Add basic ARM support to the seccomp-bpf sandbox.

sandbox/linux/seccomp-bpf/sandbox_bpf.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef SANDBOX_BPF_H__
 #define SANDBOX_BPF_H__
 
 #include <endian.h>
 #include <errno.h>
 #include <fcntl.h>
@@ skipping 65 matching lines @@
 
 // Impose some reasonable maximum BPF program size. Realistically, the
 // kernel probably has much lower limits. But by limiting to less than
 // 30 bits, we can ease requirements on some of our data types.
 #define SECCOMP_MAX_PROGRAM_SIZE (1<<30)
 
 #if defined(__i386__)
 #define MIN_SYSCALL  0u
 #define MAX_SYSCALL  1024u
 #define SECCOMP_ARCH AUDIT_ARCH_I386
-#define REG_RESULT   REG_EAX
-#define REG_SYSCALL  REG_EAX
-#define REG_IP       REG_EIP
-#define REG_PARM1    REG_EBX
-#define REG_PARM2    REG_ECX
-#define REG_PARM3    REG_EDX
-#define REG_PARM4    REG_ESI
-#define REG_PARM5    REG_EDI
-#define REG_PARM6    REG_EBP
+

[jln (very slow on Chromium), 2012/08/09 22:41:23]

It looks as if most of this really shouldn't be exposed in the interface at all
and should be moved to the .cc or a _impl.h file.

Markus, do you mind taking care of that in another CL ? This interface file is
getting very confusing and all the important stuff is hidden.

+#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
+#define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_EAX)
+#define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_EAX)
+#define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_EIP)
+#define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_EBX)
+#define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_ECX)
+#define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_EDX)
+#define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_ESI)
+#define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_EDI)
+#define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_EBP)
+
 #elif defined(__x86_64__)
 #define MIN_SYSCALL  0u
 #define MAX_SYSCALL  1024u
 #define SECCOMP_ARCH AUDIT_ARCH_X86_64
-#define REG_RESULT   REG_RAX
-#define REG_SYSCALL  REG_RAX
-#define REG_IP       REG_RIP
-#define REG_PARM1    REG_RDI
-#define REG_PARM2    REG_RSI
-#define REG_PARM3    REG_RDX
-#define REG_PARM4    REG_R10
-#define REG_PARM5    REG_R8
-#define REG_PARM6    REG_R9
+
+#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
+#define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_RAX)
+#define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_RAX)
+#define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_RIP)
+#define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_RDI)
+#define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_RSI)
+#define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_RDX)
+#define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_R10)
+#define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_R8)
+#define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_R9)
+
+#elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
+// ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|.
+// See </arch/arm/include/asm/unistd.h> in the Linux kernel.
+#define MIN_SYSCALL  ((unsigned int)__NR_SYSCALL_BASE)
+#define MAX_SYSCALL  ((unsigned int)__ARM_NR_BASE + 16u)

[jln (very slow on Chromium), 2012/08/09 22:41:23]

There is the magic cmpxchg system call as well.

We don't want to forbid it, since the kernel uses it internally and it would go
through the filter.

It looks like the "implicit" maximum syscall number for arm is in reality
__NR_SYSCALL_BASE+0x0fffff.

[Jorge Lucangeli Obes, 2012/08/09 22:58:26]

Yeah, that syscall is weird. I wasn't sure if it would go through the filter.

Done.

+// <linux/audit.h> includes <linux/elf-em.h>, which does not define EM_ARM.
+// <linux/elf.h> only includes <asm/elf.h> if we're in the kernel.
+# if !defined(EM_ARM)

[jln (very slow on Chromium), 2012/08/09 22:41:23]

Why do we need this at all ?

[Jorge Lucangeli Obes, 2012/08/09 22:58:26]

If not the AUDIT_ARCH_ARM value is not defined.

[jln (very slow on Chromium), 2012/08/09 23:16:28]

Did you intend to add an #include here ? Something in wrong, EM_ARM here can't
possibly influence AUDIT_ARCH_ARM just below.

+# define EM_ARM 40
+# endif
+#define SECCOMP_ARCH AUDIT_ARCH_ARM
+
+// ARM sigcontext_t is different from i386/x86_64.
+// See </arch/arm/include/asm/sigcontext.h> in the Linux kernel.
+#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.arm_##_reg)
+// ARM EABI syscall convention.
+#define SECCOMP_RESULT(_ctx)     SECCOMP_REG(_ctx, r0)
+#define SECCOMP_SYSCALL(_ctx)    SECCOMP_REG(_ctx, r7)
+#define SECCOMP_IP(_ctx)         SECCOMP_REG(_ctx, pc)
+#define SECCOMP_PARM1(_ctx)      SECCOMP_REG(_ctx, r0)
+#define SECCOMP_PARM2(_ctx)      SECCOMP_REG(_ctx, r1)
+#define SECCOMP_PARM3(_ctx)      SECCOMP_REG(_ctx, r2)
+#define SECCOMP_PARM4(_ctx)      SECCOMP_REG(_ctx, r3)
+#define SECCOMP_PARM5(_ctx)      SECCOMP_REG(_ctx, r4)
+#define SECCOMP_PARM6(_ctx)      SECCOMP_REG(_ctx, r5)
+
 #else
 #error Unsupported target platform
+
 #endif
 
 struct arch_seccomp_data {
   int      nr;
   uint32_t arch;
   uint64_t instruction_pointer;
   uint64_t args[6];
 };
 
 struct arch_sigsys {
@@ skipping 254 matching lines @@
   static Traps         *traps_;
   static TrapIds       trapIds_;
   static ErrorCode     *trapArray_;
   static size_t        trapArraySize_;
   DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);
 };
 
 }  // namespace
 
 #endif  // SANDBOX_BPF_H__