Closed
Bug 908907
Opened 11 years ago
Closed 11 years ago
Fill in gaps in seccomp-bpf whitelist for b2g.
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla26
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(1 file)
|
2.02 KB,
patch
|
kang
:
review+
briansmith
:
review+
|
Details | Diff | Splinter Review |
Program received signal SIGSYS, Bad system call.
dup () at bionic/libc/arch-arm/syscalls/dup.S:10
10 ldmfd sp!, {r4, r7}
dup seems relatively harmless, so maybe we should allow it? Here's the beginning of the call stack, with newlines added for clarity, in case we want to try to avoid it instead:
(gdb) bt
#0 dup () at bionic/libc/arch-arm/syscalls/dup.S:10
#1 0x40e17d72 in mozilla::ipc::SharedMemoryBasic::ShareToProcess (this=<value optimized out>, aNewHandle=0xbec9c024) at /home/jld/src/B2G/gecko/ipc/glue/SharedMemoryBasic_android.cpp:103
#2 0x40e1e36e in mozilla::ipc::Shmem::ShareTo (this=0xbec9c05c, aProcess=2639, routingId=2147483647) at /home/jld/src/B2G/gecko/ipc/glue/Shmem.cpp:606
#3 0x40e8b68c in mozilla::layers::PCompositorChild::CreateSharedMemory (this=0x42ce1180, aSize=<value optimized out>, aType=<value optimized out>, aUnsafe=<value optimized out>, aId=0xbec9c0b4) at /home/jld/src/B2G/objdir-gecko/ipc/ipdl/PCompositorChild.cpp:530
#4 0x40e1f1b2 in mozilla::dom::PSpeechSynthesisChild::CreateSharedMemory (this=0x25, aSize=<value optimized out>, aType=<value optimized out>, aUnsafe=255, aId=0xbec9c0b4) at /home/jld/src/B2G/objdir-gecko/ipc/ipdl/PSpeechSynthesisChild.cpp:266
#5 0x40e9449e in mozilla::layers::PLayerTransactionChild::AllocUnsafeShmem (this=0xbec9c0b4, aSize=126736, aType=mozilla::ipc::SharedMemory::TYPE_BASIC, aMem=0xbec9c0d8) at /home/jld/src/B2G/objdir-gecko/ipc/ipdl/PLayerTransactionChild.cpp:782
#6 0x4110e78c in mozilla::layers::ShadowLayerForwarder::AllocUnsafeShmem (this=<value optimized out>, aSize=126736, aType=mozilla::ipc::SharedMemory::TYPE_BASIC, aShmem=0xffffffff) at /home/jld/src/B2G/gecko/gfx/layers/ipc/ShadowLayers.cpp:567
#7 0x410ffad2 in Create<mozilla::layers::ISurfaceAllocator, true> (this=0x40326428, aSize=..., aContent=<value optimized out>, aBuffer=0xbec9c130) at ../../dist/include/gfxBaseSharedMemorySurface.h:176
#8 CreateUnsafe<mozilla::layers::ISurfaceAllocator> (this=0x40326428, aSize=..., aContent=<value optimized out>, aBuffer=0xbec9c130) at ../../dist/include/gfxBaseSharedMemorySurface.h:98
#9 mozilla::layers::ISurfaceAllocator::AllocSharedImageSurface (this=0x40326428, aSize=..., aContent=<value optimized out>, aBuffer=0xbec9c130) at /home/jld/src/B2G/gecko/gfx/layers/ipc/ISurfaceAllocator.cpp:60
#10 0x410ffa4c in mozilla::layers::ISurfaceAllocator::AllocSurfaceDescriptorWithCaps (this=0x40326428, aSize=..., aContent=gfxASurface::CONTENT_ALPHA, aCaps=<value optimized out>, aBuffer=0x443d62bc) at /home/jld/src/B2G/gecko/gfx/layers/ipc/ISurfaceAllocator.cpp:112
#11 0x410ff940 in mozilla::layers::ISurfaceAllocator::AllocSurfaceDescriptor (this=0xbec9c0b4, aSize=<value optimized out>, aContent=0, aBuffer=<value optimized out>) at /home/jld/src/B2G/gecko/gfx/layers/ipc/ISurfaceAllocator.cpp:74
|
Assignee | |
Comment 1•11 years ago
|
||
There are a few other syscalls I found. I'm going to expand this bug to cover all of them, including working around bug 906996, because if I try to separate each added line into its own patch they'll all conflict with each other.
|
|
Assignee | |
Comment 2•11 years ago
|
||
…and I should reapply the summary change I lost after mid-air colliding with myself.
Summary: b2g UI Tests app crashes on startup because seccomp disallows dup → Fill in gaps in seccomp-bpf whitelist for b2g.
|
|
Assignee | |
Comment 3•11 years ago
|
||
|
||
Updated•11 years ago
|
Attachment #799883 -
Flags: review+
Comment on attachment 799883 [details] [diff] [review]
bug908907-seccomp-gaps.diff
Review of attachment 799883 [details] [diff] [review]:
-----------------------------------------------------------------
thanks :)
hopefully we can remove some of these sooner than later (same for open, in fact). Until then, looks good.
Attachment #799883 -
Flags: review?(gdestuynder) → review+
|
||
Comment 6•11 years ago
|
||
I have this patch applied, and it works generalyl. However I got bug 907087 once again, but I didn't think of running gdb at that time so I don't know why... I'll report again if I find something.
|
|
Assignee | |
Comment 7•11 years ago
|
||
Thanks for the review.
Checkin note: This should be sent to b2g-inbound instead of regular inbound, I think?
Keywords: checkin-needed
|
||
Comment 8•11 years ago
|
||
Keywords: checkin-needed
|
|
||
Comment 9•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
You need to log in
before you can comment on or make changes to this bug.
Description
•