_address: case __NR_unshare: -#if !defined(__mips__) && !defined(__aarch64__) +#if !defined(__mips__) && !defined(__aarch64__) || defined(__powerpc64__) case __NR_vfork: #endif default: @@ -499,7 +511,7 @@ bool SyscallSets::IsAllowedEpoll(int sys bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) { switch (sysno) { #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_accept: case __NR_accept4: case __NR_bind: @@ -514,7 +526,8 @@ bool SyscallSets::IsDeniedGetOrModifySoc } #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) // Big multiplexing system call for sockets. bool SyscallSets::IsSocketCall(int sysno) { switch (sysno) { @@ -528,7 +541,8 @@ bool SyscallSets::IsSocketCall(int sysno } #endif -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ + defined(__powerpc64__) bool SyscallSets::IsNetworkSocketInformation(int sysno) { switch (sysno) { case __NR_getpeername: @@ -553,7 +567,7 @@ bool SyscallSets::IsAllowedAddressSpaceA case __NR_mincore: case __NR_mlockall: #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_mmap: #endif #if defined(__i386__) || defined(__arm__) || \ @@ -583,7 +597,8 @@ bool SyscallSets::IsAllowedGeneralIo(int switch (sysno) { case __NR_lseek: #if defined(__i386__) || defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR__llseek: #endif #if !defined(__aarch64__) @@ -603,26 +618,28 @@ bool SyscallSets::IsAllowedGeneralIo(int case __NR_readv: case __NR_pread64: #if defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_recv: #endif #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_recvfrom: // Could specify source. case __NR_recvmsg: // Could specify source. #endif -#if defined(__i386__) || defined(__x86_64__) +#if defined(__i386__) || defined(__x86_64__) || defined(__powerpc64__) case __NR_select: #endif -#if defined(__i386__) || defined(__arm__) || defined(__mips__) +#if defined(__i386__) || defined(__arm__) || defined(__mips__) || defined(__powerpc64__) case __NR__newselect: #endif #if defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_send: #endif #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_sendmsg: // Could specify destination. case __NR_sendto: // Could specify destination. #endif @@ -678,7 +695,8 @@ bool SyscallSets::IsAllowedBasicSchedule return true; case __NR_getpriority: #if defined(__i386__) || defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_nice: #endif case __NR_setpriority: @@ -690,7 +708,8 @@ bool SyscallSets::IsAllowedBasicSchedule bool SyscallSets::IsAdminOperation(int sysno) { switch (sysno) { #if defined(__i386__) || defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_bdflush: #endif case __NR_kexec_load: @@ -706,7 +725,8 @@ bool SyscallSets::IsAdminOperation(int s bool SyscallSets::IsKernelModule(int sysno) { switch (sysno) { -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__powerpc64__) case __NR_create_module: case __NR_get_kernel_syms: // Should ENOSYS. case __NR_query_module: @@ -739,7 +759,8 @@ bool SyscallSets::IsFsControl(int sysno) case __NR_swapoff: case __NR_swapon: #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_umount: #endif case __NR_umount2: @@ -755,7 +776,7 @@ bool SyscallSets::IsNuma(int sysno) { case __NR_getcpu: case __NR_mbind: #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_migrate_pages: #endif case __NR_move_pages: @@ -790,14 +811,15 @@ bool SyscallSets::IsGlobalProcessEnviron switch (sysno) { case __NR_acct: // Privileged. #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_getrlimit: #endif -#if defined(__i386__) || defined(__arm__) +#if defined(__i386__) || defined(__arm__) || defined(__powerpc64__) case __NR_ugetrlimit: #endif #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_ulimit: #endif case __NR_getrusage: @@ -831,7 +853,7 @@ bool SyscallSets::IsGlobalSystemStatus(i #endif case __NR_sysinfo: case __NR_uname: -#if defined(__i386__) +#if defined(__i386__) || defined(__powerpc64__) case __NR_olduname: case __NR_oldolduname: #endif @@ -915,7 +937,8 @@ bool SyscallSets::IsSystemVSemaphores(in #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ defined(__aarch64__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ + defined(__powerpc64__) // These give a lot of ambient authority and bypass the setuid sandbox. bool SyscallSets::IsSystemVSharedMemory(int sysno) { switch (sysno) { @@ -946,7 +969,8 @@ bool SyscallSets::IsSystemVMessageQueue( #endif #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) // Big system V multiplexing system call. bool SyscallSets::IsSystemVIpc(int sysno) { switch (sysno) { @@ -966,7 +990,8 @@ bool SyscallSets::IsAnySystemV(int sysno return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) || IsSystemVSharedMemory(sysno); #elif defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) return IsSystemVIpc(sysno); #endif } @@ -1023,7 +1048,8 @@ bool SyscallSets::IsFaNotify(int sysno) bool SyscallSets::IsTimer(int sysno) { switch (sysno) { case __NR_getitimer: -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__powerpc64__) case __NR_alarm: #endif case __NR_setitimer: @@ -1105,18 +1131,22 @@ bool SyscallSets::IsMisc(int sysno) { case __NR_syncfs: case __NR_vhangup: // The system calls below are not implemented. -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__powerpc64__) case __NR_afs_syscall: #endif #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_break: #endif -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__powerpc64__) case __NR_getpmsg: #endif #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_gtty: case __NR_idle: case __NR_lock: @@ -1124,20 +1154,22 @@ bool SyscallSets::IsMisc(int sysno) { case __NR_prof: case __NR_profil: #endif -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ + defined(__powerpc64__) case __NR_putpmsg: #endif #if defined(__x86_64__) case __NR_security: #endif #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_stty: #endif -#if defined(__x86_64__) +#if defined(__x86_64__) || defined(__powerpc64__) case __NR_tuxcall: #endif -#if !defined(__aarch64__) +#if !defined(__aarch64__) && !defined(__powerpc64__) case __NR_vserver: #endif return true; Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h =================================================================== --- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h +++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h @@ -46,13 +46,14 @@ class SANDBOX_EXPORT SyscallSets { static bool IsDeniedGetOrModifySocket(int sysno); #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) // Big multiplexing system call for sockets. static bool IsSocketCall(int sysno); #endif #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) static bool IsNetworkSocketInformation(int sysno); #endif @@ -84,7 +85,8 @@ class SANDBOX_EXPORT SyscallSets { #endif #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ defined(__aarch64__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ + defined(__powerpc64__) // These give a lot of ambient authority and bypass the setuid sandbox. static bool IsSystemVSharedMemory(int sysno); #endif @@ -95,7 +97,8 @@ class SANDBOX_EXPORT SyscallSets { #endif #if defined(__i386__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) // Big system V multiplexing system call. static bool IsSystemVIpc(int sysno); #endif Index: chromium-120.0.6099.71/sandbox/linux/services/syscall_wrappers.cc =================================================================== --- chromium-120.0.6099.71.orig/sandbox/linux/services/syscall_wrappers.cc +++ chromium-120.0.6099.71/sandbox/linux/services/syscall_wrappers.cc @@ -61,7 +61,7 @@ long sys_clone(unsigned long flags, #if defined(ARCH_CPU_X86_64) return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ - defined(ARCH_CPU_MIPS_FAMILY) + defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_PPC64_FAMILY) // CONFIG_CLONE_BACKWARDS defined. return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); #endif