Add basic ARM support to the seccomp-bpf sandbox.

sandbox/linux/seccomp-bpf/sandbox_bpf.h

Index: sandbox/linux/seccomp-bpf/sandbox_bpf.h
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index 414327de1df8400c20fa2cacbb5c21f1994738f4..57d24d8977346fd91f92f3ced8bf3a9907d2afbf 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -83,30 +83,63 @@
 #define MIN_SYSCALL  0u
 #define MAX_SYSCALL  1024u
 #define SECCOMP_ARCH AUDIT_ARCH_I386
-#define REG_RESULT   REG_EAX
-#define REG_SYSCALL  REG_EAX
-#define REG_IP       REG_EIP
-#define REG_PARM1    REG_EBX
-#define REG_PARM2    REG_ECX
-#define REG_PARM3    REG_EDX
-#define REG_PARM4    REG_ESI
-#define REG_PARM5    REG_EDI
-#define REG_PARM6    REG_EBP
+

[jln (very slow on Chromium), 2012/08/09 22:41:23]

It looks as if most of this really shouldn't be exposed in the interface at all
and should be moved to the .cc or a _impl.h file.

Markus, do you mind taking care of that in another CL ? This interface file is
getting very confusing and all the important stuff is hidden.

+#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
+#define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_EAX)
+#define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_EAX)
+#define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_EIP)
+#define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_EBX)
+#define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_ECX)
+#define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_EDX)
+#define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_ESI)
+#define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_EDI)
+#define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_EBP)
+
 #elif defined(__x86_64__)
 #define MIN_SYSCALL  0u
 #define MAX_SYSCALL  1024u
 #define SECCOMP_ARCH AUDIT_ARCH_X86_64
-#define REG_RESULT   REG_RAX
-#define REG_SYSCALL  REG_RAX
-#define REG_IP       REG_RIP
-#define REG_PARM1    REG_RDI
-#define REG_PARM2    REG_RSI
-#define REG_PARM3    REG_RDX
-#define REG_PARM4    REG_R10
-#define REG_PARM5    REG_R8
-#define REG_PARM6    REG_R9
+
+#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
+#define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_RAX)
+#define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_RAX)
+#define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_RIP)
+#define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_RDI)
+#define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_RSI)
+#define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_RDX)
+#define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_R10)
+#define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_R8)
+#define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_R9)
+
+#elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
+// ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|.
+// See </arch/arm/include/asm/unistd.h> in the Linux kernel.
+#define MIN_SYSCALL  ((unsigned int)__NR_SYSCALL_BASE)
+#define MAX_SYSCALL  ((unsigned int)__ARM_NR_BASE + 16u)

[jln (very slow on Chromium), 2012/08/09 22:41:23]

There is the magic cmpxchg system call as well.

We don't want to forbid it, since the kernel uses it internally and it would go
through the filter.

It looks like the "implicit" maximum syscall number for arm is in reality
__NR_SYSCALL_BASE+0x0fffff.

[Jorge Lucangeli Obes, 2012/08/09 22:58:26]

Yeah, that syscall is weird. I wasn't sure if it would go through the filter.

Done.

+// <linux/audit.h> includes <linux/elf-em.h>, which does not define EM_ARM.
+// <linux/elf.h> only includes <asm/elf.h> if we're in the kernel.
+# if !defined(EM_ARM)

[jln (very slow on Chromium), 2012/08/09 22:41:23]

Why do we need this at all ?

[Jorge Lucangeli Obes, 2012/08/09 22:58:26]

If not the AUDIT_ARCH_ARM value is not defined.

[jln (very slow on Chromium), 2012/08/09 23:16:28]

Did you intend to add an #include here ? Something in wrong, EM_ARM here can't
possibly influence AUDIT_ARCH_ARM just below.

+# define EM_ARM 40
+# endif
+#define SECCOMP_ARCH AUDIT_ARCH_ARM
+
+// ARM sigcontext_t is different from i386/x86_64.
+// See </arch/arm/include/asm/sigcontext.h> in the Linux kernel.
+#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.arm_##_reg)
+// ARM EABI syscall convention.
+#define SECCOMP_RESULT(_ctx)     SECCOMP_REG(_ctx, r0)
+#define SECCOMP_SYSCALL(_ctx)    SECCOMP_REG(_ctx, r7)
+#define SECCOMP_IP(_ctx)         SECCOMP_REG(_ctx, pc)
+#define SECCOMP_PARM1(_ctx)      SECCOMP_REG(_ctx, r0)
+#define SECCOMP_PARM2(_ctx)      SECCOMP_REG(_ctx, r1)
+#define SECCOMP_PARM3(_ctx)      SECCOMP_REG(_ctx, r2)
+#define SECCOMP_PARM4(_ctx)      SECCOMP_REG(_ctx, r3)
+#define SECCOMP_PARM5(_ctx)      SECCOMP_REG(_ctx, r4)
+#define SECCOMP_PARM6(_ctx)      SECCOMP_REG(_ctx, r5)
+
 #else
 #error Unsupported target platform
+
 #endif
 
 struct arch_seccomp_data {