M58 Seccomp Crashes sandbox::CrashSIGSYS_Handler |
|||||
Issue description
We're seeing a slight uptick in the sandbox::CrashSIGSYS_Handler crash signature on M58.
Analysis of the seccomp-sigsys crash key shows the distribution of the system call violations:
Arch nr
arm 7 2
17 1
43 1
110 1
128 1
294 151 (__NR_setsockopt)
356 9 (__NR_eventfd2)
arm64 19 1 (__NR_eventfd2)
x86 218 686 (__NR_mincore)
For arm setsockopt:
arg2 arg3
1 2 7 (SO_REUSEADDR)
7 1 (SO_SNDBUF)
20 131 (SO_RCVTIMEO)
I will expand the whitelist for setsockopt to include SO_RCVTIMEO and SO_REUSEADDR for __NR_setsockopt.
__NR_mincore seems pretty obscure and is only being reported on x86 devices. It looks like libunwind uses it here: https://android.googlesource.com/platform/external/libunwind/+/android-6.0.1_r79/src/x86/Ginit.c#117. We could maybe EPERM it, but that seems like it'd break libunwind (and in https://crash.corp.google.com/browse?q=reportid=%275da5cf6480000000%27#0 we see: libart.so --> libbacktrace.so --> libunwindo.so), so that may not work.
,
Mar 20 2017
,
Mar 20 2017
Your change meets the bar and is auto-approved for M58. Please go ahead and merge the CL to branch 3029 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c245477cba2641ae360fff6a021b44666fd70391 commit c245477cba2641ae360fff6a021b44666fd70391 Author: Robert Sesek <rsesek@chromium.org> Date: Mon Mar 20 15:35:10 2017 [Android] Seccomp whitelist expansion for M58. This permits __NR_mincore on x86 and allows more options for __NR_setsockopt. BUG= 701137 R=jorgelo@chromium.org Review-Url: https://codereview.chromium.org/2755743002 Cr-Commit-Position: refs/heads/master@{#457198} (cherry picked from commit daa4b8602914d859d3f59726fae30cad0c072f8a) Review-Url: https://codereview.chromium.org/2762683002 . Cr-Commit-Position: refs/branch-heads/3029@{#297} Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471} [modify] https://crrev.com/c245477cba2641ae360fff6a021b44666fd70391/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
,
Mar 20 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by bugdroid1@chromium.org
, Mar 15 2017