sandbox/linux/seccomp-bpf/syscall_unittest.cc - Issue 260793003: [MIPS] Add seccomp bpf support

Side by Side Diff: sandbox/linux/seccomp-bpf/syscall_unittest.cc

Issue 260793003: [MIPS] Add seccomp bpf support (Closed) Base URL: https://git.chromium.org/git/chromium/src.git@master

Patch Set: Update per code review Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <asm/unistd.h>	5 #include <asm/unistd.h>

6 #include <fcntl.h>	6 #include <fcntl.h>

7 #include <sys/mman.h>	7 #include <sys/mman.h>

8 #include <sys/syscall.h>	8 #include <sys/syscall.h>

9 #include <unistd.h>	9 #include <unistd.h>

10	10

11 #include <vector>	11 #include <vector>

12	12

13 #include "base/basictypes.h"	13 #include "base/basictypes.h"

14 #include "base/posix/eintr_wrapper.h"	14 #include "base/posix/eintr_wrapper.h"

15 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"	15 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"

	16 #include "sandbox/linux/seccomp-bpf/kernel_return_value_helpers.h"

16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"	17 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"

17 #include "sandbox/linux/seccomp-bpf/syscall.h"	18 #include "sandbox/linux/seccomp-bpf/syscall.h"

18 #include "sandbox/linux/tests/unit_tests.h"	19 #include "sandbox/linux/tests/unit_tests.h"

19 #include "testing/gtest/include/gtest/gtest.h"	20 #include "testing/gtest/include/gtest/gtest.h"

20	21

21 namespace sandbox {	22 namespace sandbox {

22	23

23 namespace {	24 namespace {

24	25

25 // Different platforms use different symbols for the six-argument version	26 // Different platforms use different symbols for the six-argument version

(...skipping 17 matching lines...) Expand all Loading...
43 #if defined(__i386__)	44 #if defined(__i386__)

44 EXPECT_EQ(0x80CDu, ((uint16_t*)SandboxSyscall(-1))[-1]); // INT 0x80	45 EXPECT_EQ(0x80CDu, ((uint16_t*)SandboxSyscall(-1))[-1]); // INT 0x80

45 #elif defined(__x86_64__)	46 #elif defined(__x86_64__)

46 EXPECT_EQ(0x050Fu, ((uint16_t*)SandboxSyscall(-1))[-1]); // SYSCALL	47 EXPECT_EQ(0x050Fu, ((uint16_t*)SandboxSyscall(-1))[-1]); // SYSCALL

47 #elif defined(__arm__)	48 #elif defined(__arm__)

48 #if defined(__thumb__)	49 #if defined(__thumb__)

49 EXPECT_EQ(0xDF00u, ((uint16_t*)SandboxSyscall(-1))[-1]); // SWI 0	50 EXPECT_EQ(0xDF00u, ((uint16_t*)SandboxSyscall(-1))[-1]); // SWI 0

50 #else	51 #else

51 EXPECT_EQ(0xEF000000u, ((uint32_t*)SandboxSyscall(-1))[-1]); // SVC 0	52 EXPECT_EQ(0xEF000000u, ((uint32_t*)SandboxSyscall(-1))[-1]); // SVC 0

52 #endif	53 #endif

	54 #elif defined(__mips__)

	55 // Opcode for MIPS sycall is in the lower 16-bits

	56 EXPECT_EQ(0x0cu, (((uint32_t *)SandboxSyscall(-1))[-1])&0x0000FFFF);

53 #else	57 #else

54 #warning Incomplete test case; need port for target platform	58 #warning Incomplete test case; need port for target platform

55 #endif	59 #endif

56 }	60 }

57	61

58 TEST(Syscall, TrivialSyscallNoArgs) {	62 TEST(Syscall, TrivialSyscallNoArgs) {

59 // Test that we can do basic system calls	63 // Test that we can do basic system calls

60 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid));	64 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid));

61 }	65 }

62	66

63 TEST(Syscall, TrivialSyscallOneArg) {	67 TEST(Syscall, TrivialSyscallOneArg) {

64 int new_fd;	68 int new_fd;

65 // Duplicate standard error and close it.	69 // Duplicate standard error and close it.

66 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0);	70 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0);

67 int close_return_value = IGNORE_EINTR(SandboxSyscall(__NR_close, new_fd));	71 int close_return_value = IGNORE_EINTR(SandboxSyscall(__NR_close, new_fd));

68 ASSERT_EQ(close_return_value, 0);	72 ASSERT_EQ(close_return_value, 0);

69 }	73 }

70	74

71 // SIGSYS trap handler that will be called on __NR_uname.	75 // SIGSYS trap handler that will be called on __NR_uname.

72 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) {	76 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) {

73 // \|aux\| is our BPF_AUX pointer.	77 // \|aux\| is our BPF_AUX pointer.

74 std::vector<uint64_t>* const seen_syscall_args =	78 std::vector<uint64_t>* const seen_syscall_args =

75 static_cast<std::vector<uint64_t>*>(aux);	79 static_cast<std::vector<uint64_t>*>(aux);

76 BPF_ASSERT(arraysize(args.args) == 6);	80 BPF_ASSERT(arraysize(args.args) == 6);

77 seen_syscall_args->assign(args.args, args.args + arraysize(args.args));	81 seen_syscall_args->assign(args.args, args.args + arraysize(args.args));

78 return -ENOMEM;	82 return ErrnoToKernelRet(ENOMEM);

79 }	83 }

80	84

81 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox,	85 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox,

82 int sysno,	86 int sysno,

83 std::vector<uint64_t>* aux) {	87 std::vector<uint64_t>* aux) {

84 if (!SandboxBPF::IsValidSyscallNumber(sysno)) {	88 if (!SandboxBPF::IsValidSyscallNumber(sysno)) {

85 return ErrorCode(ENOSYS);	89 return ErrorCode(ENOSYS);

86 }	90 }

87 if (sysno == __NR_uname) {	91 if (sysno == __NR_uname) {

88 return sandbox->Trap(CopySyscallArgsToAux, aux);	92 return sandbox->Trap(CopySyscallArgsToAux, aux);

(...skipping 19 matching lines...) Expand all Loading...
108 }	112 }

109	113

110 // We could use pretty much any system call we don't need here. uname() is	114 // We could use pretty much any system call we don't need here. uname() is

111 // nice because it doesn't have any dangerous side effects.	115 // nice because it doesn't have any dangerous side effects.

112 BPF_ASSERT(SandboxSyscall(__NR_uname,	116 BPF_ASSERT(SandboxSyscall(__NR_uname,

113 syscall_args[0],	117 syscall_args[0],

114 syscall_args[1],	118 syscall_args[1],

115 syscall_args[2],	119 syscall_args[2],

116 syscall_args[3],	120 syscall_args[3],

117 syscall_args[4],	121 syscall_args[4],

118 syscall_args[5]) == -ENOMEM);	122 syscall_args[5]) == ErrnoToKernelRet(ENOMEM));

119	123

120 // We expect the trap handler to have copied the 6 arguments.	124 // We expect the trap handler to have copied the 6 arguments.

121 BPF_ASSERT(BPF_AUX->size() == 6);	125 BPF_ASSERT(BPF_AUX->size() == 6);

122	126

123 // Don't loop here so that we can see which argument does cause the failure	127 // Don't loop here so that we can see which argument does cause the failure

124 // easily from the failing line.	128 // easily from the failing line.

125 // uint64_t is the type passed to our SIGSYS handler.	129 // uint64_t is the type passed to our SIGSYS handler.

126 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0]));	130 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0]));

127 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1]));	131 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1]));

128 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2]));	132 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2]));

(...skipping 65 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
194	198

195 // Clean up	199 // Clean up

196 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L));	200 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L));

197 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L));	201 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L));

198 EXPECT_EQ(0, IGNORE_EINTR(SandboxSyscall(__NR_close, fd)));	202 EXPECT_EQ(0, IGNORE_EINTR(SandboxSyscall(__NR_close, fd)));

199 }	203 }

200	204

201 } // namespace	205 } // namespace

202	206

203 } // namespace sandbox	207 } // namespace sandbox

OLD	NEW