StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Check for either violate() or ViolateIndirect() in stack trace

Browse Source 
Depending on architecture and optimization level, the compiler may choose to
not generate full stack frames, even with no-inline and no tail-call
attributes.

PiperOrigin-RevId: 372339987
Change-Id: I42043131bbb6092ff234e80ae9047f7a2bf31161
This commit is contained in:
Christian Blichmann 2021-05-06 07:35:41 -07:00 committed by Copybara-Service
parent 0750216bc1
commit 5c7903ecd9
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sandboxed_api/examples/stringop/lib/stringop.cc
View File

@ -79,17 +79,20 @@ extern "C" const void* get_raw_c_string() { return "Ten chars."; }
extern "C" void nop() {} extern "C" void nop() {}
// The "no tail-call" annotation and the additional indirection ensure that this // The "no tail-call" annotation and the additional indirection ensure that
// function shows up in the violation stack trace. Otherwise, depending on // either this function or its calling function shows up in the violation stack
// optimization level and optimizer aggressiveness, functions may be inlined, // trace. Otherwise, depending on optimization level and optimizer
// hoisted or omitted (in case of tail calls). // aggressiveness, functions may be inlined, hoisted or omitted (in case of tail
// calls).
static ABSL_ATTRIBUTE_NOINLINE ABSL_ATTRIBUTE_NO_TAIL_CALL void static ABSL_ATTRIBUTE_NOINLINE ABSL_ATTRIBUTE_NO_TAIL_CALL void
ViolateIndirect() { ViolateIndirect() {
ptrace((__ptrace_request)990, 991, 992, 993); ptrace((__ptrace_request)990, 991, 992, 993);
ABSL_BLOCK_TAIL_CALL_OPTIMIZATION();
} }
extern "C" void violate() { // Using block syntax here, because SAPI's libclang based header generator won't
// parse the attribute annotations otherwise.
extern "C" {
ABSL_ATTRIBUTE_NOINLINE ABSL_ATTRIBUTE_NO_TAIL_CALL void violate() {
ViolateIndirect(); ViolateIndirect();
ABSL_BLOCK_TAIL_CALL_OPTIMIZATION(); }
} }

10
sandboxed_api/sapi_test.cc
View File

@ -143,7 +143,15 @@ TEST(SapiTest, HasStackTraces) {
StringopApi api(sandbox.get()); StringopApi api(sandbox.get());
EXPECT_THAT(api.violate(), StatusIs(absl::StatusCode::kUnavailable)); EXPECT_THAT(api.violate(), StatusIs(absl::StatusCode::kUnavailable));
const auto& result = sandbox->AwaitResult(); const auto& result = sandbox->AwaitResult();
EXPECT_THAT(result.GetStackTrace(), HasSubstr("ViolateIndirect")); EXPECT_THAT(
result.GetStackTrace(),
// Check that at least one expected function is present in the stack
// trace.
// Note: Typically, in optimized builds, on x86-64, only
// "ViolateIndirect()" will be present in the stack trace. On POWER, all
// stack frames are generated, but libunwind will be unable to track
// "ViolateIndirect()" on the stack and instead show its IP as zero.
AnyOf(HasSubstr("ViolateIndirect"), HasSubstr("violate")));
EXPECT_THAT(result.final_status(), Eq(sandbox2::Result::VIOLATION)); EXPECT_THAT(result.final_status(), Eq(sandbox2::Result::VIOLATION));
} }