[MIPS] Add seccomp bpf support

sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
 #include "sandbox/linux/tests/unit_tests.h"
 
 namespace sandbox {
 
@@ skipping 11 matching lines @@
     }
     for (uint32_t last = next; !iter.Done(); last = next) {
       next = iter.Next();
       SANDBOX_ASSERT(last < next);
     }
     // The iterator should always return 0xFFFFFFFFu as the last value.
     SANDBOX_ASSERT(next == 0xFFFFFFFFu);
   }
 }
 
-SANDBOX_TEST(SyscallIterator, PublicSyscallRange) {
+#if defined(__mips__)
+SANDBOX_TEST(SyscallIterator, PublicSyscallRangeMIPS) {
   SyscallIterator iter(false);
   uint32_t next = iter.Next();
 
+  // The iterator should cover the public syscall range
+  // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls.
+  // Since MIN_SYSCALL != 0 we need to move iterator to valid range.
+  while (next < MIN_SYSCALL - 1) {

[jln (very slow on Chromium), 2014/05/28 00:06:57]

Don't perform a while loop here. This test should explicitly show what Next()
does.

It should do 0, then skip to MIN_SYSCALL - 1 immediately (or something similar).

This test should be a great way to know exactly what happens without reading the
code.

[nedeljko, 2014/05/29 14:06:45]

Done.

+    next = iter.Next();
+  }
+  SANDBOX_ASSERT(next == MIN_SYSCALL -1);
+
+  for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) {
+    SANDBOX_ASSERT((next = iter.Next()) == last + 1);
+  }
+  SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1);
+}
+#else
+SANDBOX_TEST(SyscallIterator, PublicSyscallRangeIntelArm) {
+  SyscallIterator iter(false);
+  uint32_t next = iter.Next();
+
   // The iterator should cover the public syscall range
   // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls.
   // We're assuming MIN_SYSCALL == 0 for all architectures,
   // this is currently valid for Intel and ARM EABI.
   SANDBOX_ASSERT(MIN_SYSCALL == 0);
   SANDBOX_ASSERT(next == MIN_SYSCALL);
   for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) {
     SANDBOX_ASSERT((next = iter.Next()) == last + 1);
   }
   SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1);
 }
+#endif

[jln (very slow on Chromium), 2014/05/28 00:06:57]

Nit: add "// defined(__mips__)"

[nedeljko, 2014/05/29 14:06:45]

Done.

 
 #if defined(__arm__)
 SANDBOX_TEST(SyscallIterator, ARMPrivateSyscallRange) {
   SyscallIterator iter(false);
   uint32_t next = iter.Next();
   while (next < MIN_PRIVATE_SYSCALL - 1) {
     next = iter.Next();
   }
   // The iterator should cover the ARM private syscall range
   // without skipping syscalls.
@@ skipping 39 matching lines @@
     SANDBOX_ASSERT(next == 0x7FFFFFFFu);
     next = iter.Next();
     SANDBOX_ASSERT(next == 0x80000000u);
     SANDBOX_ASSERT(!iter.Done());
     next = iter.Next();
     SANDBOX_ASSERT(iter.Done());
     SANDBOX_ASSERT(next == 0xFFFFFFFFu);
   }
 }
 
-SANDBOX_TEST(SyscallIterator, InvalidOnly) {
+#if defined(__mips__)
+SANDBOX_TEST(SyscallIterator, InvalidOnlyMIPS) {
   bool invalid_only = true;
   SyscallIterator iter(invalid_only);
   uint32_t next = iter.Next();

[jln (very slow on Chromium), 2014/05/28 00:06:57]

You should ASSERT the value of iter.Next() here.

[nedeljko, 2014/05/29 14:06:45]

Done.

+  // For Mips O32 ABI we're assuming MIN_SYSCALL == 4000.
+  SANDBOX_ASSERT(MIN_SYSCALL == 4000);
+
+  // Since MIN_SYSCALL != 0, we need to move iterator to valid range
+  next = iter.Next();
+  // The iterator should skip until the last invalid syscall in this range.
+  SANDBOX_ASSERT(next == MIN_SYSCALL - 1);
+  int count = 0;
+  while (next <= MAX_PUBLIC_SYSCALL) {
+    printf("count: %d\n",count++);

[jln (very slow on Chromium), 2014/05/28 00:06:57]

Did you forget to remove this printf?

You should instead assert that the iterator never returns a public syscall.

[nedeljko, 2014/05/28 09:33:43]

Yes, sorry...
But the counter of this loop is going over public syscall range.

On the other hand, I should probably remove this loop and instead do one
iteration.
This way assert after this loop will check iterator correctly,

[nedeljko, 2014/05/29 14:06:45]

Done.

+    next = iter.Next();
+  }
+  // First next invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|.
+  SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1);
+}
+
+#else
+
+SANDBOX_TEST(SyscallIterator, InvalidOnlyIntelArm) {
+  bool invalid_only = true;
+  SyscallIterator iter(invalid_only);
+  uint32_t next = iter.Next();
   // We're assuming MIN_SYSCALL == 0 for all architectures,
   // this is currently valid for Intel and ARM EABI.
   // First invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|.
   SANDBOX_ASSERT(MIN_SYSCALL == 0);
   SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1);
 
 #if defined(__arm__)
   next = iter.Next();
   // The iterator should skip until the last invalid syscall in this range.
   SANDBOX_ASSERT(next == MIN_PRIVATE_SYSCALL - 1);
   while (next <= MAX_PRIVATE_SYSCALL) {
     next = iter.Next();
   }
 
   next = iter.Next();
   // The iterator should skip until the last invalid syscall in this range.
   SANDBOX_ASSERT(next == MIN_GHOST_SYSCALL - 1);
   while (next <= MAX_SYSCALL) {
     next = iter.Next();
   }
   SANDBOX_ASSERT(next == MAX_SYSCALL + 1);
 #endif

[jln (very slow on Chromium), 2014/05/28 00:06:57]

Nit: add "// defined(__arm__)"

[nedeljko, 2014/05/29 14:06:45]

Done.

 }
+#endif

[jln (very slow on Chromium), 2014/05/28 00:06:57]

Nit: add "// defined(__mips__)

[nedeljko, 2014/05/29 14:06:45]

Done.

 
 }  // namespace
 
 }  // namespace sandbox