[MIPS] Add seccomp bpf support

sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
 #include "sandbox/linux/tests/unit_tests.h"
 
 namespace sandbox {
 
@@ skipping 17 matching lines @@
     SANDBOX_ASSERT(next == 0xFFFFFFFFu);
   }
 }
 
 SANDBOX_TEST(SyscallIterator, PublicSyscallRange) {
   SyscallIterator iter(false);
   uint32_t next = iter.Next();
 
   // The iterator should cover the public syscall range
   // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls.
-  // We're assuming MIN_SYSCALL == 0 for all architectures,
-  // this is currently valid for Intel and ARM EABI.
-  SANDBOX_ASSERT(MIN_SYSCALL == 0);
-  SANDBOX_ASSERT(next == MIN_SYSCALL);
+  if (MIN_SYSCALL) {

[jln (very slow on Chromium), 2014/05/16 19:30:17]

Let's just create Two Tests: SyscallIteratorIntelArm and SyscallIteratorMIPS.

This way, we can have both test check that the iterator does what we expect for
the architecture without any complicated logic.

[nedeljko, 2014/05/19 17:37:23]

Should I create just two tests (that would be PublicSyscallRangeIntelArm and
PublicSyscallRangeMIPS), or two iterators (SyscallIteratorIntelArm and
SyscallIteratorMIPS).

In later case I will have to rewrite all the places where this iterator is being
used in order to support new iterators.

[jln (very slow on Chromium), 2014/05/20 01:57:47]

No, just two tests.

The problem is that the SyscallIterator class is a little complicated because of
all the different architectures.
So you can make architecture-dependant unit tests that know about low-level
kernel implementation of their architecture and check that things are sane
there.

Or, to put it another way: the unit tests would look like another
implementation, but one that has a different function for every architecture.
This redundancy allows us to test things properly.

[nedeljko, 2014/05/22 17:38:55]

Done.

+    // When MIN_SYSCALL != 0 we need to move iterator to valid range
+    while (next < MIN_SYSCALL - 1) {
+      next = iter.Next();
+    }
+    SANDBOX_ASSERT(next == MIN_SYSCALL -1);
+  } else {
+    // We're assuming MIN_SYSCALL == 0 for Intel and ARM EABI
+    SANDBOX_ASSERT(MIN_SYSCALL == 0);
+    SANDBOX_ASSERT(next == MIN_SYSCALL);
+  }
+
   for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) {
     SANDBOX_ASSERT((next = iter.Next()) == last + 1);
   }
   SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1);
 }
 
 #if defined(__arm__)
 SANDBOX_TEST(SyscallIterator, ARMPrivateSyscallRange) {
   SyscallIterator iter(false);
   uint32_t next = iter.Next();
@@ skipping 48 matching lines @@
     next = iter.Next();
     SANDBOX_ASSERT(iter.Done());
     SANDBOX_ASSERT(next == 0xFFFFFFFFu);
   }
 }
 
 SANDBOX_TEST(SyscallIterator, InvalidOnly) {
   bool invalid_only = true;
   SyscallIterator iter(invalid_only);
   uint32_t next = iter.Next();
-  // We're assuming MIN_SYSCALL == 0 for all architectures,
-  // this is currently valid for Intel and ARM EABI.
+  // We're assuming MIN_SYSCALL == 0 for all architectures
+  // (this is currently valid for Intel and ARM EABI), except

[jln (very slow on Chromium), 2014/05/16 19:30:17]

Again, let's split this into two tests, one for MIPS, one for Intel + ARM.

[nedeljko, 2014/05/22 17:38:55]

Done.

+  // for Mips O32 ABI for which MIN_SYSCALL == 4000.
   // First invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|.
+#if defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32)
+  SANDBOX_ASSERT(MIN_SYSCALL == 4000);
+#else
   SANDBOX_ASSERT(MIN_SYSCALL == 0);
+#endif
+
+  // If MIN_SYSCALL != 0, we need to move iterator to valid range
+  if (MIN_SYSCALL) {
+    next = iter.Next();
+    // The iterator should skip until the last invalid syscall in this range.
+    SANDBOX_ASSERT(next == MIN_SYSCALL - 1);
+    while (next <= MAX_PUBLIC_SYSCALL) {
+      next = iter.Next();
+    }
+  }
+
   SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1);
 
 #if defined(__arm__)
   next = iter.Next();
   // The iterator should skip until the last invalid syscall in this range.
   SANDBOX_ASSERT(next == MIN_PRIVATE_SYSCALL - 1);
   while (next <= MAX_PRIVATE_SYSCALL) {
     next = iter.Next();
   }
 
   next = iter.Next();
   // The iterator should skip until the last invalid syscall in this range.
   SANDBOX_ASSERT(next == MIN_GHOST_SYSCALL - 1);
   while (next <= MAX_SYSCALL) {
     next = iter.Next();
   }
   SANDBOX_ASSERT(next == MAX_SYSCALL + 1);
 #endif
 }
 
 }  // namespace
 
 }  // namespace sandbox