Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(678)

Side by Side Diff: sandbox/linux/bpf_dsl/verifier.cc

Issue 1310773006: Update sandbox/linux from upstream (Closed) Base URL: ssh://ssh.github.com/domokit/mojo.git@master
Patch Set: Update to 3909ebfa69566f7374a6900e63cd4d3c73a35378 Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/bpf_dsl/verifier.h" 5 #include "sandbox/linux/bpf_dsl/verifier.h"
6 6
7 #include <string.h> 7 #include <string.h>
8 8
9 #include <limits> 9 #include <limits>
10 10
11 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 11 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
12 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h" 12 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
13 #include "sandbox/linux/bpf_dsl/errorcode.h"
13 #include "sandbox/linux/bpf_dsl/policy.h" 14 #include "sandbox/linux/bpf_dsl/policy.h"
14 #include "sandbox/linux/bpf_dsl/policy_compiler.h" 15 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
15 #include "sandbox/linux/bpf_dsl/seccomp_macros.h" 16 #include "sandbox/linux/bpf_dsl/seccomp_macros.h"
16 #include "sandbox/linux/bpf_dsl/syscall_set.h" 17 #include "sandbox/linux/bpf_dsl/syscall_set.h"
17 #include "sandbox/linux/seccomp-bpf/errorcode.h"
18 #include "sandbox/linux/system_headers/linux_filter.h" 18 #include "sandbox/linux/system_headers/linux_filter.h"
19 #include "sandbox/linux/system_headers/linux_seccomp.h" 19 #include "sandbox/linux/system_headers/linux_seccomp.h"
20 20
21 namespace sandbox { 21 namespace sandbox {
22 namespace bpf_dsl { 22 namespace bpf_dsl {
23 23
24 namespace { 24 namespace {
25 25
26 const uint64_t kLower32Bits = std::numeric_limits<uint32_t>::max(); 26 const uint64_t kLower32Bits = std::numeric_limits<uint32_t>::max();
27 const uint64_t kUpper32Bits = static_cast<uint64_t>(kLower32Bits) << 32; 27 const uint64_t kUpper32Bits = static_cast<uint64_t>(kLower32Bits) << 32;
(...skipping 333 matching lines...) Expand 10 before | Expand all | Expand 10 after
361 switch (BPF_CLASS(insn.code)) { 361 switch (BPF_CLASS(insn.code)) {
362 case BPF_LD: 362 case BPF_LD:
363 Ld(&state, insn, err); 363 Ld(&state, insn, err);
364 break; 364 break;
365 case BPF_JMP: 365 case BPF_JMP:
366 Jmp(&state, insn, err); 366 Jmp(&state, insn, err);
367 break; 367 break;
368 case BPF_RET: { 368 case BPF_RET: {
369 uint32_t r = Ret(&state, insn, err); 369 uint32_t r = Ret(&state, insn, err);
370 switch (r & SECCOMP_RET_ACTION) { 370 switch (r & SECCOMP_RET_ACTION) {
371 case SECCOMP_RET_ALLOW:
372 case SECCOMP_RET_ERRNO:
373 case SECCOMP_RET_KILL:
374 case SECCOMP_RET_TRACE:
371 case SECCOMP_RET_TRAP: 375 case SECCOMP_RET_TRAP:
372 case SECCOMP_RET_ERRNO:
373 case SECCOMP_RET_TRACE:
374 case SECCOMP_RET_ALLOW:
375 break; 376 break;
376 case SECCOMP_RET_KILL: // We don't ever generate this
377 case SECCOMP_RET_INVALID: // Should never show up in BPF program 377 case SECCOMP_RET_INVALID: // Should never show up in BPF program
378 default: 378 default:
379 *err = "Unexpected return code found in BPF program"; 379 *err = "Unexpected return code found in BPF program";
380 return 0; 380 return 0;
381 } 381 }
382 return r; 382 return r;
383 } 383 }
384 case BPF_ALU: 384 case BPF_ALU:
385 Alu(&state, insn, err); 385 Alu(&state, insn, err);
386 break; 386 break;
387 default: 387 default:
388 *err = "Unexpected instruction in BPF program"; 388 *err = "Unexpected instruction in BPF program";
389 break; 389 break;
390 } 390 }
391 } 391 }
392 return 0; 392 return 0;
393 } 393 }
394 394
395 } // namespace bpf_dsl 395 } // namespace bpf_dsl
396 } // namespace sandbox 396 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/bpf_dsl/test_trap_registry_unittest.cc ('k') | sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698