Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(456)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp/securemem.h

Issue 661438: Seccomp sandbox changes (performance and correctness fixes, primarily targetting x86-32) (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 10 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp/sandbox_impl.h ('k') | sandbox/linux/seccomp/syscall.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Property Changes:
Added: svn:eol-style
+ LF
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
1 #ifndef SECURE_MEM_H__ 5 #ifndef SECURE_MEM_H__
2 #define SECURE_MEM_H__ 6 #define SECURE_MEM_H__
3 7
4 #include <stdlib.h> 8 #include <stdlib.h>
5 9
6 namespace playground { 10 namespace playground {
7 11
8 class SecureMem { 12 class SecureMem {
9 public: 13 public:
10 // Each thread is associated with two memory pages (i.e. 8192 bytes). This 14 // Each thread is associated with two memory pages (i.e. 8192 bytes). This
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
43 void* rdi; 47 void* rdi;
44 void* r8; 48 void* r8;
45 void* r9; 49 void* r9;
46 void* r10; 50 void* r10;
47 void* r11; 51 void* r11;
48 void* r12; 52 void* r12;
49 void* r13; 53 void* r13;
50 void* r14; 54 void* r14;
51 void* r15; 55 void* r15;
52 #elif defined(__i386__) 56 #elif defined(__i386__)
53 void* ret2;
54 void* ebp; 57 void* ebp;
55 void* edi; 58 void* edi;
56 void* esi; 59 void* esi;
57 void* edx; 60 void* edx;
58 void* ecx; 61 void* ecx;
59 void* ebx; 62 void* ebx;
60 #else 63 #else
61 #error Unsupported target platform 64 #error Unsupported target platform
62 #endif 65 #endif
63 66
(...skipping 15 matching lines...) Expand all
79 long long threadFdPub; 82 long long threadFdPub;
80 } __attribute__((packed)); 83 } __attribute__((packed));
81 char header[512]; 84 char header[512];
82 }; 85 };
83 // Used for calls such as open() and stat(). 86 // Used for calls such as open() and stat().
84 char pathname[4096 - 512]; 87 char pathname[4096 - 512];
85 } __attribute__((packed)); 88 } __attribute__((packed));
86 char securePage[4096]; 89 char securePage[4096];
87 }; 90 };
88 union { 91 union {
89 // This scratch space is used by the trusted thread to read parameters
90 // for unrestricted system calls.
91 struct { 92 struct {
93 // This scratch space is used by the trusted thread to read parameters
94 // for unrestricted system calls.
92 long tmpSyscallNum; 95 long tmpSyscallNum;
93 void* tmpArg1; 96 void* tmpArg1;
94 void* tmpArg2; 97 void* tmpArg2;
95 void* tmpArg3; 98 void* tmpArg3;
96 void* tmpArg4; 99 void* tmpArg4;
97 void* tmpArg5; 100 void* tmpArg5;
98 void* tmpArg6; 101 void* tmpArg6;
99 void* tmpReturnValue; 102 void* tmpReturnValue;
103
104 // We often have long sequences of calls to gettimeofday(). This is
105 // needlessly expensive. Coalesce them into a single call.
106 long lastSyscallNum;
107 int gettimeofdayCounter;
100 } __attribute__((packed)); 108 } __attribute__((packed));
101 char scratchPage[4096]; 109 char scratchPage[4096];
102 }; 110 };
103 } __attribute__((packed)) Args; 111 } __attribute__((packed)) Args;
104 112
105 // Allows the trusted process to check whether the parent process still 113 // Allows the trusted process to check whether the parent process still
106 // exists. If it doesn't, kill the trusted process. 114 // exists. If it doesn't, kill the trusted process.
107 static void dieIfParentDied(int parentProc); 115 static void dieIfParentDied(int parentProc);
108 116
109 // The trusted process received a system call that it intends to deny. 117 // The trusted process received a system call that it intends to deny.
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
170 static void sendSystemCallInternal(int fd, bool locked, int parentProc, 178 static void sendSystemCallInternal(int fd, bool locked, int parentProc,
171 Args* mem, int syscallNum, void* arg1 = 0, 179 Args* mem, int syscallNum, void* arg1 = 0,
172 void* arg2 = 0, void* arg3 = 0, 180 void* arg2 = 0, void* arg3 = 0,
173 void* arg4 = 0, void* arg5 = 0, 181 void* arg4 = 0, void* arg5 = 0,
174 void* arg6 = 0); 182 void* arg6 = 0);
175 }; 183 };
176 184
177 } // namespace 185 } // namespace
178 186
179 #endif // SECURE_MEM_H__ 187 #endif // SECURE_MEM_H__
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp/sandbox_impl.h ('k') | sandbox/linux/seccomp/syscall.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698