sandbox/linux/seccomp-bpf/verifier.cc - Issue 11096012: Add a platform-specific syscall number iterator.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf/verifier.cc

Issue 11096012: Add a platform-specific syscall number iterator. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Assume MIN_SYSCALL == 0, remove X32 support, address comments. Created 8 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/seccomp-bpf/verifier.cc

diff --git a/sandbox/linux/seccomp-bpf/verifier.cc b/sandbox/linux/seccomp-bpf/verifier.cc

index 882e96f6e6133757f5369905da7084350f8cb4f4..343a6b4ab6ec1c29e594b7780cc0bd6788705ae7 100644

--- a/sandbox/linux/seccomp-bpf/verifier.cc

+++ b/sandbox/linux/seccomp-bpf/verifier.cc

@@ -3,6 +3,7 @@

// found in the LICENSE file.

#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"

+#include "sandbox/linux/seccomp-bpf/syscall_iterator.h"

#include "sandbox/linux/seccomp-bpf/verifier.h"

@@ -17,7 +18,8 @@ bool Verifier::verifyBPF(const std::vector<struct sock_filter>& program,

return false;

}

Sandbox::EvaluateSyscall evaluateSyscall = evaluators.begin()->first;

- for (int nr = MIN_SYSCALL-1; nr <= static_cast<int>(MAX_SYSCALL)+1; ++nr) {

+ for (SyscallIterator iter(false); !iter.Done(); ) {

+ uint32_t sysnum = iter.Next();

// We ideally want to iterate over the full system call range and values

// just above and just below this range. This gives us the full result set

// of the "evaluators".

@@ -25,17 +27,18 @@ bool Verifier::verifyBPF(const std::vector<struct sock_filter>& program,

// indicates either i386 or x86-64; and a set bit 30 indicates x32. And

// unless we pay attention to setting this bit correctly, an early check in

// our BPF program will make us fail with a misleading error code.

+ struct arch_seccomp_data data = { sysnum, SECCOMP_ARCH };

#if defined(__i386__) || defined(__x86_64__)

#if defined(__x86_64__) && defined(__ILP32__)

- int sysnum = nr | 0x40000000;

+ if (!(sysnum & 0x40000000u)) {

+ continue;

+ }

#else

- int sysnum = nr & ~0x40000000;

+ if (sysnum & 0x40000000u) {

+ continue;

+ }

#endif

-#else

- int sysnum = nr;

#endif

- struct arch_seccomp_data data = { sysnum, SECCOMP_ARCH };

ErrorCode code = evaluateSyscall(sysnum);

uint32_t computedRet = evaluateBPF(program, data, err);

if (*err) {

« sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc ('K') | « sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc ('k') | no next file » | no next file with comments »