Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/codegen.cc

Issue 1029283003: WIP: Implement seccomp-bpf sandbox for nacl_helper_nonsfi. Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/public/common/sandbox_init.h ('k') | sandbox/linux/bpf_dsl/codegen_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/bpf_dsl/codegen.h" 5 #include "sandbox/linux/bpf_dsl/codegen.h"
6 6
7 #include <linux/filter.h>
8
9 #include <limits> 7 #include <limits>
10 #include <utility> 8 #include <utility>
11 9
12 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "sandbox/linux/system_headers/linux_filter.h"
13 12
14 // This CodeGen implementation strives for simplicity while still 13 // This CodeGen implementation strives for simplicity while still
15 // generating acceptable BPF programs under typical usage patterns 14 // generating acceptable BPF programs under typical usage patterns
16 // (e.g., by PolicyCompiler). 15 // (e.g., by PolicyCompiler).
17 // 16 //
18 // The key to its simplicity is that BPF programs only support forward 17 // The key to its simplicity is that BPF programs only support forward
19 // jumps/branches, which allows constraining the DAG construction API 18 // jumps/branches, which allows constraining the DAG construction API
20 // to make instruction nodes immutable. Immutable nodes admits a 19 // to make instruction nodes immutable. Immutable nodes admits a
21 // simple greedy approach of emitting new instructions as needed and 20 // simple greedy approach of emitting new instructions as needed and
22 // then reusing existing ones that have already been emitted. This 21 // then reusing existing ones that have already been emitted. This
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after
125 CHECK_LE(jf, kBranchRange); 124 CHECK_LE(jf, kBranchRange);
126 } else { 125 } else {
127 CHECK_EQ(0U, jt); 126 CHECK_EQ(0U, jt);
128 CHECK_EQ(0U, jf); 127 CHECK_EQ(0U, jf);
129 } 128 }
130 129
131 CHECK_LT(program_.size(), static_cast<size_t>(BPF_MAXINSNS)); 130 CHECK_LT(program_.size(), static_cast<size_t>(BPF_MAXINSNS));
132 CHECK_EQ(program_.size(), equivalent_.size()); 131 CHECK_EQ(program_.size(), equivalent_.size());
133 132
134 Node res = program_.size(); 133 Node res = program_.size();
135 program_.push_back(sock_filter{code, jt, jf, k}); 134 program_.push_back(sock_filter{
135 code, static_cast<uint8_t>(jt), static_cast<uint8_t>(jf), k});
136 equivalent_.push_back(res); 136 equivalent_.push_back(res);
137 return res; 137 return res;
138 } 138 }
139 139
140 size_t CodeGen::Offset(Node target) const { 140 size_t CodeGen::Offset(Node target) const {
141 CHECK_LT(target, program_.size()) << "Bogus offset target node"; 141 CHECK_LT(target, program_.size()) << "Bogus offset target node";
142 return (program_.size() - 1) - target; 142 return (program_.size() - 1) - target;
143 } 143 }
144 144
145 // TODO(mdempsky): Move into a general base::Tuple helper library. 145 // TODO(mdempsky): Move into a general base::Tuple helper library.
146 bool CodeGen::MemoKeyLess::operator()(const MemoKey& lhs, 146 bool CodeGen::MemoKeyLess::operator()(const MemoKey& lhs,
147 const MemoKey& rhs) const { 147 const MemoKey& rhs) const {
148 if (get<0>(lhs) != get<0>(rhs)) 148 if (get<0>(lhs) != get<0>(rhs))
149 return get<0>(lhs) < get<0>(rhs); 149 return get<0>(lhs) < get<0>(rhs);
150 if (get<1>(lhs) != get<1>(rhs)) 150 if (get<1>(lhs) != get<1>(rhs))
151 return get<1>(lhs) < get<1>(rhs); 151 return get<1>(lhs) < get<1>(rhs);
152 if (get<2>(lhs) != get<2>(rhs)) 152 if (get<2>(lhs) != get<2>(rhs))
153 return get<2>(lhs) < get<2>(rhs); 153 return get<2>(lhs) < get<2>(rhs);
154 if (get<3>(lhs) != get<3>(rhs)) 154 if (get<3>(lhs) != get<3>(rhs))
155 return get<3>(lhs) < get<3>(rhs); 155 return get<3>(lhs) < get<3>(rhs);
156 return false; 156 return false;
157 } 157 }
158 158
159 } // namespace sandbox 159 } // namespace sandbox
OLDNEW
« no previous file with comments | « content/public/common/sandbox_init.h ('k') | sandbox/linux/bpf_dsl/codegen_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698