Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(490)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/codegen.cc

Issue 11363212: Added support for greylisting of system calls. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressed reviewer's comments Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf/codegen.h ('k') | sandbox/linux/seccomp-bpf/die.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf/codegen.h" 5 #include "sandbox/linux/seccomp-bpf/codegen.h"
6 6
7 7
8 namespace {
9
10 // Helper function for Traverse().
11 void TraverseRecursively(std::set<playground2::Instruction *> *visited,
12 playground2::Instruction *instruction) {
13 if (visited->find(instruction) == visited->end()) {
14 visited->insert(instruction);
15 switch (BPF_CLASS(instruction->code)) {
16 case BPF_JMP:
17 if (BPF_OP(instruction->code) != BPF_JA) {
18 TraverseRecursively(visited, instruction->jf_ptr);
19 }
20 TraverseRecursively(visited, instruction->jt_ptr);
21 break;
22 case BPF_RET:
23 break;
24 default:
25 TraverseRecursively(visited, instruction->next);
26 break;
27 }
28 }
29 }
30
31 } // namespace
32
8 namespace playground2 { 33 namespace playground2 {
9 34
10 CodeGen::CodeGen() 35 CodeGen::CodeGen()
11 : compiled_(false) { 36 : compiled_(false) {
12 } 37 }
13 38
14 CodeGen::~CodeGen() { 39 CodeGen::~CodeGen() {
15 for (Instructions::iterator iter = instructions_.begin(); 40 for (Instructions::iterator iter = instructions_.begin();
16 iter != instructions_.end(); 41 iter != instructions_.end();
17 ++iter) { 42 ++iter) {
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after
138 } else if (BPF_CLASS(head->code) == BPF_RET) { 163 } else if (BPF_CLASS(head->code) == BPF_RET) {
139 SANDBOX_DIE("Cannot append instructions after a return statement"); 164 SANDBOX_DIE("Cannot append instructions after a return statement");
140 } else if (head->next) { 165 } else if (head->next) {
141 SANDBOX_DIE("Cannot append instructions in the middle of a sequence"); 166 SANDBOX_DIE("Cannot append instructions in the middle of a sequence");
142 } else { 167 } else {
143 head->next = tail; 168 head->next = tail;
144 } 169 }
145 return; 170 return;
146 } 171 }
147 172
173 void CodeGen::Traverse(Instruction *instruction,
174 void (*fnc)(Instruction *, void *), void *aux) {
175 std::set<Instruction *> visited;
176 TraverseRecursively(&visited, instruction);
177 for (std::set<Instruction *>::const_iterator iter = visited.begin();
178 iter != visited.end();
179 ++iter) {
180 fnc(*iter, aux);
181 }
182 }
183
148 void CodeGen::FindBranchTargets(const Instruction& instructions, 184 void CodeGen::FindBranchTargets(const Instruction& instructions,
149 BranchTargets *branch_targets) { 185 BranchTargets *branch_targets) {
150 // Follow all possible paths through the "instructions" graph and compute 186 // Follow all possible paths through the "instructions" graph and compute
151 // a list of branch targets. This will later be needed to compute the 187 // a list of branch targets. This will later be needed to compute the
152 // boundaries of basic blocks. 188 // boundaries of basic blocks.
153 // We maintain a set of all instructions that we have previously seen. This 189 // We maintain a set of all instructions that we have previously seen. This
154 // set ultimately converges on all instructions in the program. 190 // set ultimately converges on all instructions in the program.
155 std::set<const Instruction *> seen_instructions; 191 std::set<const Instruction *> seen_instructions;
156 Instructions stack; 192 Instructions stack;
157 for (const Instruction *insn = &instructions; insn; ) { 193 for (const Instruction *insn = &instructions; insn; ) {
(...skipping 490 matching lines...) Expand 10 before | Expand all | Expand 10 after
648 CutGraphIntoBasicBlocks(instructions, branch_targets, &all_blocks); 684 CutGraphIntoBasicBlocks(instructions, branch_targets, &all_blocks);
649 MergeTails(&all_blocks); 685 MergeTails(&all_blocks);
650 BasicBlocks basic_blocks; 686 BasicBlocks basic_blocks;
651 TopoSortBasicBlocks(first_block, all_blocks, &basic_blocks); 687 TopoSortBasicBlocks(first_block, all_blocks, &basic_blocks);
652 ComputeRelativeJumps(&basic_blocks, all_blocks); 688 ComputeRelativeJumps(&basic_blocks, all_blocks);
653 ConcatenateBasicBlocks(basic_blocks, program); 689 ConcatenateBasicBlocks(basic_blocks, program);
654 return; 690 return;
655 } 691 }
656 692
657 } // namespace 693 } // namespace
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/codegen.h ('k') | sandbox/linux/seccomp-bpf/die.h » ('j') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698