Chromium Code Reviews Chromium Code Reviews
Issue 7677036:
Enable the service runtime to use a zero-based sandbox on Linux. (Closed)
Base URL: svn://svn.chromium.org/native_client/trunk/src/native_client| Index: src/trusted/service_runtime/arch/arm/sel_addrspace_arm.c |
| diff --git a/src/trusted/service_runtime/arch/arm/sel_addrspace_arm.c b/src/trusted/service_runtime/arch/arm/sel_addrspace_arm.c |
| index 7283cd604598ce31c0daf3e8b4f7f7e3b38e426f..0db3d7b12609d9fb5f79dca850849c50004d5686 100644 |
| --- a/src/trusted/service_runtime/arch/arm/sel_addrspace_arm.c |
| +++ b/src/trusted/service_runtime/arch/arm/sel_addrspace_arm.c |
| @@ -11,21 +11,53 @@ |
| #include "native_client/src/trusted/service_runtime/sel_memory.h" |
| -#define POST_ADDR_SPACE_GUARD_SIZE (2 * NACL_PAGESIZE) |
| - |
| /* |
| * On ARM, we cheat slightly: we add two pages to the requested allocation! |
| * This accomodates the guard region we require at the top end of untrusted |
| * memory. |
| */ |
| +#define POST_ADDR_SPACE_GUARD_SIZE (2 * NACL_PAGESIZE) |
| + |
| +/* NOTE: This routine is almost identical to the x86_32 version. |
| + */ |
| NaClErrorCode NaClAllocateSpace(void **mem, size_t addrsp_size) { |
| - CHECK(mem); |
| + const void* ONE_MEGABYTE = (void *)1024*1024; |
|
Mark Seaborn
2011/08/18 23:09:45
Nit: " *" style not "* " in this code.
Brad Chen
2011/08/19 00:24:35
Done.
|
| + int result; |
| + |
| + CHECK(NULL != mem); |
| addrsp_size += POST_ADDR_SPACE_GUARD_SIZE; |
| - addrsp_size -= NACL_TRAMPOLINE_START; |
| +#if NACL_LINUX |
| + /* |
| + * On 32 bit Linux, a 1 gigabyte block of address space may be reserved at |
| + * the zero-end of the address space during process creation, to address |
| + * sandbox layout requirements on ARM and performance issues on Intel ATOM. |
| + * Look for this pre-reserved block and if found, pass its address to the |
| + * page allocation function. |
| + */ |
| + if (!NaCl_find_prereserved_sandbox_memory(mem, addrsp_size)) { |
| + /* zero-based sandbox not pre-reserved */ |
|
Mark Seaborn
2011/08/18 23:09:45
Capitalise the start of the sentence, please.
Brad Chen
2011/08/19 00:24:35
Done.
|
| + return LOAD_NO_MEMORY; |
| + } else { |
| + /* sanity check zero sandbox base address */ |
|
Mark Seaborn
2011/08/18 23:09:45
Capitalise.
Brad Chen
2011/08/19 00:24:35
Done.
|
| + if (0 == *mem || ONE_MEGABYTE > *mem) |
| + return LOAD_NO_MEMORY; |
| - *mem = (void *) NACL_TRAMPOLINE_START; |
| - if (NaCl_page_alloc_at_addr(mem, addrsp_size) != 0) { |
| + /* |
| + * When creating a zero-based sandbox, we do not allocate the first 64K of |
| + * pages beneath the trampolines, because -- on Linux at least -- we cannot. |
| + * Instead, we allocate starting at the trampolines, and then coerce the |
| + * "mem" out parameter. |
| + */ |
| + addrsp_size -= NACL_TRAMPOLINE_START; |
| + *mem = (void *) NACL_TRAMPOLINE_START; |
| + result = NaCl_page_alloc_at_addr(mem, addrsp_size); |
| + *mem = 0; |
| + } |
| +#else |
| +# error "I only know how to allocate memory for ARM on Linux." |
| +#endif |
| + if (0 != result) { |
| NaClLog(2, |
| "NaClAllocateSpace: NaCl_page_alloc_at_addr 0x%08"NACL_PRIxPTR |
| " failed\n", |
| @@ -36,12 +68,6 @@ NaClErrorCode NaClAllocateSpace(void **mem, size_t addrsp_size) { |
| (uintptr_t) *mem, |
| addrsp_size); |
| - /* |
| - * makes sel_ldr think that the module's address space is at 0x0, this where |
| - * it should be |
| - */ |
| - *mem = 0x0; |
| - |
| return LOAD_OK; |
| } |
