Chromium Code Reviews Chromium Code Reviews
Issue 10546041:
Added a new Verifier class to the BPF compiler. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef VERIFIER_H__ | |
| 6 #define VERIFIER_H__ | |
| 7 | |
| 8 #include <linux/filter.h> | |
| 9 | |
| 10 #include <utility> | |
| 11 #include <vector> | |
| 12 | |
| 13 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | |
| 14 | |
| 15 | |
| 16 namespace playground2 { | |
| 17 | |
| 18 class Verifier { | |
| 19 public: | |
| 20 // Evaluate the BPF program for all possible inputs and verify that it | |
| 21 // computes the correct result. We use the "evaluators" to determine | |
| 22 // the full set of possible inputs that we have to iterate over. | |
| 23 // Returns success, if the BPF filter accurately reflects the rules | |
| 24 // set by the "evaluators". | |
| 25 // Upon success, "err" is set to NULL. Upon failure, it contains a static | |
| 26 // error message that does not need to be free()'d. | |
| 27 static bool verifyBPF(const std::vector<struct sock_filter>& program, | |
| 28 const Sandbox::Evaluators& evaluators, | |
| 29 const char **err); | |
| 30 | |
| 31 // Evaluate a given BPF program for a particular set of system call | |
| 32 // parameters. If evaluation failed for any reason, "err" will be set to | |
| 33 // a non-NULL error string. Otherwise, the BPF program's result will be | |
| 34 // returned by the function and "err" is NULL. | |
| 35 // We do not actually implement the full BPF state machine, but only the | |
| 36 // parts that can actually be generated by our BPF compiler. If this code | |
| 37 // is used for purposes other than verifying the output of the sandbox's | |
| 38 // BPF compiler, we might have to extend this BPF interpreter. | |
| 39 static uint32_t evaluateBPF(const std::vector<struct sock_filter>& program, | |
| 40 const struct arch_seccomp_data& data, | |
| 41 const char **err); | |
| 42 | |
| 43 private: | |
| 44 struct State { | |
| 45 State(const std::vector<struct sock_filter>& p, | |
| 46 const struct arch_seccomp_data& d) : | |
| 47 program(p), | |
| 48 data(d), | |
| 49 ip(0), | |
| 50 accumulator(0), | |
| 51 accIsValid(false) { | |
| 52 } | |
| 53 const std::vector<struct sock_filter>& program; | |
| 54 const struct arch_seccomp_data& data; | |
| 55 unsigned int ip; | |
| 56 uint32_t accumulator; | |
| 57 bool accIsValid; | |
|
Chris Evans
2012/06/11 19:20:41
Maybe use DISALLOW_IMPLICIT_CONSTRUCTORS in this s
Markus (顧孟勤)
2012/06/11 20:58:43
Done.
Although there wouldn't be any harm, if any
| |
| 58 }; | |
| 59 | |
| 60 static void ld (State *state, const struct sock_filter& insn, | |
| 61 const char **err); | |
| 62 static void jmp(State *state, const struct sock_filter& insn, | |
| 63 const char **err); | |
| 64 static uint32_t ret(State *state, const struct sock_filter& insn, | |
| 65 const char **err); | |
| 66 | |
| 67 DISALLOW_IMPLICIT_CONSTRUCTORS(Verifier); | |
| 68 }; | |
| 69 | |
| 70 } // namespace | |
| 71 | |
| 72 #endif // VERIFIER_H__ | |
| OLD | NEW |
