Chromium Code Reviews Chromium Code Reviews
Issue 11096012:
Add a platform-specific syscall number iterator. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: sandbox/linux/seccomp-bpf/syscall_iterator.cc |
| diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.cc b/sandbox/linux/seccomp-bpf/syscall_iterator.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..5c883cd36f2800c827f13c52fca2b3494e7871e1 |
| --- /dev/null |
| +++ b/sandbox/linux/seccomp-bpf/syscall_iterator.cc |
| @@ -0,0 +1,125 @@ |
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| +#include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
| + |
| +#if defined(__i386__) || defined(__x86_64__) |
| +#define X32MASK 0x40000000u |
| +#else |
| +#define X32MASK 0 |
| +#endif |
| + |
| +namespace playground2 { |
| + |
| +uint32_t SyscallIterator::Next() { |
| + if (done_) { |
| + return num_; |
| + } |
| + |
| + uint32_t val; |
| + do { |
| + val = num_; |
| + |
| + // Zero might or might not be a valid system call. But we definitely want |
| + // to make sure that we return it from the iterator, as we ultimately must |
| + // compute system call ranges for BPF filtering that cover the entire |
| + // range 0..0xFFFFFFFFu. |
| + if (num_ == 0) { |
| + num_ = MIN_SYSCALL & ~X32MASK; |
| + |
| + // We generally want to start iterating from just outside of the |
| + // system call range and then continue past the end of the range. But |
| + // if system calls start at zero, that is not possible. |
| + // Also, if MIN_SYSCALL is zero, we have to increment by one in order |
| + // for our loop to make some progress. |
|
jln (very slow on Chromium)
2012/10/12 20:26:52
This is another prime example of the sick complexi
Jorge Lucangeli Obes
2012/10/13 01:39:30
Done.
|
| + if (num_ == 0) { |
| + ++num_; |
| + } else if (num_ > 1) { |
| + --num_; |
| + } |
| + // We iterate up to MAX_PUBLIC_SYSCALL, which is equal to MAX_SYSCALL |
| + // on Intel architectures, but leaves room for private syscalls on ARM. |
| + } else if (num_ <= (MAX_PUBLIC_SYSCALL & ~X32MASK)) { |
| + if (invalid_only_ && num_ < (MAX_PUBLIC_SYSCALL & ~X32MASK)) { |
| + num_ = MAX_PUBLIC_SYSCALL & ~X32MASK; |
| + } else { |
| + ++num_; |
| + } |
| +#if X32MASK |
| + // On Intel architectures, we might or might not have to worry about |
| + // system calls that set bit 30 to indicate the x32 ABI. It is generally |
| + // safe (albeit wasteful) for the system call iterator to iterate over |
| + // more system calls. So, we iterate over all possible MIN_SYSCALL.. |
| + // MAX_SYSCALL system calls, both with bit 30 cleared and bit 30 set. |
| + } else if (num_ < (MIN_SYSCALL | X32MASK) - 1) { |
| + num_ = (MIN_SYSCALL | X32MASK) - 1; |
| + } else if (num_ <= (MAX_SYSCALL | X32MASK)) { |
| + if (invalid_only_ && num_ < (MAX_SYSCALL | X32MASK)) { |
| + num_ = MAX_SYSCALL | X32MASK; |
| + } else { |
| + ++num_; |
| + } |
| +#elif defined(__arm__) |
| + // ARM EABI includes "ARM private" system calls starting at |
| + // MIN_PRIVATE_SYSCALL, and a "ghost syscall private to the kernel" at |
| + // MIN_GHOST_SYSCALL. |
| + } else if (num_ < MIN_PRIVATE_SYSCALL - 1) { |
| + num_ = MIN_PRIVATE_SYSCALL - 1; |
| + } else if (num_ <= MAX_PRIVATE_SYSCALL) { |
| + if (invalid_only_ && num_ < MAX_PRIVATE_SYSCALL) { |
| + num_ = MAX_PRIVATE_SYSCALL; |
| + } else { |
| + ++num_; |
| + } |
| + } else if (num_ < MIN_GHOST_SYSCALL - 1) { |
| + num_ = MIN_GHOST_SYSCALL - 1; |
| + } else if (num_ <= MAX_SYSCALL) { |
| + if (invalid_only_ && num_ < MAX_SYSCALL) { |
| + num_ = MAX_SYSCALL; |
| + } else { |
| + ++num_; |
| + } |
| +#endif |
| + // BPF programs only ever operate on unsigned quantities. So, that's how |
| + // we iterate; we return values from 0..0xFFFFFFFFu. But there are places, |
| + // where the kernel might interpret system call numbers as signed |
| + // quantities, so the boundaries between signed and unsigned values are |
| + // potential problem cases. We want to explicitly return these values from |
| + // our iterator. |
| + } else if (num_ < 0x7FFFFFFFu) { |
| + num_ = 0x7FFFFFFFu; |
| + } else if (num_ < 0x80000000u) { |
| + num_ = 0x80000000u; |
| + } else if (num_ < 0xFFFFFFFFu) { |
| + num_ = 0xFFFFFFFFu; |
| + } |
| + } while (invalid_only_ && IsValid(val)); |
| + |
| + done_ |= val == 0xFFFFFFFFu; |
| + return val; |
| +} |
| + |
| +bool SyscallIterator::IsValid(uint32_t num) { |
| + uint32_t min_syscall = MIN_SYSCALL; |
| + if (num >= min_syscall && num <= MAX_PUBLIC_SYSCALL) { |
| + return true; |
| + } |
| + if (IsArmPrivate(num)) { |
| + return true; |
| + } |
| + return false; |
| +} |
| + |
| +bool SyscallIterator::IsArmPrivate(uint32_t num) { |
| +#if defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__)) |
| + return (num >= MIN_PRIVATE_SYSCALL && num <= MAX_PRIVATE_SYSCALL) || |
| + (num >= MIN_GHOST_SYSCALL && num <= MAX_SYSCALL); |
| +#else |
| + return false; |
| +#endif |
| +} |
| + |
| +} // namespace |
| + |
