Add a platform-specific syscall number iterator.

sandbox/linux/seccomp-bpf/syscall_iterator.cc

Index: sandbox/linux/seccomp-bpf/syscall_iterator.cc
diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.cc b/sandbox/linux/seccomp-bpf/syscall_iterator.cc
new file mode 100644
index 0000000000000000000000000000000000000000..b9542997a9ce2f2d0c67b2447968db614f61c82b
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf/syscall_iterator.cc
@@ -0,0 +1,121 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
+
+#if defined(__i386__) || defined(__x86_64__)
+#define X32MASK 0x40000000u
+#else
+#define X32MASK 0
+#endif
+
+namespace playground2 {
+
+uint32_t SyscallIterator::Next() {
+  if (done_) {
+    return num_;
+  }
+  uint32_t val;
+  do {
+    val = num_;
+
+    // Zero might or might not be a valid system call. But we definitely want
+    // to make sure that we return it from the iterator, as we ultimately must
+    // compute system call ranges for BPF filtering that cover the entire
+    // range 0..0xFFFFFFFFu.
+    if (num_ == 0) {
+      num_ = MIN_SYSCALL & ~X32MASK;
+
+      // We generally want to start iterating from just outside of the
+      // system call range and then continue past the end of the range.  But
+      // if system calls start at zero, that is not possible.
+      // Also, if MIN_SYSCALL is zero, we have to increment by one in order
+      // for our loop to make some progress.
+      if (num_ == 0) {
+        ++num_;
+      } else if (num_ > 1) {
+        --num_;
+      }
+    // Since this is platform-independent code, we iterate until
+    // MAX_PUBLIC_SYSCALL, which is equal to MAX_SYSCALL on Intel architectures,
+    // but leaves room for private syscalls on ARM.
+    } else if (num_ <= (MAX_PUBLIC_SYSCALL & ~X32MASK)) {
+      if (invalid_only_ && num_ < (MAX_PUBLIC_SYSCALL & ~X32MASK)) {
+        num_ = MAX_PUBLIC_SYSCALL & ~X32MASK;
+      } else {
+        ++num_;
+      }
+#if X32MASK
+    // On Intel architectures, we might or might not have to worry about
+    // system calls that set bit 30 to indicate the x32 ABI. It is generally
+    // safe (albeit wasteful) for the system call iterator to iterate over
+    // more system calls. So, we iterate over all possible MIN_SYSCALL..
+    // MAX_SYSCALL system calls, both with bit 30 cleared and bit 30 set.
+    } else if (num_ < (MIN_SYSCALL | X32MASK) - 1) {
+      num_ = (MIN_SYSCALL | X32MASK) - 1;
+    } else if (num_ <= (MAX_SYSCALL | X32MASK)) {
+      if (invalid_only_ && num_ < (MAX_SYSCALL | X32MASK)) {
+        num_ = MAX_SYSCALL | X32MASK;
+      } else {
+        ++num_;
+      }
+#elif defined(__arm__)
+    // ARM EABI includes "ARM private" system calls starting at
+    // |__ARM_NR_BASE|, and a "ghost syscall private to the kernel", cmpxchg,
+    // at |__ARM_NR_BASE+0x00fff0|.
+    // See </arch/arm/include/asm/unistd.h> in the Linux kernel.
+    } else if (num_ < MIN_PRIVATE_SYSCALL - 1) {
+      num_ = MIN_PRIVATE_SYSCALL - 1;
+    } else if (num_ <= MAX_PRIVATE_SYSCALL) {
+      if (invalid_only_ && num_ < MAX_PRIVATE_SYSCALL) {
+        num_ = MAX_PRIVATE_SYSCALL;
+      } else {
+        ++num_;
+      }
+    } else if (num_ < __ARM_NR_cmpxchg - 1) {
+      num_ = __ARM_NR_cmpxchg - 1;
+    } else if (num_ <= MAX_SYSCALL) {
+      if (invalid_only_ && num_ < MAX_SYSCALL) {
+        num_ = MAX_SYSCALL;
+      } else {
+        ++num_;
+      }
+#endif
+    // BPF programs only ever operate on unsigned quantities. So, that's how
+    // we iterate; we return values from 0..0xFFFFFFFFu. But there are places,
+    // where the kernel might interpret system call numbers as signed
+    // quantities, so the boundaries between signed and unsigned values are
+    // potential problem cases. We want to explicitly return these values from
+    // our iterator.
+    } else if (num_ < 0x7FFFFFFFu) {
+      num_ = 0x7FFFFFFFu;
+    } else if (num_ < 0x80000000u) {
+      num_ = 0x80000000u;
+    } else if (num_ < 0xFFFFFFFFu) {
+      num_ = 0xFFFFFFFFu;
+    }
+  } while (invalid_only_ && IsValid(val));
+
+  done_ |= val == 0xFFFFFFFFu;
+  return val;
+}
+
+bool SyscallIterator::IsValid(uint32_t num) {
+  uint32_t min_syscall = MIN_SYSCALL;
+  if (num >= min_syscall && num <= MAX_PUBLIC_SYSCALL) {
+    return true;
+  }
+#if defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
+  if (num >= MIN_PRIVATE_SYSCALL && num <= MAX_PRIVATE_SYSCALL) {
+    return true;
+  }
+  if (num >= __ARM_NR_cmpxchg && num <= MAX_SYSCALL) {
+    return true;
+  }
+#endif
+  return false;
+}
+
+}  // namespace