Chromium Code Reviews Chromium Code Reviews
Issue 11411254:
SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 6 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" | 6 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
| 7 | 7 |
| 8 namespace playground2 { | 8 namespace playground2 { |
| 9 | 9 |
| 10 uint32_t SyscallIterator::Next() { | 10 uint32_t SyscallIterator::Next() { |
| 11 if (done_) { | 11 if (done_) { |
| 12 return num_; | 12 return num_; |
| 13 } | 13 } |
| 14 | 14 |
| 15 uint32_t val; | 15 uint32_t val; |
| 16 do { | 16 do { |
| 17 // |num_| has been initialized to 0, which we assume is also MIN_SYSCALL. | 17 // |num_| has been initialized to 0, which we assume is also MIN_SYSCALL. |
| 18 // This true for supported architectures (Intel and ARM EABI). | 18 // This true for supported architectures (Intel and ARM EABI). |
| 19 CHECK_EQ(MIN_SYSCALL, 0u); | 19 if (MIN_SYSCALL != 0u) { |
| 20 SANDBOX_DIE("MIN_SYSCALL must be zero"); | |
| 21 } | |
| 20 val = num_; | 22 val = num_; |
| 21 | 23 |
| 22 // First we iterate up to MAX_PUBLIC_SYSCALL, which is equal to MAX_SYSCALL | 24 // First we iterate up to MAX_PUBLIC_SYSCALL, which is equal to MAX_SYSCALL |
| 23 // on Intel architectures, but leaves room for private syscalls on ARM. | 25 // on Intel architectures, but leaves room for private syscalls on ARM. |
| 24 if (num_ <= MAX_PUBLIC_SYSCALL) { | 26 if (num_ <= MAX_PUBLIC_SYSCALL) { |
| 25 if (invalid_only_ && num_ < MAX_PUBLIC_SYSCALL) { | 27 if (invalid_only_ && num_ < MAX_PUBLIC_SYSCALL) { |
| 26 num_ = MAX_PUBLIC_SYSCALL; | 28 num_ = MAX_PUBLIC_SYSCALL; |
| 27 } else { | 29 } else { |
| 28 ++num_; | 30 ++num_; |
| 29 } | 31 } |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 71 uint32_t min_syscall = MIN_SYSCALL; | 73 uint32_t min_syscall = MIN_SYSCALL; |
| 72 if (num >= min_syscall && num <= MAX_PUBLIC_SYSCALL) { | 74 if (num >= min_syscall && num <= MAX_PUBLIC_SYSCALL) { |
| 73 return true; | 75 return true; |
| 74 } | 76 } |
| 75 if (IsArmPrivate(num)) { | 77 if (IsArmPrivate(num)) { |
| 76 return true; | 78 return true; |
| 77 } | 79 } |
| 78 return false; | 80 return false; |
| 79 } | 81 } |
| 80 | 82 |
| 83 #if defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__)) | |
|
jln (very slow on Chromium)
2012/12/06 00:35:00
I'm curious: what broke here ?
Markus (顧孟勤)
2012/12/12 20:54:35
I believe one of our compilers (clang?) didn't lik
| |
| 81 bool SyscallIterator::IsArmPrivate(uint32_t num) { | 84 bool SyscallIterator::IsArmPrivate(uint32_t num) { |
| 82 #if defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__)) | |
| 83 return (num >= MIN_PRIVATE_SYSCALL && num <= MAX_PRIVATE_SYSCALL) || | 85 return (num >= MIN_PRIVATE_SYSCALL && num <= MAX_PRIVATE_SYSCALL) || |
| 84 (num >= MIN_GHOST_SYSCALL && num <= MAX_SYSCALL); | 86 (num >= MIN_GHOST_SYSCALL && num <= MAX_SYSCALL); |
| 87 } | |
| 85 #else | 88 #else |
| 89 bool SyscallIterator::IsArmPrivate(uint32_t) { | |
| 86 return false; | 90 return false; |
| 91 } | |
| 87 #endif | 92 #endif |
| 88 } | |
| 89 | 93 |
| 90 } // namespace | 94 } // namespace |
| 91 | 95 |
| OLD | NEW |
