Commit 003f5608 authored by Samuel Groß's avatar Samuel Groß Committed by V8 LUCI CQ

[sandbox] Fix non-canonical address detection in sandbox crash filter

The check for non-canonical address access must come before the check
for nullptr access as the faultaddr will be 0x0 in the former case.

Bug: v8:12878
Change-Id: I6f141d08862879ec9ccb13c081aa6c75a3707530
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875904
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82994}
parent 0472d5a5
...@@ -236,16 +236,6 @@ void SandboxSignalHandler(int signal, siginfo_t* info, void* void_context) { ...@@ -236,16 +236,6 @@ void SandboxSignalHandler(int signal, siginfo_t* info, void* void_context) {
_exit(0); _exit(0);
} }
if (faultaddr < 0x1000) {
// Nullptr dereferences are harmless as nothing can be mapped there. We use
// the typical page size (which is also the default value of mmap_min_addr
// on Linux) to determine what counts as a nullptr dereference here.
PrintToStderr(
"Caught harmless memory access violaton (nullptr dereference). Exiting "
"process...\n");
_exit(0);
}
if (info->si_code == SI_KERNEL && faultaddr == 0) { if (info->si_code == SI_KERNEL && faultaddr == 0) {
// This combination appears to indicate a crash at a non-canonical address // This combination appears to indicate a crash at a non-canonical address
// on Linux. Crashes at non-canonical addresses are for example caused by // on Linux. Crashes at non-canonical addresses are for example caused by
...@@ -259,6 +249,17 @@ void SandboxSignalHandler(int signal, siginfo_t* info, void* void_context) { ...@@ -259,6 +249,17 @@ void SandboxSignalHandler(int signal, siginfo_t* info, void* void_context) {
_exit(0); _exit(0);
} }
if (faultaddr < 0x1000) {
printf("Faultaddr: 0x%lx\n", faultaddr);
// Nullptr dereferences are harmless as nothing can be mapped there. We use
// the typical page size (which is also the default value of mmap_min_addr
// on Linux) to determine what counts as a nullptr dereference here.
PrintToStderr(
"Caught harmless memory access violaton (nullptr dereference). Exiting "
"process...\n");
_exit(0);
}
if (info->si_code == SEGV_ACCERR) { if (info->si_code == SEGV_ACCERR) {
// This indicates an access to a (valid) mapping but with insufficient // This indicates an access to a (valid) mapping but with insufficient
// permissions (e.g. accessing a region mapped with PROT_NONE). Some // permissions (e.g. accessing a region mapped with PROT_NONE). Some
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment