Chromium Code Reviews Chromium Code Reviews
Issue 657893006:
SyscallSet: add ValidOnly (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" | 5 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/macros.h" | 8 #include "base/macros.h" |
| 9 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" | 9 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" |
| 10 | 10 |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 32 {MIN_SYSCALL, MAX_PUBLIC_SYSCALL}, | 32 {MIN_SYSCALL, MAX_PUBLIC_SYSCALL}, |
| 33 #if defined(__arm__) | 33 #if defined(__arm__) |
| 34 // ARM EABI includes "ARM private" system calls starting at | 34 // ARM EABI includes "ARM private" system calls starting at |
| 35 // MIN_PRIVATE_SYSCALL, and a "ghost syscall private to the kernel" at | 35 // MIN_PRIVATE_SYSCALL, and a "ghost syscall private to the kernel" at |
| 36 // MIN_GHOST_SYSCALL. | 36 // MIN_GHOST_SYSCALL. |
| 37 {MIN_PRIVATE_SYSCALL, MAX_PRIVATE_SYSCALL}, | 37 {MIN_PRIVATE_SYSCALL, MAX_PRIVATE_SYSCALL}, |
| 38 {MIN_GHOST_SYSCALL, MAX_SYSCALL}, | 38 {MIN_GHOST_SYSCALL, MAX_SYSCALL}, |
| 39 #endif | 39 #endif |
| 40 }; | 40 }; |
| 41 | 41 |
| 42 // NextSyscall returns the next system call in the specified system | |
| 43 // call set after |cur|, or 0 if no such system call exists. | |
| 44 uint32_t NextSyscall(uint32_t cur, bool invalid_only) { | |
| 45 for (const SyscallRange& range : kValidSyscallRanges) { | |
| 46 if (range.first > 0 && cur < range.first - 1) { | |
| 47 return range.first - 1; | |
| 48 } | |
| 49 if (cur <= range.last) { | |
| 50 if (invalid_only) { | |
| 51 return range.last + 1; | |
| 52 } | |
| 53 return cur + 1; | |
| 54 } | |
| 55 } | |
| 56 | |
| 57 // BPF programs only ever operate on unsigned quantities. So, that's how | |
| 58 // we iterate; we return values from 0..0xFFFFFFFFu. But there are places, | |
| 59 // where the kernel might interpret system call numbers as signed | |
| 60 // quantities, so the boundaries between signed and unsigned values are | |
| 61 // potential problem cases. We want to explicitly return these values from | |
| 62 // our iterator. | |
| 63 if (cur < 0x7FFFFFFFu) | |
| 64 return 0x7FFFFFFFu; | |
| 65 if (cur < 0x80000000u) | |
| 66 return 0x80000000u; | |
| 67 | |
| 68 if (cur < 0xFFFFFFFFu) | |
| 69 return 0xFFFFFFFFu; | |
| 70 return 0; | |
| 71 } | |
| 72 | |
| 73 } // namespace | 42 } // namespace |
| 74 | 43 |
| 75 SyscallSet::Iterator SyscallSet::begin() const { | 44 SyscallSet::Iterator SyscallSet::begin() const { |
| 76 return Iterator(set_, false); | 45 return Iterator(set_, false); |
| 77 } | 46 } |
| 78 | 47 |
| 79 SyscallSet::Iterator SyscallSet::end() const { | 48 SyscallSet::Iterator SyscallSet::end() const { |
| 80 return Iterator(set_, true); | 49 return Iterator(set_, true); |
| 81 } | 50 } |
| 82 | 51 |
| 83 bool SyscallSet::IsValid(uint32_t num) { | 52 bool SyscallSet::IsValid(uint32_t num) { |
| 84 for (const SyscallRange& range : kValidSyscallRanges) { | 53 for (const SyscallRange& range : kValidSyscallRanges) { |
| 85 if (num >= range.first && num <= range.last) { | 54 if (num >= range.first && num <= range.last) { |
| 86 return true; | 55 return true; |
| 87 } | 56 } |
| 88 } | 57 } |
| 89 return false; | 58 return false; |
| 90 } | 59 } |
| 91 | 60 |
| 92 bool operator==(const SyscallSet& lhs, const SyscallSet& rhs) { | 61 bool operator==(const SyscallSet& lhs, const SyscallSet& rhs) { |
| 93 return (lhs.set_ == rhs.set_); | 62 return (lhs.set_ == rhs.set_); |
| 94 } | 63 } |
| 95 | 64 |
| 96 SyscallSet::Iterator::Iterator(Set set, bool done) | 65 SyscallSet::Iterator::Iterator(Set set, bool done) |
| 97 : set_(set), done_(done), num_(0) { | 66 : set_(set), done_(done), num_(0) { |
| 98 if (set_ == Set::INVALID_ONLY && !done_ && IsValid(num_)) { | 67 if (!done && set_ == (IsValid(num_) ? Set::INVALID_ONLY : Set::VALID_ONLY)) { |
| 99 ++*this; | 68 ++*this; |
|
rickyz (no longer on Chrome)
2014/10/24 20:17:16
This took me a little bit to wrap my head around -
mdempsky
2014/10/24 21:49:56
Done.
| |
| 100 } | 69 } |
| 101 } | 70 } |
| 102 | 71 |
| 103 uint32_t SyscallSet::Iterator::operator*() const { | 72 uint32_t SyscallSet::Iterator::operator*() const { |
| 104 DCHECK(!done_); | 73 DCHECK(!done_); |
| 105 return num_; | 74 return num_; |
| 106 } | 75 } |
| 107 | 76 |
| 108 SyscallSet::Iterator& SyscallSet::Iterator::operator++() { | 77 SyscallSet::Iterator& SyscallSet::Iterator::operator++() { |
| 109 DCHECK(!done_); | 78 DCHECK(!done_); |
| 110 | 79 |
| 111 num_ = NextSyscall(num_, set_ == Set::INVALID_ONLY); | 80 num_ = NextSyscall(); |
| 112 if (num_ == 0) { | 81 if (num_ == 0) { |
| 113 done_ = true; | 82 done_ = true; |
| 114 } | 83 } |
| 115 | 84 |
| 116 return *this; | 85 return *this; |
| 117 } | 86 } |
| 118 | 87 |
| 88 // NextSyscall returns the next system call in the iterated system | |
| 89 // call set after |num_|, or 0 if no such system call exists. | |
| 90 uint32_t SyscallSet::Iterator::NextSyscall() const { | |
| 91 const bool want_valid = (set_ != Set::INVALID_ONLY); | |
| 92 const bool want_invalid = (set_ != Set::VALID_ONLY); | |
| 93 | |
| 94 for (const SyscallRange& range : kValidSyscallRanges) { | |
| 95 if (want_invalid && range.first > 0 && num_ < range.first - 1) { | |
|
rickyz (no longer on Chrome)
2014/10/24 20:17:17
Might be good to comment that we're intentionally
mdempsky
2014/10/24 21:49:56
Done.
| |
| 96 return range.first - 1; | |
| 97 } | |
| 98 if (want_valid && num_ < range.first) { | |
| 99 return range.first; | |
| 100 } | |
| 101 if (want_valid && num_ < range.last) { | |
| 102 return num_ + 1; | |
| 103 } | |
| 104 if (want_invalid && num_ <= range.last) { | |
| 105 return range.last + 1; | |
| 106 } | |
| 107 } | |
| 108 | |
| 109 if (want_invalid) { | |
| 110 // BPF programs only ever operate on unsigned quantities. So, | |
| 111 // that's how we iterate; we return values from | |
| 112 // 0..0xFFFFFFFFu. But there are places, where the kernel might | |
| 113 // interpret system call numbers as signed quantities, so the | |
| 114 // boundaries between signed and unsigned values are potential | |
| 115 // problem cases. We want to explicitly return these values from | |
| 116 // our iterator. | |
| 117 if (num_ < 0x7FFFFFFFu) | |
| 118 return 0x7FFFFFFFu; | |
| 119 if (num_ < 0x80000000u) | |
| 120 return 0x80000000u; | |
| 121 | |
| 122 if (num_ < 0xFFFFFFFFu) | |
| 123 return 0xFFFFFFFFu; | |
| 124 } | |
| 125 | |
| 126 return 0; | |
| 127 } | |
| 128 | |
| 119 bool operator==(const SyscallSet::Iterator& lhs, | 129 bool operator==(const SyscallSet::Iterator& lhs, |
| 120 const SyscallSet::Iterator& rhs) { | 130 const SyscallSet::Iterator& rhs) { |
| 121 DCHECK(lhs.set_ == rhs.set_); | 131 DCHECK(lhs.set_ == rhs.set_); |
| 122 return (lhs.done_ == rhs.done_) && (lhs.num_ == rhs.num_); | 132 return (lhs.done_ == rhs.done_) && (lhs.num_ == rhs.num_); |
| 123 } | 133 } |
| 124 | 134 |
| 125 bool operator!=(const SyscallSet::Iterator& lhs, | 135 bool operator!=(const SyscallSet::Iterator& lhs, |
| 126 const SyscallSet::Iterator& rhs) { | 136 const SyscallSet::Iterator& rhs) { |
| 127 return !(lhs == rhs); | 137 return !(lhs == rhs); |
| 128 } | 138 } |
| 129 | 139 |
| 130 } // namespace sandbox | 140 } // namespace sandbox |
| OLD | NEW |
