New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 5 users

Issue metadata

Status: Verified
Owner:
Last visit > 30 days ago
Closed: Oct 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome
Pri: 2
Type: Bug

Blocked on:
issue 388978



Sign in to add a comment
link

Issue 369594: Add seccomp-bpf support for MIPS

Reported by jln@chromium.org, May 2 2014 Project Member

Issue description

Add seccomp-bpf support for MIPS to Chrome, making it our fourth supported architecture.
 

Comment 3 by bugdroid1@chromium.org, Jun 13 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a24c66d2a9ac204ada9ad3a636256a2ed8c4ad28

commit a24c66d2a9ac204ada9ad3a636256a2ed8c4ad28
Author: jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri Jun 13 12:59:59 2014

Clean-up the SandboxSyscall interface

Create a new Syscall class with a static method to replace SandboxSyscall()
and clean-up some documentation.

BUG= 369594 

Review URL: https://codereview.chromium.org/330723003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@277004 0039d316-1c4b-4281-b951-d872f2087c98

Comment 4 by jln@chromium.org, Jun 26 2014

Blockedon: chromium:388978

Comment 5 by bugdroid1@chromium.org, Jul 8 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/33447b3cc4995b6bd2086a30d61bfebe60053b8f

commit 33447b3cc4995b6bd2086a30d61bfebe60053b8f
Author: nedeljko.babic@imgtec.com <nedeljko.babic@imgtec.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue Jul 08 21:00:12 2014

Linux sandbox: add space for 8 parameters to the Syscall() class

On some architectures (Mips for example) syscalls can take more
than six parameters.

Add support for 8 native-size parameters in Syscall::Call()

BUG= 369594 
TEST= sandbox_linux_unittests

Review URL: https://codereview.chromium.org/357323003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@281823 0039d316-1c4b-4281-b951-d872f2087c98

Comment 6 by bugdroid1@chromium.org, Jul 8 2014

Project Member
------------------------------------------------------------------
r281823 | nedeljko.babic@imgtec.com | 2014-07-08T21:00:12.445676Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/AUTHORS?r1=281823&r2=281822&pathrev=281823
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall.cc?r1=281823&r2=281822&pathrev=281823
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall.h?r1=281823&r2=281822&pathrev=281823

Linux sandbox: add space for 8 parameters to the Syscall() class

On some architectures (Mips for example) syscalls can take more
than six parameters.

Add support for 8 native-size parameters in Syscall::Call()

BUG= 369594 
TEST= sandbox_linux_unittests

Review URL: https://codereview.chromium.org/357323003
-----------------------------------------------------------------

Comment 7 by bugdroid1@chromium.org, Jul 25 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7281a3fb8d40c078afb319ca4afd80839fac3657

commit 7281a3fb8d40c078afb319ca4afd80839fac3657
Author: nedeljko.babic@imgtec.com <nedeljko.babic@imgtec.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri Jul 25 09:03:43 2014

[MIPS] Add seccomp bpf support

Add support for seccomp bpf sandboxing on MIPS architecture.
Enable testing of seccomp bpf sandbox.

Support for seccomp bpf for MIPS was added in Linux kernel version 3.15.

This patchset was reviewed in https://chromiumcodereview.appspot.com/260793003/ and re-created
to workaround a commit-queue issue.

BUG= 369594 
TEST=sandbox_linux_unittests

Review URL: https://codereview.chromium.org/409403003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@285538 0039d316-1c4b-4281-b951-d872f2087c98

Comment 8 by bugdroid1@chromium.org, Jul 25 2014

Project Member
------------------------------------------------------------------
r285538 | nedeljko.babic@imgtec.com | 2014-07-25T09:03:43.553920Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall.h?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/common/sandbox_linux/bpf_renderer_policy_linux.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/common.gypi?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall_iterator.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/errorcode.h?r1=285538&r2=285537&pathrev=285538
   A http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_mips_ucontext.h?r1=285538&r2=285537&pathrev=285538
   A http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/mips_linux_syscalls.h?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_ucontext.h?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/sandbox_linux.gypi?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/linux_syscalls.h?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/common/sandbox_linux/bpf_gpu_policy_linux.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/trap.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall_unittest.cc?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/linux_seccomp.h?r1=285538&r2=285537&pathrev=285538
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall.cc?r1=285538&r2=285537&pathrev=285538

[MIPS] Add seccomp bpf support

Add support for seccomp bpf sandboxing on MIPS architecture.
Enable testing of seccomp bpf sandbox.

Support for seccomp bpf for MIPS was added in Linux kernel version 3.15.

This patchset was reviewed in https://chromiumcodereview.appspot.com/260793003/ and re-created
to workaround a commit-queue issue.

BUG= 369594 
TEST=sandbox_linux_unittests

Review URL: https://codereview.chromium.org/409403003
-----------------------------------------------------------------

Comment 9 by jln@chromium.org, Jul 25 2014

Cc: nedeljko...@imgtec.com

Comment 10 by aurimas@chromium.org, Sep 17 2014

Android MIPS bot is failing to compile:

../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc: In function 'uint32_t {anonymous}::SyscallNumberToOffsetFromBase(uint32_t)':
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:59:19: error: '__NR_Linux' was not declared in this scope
   sysno = sysno - __NR_Linux;
                   ^
ninja: build stopped: subcommand failed.


http://chromegw.corp.google.com/i/clank/builders/mips-builder/builds/3325/steps/compile/logs/stdio

Do you know what could be the problem?

Comment 11 by aurimas@chromium.org, Sep 17 2014

Cc: aurimas@chromium.org

Comment 13 by pet...@mips.com, Sep 17 2014

Comment 14 by jln@chromium.org, Oct 30 2014

Status: Fixed
Marking as fixed. Thanks to Petarj and Nedeljko!

Comment 15 by patricia@chromium.org, Nov 11 2014

Labels: VerifyIn-40

Comment 16 by patricia@chromium.org, Jan 13 2015

Labels: VerifyIn-41

Comment 17 by patricia@chromium.org, Feb 24 2015

Labels: VerifyIn-42

Comment 18 by patricia@chromium.org, Apr 8 2015

Labels: VerifyIn-43

Comment 19 by patricia@chromium.org, May 18 2015

Labels: VerifyIn-44

Comment 20 by mu...@chromium.org, Jun 23 2015

Labels: -VerifyIn-43
Last 43 build of record is M43-STABLE-8 (6946.63.0, 43.0.2357.130) . All VerifyIn-43 are now VerifyIn-44

Comment 21 by patricia@chromium.org, Jul 13 2015

Labels: VerifyIn-45

Comment 22 by patricia@chromium.org, Aug 24 2015

Labels: VerifyIn-46

Comment 23 by krisr@chromium.org, Oct 6 2015

Labels: VerifyIn-47

Comment 24 by patricia@chromium.org, Nov 16 2015

Labels: VerifyIn-48

Comment 25 by patricia@chromium.org, Nov 16 2015

Labels: -VerifyIn-48

Comment 26 by patricia@chromium.org, Jan 19 2016

Labels: VerifyIn-49

Comment 27 by patricia@chromium.org, Jan 19 2016

Labels: -VerifyIn-49

Comment 28 by bugdroid1@chromium.org, Feb 9 2016

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0dcb5222db1f215572630dca6b7a48e4ca61861e

commit 0dcb5222db1f215572630dca6b7a48e4ca61861e
Author: milko.leporis <milko.leporis@imgtec.com>
Date: Tue Feb 09 12:07:24 2016

[MIPS] Linux sandbox: Allow __NR_send for mips32

This change will fix "Aw, Snap!" in Chromium for Linux on mips32,
which is caused by dissallowed __NR_send syscall:
sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 4000 + 0178

TEST=Running Chromium on MIPS CI20 board with 3.18 kernel
BUG= 369594 ,  130022 

Review URL: https://codereview.chromium.org/1666103002

Cr-Commit-Position: refs/heads/master@{#374357}

[modify] http://crrev.com/0dcb5222db1f215572630dca6b7a48e4ca61861e/AUTHORS
[modify] http://crrev.com/0dcb5222db1f215572630dca6b7a48e4ca61861e/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc

Comment 29 by patricia@chromium.org, Feb 12 2016

Status: Verified
Bulk verified

Sign in to add a comment