1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
7 #include "base/basictypes.h"
8 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
12 uint32_t SyscallIterator::Next() {
19 #if defined(__mips__) && (_MIPS_SIM == _MIPS_SIM_ABI32)
20 // |num_| has been initialized to 4000, which we assume is also MIN_SYSCALL.
21 // This is true for Mips O32 ABI.
22 COMPILE_ASSERT(MIN_SYSCALL == __NR_Linux, min_syscall_should_be_4000);
24 // |num_| has been initialized to 0, which we assume is also MIN_SYSCALL.
25 // This true for supported architectures (Intel and ARM EABI).
26 COMPILE_ASSERT(MIN_SYSCALL == 0u, min_syscall_should_always_be_zero);
30 // The syscall iterator always starts at zero.
31 // If zero is not a valid system call, iterator first returns MIN_SYSCALL -1
32 // before continuing to iterate.
33 if (num_ == 0 && MIN_SYSCALL != num_) {
34 num_ = MIN_SYSCALL - 1;
35 // First we iterate up to MAX_PUBLIC_SYSCALL, which is equal to MAX_SYSCALL
36 // on Intel architectures, but leaves room for private syscalls on ARM.
37 } else if (num_ <= MAX_PUBLIC_SYSCALL) {
38 if (invalid_only_ && num_ < MAX_PUBLIC_SYSCALL) {
39 num_ = MAX_PUBLIC_SYSCALL;
44 // ARM EABI includes "ARM private" system calls starting at
45 // MIN_PRIVATE_SYSCALL, and a "ghost syscall private to the kernel" at
47 } else if (num_ < MIN_PRIVATE_SYSCALL - 1) {
48 num_ = MIN_PRIVATE_SYSCALL - 1;
49 } else if (num_ <= MAX_PRIVATE_SYSCALL) {
50 if (invalid_only_ && num_ < MAX_PRIVATE_SYSCALL) {
51 num_ = MAX_PRIVATE_SYSCALL;
55 } else if (num_ < MIN_GHOST_SYSCALL - 1) {
56 num_ = MIN_GHOST_SYSCALL - 1;
57 } else if (num_ <= MAX_SYSCALL) {
58 if (invalid_only_ && num_ < MAX_SYSCALL) {
64 // BPF programs only ever operate on unsigned quantities. So, that's how
65 // we iterate; we return values from 0..0xFFFFFFFFu. But there are places,
66 // where the kernel might interpret system call numbers as signed
67 // quantities, so the boundaries between signed and unsigned values are
68 // potential problem cases. We want to explicitly return these values from
70 } else if (num_ < 0x7FFFFFFFu) {
72 } else if (num_ < 0x80000000u) {
74 } else if (num_ < 0xFFFFFFFFu) {
77 } while (invalid_only_ && IsValid(val));
79 done_ |= val == 0xFFFFFFFFu;
83 bool SyscallIterator::IsValid(uint32_t num) {
84 uint32_t min_syscall = MIN_SYSCALL;
85 if (num >= min_syscall && num <= MAX_PUBLIC_SYSCALL) {
88 if (IsArmPrivate(num)) {
94 #if defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
95 bool SyscallIterator::IsArmPrivate(uint32_t num) {
96 return (num >= MIN_PRIVATE_SYSCALL && num <= MAX_PRIVATE_SYSCALL) ||
97 (num >= MIN_GHOST_SYSCALL && num <= MAX_SYSCALL);
100 bool SyscallIterator::IsArmPrivate(uint32_t) { return false; }
103 } // namespace sandbox