Enable the service runtime to use a zero-based sandbox on Linux.

src/trusted/service_runtime/linux/sel_memory.c

 /*
  * Copyright (c) 2011 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 /*
  * NaCl Service Runtime memory allocation code
  */
 
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 
+#include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 
 #include "native_client/src/include/nacl_platform.h"
 #include "native_client/src/include/portability.h"
 #include "native_client/src/shared/platform/nacl_exit.h"
 #include "native_client/src/shared/platform/nacl_global_secure_random.h"
 #include "native_client/src/shared/platform/nacl_log.h"
 #include "native_client/src/trusted/service_runtime/sel_memory.h"
 #include "native_client/src/trusted/service_runtime/nacl_config.h"
 #include "native_client/src/trusted/service_runtime/include/machine/_types.h"
 
 
+/*
+ * Find sandbox memory pre-reserved by the nacl_helper in chrome. The
+ * nacl_helper, if present, reserves the bottom 1G of the address space
+ * for use by Native Client.
+ *
+ * NOTE: num_bytes is currently ignored. It should be 1GB on Linux and
+ * 1GB plus a few pages on ARM. TODO(bradchen): deal with num_bytes.
+ *
+ * Out parameter p should be either:
+ *   0: reserved memory was not found
+ *   less than 128K: indicates the bottom 1G was reserved.
+ */
+int   NaCl_find_prereserved_sandbox_memory(void   **p,
+                                           size_t num_bytes) {

[bsy, 2011/08/23 18:31:23]

UNREFERENCED_PARAMETER(num_bytes);

[Brad Chen, 2011/08/23 21:15:09]

Done.

+  typedef uintptr_t (base_addr_func)();
+  void *nacl_helper_so = dlopen(NULL, RTLD_LAZY | RTLD_NOLOAD);

[Mark Seaborn, 2011/08/23 18:26:36]

I think it would be been neater to pass the sandbox address as an argument via
NaClMainForChromium() in sel_main_chrome.c rather than using global state via
dlopen(), but the latter is OK.

[Brad Chen, 2011/08/23 21:15:09]

The reason I liked this way of doing it is it works with or without the Chrome
support, eliminating an irritating dependency. I will leave it as is unless you
insist.

On 2011/08/23 18:26:36, Mark Seaborn wrote:

+  base_addr_func *nacl_helper_get_base_addr;
+  uintptr_t tmpint;
+  uintptr_t base_addr;
+
+  NaClLog(2, "NaCl_find_preserved_sandbox_memory(p, 0x%08"NACL_PRIxPTR")\n",
+          num_bytes);
+  *p = 0;
+  if (!nacl_helper_so) {
+    return 0;
+  }
+  tmpint = (uintptr_t)dlsym(nacl_helper_so, "nacl_helper_get_1G_address");

[Mark Seaborn, 2011/08/23 18:26:36]

BTW, the usual style in service_runtime is a space after the cast.

[bsy, 2011/08/23 18:31:23]

style: space between (type) and expr

[Brad Chen, 2011/08/23 21:15:09]

Done.

[Brad Chen, 2011/08/23 21:15:09]

Done.

+  nacl_helper_get_base_addr = (base_addr_func*)tmpint;

[Mark Seaborn, 2011/08/23 18:26:36]

Nit: Space before '*'

You could just do a double cast and remove tmpint.

[bsy, 2011/08/23 18:31:23]

style: spaces in (type *) expr;

[Brad Chen, 2011/08/23 21:15:09]

Done.

[Brad Chen, 2011/08/23 21:15:09]

Done.

+
+  if (!nacl_helper_get_base_addr) {

[bsy, 2011/08/23 18:31:23]

if (NULL == nacl_helper_get_base_addr) {

[Brad Chen, 2011/08/23 21:15:09]

Done.

+    return 0;
+  }
+  base_addr = nacl_helper_get_base_addr();
+  if (!base_addr) {

[Mark Seaborn, 2011/08/23 18:26:36]

This is a bit odd because one might expect the base address to be zero if the
zero-based sandbox were successfully reserved.

[Brad Chen, 2011/08/23 21:15:09]

Agreed. However the Windows version of this same routine is returning 0 for
failure, and it seems better to keep things consistent.

On 2011/08/23 18:26:36, Mark Seaborn wrote:

+    return 0;
+  }
+  NaClLog(2, "NaCl_find_preserved_sandbox_memory() at 0x%08"NACL_PRIxPTR"\n",
+          base_addr);
+  *p = (void *)base_addr;

[bsy, 2011/08/23 18:31:23]

style nit: space in (void *) base_addr;

[Brad Chen, 2011/08/23 21:15:09]

Done.

+  return 1;
+}
+
 void NaCl_page_free(void     *p,
                     size_t   size) {
   if (p == 0 || size == 0)
     return;
   if (munmap(p, size) != 0) {
     NaClLog(LOG_FATAL, "NaCl_page_free: munmap() failed");
   }
 }
 
 /*
@@ skipping 145 matching lines @@
 int NaCl_madvise(void           *start,
                  size_t         length,
                  int            advice) {
   int ret = madvise(start, length, advice);
 
   /*
    * MADV_DONTNEED and MADV_NORMAL are needed
    */
   return ret == -1 ? -errno : ret;
 }