Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(952)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

Issue 260793003: [MIPS] Add seccomp bpf support (Closed) Base URL: https://git.chromium.org/git/chromium/src.git@master
Patch Set: Rebase. Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/linux/seccomp-bpf/linux_seccomp.h ('K') | « sandbox/linux/seccomp-bpf/linux_seccomp.h ('k') | sandbox/linux/seccomp-bpf/syscall.cc » ('j') | sandbox/linux/seccomp-bpf/syscall.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
index 5c5c6275e8b02ed0bdb6284b7f1c7bfc60e2cbae..b12329123dcbad925e8bd382fe1dfde69164cc8b 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
@@ -578,6 +578,14 @@ ErrorCode RedirectAllSyscallsPolicy(SandboxBPF* sandbox, int sysno, void* aux) {
||
sysno == __NR_sigreturn
#endif
+#if defined(__mips)
+ // MIPS call to pipe() returns values of file descriptors in registers
+ // and then they are written to fd array by glibc.
+ // Since we are bypassing glibc call in traps, pipe() can't be trapped
+ // in order for test to work
+ ||
+ sysno == __NR_pipe
jln (very slow on Chromium) 2014/05/02 20:42:04 Let's change pipe() below to socketpair instead. T
nedeljko 2014/05/07 15:40:05 Done.
+#endif
) {
return ErrorCode(ErrorCode::ERR_ALLOWED);
} else if (SandboxBPF::IsValidSyscallNumber(sysno)) {
@@ -1670,7 +1678,13 @@ intptr_t PthreadTrapHandler(const struct arch_seccomp_data& args, void* aux) {
(long long)args.args[5],
msg);
}
+#if defined(__mips__)
jln (very slow on Chromium) 2014/05/02 20:42:04 Let's use a wrapper in services/ (see earlier comm
nedeljko 2014/05/07 15:40:05 Done.
+ // On MIPS architecture, kernel returns errno instead of -errno
+ // and glibc wrapper does not negate this value
+ return EPERM;
+#else
return -EPERM;
+#endif
}
ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) {
// This policy allows creating threads with pthread_create(). But it
@@ -1789,11 +1803,19 @@ static void PthreadTest() {
// run-time libraries other than glibc might call __NR_fork instead of
// __NR_clone, and that would introduce a bogus test failure.
int pid;
+#if defined(__mips__)
+ BPF_ASSERT(SandboxSyscall(__NR_clone,
+ CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD,
+ 0,
+ 0,
+ &pid) == EPERM);
jln (very slow on Chromium) 2014/05/02 20:42:04 Same remark.
nedeljko 2014/05/07 15:40:05 Done.
+#else
BPF_ASSERT(SandboxSyscall(__NR_clone,
CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD,
0,
0,
&pid) == -EPERM);
+#endif
}
BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); }
« sandbox/linux/seccomp-bpf/linux_seccomp.h ('K') | « sandbox/linux/seccomp-bpf/linux_seccomp.h ('k') | sandbox/linux/seccomp-bpf/syscall.cc » ('j') | sandbox/linux/seccomp-bpf/syscall.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698