Index: sandbox/linux/seccomp-bpf/syscall_iterator.cc |
diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.cc b/sandbox/linux/seccomp-bpf/syscall_iterator.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..b9542997a9ce2f2d0c67b2447968db614f61c82b |
--- /dev/null |
+++ b/sandbox/linux/seccomp-bpf/syscall_iterator.cc |
@@ -0,0 +1,121 @@ |
+// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
+#include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
+ |
+#if defined(__i386__) || defined(__x86_64__) |
+#define X32MASK 0x40000000u |
+#else |
+#define X32MASK 0 |
+#endif |
+ |
+namespace playground2 { |
+ |
+uint32_t SyscallIterator::Next() { |
+ if (done_) { |
+ return num_; |
+ } |
+ uint32_t val; |
+ do { |
+ val = num_; |
+ |
+ // Zero might or might not be a valid system call. But we definitely want |
+ // to make sure that we return it from the iterator, as we ultimately must |
+ // compute system call ranges for BPF filtering that cover the entire |
+ // range 0..0xFFFFFFFFu. |
+ if (num_ == 0) { |
+ num_ = MIN_SYSCALL & ~X32MASK; |
+ |
+ // We generally want to start iterating from just outside of the |
+ // system call range and then continue past the end of the range. But |
+ // if system calls start at zero, that is not possible. |
+ // Also, if MIN_SYSCALL is zero, we have to increment by one in order |
+ // for our loop to make some progress. |
+ if (num_ == 0) { |
+ ++num_; |
+ } else if (num_ > 1) { |
+ --num_; |
+ } |
+ // Since this is platform-independent code, we iterate until |
+ // MAX_PUBLIC_SYSCALL, which is equal to MAX_SYSCALL on Intel architectures, |
+ // but leaves room for private syscalls on ARM. |
+ } else if (num_ <= (MAX_PUBLIC_SYSCALL & ~X32MASK)) { |
+ if (invalid_only_ && num_ < (MAX_PUBLIC_SYSCALL & ~X32MASK)) { |
+ num_ = MAX_PUBLIC_SYSCALL & ~X32MASK; |
+ } else { |
+ ++num_; |
+ } |
+#if X32MASK |
+ // On Intel architectures, we might or might not have to worry about |
+ // system calls that set bit 30 to indicate the x32 ABI. It is generally |
+ // safe (albeit wasteful) for the system call iterator to iterate over |
+ // more system calls. So, we iterate over all possible MIN_SYSCALL.. |
+ // MAX_SYSCALL system calls, both with bit 30 cleared and bit 30 set. |
+ } else if (num_ < (MIN_SYSCALL | X32MASK) - 1) { |
+ num_ = (MIN_SYSCALL | X32MASK) - 1; |
+ } else if (num_ <= (MAX_SYSCALL | X32MASK)) { |
+ if (invalid_only_ && num_ < (MAX_SYSCALL | X32MASK)) { |
+ num_ = MAX_SYSCALL | X32MASK; |
+ } else { |
+ ++num_; |
+ } |
+#elif defined(__arm__) |
+ // ARM EABI includes "ARM private" system calls starting at |
+ // |__ARM_NR_BASE|, and a "ghost syscall private to the kernel", cmpxchg, |
+ // at |__ARM_NR_BASE+0x00fff0|. |
+ // See </arch/arm/include/asm/unistd.h> in the Linux kernel. |
+ } else if (num_ < MIN_PRIVATE_SYSCALL - 1) { |
+ num_ = MIN_PRIVATE_SYSCALL - 1; |
+ } else if (num_ <= MAX_PRIVATE_SYSCALL) { |
+ if (invalid_only_ && num_ < MAX_PRIVATE_SYSCALL) { |
+ num_ = MAX_PRIVATE_SYSCALL; |
+ } else { |
+ ++num_; |
+ } |
+ } else if (num_ < __ARM_NR_cmpxchg - 1) { |
+ num_ = __ARM_NR_cmpxchg - 1; |
+ } else if (num_ <= MAX_SYSCALL) { |
+ if (invalid_only_ && num_ < MAX_SYSCALL) { |
+ num_ = MAX_SYSCALL; |
+ } else { |
+ ++num_; |
+ } |
+#endif |
+ // BPF programs only ever operate on unsigned quantities. So, that's how |
+ // we iterate; we return values from 0..0xFFFFFFFFu. But there are places, |
+ // where the kernel might interpret system call numbers as signed |
+ // quantities, so the boundaries between signed and unsigned values are |
+ // potential problem cases. We want to explicitly return these values from |
+ // our iterator. |
+ } else if (num_ < 0x7FFFFFFFu) { |
+ num_ = 0x7FFFFFFFu; |
+ } else if (num_ < 0x80000000u) { |
+ num_ = 0x80000000u; |
+ } else if (num_ < 0xFFFFFFFFu) { |
+ num_ = 0xFFFFFFFFu; |
+ } |
+ } while (invalid_only_ && IsValid(val)); |
+ |
+ done_ |= val == 0xFFFFFFFFu; |
+ return val; |
+} |
+ |
+bool SyscallIterator::IsValid(uint32_t num) { |
+ uint32_t min_syscall = MIN_SYSCALL; |
+ if (num >= min_syscall && num <= MAX_PUBLIC_SYSCALL) { |
+ return true; |
+ } |
+#if defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__)) |
+ if (num >= MIN_PRIVATE_SYSCALL && num <= MAX_PRIVATE_SYSCALL) { |
+ return true; |
+ } |
+ if (num >= __ARM_NR_cmpxchg && num <= MAX_SYSCALL) { |
+ return true; |
+ } |
+#endif |
+ return false; |
+} |
+ |
+} // namespace |