Chromium Code Reviews Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
| 7 | 7 |
| 8 // The Seccomp2 kernel ABI is not part of older versions of glibc. | 8 // The Seccomp2 kernel ABI is not part of older versions of glibc. |
| 9 // As we can't break compilation with these versions of the library, | 9 // As we can't break compilation with these versions of the library, |
| 10 // we explicitly define all missing symbols. | 10 // we explicitly define all missing symbols. |
| 11 // If we ever decide that we can now rely on system headers, the following | 11 // If we ever decide that we can now rely on system headers, the following |
| 12 // include files should be enabled: | 12 // include files should be enabled: |
| 13 // #include <linux/audit.h> | 13 // #include <linux/audit.h> |
| 14 // #include <linux/seccomp.h> | 14 // #include <linux/seccomp.h> |
| 15 | 15 |
| 16 #include <asm/unistd.h> | 16 #include <asm/unistd.h> |
| 17 #include <linux/filter.h> | 17 #include <linux/filter.h> |
| 18 | 18 |
| 19 // For audit.h | 19 // For audit.h |
| 20 #ifndef EM_ARM | 20 #ifndef EM_ARM |
| 21 #define EM_ARM 40 | 21 #define EM_ARM 40 |
| 22 #endif | 22 #endif |
| 23 #ifndef EM_386 | 23 #ifndef EM_386 |
| 24 #define EM_386 3 | 24 #define EM_386 3 |
| 25 #endif | 25 #endif |
| 26 #ifndef EM_X86_64 | 26 #ifndef EM_X86_64 |
| 27 #define EM_X86_64 62 | 27 #define EM_X86_64 62 |
| 28 #endif | 28 #endif |
| 29 #ifndef EM_MIPS | |
| 30 #define EM_MIPS 8 | |
| 31 #endif | |
| 29 | 32 |
| 30 #ifndef __AUDIT_ARCH_64BIT | 33 #ifndef __AUDIT_ARCH_64BIT |
| 31 #define __AUDIT_ARCH_64BIT 0x80000000 | 34 #define __AUDIT_ARCH_64BIT 0x80000000 |
| 32 #endif | 35 #endif |
| 33 #ifndef __AUDIT_ARCH_LE | 36 #ifndef __AUDIT_ARCH_LE |
| 34 #define __AUDIT_ARCH_LE 0x40000000 | 37 #define __AUDIT_ARCH_LE 0x40000000 |
| 35 #endif | 38 #endif |
| 36 #ifndef AUDIT_ARCH_ARM | 39 #ifndef AUDIT_ARCH_ARM |
| 37 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) | 40 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) |
| 38 #endif | 41 #endif |
| 39 #ifndef AUDIT_ARCH_I386 | 42 #ifndef AUDIT_ARCH_I386 |
| 40 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) | 43 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) |
| 41 #endif | 44 #endif |
| 42 #ifndef AUDIT_ARCH_X86_64 | 45 #ifndef AUDIT_ARCH_X86_64 |
| 43 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) | 46 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) |
| 44 #endif | 47 #endif |
| 48 #ifndef AUDIT_ARCH_MIPSEL | |
| 49 #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) | |
| 50 #endif | |
| 45 | 51 |
| 46 // For prctl.h | 52 // For prctl.h |
| 47 #ifndef PR_SET_SECCOMP | 53 #ifndef PR_SET_SECCOMP |
| 48 #define PR_SET_SECCOMP 22 | 54 #define PR_SET_SECCOMP 22 |
| 49 #define PR_GET_SECCOMP 21 | 55 #define PR_GET_SECCOMP 21 |
| 50 #endif | 56 #endif |
| 51 #ifndef PR_SET_NO_NEW_PRIVS | 57 #ifndef PR_SET_NO_NEW_PRIVS |
| 52 #define PR_SET_NO_NEW_PRIVS 38 | 58 #define PR_SET_NO_NEW_PRIVS 38 |
| 53 #define PR_GET_NO_NEW_PRIVS 39 | 59 #define PR_GET_NO_NEW_PRIVS 39 |
| 54 #endif | 60 #endif |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 182 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) | 188 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) |
| 183 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ | 189 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ |
| 184 instruction_pointer) + 4) | 190 instruction_pointer) + 4) |
| 185 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ | 191 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ |
| 186 instruction_pointer) + 0) | 192 instruction_pointer) + 0) |
| 187 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 193 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
| 188 8*(nr) + 4) | 194 8*(nr) + 4) |
| 189 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | 195 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ |
| 190 8*(nr) + 0) | 196 8*(nr) + 0) |
| 191 | 197 |
| 198 #elif defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32) | |
| 199 #define MIN_SYSCALL __NR_O32_Linux | |
| 200 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + __NR_Linux_syscalls) | |
| 201 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL | |
| 202 #define SECCOMP_ARCH AUDIT_ARCH_MIPSEL | |
| 203 | |
| 204 // MIPS sigcontext_t is different from i386/x86_64 and ARM. | |
| 205 // See </arch/mips/include/uapi/asm/sigcontext.h> in the Linux kernel. | |
| 206 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[_reg]) | |
| 207 // Based on MIPS o32 ABI syscall convention. | |
| 208 // On MIPS, when indirect syscall is being made (syscall(__NR_foo)), | |
| 209 // real identificator (__NR_foo) is not in v0, but in a0 | |
| 210 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, 2) | |
| 211 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, 2) | |
| 212 #define SECCOMP_IP(_ctx) (_ctx)->uc_mcontext.pc | |
| 213 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, 4) | |
| 214 #define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, 5) | |
| 215 #define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, 6) | |
| 216 #define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, 7) | |
| 217 // Only the first 4 arguments of syscall are in registers. | |
| 218 // The rest are on the stack. | |
| 219 #define SECCOMP_PARM5(_ctx) (long int)(*((intptr_t*)SECCOMP_REG(_ctx, 29)+4) ) | |
|
jln (very slow on Chromium)
2014/05/02 20:42:04
Nit: wrap
nedeljko
2014/05/07 15:40:05
Done.
| |
| 220 #define SECCOMP_PARM6(_ctx) (long int)(*((intptr_t*)SECCOMP_REG(_ctx, 29)+5) ) | |
|
jln (very slow on Chromium)
2014/05/02 20:42:04
Nit: wrap
nedeljko
2014/05/07 15:40:05
Done.
| |
| 221 #define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr)) | |
| 222 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) | |
| 223 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ | |
| 224 instruction_pointer) + 4) | |
| 225 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ | |
| 226 instruction_pointer) + 0) | |
| 227 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | |
| 228 8*(nr) + 4) | |
| 229 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | |
| 230 8*(nr) + 0) | |
| 231 | |
| 192 #else | 232 #else |
| 193 #error Unsupported target platform | 233 #error Unsupported target platform |
| 194 | 234 |
| 195 #endif | 235 #endif |
| 196 | 236 |
| 197 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 237 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
| OLD | NEW |
