Chromium Code Reviews Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
| 7 | 7 |
| 8 // The Seccomp2 kernel ABI is not part of older versions of glibc. | 8 // The Seccomp2 kernel ABI is not part of older versions of glibc. |
| 9 // As we can't break compilation with these versions of the library, | 9 // As we can't break compilation with these versions of the library, |
| 10 // we explicitly define all missing symbols. | 10 // we explicitly define all missing symbols. |
| 11 // If we ever decide that we can now rely on system headers, the following | 11 // If we ever decide that we can now rely on system headers, the following |
| 12 // include files should be enabled: | 12 // include files should be enabled: |
| 13 // #include <linux/audit.h> | 13 // #include <linux/audit.h> |
| 14 // #include <linux/seccomp.h> | 14 // #include <linux/seccomp.h> |
| 15 | 15 |
| 16 #include <asm/unistd.h> | 16 #include <asm/unistd.h> |
| 17 #include <linux/filter.h> | 17 #include <linux/filter.h> |
| 18 | 18 |
| 19 #include <sys/cdefs.h> | 19 #include <sys/cdefs.h> |
| 20 // Old Bionic versions do not have sys/user.h. The if can be removed once we no | 20 // Old Bionic versions do not have sys/user.h. The if can be removed once we no |
| 21 // longer need to support these old Bionic versions. | 21 // longer need to support these old Bionic versions. |
| 22 // All x86_64 builds use a new enough bionic to have sys/user.h. | 22 // All x86_64 builds use a new enough bionic to have sys/user.h. |
| 23 #if !defined(__BIONIC__) || defined(__x86_64__) | 23 #if !defined(__BIONIC__) || defined(__x86_64__) |
| 24 #include <sys/types.h> // Fix for gcc 4.7, make sure __uint16_t is defined. | 24 #include <sys/types.h> // Fix for gcc 4.7, make sure __uint16_t is defined. |
| 25 #include <sys/user.h> | 25 #include <sys/user.h> |
| 26 #if defined(__mips__) | |
| 27 // sys/user.h in eglibc misses size_t definition | |
|
mdempsky
2014/07/14 18:10:50
If you only need size_t, I'd suggest including <st
nedeljko
2014/07/15 15:22:15
Done.
| |
| 28 #include <unistd.h> | |
| 29 #endif | |
| 26 #endif | 30 #endif |
| 27 | 31 |
| 28 // For audit.h | 32 // For audit.h |
| 29 #ifndef EM_ARM | 33 #ifndef EM_ARM |
| 30 #define EM_ARM 40 | 34 #define EM_ARM 40 |
| 31 #endif | 35 #endif |
| 32 #ifndef EM_386 | 36 #ifndef EM_386 |
| 33 #define EM_386 3 | 37 #define EM_386 3 |
| 34 #endif | 38 #endif |
| 35 #ifndef EM_X86_64 | 39 #ifndef EM_X86_64 |
| 36 #define EM_X86_64 62 | 40 #define EM_X86_64 62 |
| 37 #endif | 41 #endif |
| 42 #ifndef EM_MIPS | |
| 43 #define EM_MIPS 8 | |
| 44 #endif | |
| 38 | 45 |
| 39 #ifndef __AUDIT_ARCH_64BIT | 46 #ifndef __AUDIT_ARCH_64BIT |
| 40 #define __AUDIT_ARCH_64BIT 0x80000000 | 47 #define __AUDIT_ARCH_64BIT 0x80000000 |
| 41 #endif | 48 #endif |
| 42 #ifndef __AUDIT_ARCH_LE | 49 #ifndef __AUDIT_ARCH_LE |
| 43 #define __AUDIT_ARCH_LE 0x40000000 | 50 #define __AUDIT_ARCH_LE 0x40000000 |
| 44 #endif | 51 #endif |
| 45 #ifndef AUDIT_ARCH_ARM | 52 #ifndef AUDIT_ARCH_ARM |
| 46 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) | 53 #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) |
| 47 #endif | 54 #endif |
| 48 #ifndef AUDIT_ARCH_I386 | 55 #ifndef AUDIT_ARCH_I386 |
| 49 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) | 56 #define AUDIT_ARCH_I386 (EM_386|__AUDIT_ARCH_LE) |
| 50 #endif | 57 #endif |
| 51 #ifndef AUDIT_ARCH_X86_64 | 58 #ifndef AUDIT_ARCH_X86_64 |
| 52 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) | 59 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) |
| 53 #endif | 60 #endif |
| 61 #ifndef AUDIT_ARCH_MIPSEL | |
| 62 #define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE) | |
| 63 #endif | |
| 54 | 64 |
| 55 // For prctl.h | 65 // For prctl.h |
| 56 #ifndef PR_SET_SECCOMP | 66 #ifndef PR_SET_SECCOMP |
| 57 #define PR_SET_SECCOMP 22 | 67 #define PR_SET_SECCOMP 22 |
| 58 #define PR_GET_SECCOMP 21 | 68 #define PR_GET_SECCOMP 21 |
| 59 #endif | 69 #endif |
| 60 #ifndef PR_SET_NO_NEW_PRIVS | 70 #ifndef PR_SET_NO_NEW_PRIVS |
| 61 #define PR_SET_NO_NEW_PRIVS 38 | 71 #define PR_SET_NO_NEW_PRIVS 38 |
| 62 #define PR_GET_NO_NEW_PRIVS 39 | 72 #define PR_GET_NO_NEW_PRIVS 39 |
| 63 #endif | 73 #endif |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 280 #define SECCOMP_PT_RESULT(_regs) (_regs).REG_r0 | 290 #define SECCOMP_PT_RESULT(_regs) (_regs).REG_r0 |
| 281 #define SECCOMP_PT_SYSCALL(_regs) (_regs).REG_r7 | 291 #define SECCOMP_PT_SYSCALL(_regs) (_regs).REG_r7 |
| 282 #define SECCOMP_PT_IP(_regs) (_regs).REG_pc | 292 #define SECCOMP_PT_IP(_regs) (_regs).REG_pc |
| 283 #define SECCOMP_PT_PARM1(_regs) (_regs).REG_r0 | 293 #define SECCOMP_PT_PARM1(_regs) (_regs).REG_r0 |
| 284 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_r1 | 294 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_r1 |
| 285 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_r2 | 295 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_r2 |
| 286 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_r3 | 296 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_r3 |
| 287 #define SECCOMP_PT_PARM5(_regs) (_regs).REG_r4 | 297 #define SECCOMP_PT_PARM5(_regs) (_regs).REG_r4 |
| 288 #define SECCOMP_PT_PARM6(_regs) (_regs).REG_r5 | 298 #define SECCOMP_PT_PARM6(_regs) (_regs).REG_r5 |
| 289 | 299 |
| 300 #elif defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32) | |
| 301 #define MIN_SYSCALL __NR_O32_Linux | |
| 302 #define MAX_PUBLIC_SYSCALL (MIN_SYSCALL + __NR_Linux_syscalls) | |
| 303 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL | |
| 304 #define SECCOMP_ARCH AUDIT_ARCH_MIPSEL | |
| 305 #define SYSCALL_EIGHT_ARGS | |
| 306 // MIPS sigcontext_t is different from i386/x86_64 and ARM. | |
| 307 // See </arch/mips/include/uapi/asm/sigcontext.h> in the Linux kernel. | |
| 308 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[_reg]) | |
| 309 // Based on MIPS o32 ABI syscall convention. | |
| 310 // On MIPS, when indirect syscall is being made (syscall(__NR_foo)), | |
| 311 // real identificator (__NR_foo) is not in v0, but in a0 | |
| 312 #define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, 2) | |
| 313 #define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, 2) | |
| 314 #define SECCOMP_IP(_ctx) (_ctx)->uc_mcontext.pc | |
| 315 #define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, 4) | |
| 316 #define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, 5) | |
| 317 #define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, 6) | |
| 318 #define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, 7) | |
| 319 // Only the first 4 arguments of syscall are in registers. | |
| 320 // The rest are on the stack. | |
| 321 #define SECCOMP_PARM5(_ctx) (long int)(*((intptr_t*)SECCOMP_REG(_ctx, \ | |
|
mdempsky
2014/07/14 18:10:50
How about:
#define SECCOMP_STACKPARM(_ctx, n) ((
nedeljko
2014/07/15 15:22:15
Done.
| |
| 322 29) + 4)) | |
| 323 #define SECCOMP_PARM6(_ctx) (long int)(*((intptr_t*)SECCOMP_REG(_ctx, \ | |
| 324 29) + 5)) | |
| 325 #define SECCOMP_PARM7(_ctx) (long int)(*((intptr_t*)SECCOMP_REG(_ctx, \ | |
| 326 29) + 6)) | |
| 327 #define SECCOMP_PARM8(_ctx) (long int)(*((intptr_t*)SECCOMP_REG(_ctx, \ | |
| 328 29) + 7)) | |
| 329 #define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr)) | |
| 330 #define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) | |
| 331 #define SECCOMP_IP_MSB_IDX (offsetof(struct arch_seccomp_data, \ | |
| 332 instruction_pointer) + 4) | |
| 333 #define SECCOMP_IP_LSB_IDX (offsetof(struct arch_seccomp_data, \ | |
| 334 instruction_pointer) + 0) | |
| 335 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | |
| 336 8*(nr) + 4) | |
| 337 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) + \ | |
| 338 8*(nr) + 0) | |
| 339 | |
| 340 // On Mips we don't have structures like user_regs or user_regs_struct in | |
| 341 // sys/user.h that we could use, so we just define regs_struct directly. | |
| 342 struct regs_struct { | |
| 343 unsigned long long regs[32]; | |
| 344 }; | |
| 345 | |
| 346 #define REG_a3 regs[7] | |
| 347 #define REG_a2 regs[6] | |
| 348 #define REG_a1 regs[5] | |
| 349 #define REG_a0 regs[4] | |
| 350 #define REG_v1 regs[3] | |
| 351 #define REG_v0 regs[2] | |
| 352 | |
| 353 #define SECCOMP_PT_RESULT(_regs) (_regs).REG_v0 | |
| 354 #define SECCOMP_PT_SYSCALL(_regs) (_regs).REG_v0 | |
| 355 #define SECCOMP_PT_PARM1(_regs) (_regs).REG_a0 | |
| 356 #define SECCOMP_PT_PARM2(_regs) (_regs).REG_a1 | |
| 357 #define SECCOMP_PT_PARM3(_regs) (_regs).REG_a2 | |
| 358 #define SECCOMP_PT_PARM4(_regs) (_regs).REG_a3 | |
| 359 | |
| 290 #else | 360 #else |
| 291 #error Unsupported target platform | 361 #error Unsupported target platform |
| 292 | 362 |
| 293 #endif | 363 #endif |
| 294 | 364 |
| 295 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ | 365 #endif // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__ |
| OLD | NEW |
