src/trusted/service_runtime/arch/x86_32/sel_addrspace_x86_32.c - Issue 7677036: Enable the service runtime to use a zero-based sandbox on Linux.

Side by Side Diff: src/trusted/service_runtime/arch/x86_32/sel_addrspace_x86_32.c

Issue 7677036: Enable the service runtime to use a zero-based sandbox on Linux. (Closed) Base URL: svn://svn.chromium.org/native_client/trunk/src/native_client

Patch Set: Created 9 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« src/trusted/service_runtime/arch/arm/sel_addrspace_arm.c ('K') | « src/trusted/service_runtime/arch/arm/sel_addrspace_arm.c ('k') | src/trusted/service_runtime/build.scons » ('j') | src/trusted/service_runtime/linux/sel_memory.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright 2009 The Native Client Authors. All rights reserved.	2 * Copyright 2009 The Native Client Authors. All rights reserved.

3 * Use of this source code is governed by a BSD-style license that can	3 * Use of this source code is governed by a BSD-style license that can

4 * be found in the LICENSE file.	4 * be found in the LICENSE file.

5 */	5 */

6	6

7 #include "native_client/src/include/nacl_platform.h"	7 #include "native_client/src/include/nacl_platform.h"

8 #include "native_client/src/shared/platform/nacl_check.h"	8 #include "native_client/src/shared/platform/nacl_check.h"

9 #include "native_client/src/trusted/service_runtime/sel_memory.h"	9 #include "native_client/src/trusted/service_runtime/sel_memory.h"

10 #include "native_client/src/trusted/service_runtime/sel_ldr.h"	10 #include "native_client/src/trusted/service_runtime/sel_ldr.h"

11	11

12	12

13 NaClErrorCode NaClAllocateSpace(void **mem, size_t addrsp_size) {	13 NaClErrorCode NaClAllocateSpace(void **mem, size_t addrsp_size) {

	14 const void* ONE_MEGABYTE = (void )(10241024);

14 int result;	15 int result;

15	16

16 CHECK(NULL != mem);	17 CHECK(NULL != mem);

17	18

18 #ifdef NACL_SANDBOX_FIXED_AT_ZERO	19 #if NACL_LINUX && NACL_BUILD_SUBARCH == 32

19 /*	20 /*

20 * When creating a zero-based sandbox, we do not allocate the first 64K of	21 * On 32 bit Linux, a 1 gigabyte block of address space may be reserved at

21 * pages beneath the trampolines, because -- on Linux at least -- we cannot.	22 * the zero-end of the address space during process creation, to address

22 * Instead, we allocate starting at the trampolines, and then coerce the	23 * sandbox layout requirements on ARM and performance issues on Intel ATOM.

23 * out parameter.	24 * Look for this pre-reserved block and if found, pass its address to the

	25 * page allocation function.

24 */	26 */

25 addrsp_size -= NACL_TRAMPOLINE_START;	27 if (!NaCl_find_prereserved_sandbox_memory(mem, addrsp_size)) {
	Mark Seaborn 2011/08/18 23:09:45 It would be more readable to put the success branc It would be more readable to put the success branch for this function call first.
26 mem = (void ) NACL_TRAMPOLINE_START;	28 /* zero-based sandbox not pre-reserved */

27 result = NaCl_page_alloc_at_addr(mem, addrsp_size);	29 result = NaCl_page_alloc(mem, addrsp_size);

28 *mem = 0;	30 } else {

	31 /* sanity check zero sandbox base address */

	32 if (0 == mem \|\| ONE_MEGABYTE < mem) {
	Mark Seaborn 2011/08/18 23:09:45 Why are you checking for 1MB? What's the signific Why are you checking for 1MB? What's the significance of this value? Brad Chen 2011/08/19 00:24:35 I've added a better explanation in the comment. O I've added a better explanation in the comment. On 2011/08/18 23:09:45, Mark Seaborn wrote: Show quoted text > Why are you checking for 1MB? What's the significance of this value?
	33 NaClLog(LOG_ERROR, ("NaClAllocateSpace:"

	34 "Can't handle sandbox at high address"

	35 "0x%08"NACL_PRIxPTR"\n",

	36 *mem);

	37 return LOAD_NO_MEMORY;

	38 }

	39

	40 /*

	41 * When creating a zero-based sandbox, we do not allocate the first 64K of

	42 * pages beneath the trampolines, because -- on Linux at least -- we cannot.

	43 * Instead, we allocate starting at the trampolines, and then coerce the

	44 * "mem" out parameter.

	45 */

	46 addrsp_size -= NACL_TRAMPOLINE_START;

	47 mem = (void ) NACL_TRAMPOLINE_START;

	48 result = NaCl_page_alloc_at_addr(mem, addrsp_size);

	49 *mem = 0;

	50 }

29 #elif NACL_WINDOWS && NACL_BUILD_SUBARCH == 32	51 #elif NACL_WINDOWS && NACL_BUILD_SUBARCH == 32

30 /*	52 /*

31 * On 32 bit Windows, a 1 gigabyte block of address space is reserved before	53 * On 32 bit Windows, a 1 gigabyte block of address space is reserved before

32 * starting up this process to make sure we can create the sandbox. Look for	54 * starting up this process to make sure we can create the sandbox. Look for

33 * this pre-reserved block and if found, pass its address to the page	55 * this pre-reserved block and if found, pass its address to the page

34 * allocation function.	56 * allocation function.

35 */	57 */

36 if (0 == NaCl_find_prereserved_sandbox_memory(mem, addrsp_size)) {	58 if (0 == NaCl_find_prereserved_sandbox_memory(mem, addrsp_size)) {

37 result = NaCl_page_alloc_at_addr(mem, addrsp_size);	59 result = NaCl_page_alloc_at_addr(mem, addrsp_size);

38 } else {	60 } else {

(...skipping 13 matching lines...) Expand all Loading...
52 NaClLog(4, "NaClAllocateSpace: %"NACL_PRIxPTR", %"NACL_PRIxS"\n",	74 NaClLog(4, "NaClAllocateSpace: %"NACL_PRIxPTR", %"NACL_PRIxS"\n",

53 (uintptr_t) *mem,	75 (uintptr_t) *mem,

54 addrsp_size);	76 addrsp_size);

55	77

56 return LOAD_OK;	78 return LOAD_OK;

57 }	79 }

58	80

59	81

60 NaClErrorCode NaClMprotectGuards(struct NaClApp *nap) {	82 NaClErrorCode NaClMprotectGuards(struct NaClApp *nap) {

61 uintptr_t start_addr;	83 uintptr_t start_addr;

	84 uintptr_t page_addr;

62 int err;	85 int err;

63	86

64 start_addr = nap->mem_start;	87 start_addr = nap->mem_start;

65	88

66 NaClLog(3,	89 NaClLog(3,

67 ("NULL detection region start 0x%08"NACL_PRIxPTR", "	90 ("NULL detection region start 0x%08"NACL_PRIxPTR", "

68 "size 0x%08x, end 0x%08"NACL_PRIxPTR"\n"),	91 "size 0x%08x, end 0x%08"NACL_PRIxPTR"\n"),

69 start_addr, NACL_SYSCALL_START_ADDR,	92 start_addr, NACL_SYSCALL_START_ADDR,

70 start_addr + NACL_SYSCALL_START_ADDR);	93 start_addr + NACL_SYSCALL_START_ADDR);

71 if ((err = NaCl_mprotect((void *) start_addr,	94 if (0 == start_addr) {
	Mark Seaborn 2011/08/18 23:09:45 Wrong indentation Wrong indentation Brad Chen 2011/08/19 00:24:35 Oops! Fixed. On 2011/08/18 23:09:45, Mark Seaborn Oops! Fixed. On 2011/08/18 23:09:45, Mark Seaborn wrote: Show quoted text > Wrong indentation
72 NACL_SYSCALL_START_ADDR,	95 /* Attempt to protect one page at a time. It is normal for */
	Mark Seaborn 2011/08/18 23:09:45 Use the commenting style: /* * ... / Use the commenting style: / * ... / Brad Chen* 2011/08/19 00:24:35 Done. Show quoted text On 2011/08/18 23:09:45, Mark Seaborn wrote: > Use the commenting style: > /* > * ... > */ Done.
73 PROT_NONE)) != 0) {	96 /* these attempts to fail if the page is already protected. */
	Mark Seaborn 2011/08/18 23:09:45 I don't understand the purpose of this block of co I don't understand the purpose of this block of code. What is the state of the bottom 64k of address space before and after this block? Why is it OK to ignore errors here? Brad Chen 2011/08/19 00:24:35 Sounds like the comment above didn't adequate expl Sounds like the comment above didn't adequate explain things for you. Let's talk F2F so I can figure out what would. On 2011/08/18 23:09:45, Mark Seaborn wrote: Show quoted text > I don't understand the purpose of this block of code. > > What is the state of the bottom 64k of address space before and after this > block? Why is it OK to ignore errors here?
74 NaClLog(LOG_ERROR, ("NaClMemoryProtection: "	97 for (page_addr = 0; page_addr < NACL_SYSCALL_START_ADDR;

75 "NaCl_mprotect(0x%08"NACL_PRIxPTR", "	98 page_addr += NACL_PAGESIZE) {

76 "0x%08x, 0x%x) failed, "	99 if ((err = NaCl_mprotect((void *) page_addr, NACL_PAGESIZE,

77 "error %d (NULL pointer guard page)\n"),	100 PROT_NONE)) != 0) {

78 start_addr, NACL_SYSCALL_START_ADDR, PROT_NONE,	101 NaClLog(4, ("NaClMemoryProtection: "

79 err);	102 "NaCl_mprotect(0x%08"NACL_PRIxPTR", "

80 return LOAD_MPROTECT_FAIL;	103 "0x%08x, 0x%x) failed, "

	104 "error %d (NULL pointer guard page)\n"),

	105 page_addr, NACL_PAGESIZE, PROT_NONE,

	106 err);

	107 }

	108 }

	109 } else {

	110 if ((err = NaCl_mprotect((void *) start_addr,

	111 NACL_SYSCALL_START_ADDR,

	112 PROT_NONE)) != 0) {

	113 NaClLog(LOG_ERROR, ("NaClMemoryProtection: "
	Mark Seaborn 2011/08/18 23:09:45 This is not indented from the "if" This is not indented from the "if" Brad Chen 2011/08/19 00:24:35 Done. Show quoted text On 2011/08/18 23:09:45, Mark Seaborn wrote: > This is not indented from the "if" Done.
	114 "NaCl_mprotect(0x%08"NACL_PRIxPTR", "

	115 "0x%08x, 0x%x) failed, "

	116 "error %d (NULL pointer guard page)\n"),

	117 start_addr, NACL_SYSCALL_START_ADDR, PROT_NONE,

	118 err);

	119 return LOAD_MPROTECT_FAIL;

	120 }

81 }	121 }

82 if (!NaClVmmapAdd(&nap->mem_map,	122 if (!NaClVmmapAdd(&nap->mem_map,

83 (start_addr - nap->mem_start) >> NACL_PAGESHIFT,	123 (start_addr - nap->mem_start) >> NACL_PAGESHIFT,

84 NACL_SYSCALL_START_ADDR >> NACL_PAGESHIFT,	124 NACL_SYSCALL_START_ADDR >> NACL_PAGESHIFT,

85 PROT_NONE,	125 PROT_NONE,

86 (struct NaClMemObj *) NULL)) {	126 (struct NaClMemObj *) NULL)) {

87 NaClLog(LOG_ERROR, ("NaClMemoryProtection: NaClVmmapAdd failed"	127 NaClLog(LOG_ERROR, ("NaClMemoryProtection: NaClVmmapAdd failed"

88 " (NULL pointer guard page)\n"));	128 " (NULL pointer guard page)\n"));

89 return LOAD_MPROTECT_FAIL;	129 return LOAD_MPROTECT_FAIL;

90 }	130 }

91	131

92 return LOAD_OK;	132 return LOAD_OK;

93 }	133 }

OLD	NEW