| Index: sandbox/linux/seccomp-bpf/syscall.cc
|
| diff --git a/sandbox/linux/seccomp-bpf/syscall.cc b/sandbox/linux/seccomp-bpf/syscall.cc
|
| index 64c0b8eb9b41b708482571febc4d417b3e1110c4..9d2dfa73d30bc228cc31fe87a1fd4796173839ce 100644
|
| --- a/sandbox/linux/seccomp-bpf/syscall.cc
|
| +++ b/sandbox/linux/seccomp-bpf/syscall.cc
|
| @@ -1,13 +1,13 @@
|
| // Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
| -
|
| #include "sandbox/linux/seccomp-bpf/syscall.h"
|
|
|
| #include <asm/unistd.h>
|
| #include <errno.h>
|
|
|
| #include "base/basictypes.h"
|
| +#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
|
|
|
| namespace sandbox {
|
|
|
| @@ -170,6 +170,47 @@ asm(// We need to be able to tell the kernel exactly where we made a
|
| #endif
|
| ".fnend\n"
|
| "9:.size SyscallAsm, 9b-SyscallAsm\n"
|
| +#elif defined(__mips__)
|
| + ".text\n"
|
| + ".align 4\n"
|
| + ".type SyscallAsm, @function\n"
|
| + "SyscallAsm:.ent SyscallAsm\n"
|
| + ".frame $sp, 32, $ra\n"
|
| + ".set push\n"
|
| + ".set noreorder\n"
|
| + "addiu $sp, $sp, -32\n"
|
| + "sw $ra, 28($sp)\n"
|
| + // Check if "v0" is negative. If so, do not attempt to make a
|
| + // system call. Instead, compute the return address that is visible
|
| + // to the kernel after we execute "syscall". This address can be
|
| + // used as a marker that BPF code inspects.
|
| + "bgez $v0, 1f\n"
|
| + " nop\n"
|
| + "la $v0, 2f\n"
|
| + "b 2f\n"
|
| + " nop\n"
|
| + // On MIPS first four arguments go to registers a0 - a3 and any
|
| + // argument after that goes to stack. We can go ahead and directly
|
| + // copy the entries from the arguments array into the appropriate
|
| + // CPU registers and on the stack.
|
| + "1:lw $t0, 20($a0)\n"
|
| + "sw $t0, 20($sp)\n"
|
| + "lw $t0, 16($a0)\n"
|
| + "sw $t0, 16($sp)\n"
|
| + "lw $a3, 12($a0)\n"
|
| + "lw $a2, 8($a0)\n"
|
| + "lw $a1, 4($a0)\n"
|
| + "lw $a0, 0($a0)\n"
|
| + // Enter the kernel
|
| + "syscall\n"
|
| + // This is our "magic" return address that the BPF filter sees.
|
| + // Restore the return address from the stack.
|
| + "2:lw $ra, 28($sp)\n"
|
| + "jr $ra\n"
|
| + " addiu $sp, $sp, 32\n"
|
| + ".set pop\n"
|
| + ".end SyscallAsm\n"
|
| + ".size SyscallAsm,.-SyscallAsm\n"
|
| #endif
|
| ); // asm
|
|
|
| @@ -259,10 +300,62 @@ intptr_t Syscall::Call(int nr,
|
| );
|
| ret = inout;
|
| }
|
| +#elif defined(__mips__)
|
| + int err_status;
|
| + intptr_t ret = SandboxSyscallRaw(nr, args, &err_status);
|
| +
|
| + if (err_status) {
|
| + // On error, MIPS returns errno from syscall instead of -errno.
|
| + // The purpose of this negation is for SandboxSyscall() to behave
|
| + // more like it would on other architectures.
|
| + ret = -ret;
|
| + }
|
| #else
|
| #error "Unimplemented architecture"
|
| #endif
|
| return ret;
|
| }
|
|
|
| +void Syscall::PutValueInUcontext(intptr_t ret_val, ucontext_t* ctx) {
|
| +#if defined(__mips__)
|
| + // Mips ABI states that on error a3 CPU register has non zero value and if
|
| + // there is no error, it should be zero.
|
| + if (ret_val <= -1 && ret_val >= -4095) {
|
| + // |ret_val| followes the Syscall::Call() convention of being -errno on
|
| + // errors. In order to write correct value to return register this sign
|
| + // needs to be changed back.
|
| + ret_val = -ret_val;
|
| + SECCOMP_PARM4(ctx) = 1;
|
| + } else
|
| + SECCOMP_PARM4(ctx) = 0;
|
| +#endif
|
| + SECCOMP_RESULT(ctx) = static_cast<greg_t>(ret_val);
|
| +}
|
| +
|
| +#if defined(__mips__)
|
| +intptr_t SandboxSyscallRaw(int nr, const intptr_t* args, intptr_t* err_ret) {
|
| + register intptr_t ret __asm__("v0") = nr;
|
| + // a3 register becomes non zero on error.
|
| + register intptr_t err_stat __asm__("a3") = 0;
|
| + {
|
| + register const intptr_t* data __asm__("a0") = args;
|
| + asm volatile(
|
| + "la $t9, SyscallAsm\n"
|
| + "jalr $t9\n"
|
| + " nop\n"
|
| + : "=r"(ret), "=r"(err_stat)
|
| + : "0"(ret),
|
| + "r"(data)
|
| + // a2 is in the clober list so inline assembly can not change its
|
| + // value.
|
| + : "memory", "ra", "t9", "a2");
|
| + }
|
| +
|
| + // Set an error status so it can be used outside of this function
|
| + *err_ret = err_stat;
|
| +
|
| + return ret;
|
| +}
|
| +#endif // defined(__mips__)
|
| +
|
| } // namespace sandbox
|
|
|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master