From a946cedc95382df24a707384e60bb058177d2812 Mon Sep 17 00:00:00 2001 From: Wiktor Garbacz Date: Fri, 11 Aug 2023 02:00:42 -0700 Subject: [PATCH] PtraceMonitor: Add a hard deadline for waiting for kill to take effect PiperOrigin-RevId: 555854230 Change-Id: If323725e5112344105627844910356dd14c9ad31 --- sandboxed_api/sandbox2/monitor_ptrace.cc | 11 +++++++++++ sandboxed_api/sandbox2/monitor_ptrace.h | 3 +++ 2 files changed, 14 insertions(+) diff --git a/sandboxed_api/sandbox2/monitor_ptrace.cc b/sandboxed_api/sandbox2/monitor_ptrace.cc index 36e0cfe..f90ac0f 100644 --- a/sandboxed_api/sandbox2/monitor_ptrace.cc +++ b/sandboxed_api/sandbox2/monitor_ptrace.cc @@ -38,6 +38,7 @@ #include "absl/log/log.h" #include "absl/status/status.h" #include "absl/strings/str_cat.h" +#include "absl/time/clock.h" #include "absl/time/time.h" #include "sandboxed_api/config.h" #include "sandboxed_api/sandbox2/client.h" @@ -230,6 +231,10 @@ bool PtraceMonitor::KillSandboxee() { SetExitStatusCode(Result::INTERNAL_ERROR, Result::FAILED_KILL); return false; } + constexpr absl::Duration kGracefullKillTimeout = absl::Milliseconds(500); + if (hard_deadline_ == absl::InfiniteFuture()) { + hard_deadline_ = absl::Now() + kGracefullKillTimeout; + } return true; } @@ -303,6 +308,12 @@ void PtraceMonitor::Run() { // All possible still running children of main process, will be killed due to // PTRACE_O_EXITKILL ptrace() flag. while (result().final_status() == Result::UNSET) { + if (absl::Now() >= hard_deadline_) { + LOG(WARNING) << "Hard deadline exceeded (timed_out=" << timed_out_ + << ", external_kill=" << external_kill_ + << ", network_violation=" << network_violation_ << ")."; + break; + } int64_t deadline = deadline_millis_.load(std::memory_order_relaxed); if (deadline != 0 && absl::Now() >= absl::FromUnixMillis(deadline)) { VLOG(1) << "Sandbox process hit timeout due to the walltime timer"; diff --git a/sandboxed_api/sandbox2/monitor_ptrace.h b/sandboxed_api/sandbox2/monitor_ptrace.h index b11a6e3..9cff377 100644 --- a/sandboxed_api/sandbox2/monitor_ptrace.h +++ b/sandboxed_api/sandbox2/monitor_ptrace.h @@ -27,6 +27,7 @@ #include "absl/container/flat_hash_map.h" #include "absl/synchronization/mutex.h" #include "absl/synchronization/notification.h" +#include "absl/time/time.h" #include "sandboxed_api/sandbox2/executor.h" #include "sandboxed_api/sandbox2/monitor_base.h" #include "sandboxed_api/sandbox2/notify.h" @@ -154,6 +155,8 @@ class PtraceMonitor : public MonitorBase { // Syscalls that are running, whose result values we want to inspect. absl::flat_hash_map syscalls_in_progress_; sigset_t sset_; + // Deadline after which sandboxee get terminated via PTRACE_O_EXITKILL. + absl::Time hard_deadline_ = absl::InfiniteFuture(); // Monitor thread object. std::unique_ptr thread_;