OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
6 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" | 6 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
7 #include "sandbox/linux/tests/unit_tests.h" | 7 #include "sandbox/linux/tests/unit_tests.h" |
8 | 8 |
9 namespace sandbox { | 9 namespace sandbox { |
10 | 10 |
(...skipping 11 matching lines...) Expand all Loading... | |
22 } | 22 } |
23 for (uint32_t last = next; !iter.Done(); last = next) { | 23 for (uint32_t last = next; !iter.Done(); last = next) { |
24 next = iter.Next(); | 24 next = iter.Next(); |
25 SANDBOX_ASSERT(last < next); | 25 SANDBOX_ASSERT(last < next); |
26 } | 26 } |
27 // The iterator should always return 0xFFFFFFFFu as the last value. | 27 // The iterator should always return 0xFFFFFFFFu as the last value. |
28 SANDBOX_ASSERT(next == 0xFFFFFFFFu); | 28 SANDBOX_ASSERT(next == 0xFFFFFFFFu); |
29 } | 29 } |
30 } | 30 } |
31 | 31 |
32 SANDBOX_TEST(SyscallIterator, PublicSyscallRange) { | 32 #if defined(__mips__) |
33 SANDBOX_TEST(SyscallIterator, PublicSyscallRangeMIPS) { | |
33 SyscallIterator iter(false); | 34 SyscallIterator iter(false); |
34 uint32_t next = iter.Next(); | 35 uint32_t next = iter.Next(); |
35 | 36 |
37 // The iterator should cover the public syscall range | |
38 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls. | |
39 // Since MIN_SYSCALL != 0 we need to move iterator to valid range. | |
40 while (next < MIN_SYSCALL - 1) { | |
jln (very slow on Chromium)
2014/05/28 00:06:57
Don't perform a while loop here. This test should
nedeljko
2014/05/29 14:06:45
Done.
| |
41 next = iter.Next(); | |
42 } | |
43 SANDBOX_ASSERT(next == MIN_SYSCALL -1); | |
44 | |
45 for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) { | |
46 SANDBOX_ASSERT((next = iter.Next()) == last + 1); | |
47 } | |
48 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); | |
49 } | |
50 #else | |
51 SANDBOX_TEST(SyscallIterator, PublicSyscallRangeIntelArm) { | |
52 SyscallIterator iter(false); | |
53 uint32_t next = iter.Next(); | |
54 | |
36 // The iterator should cover the public syscall range | 55 // The iterator should cover the public syscall range |
37 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls. | 56 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls. |
38 // We're assuming MIN_SYSCALL == 0 for all architectures, | 57 // We're assuming MIN_SYSCALL == 0 for all architectures, |
39 // this is currently valid for Intel and ARM EABI. | 58 // this is currently valid for Intel and ARM EABI. |
40 SANDBOX_ASSERT(MIN_SYSCALL == 0); | 59 SANDBOX_ASSERT(MIN_SYSCALL == 0); |
41 SANDBOX_ASSERT(next == MIN_SYSCALL); | 60 SANDBOX_ASSERT(next == MIN_SYSCALL); |
42 for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) { | 61 for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) { |
43 SANDBOX_ASSERT((next = iter.Next()) == last + 1); | 62 SANDBOX_ASSERT((next = iter.Next()) == last + 1); |
44 } | 63 } |
45 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); | 64 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); |
46 } | 65 } |
66 #endif | |
jln (very slow on Chromium)
2014/05/28 00:06:57
Nit: add "// defined(__mips__)"
nedeljko
2014/05/29 14:06:45
Done.
| |
47 | 67 |
48 #if defined(__arm__) | 68 #if defined(__arm__) |
49 SANDBOX_TEST(SyscallIterator, ARMPrivateSyscallRange) { | 69 SANDBOX_TEST(SyscallIterator, ARMPrivateSyscallRange) { |
50 SyscallIterator iter(false); | 70 SyscallIterator iter(false); |
51 uint32_t next = iter.Next(); | 71 uint32_t next = iter.Next(); |
52 while (next < MIN_PRIVATE_SYSCALL - 1) { | 72 while (next < MIN_PRIVATE_SYSCALL - 1) { |
53 next = iter.Next(); | 73 next = iter.Next(); |
54 } | 74 } |
55 // The iterator should cover the ARM private syscall range | 75 // The iterator should cover the ARM private syscall range |
56 // without skipping syscalls. | 76 // without skipping syscalls. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
96 SANDBOX_ASSERT(next == 0x7FFFFFFFu); | 116 SANDBOX_ASSERT(next == 0x7FFFFFFFu); |
97 next = iter.Next(); | 117 next = iter.Next(); |
98 SANDBOX_ASSERT(next == 0x80000000u); | 118 SANDBOX_ASSERT(next == 0x80000000u); |
99 SANDBOX_ASSERT(!iter.Done()); | 119 SANDBOX_ASSERT(!iter.Done()); |
100 next = iter.Next(); | 120 next = iter.Next(); |
101 SANDBOX_ASSERT(iter.Done()); | 121 SANDBOX_ASSERT(iter.Done()); |
102 SANDBOX_ASSERT(next == 0xFFFFFFFFu); | 122 SANDBOX_ASSERT(next == 0xFFFFFFFFu); |
103 } | 123 } |
104 } | 124 } |
105 | 125 |
106 SANDBOX_TEST(SyscallIterator, InvalidOnly) { | 126 #if defined(__mips__) |
127 SANDBOX_TEST(SyscallIterator, InvalidOnlyMIPS) { | |
107 bool invalid_only = true; | 128 bool invalid_only = true; |
108 SyscallIterator iter(invalid_only); | 129 SyscallIterator iter(invalid_only); |
109 uint32_t next = iter.Next(); | 130 uint32_t next = iter.Next(); |
jln (very slow on Chromium)
2014/05/28 00:06:57
You should ASSERT the value of iter.Next() here.
nedeljko
2014/05/29 14:06:45
Done.
| |
131 // For Mips O32 ABI we're assuming MIN_SYSCALL == 4000. | |
132 SANDBOX_ASSERT(MIN_SYSCALL == 4000); | |
133 | |
134 // Since MIN_SYSCALL != 0, we need to move iterator to valid range | |
135 next = iter.Next(); | |
136 // The iterator should skip until the last invalid syscall in this range. | |
137 SANDBOX_ASSERT(next == MIN_SYSCALL - 1); | |
138 int count = 0; | |
139 while (next <= MAX_PUBLIC_SYSCALL) { | |
140 printf("count: %d\n",count++); | |
jln (very slow on Chromium)
2014/05/28 00:06:57
Did you forget to remove this printf?
You should
nedeljko
2014/05/28 09:33:43
Yes, sorry...
nedeljko
2014/05/29 14:06:45
Done.
| |
141 next = iter.Next(); | |
142 } | |
143 // First next invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|. | |
144 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); | |
145 } | |
146 | |
147 #else | |
148 | |
149 SANDBOX_TEST(SyscallIterator, InvalidOnlyIntelArm) { | |
150 bool invalid_only = true; | |
151 SyscallIterator iter(invalid_only); | |
152 uint32_t next = iter.Next(); | |
110 // We're assuming MIN_SYSCALL == 0 for all architectures, | 153 // We're assuming MIN_SYSCALL == 0 for all architectures, |
111 // this is currently valid for Intel and ARM EABI. | 154 // this is currently valid for Intel and ARM EABI. |
112 // First invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|. | 155 // First invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|. |
113 SANDBOX_ASSERT(MIN_SYSCALL == 0); | 156 SANDBOX_ASSERT(MIN_SYSCALL == 0); |
114 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); | 157 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); |
115 | 158 |
116 #if defined(__arm__) | 159 #if defined(__arm__) |
117 next = iter.Next(); | 160 next = iter.Next(); |
118 // The iterator should skip until the last invalid syscall in this range. | 161 // The iterator should skip until the last invalid syscall in this range. |
119 SANDBOX_ASSERT(next == MIN_PRIVATE_SYSCALL - 1); | 162 SANDBOX_ASSERT(next == MIN_PRIVATE_SYSCALL - 1); |
120 while (next <= MAX_PRIVATE_SYSCALL) { | 163 while (next <= MAX_PRIVATE_SYSCALL) { |
121 next = iter.Next(); | 164 next = iter.Next(); |
122 } | 165 } |
123 | 166 |
124 next = iter.Next(); | 167 next = iter.Next(); |
125 // The iterator should skip until the last invalid syscall in this range. | 168 // The iterator should skip until the last invalid syscall in this range. |
126 SANDBOX_ASSERT(next == MIN_GHOST_SYSCALL - 1); | 169 SANDBOX_ASSERT(next == MIN_GHOST_SYSCALL - 1); |
127 while (next <= MAX_SYSCALL) { | 170 while (next <= MAX_SYSCALL) { |
128 next = iter.Next(); | 171 next = iter.Next(); |
129 } | 172 } |
130 SANDBOX_ASSERT(next == MAX_SYSCALL + 1); | 173 SANDBOX_ASSERT(next == MAX_SYSCALL + 1); |
131 #endif | 174 #endif |
jln (very slow on Chromium)
2014/05/28 00:06:57
Nit: add "// defined(__arm__)"
nedeljko
2014/05/29 14:06:45
Done.
| |
132 } | 175 } |
176 #endif | |
jln (very slow on Chromium)
2014/05/28 00:06:57
Nit: add "// defined(__mips__)
nedeljko
2014/05/29 14:06:45
Done.
| |
133 | 177 |
134 } // namespace | 178 } // namespace |
135 | 179 |
136 } // namespace sandbox | 180 } // namespace sandbox |
OLD | NEW |