diff options
| author | mdempsky <mdempsky@chromium.org> | 2014-09-16 17:46:01 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-09-17 00:46:27 +0000 |
| commit | a5f2064030a34e71157085175b7ae93242509173 (patch) | |
| tree | c0b5b2ce04bd90d5530e4c311fa67dc4ea6f0824 /sandbox/linux/seccomp-bpf/codegen_unittest.cc | |
| parent | d117e91057252e860a551fbe62b7e4446c872828 (diff) | |
| download | chromium_src-a5f2064030a34e71157085175b7ae93242509173.zip chromium_src-a5f2064030a34e71157085175b7ae93242509173.tar.gz chromium_src-a5f2064030a34e71157085175b7ae93242509173.tar.bz2 | |
Decouple CodeGen from ErrorCode
CodeGen's only dependency on ErrorCode was one MakeInstruction()
overload, which can be removed by making the caller responsible for
converting the ErrorCode to a BPF_RET'able value. Fortunately, there
are only two uses of this function:
1. SandboxBPF::RetExpression() which is easily fixed by simply calling
ErrorCode::err() to get the ErrorCode's error value.
2. codegen_unittest.cc which is merely testing the BPF code generator,
and so any return values will do: no need to be seccomp-bpf return
values... so just replace them with simple integer values. (While
here, change a few bare "BPF_RET" arguments to "BPF_RET + BPF_K" just
to be consistent.)
After this CL, CodeGen focuses solely on assembling programs for the
abstract BPF machine, while higher-level abstractions (primarily
SandboxBPF) are responsible for using it in a way that's semantically
meaningful for seccomp-bpf.
BUG=414363
Review URL: https://codereview.chromium.org/576673003
Cr-Commit-Position: refs/heads/master@{#295192}
Diffstat (limited to 'sandbox/linux/seccomp-bpf/codegen_unittest.cc')
| -rw-r--r-- | sandbox/linux/seccomp-bpf/codegen_unittest.cc | 54 |
1 files changed, 26 insertions, 28 deletions
diff --git a/sandbox/linux/seccomp-bpf/codegen_unittest.cc b/sandbox/linux/seccomp-bpf/codegen_unittest.cc index 88f6130..3a5ca4b 100644 --- a/sandbox/linux/seccomp-bpf/codegen_unittest.cc +++ b/sandbox/linux/seccomp-bpf/codegen_unittest.cc @@ -46,30 +46,28 @@ enum { NO_FLAGS = 0x0000, HAS_MERGEABLE_TAILS = 0x0001, }; Instruction* SampleProgramOneInstruction(CodeGen* codegen, int* flags) { // Create the most basic valid BPF program: - // RET ERR_ALLOWED + // RET 0 *flags = NO_FLAGS; - return codegen->MakeInstruction(BPF_RET + BPF_K, - ErrorCode(ErrorCode::ERR_ALLOWED)); + return codegen->MakeInstruction(BPF_RET + BPF_K, 0); } Instruction* SampleProgramSimpleBranch(CodeGen* codegen, int* flags) { // Create a program with a single branch: // JUMP if eq 42 then $0 else $1 - // 0: RET EPERM - // 1: RET ERR_ALLOWED + // 0: RET 1 + // 1: RET 0 *flags = NO_FLAGS; return codegen->MakeInstruction( BPF_JMP + BPF_JEQ + BPF_K, 42, - codegen->MakeInstruction(BPF_RET + BPF_K, ErrorCode(EPERM)), - codegen->MakeInstruction(BPF_RET + BPF_K, - ErrorCode(ErrorCode::ERR_ALLOWED))); + codegen->MakeInstruction(BPF_RET + BPF_K, 1), + codegen->MakeInstruction(BPF_RET + BPF_K, 0)); } Instruction* SampleProgramAtypicalBranch(CodeGen* codegen, int* flags) { // Create a program with a single branch: // JUMP if eq 42 then $0 else $0 - // 0: RET ERR_ALLOWED + // 0: RET 0 // N.B.: As the instructions in both sides of the branch are already // the same object, we do not actually have any "mergeable" branches. @@ -77,7 +75,7 @@ Instruction* SampleProgramAtypicalBranch(CodeGen* codegen, int* flags) { *flags = NO_FLAGS; Instruction* ret = codegen->MakeInstruction( - BPF_RET + BPF_K, ErrorCode(ErrorCode::ERR_ALLOWED)); + BPF_RET + BPF_K, 0); return codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 42, ret, ret); } @@ -88,9 +86,9 @@ Instruction* SampleProgramComplex(CodeGen* codegen, int* flags) { // 1: JUMP if eq 42 then $2 else $4 (insn4) // 2: JUMP to $3 (insn1) // 3: LD 42 (insn0) - // RET ErrorCode(42) (insn2) + // RET 42 (insn2) // 4: LD 42 (insn3) - // RET ErrorCode(42) (insn3+) + // RET 42 (insn3+) *flags = HAS_MERGEABLE_TAILS; Instruction* insn0 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 42); @@ -104,7 +102,7 @@ Instruction* SampleProgramComplex(CodeGen* codegen, int* flags) { SANDBOX_ASSERT(insn1->code == BPF_JMP + BPF_JA); SANDBOX_ASSERT(insn1->jt_ptr == insn0); - Instruction* insn2 = codegen->MakeInstruction(BPF_RET + BPF_K, ErrorCode(42)); + Instruction* insn2 = codegen->MakeInstruction(BPF_RET + BPF_K, 42); SANDBOX_ASSERT(insn2); SANDBOX_ASSERT(insn2->code == BPF_RET + BPF_K); SANDBOX_ASSERT(insn2->next == NULL); @@ -114,7 +112,7 @@ Instruction* SampleProgramComplex(CodeGen* codegen, int* flags) { Instruction* insn3 = codegen->MakeInstruction( BPF_LD + BPF_W + BPF_ABS, 42, - codegen->MakeInstruction(BPF_RET + BPF_K, ErrorCode(42))); + codegen->MakeInstruction(BPF_RET + BPF_K, 42)); Instruction* insn4 = codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 42, insn1, insn3); @@ -162,12 +160,12 @@ Instruction* SampleProgramConfusingTails(CodeGen* codegen, int* flags) { // 3) if A == 0x2; then JMP 4 else JMP 5 // 4) LOAD 0 // System call number // 5) if A == 0x1; then JMP 6 else JMP 7 - // 6) RET 0x50000 // errno = 0 - // 7) RET 0x50001 // errno = 1 + // 6) RET 0 + // 7) RET 1 *flags = NO_FLAGS; - Instruction* i7 = codegen->MakeInstruction(BPF_RET, ErrorCode(1)); - Instruction* i6 = codegen->MakeInstruction(BPF_RET, ErrorCode(0)); + Instruction* i7 = codegen->MakeInstruction(BPF_RET + BPF_K, 1); + Instruction* i6 = codegen->MakeInstruction(BPF_RET + BPF_K, 0); Instruction* i5 = codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i6, i7); Instruction* i4 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 0, i5); @@ -191,10 +189,10 @@ Instruction* SampleProgramConfusingTailsBasic(CodeGen* codegen, int* flags) { // 2) LOAD 0 // System call number // 3) if A == 0x2; then JMP 4 else JMP 5 // 4) LOAD 0 // System call number - // 5) RET 0x50001 // errno = 1 + // 5) RET 1 *flags = NO_FLAGS; - Instruction* i5 = codegen->MakeInstruction(BPF_RET, ErrorCode(1)); + Instruction* i5 = codegen->MakeInstruction(BPF_RET + BPF_K, 1); Instruction* i4 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 0, i5); Instruction* i3 = codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 2, i4, i5); @@ -216,22 +214,22 @@ Instruction* SampleProgramConfusingTailsMergeable(CodeGen* codegen, // // 0) LOAD 1 // ??? // 1) if A == 0x1; then JMP 2 else JMP 3 - // 2) RET 0x5002a // errno = 42 + // 2) RET 42 // 3) if A == 0x2; then JMP 4 else JMP 5 - // 4) RET 0x5002a // errno = 42 + // 4) RET 42 // 5) if A == 0x1; then JMP 6 else JMP 7 - // 6) RET 0x50000 // errno = 0 - // 7) RET 0x50001 // errno = 1 + // 6) RET 0 + // 7) RET 1 *flags = HAS_MERGEABLE_TAILS; - Instruction* i7 = codegen->MakeInstruction(BPF_RET, ErrorCode(1)); - Instruction* i6 = codegen->MakeInstruction(BPF_RET, ErrorCode(0)); + Instruction* i7 = codegen->MakeInstruction(BPF_RET + BPF_K, 1); + Instruction* i6 = codegen->MakeInstruction(BPF_RET + BPF_K, 0); Instruction* i5 = codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i6, i7); - Instruction* i4 = codegen->MakeInstruction(BPF_RET, ErrorCode(42)); + Instruction* i4 = codegen->MakeInstruction(BPF_RET + BPF_K, 42); Instruction* i3 = codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 2, i4, i5); - Instruction* i2 = codegen->MakeInstruction(BPF_RET, ErrorCode(42)); + Instruction* i2 = codegen->MakeInstruction(BPF_RET + BPF_K, 42); Instruction* i1 = codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i2, i3); Instruction* i0 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 1, i1); |