bpf_dsl: move Verifier into PolicyCompiler

sandbox/linux/bpf_dsl/policy_compiler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
 
 #include <errno.h>
 #include <linux/filter.h>
 #include <sys/syscall.h>
 
 #include <limits>
 
 #include "base/logging.h"
 #include "base/macros.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
 #include "sandbox/linux/bpf_dsl/codegen.h"
+#include "sandbox/linux/bpf_dsl/dump_bpf.h"
 #include "sandbox/linux/bpf_dsl/policy.h"
 #include "sandbox/linux/bpf_dsl/seccomp_macros.h"
 #include "sandbox/linux/bpf_dsl/syscall_set.h"
+#include "sandbox/linux/bpf_dsl/verifier.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 #include "sandbox/linux/system_headers/linux_seccomp.h"
 
 namespace sandbox {
 namespace bpf_dsl {
 
 namespace {
 
 #if defined(__i386__) || defined(__x86_64__)
 const bool kIsIntel = true;
@@ skipping 56 matching lines @@
       escapepc_(0),
       conds_(),
       gen_(),
       has_unsafe_traps_(HasUnsafeTraps(policy_)) {
   DCHECK(policy);
 }
 
 PolicyCompiler::~PolicyCompiler() {
 }
 
-scoped_ptr<CodeGen::Program> PolicyCompiler::Compile() {
+scoped_ptr<CodeGen::Program> PolicyCompiler::Compile(bool verify) {
   CHECK(policy_->InvalidSyscall()->IsDeny())
       << "Policies should deny invalid system calls";
 
   // If our BPF program has unsafe traps, enable support for them.
   if (has_unsafe_traps_) {
     CHECK_NE(0U, escapepc_) << "UnsafeTrap() requires a valid escape PC";
 
     for (int sysnum : kSyscallsRequiredForUnsafeTraps) {
       CHECK(policy_->EvaluateSyscall(sysnum)->IsAllow())
           << "Policies that use UnsafeTrap() must unconditionally allow all "
              "required system calls";
     }
 
     CHECK(registry_->EnableUnsafeTraps())
         << "We'd rather die than enable unsafe traps";
   }
 
   // Assemble the BPF filter program.
   scoped_ptr<CodeGen::Program> program(new CodeGen::Program());
   gen_.Compile(AssemblePolicy(), program.get());
+
+  // Make sure compilation resulted in a BPF program that executes
+  // correctly. Otherwise, there is an internal error in our BPF compiler.
+  // There is really nothing the caller can do until the bug is fixed.
+  if (verify) {
+    const char* err = nullptr;
+    if (!Verifier::VerifyBPF(this, *program, *policy_, &err)) {
+      DumpBPF::PrintProgram(*program);
+      LOG(FATAL) << err;
+    }
+  }
+
   return program.Pass();
 }
 
 void PolicyCompiler::DangerousSetEscapePC(uint64_t escapepc) {
   escapepc_ = escapepc;
 }
 
 CodeGen::Node PolicyCompiler::AssemblePolicy() {
   // A compiled policy consists of three logical parts:
   //   1. Check that the "arch" field matches the expected architecture.
@@ skipping 347 matching lines @@
   return ErrorCode(argno,
                    width,
                    mask,
                    value,
                    &*conds_.insert(passed).first,
                    &*conds_.insert(failed).first);
 }
 
 }  // namespace bpf_dsl
 }  // namespace sandbox