From b3a14db7637232d30c878cc1f1ad6d8037e81379 Mon Sep 17 00:00:00 2001

From: Shawn Anastasio <shawn@anastas.io>

Date: Tue, 15 Jan 2019 22:42:21 -0600

Subject: [PATCH] linux/seccomp-bpf: ppc64+glibc workaround in SIGSYS handler

Workaround for an apparent issue with glibc negating syscall

parameters. Observed on a ppc64le machine with glibc.

More investigation required.

---

 sandbox/linux/seccomp-bpf/trap.cc | 14 ++++++++++++++

 1 file changed, 14 insertions(+)

Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf/trap.cc

===================================================================

--- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf/trap.cc

+++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf/trap.cc

@@ -232,6 +232,20 @@ void Trap::SigSys(int nr, LinuxSigInfo*

       SetIsInSigHandler();

     }

+#if defined(__powerpc64__)

+    // On ppc64+glibc, some syscalls seem to accidentally negate the first

+    // parameter which causes checks against it to fail. For now, manually

+    // negate them back.

+    // TODO(shawn@anastas.io): investigate this issue further

+    auto nr = SECCOMP_SYSCALL(ctx);

+    if (nr == __NR_openat || nr == __NR_mkdirat || nr == __NR_faccessat || nr == __NR_readlinkat ||

+        nr == __NR_renameat || nr == __NR_renameat2 || nr == __NR_newfstatat || nr == __NR_unlinkat) {

+        if (static_cast<int>(SECCOMP_PARM1(ctx)) > 0) {

+            SECCOMP_PARM1(ctx) = -SECCOMP_PARM1(ctx);

+        }

+    }

+#endif

+

     // Copy the seccomp-specific data into a arch_seccomp_data structure. This

     // is what we are showing to TrapFnc callbacks that the system call

     // evaluator registered with the sandbox.