Enable the service runtime to use a zero-based sandbox on Linux.

src/trusted/service_runtime/linux/sel_memory.c

Index: src/trusted/service_runtime/linux/sel_memory.c
diff --git a/src/trusted/service_runtime/linux/sel_memory.c b/src/trusted/service_runtime/linux/sel_memory.c
index c1de0e199acbdc46e572ff08fbcdd2158c16a8b8..2fd2c85ff3a831af81c777a2f085ffee66b7da56 100644
--- a/src/trusted/service_runtime/linux/sel_memory.c
+++ b/src/trusted/service_runtime/linux/sel_memory.c
@@ -12,6 +12,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
+#include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <stdint.h>
@@ -29,6 +30,48 @@
 #include "native_client/src/trusted/service_runtime/include/machine/_types.h"
 
 
+/*
+ * Find sandbox memory pre-reserved by the nacl_helper in chrome. The
+ * nacl_helper, if present, reserves the bottom 1G of the address space
+ * for use by Native Client.
+ *
+ * NOTE: num_bytes is currently ignored. It should be 1GB on Linux and
+ * 1GB plus a few pages on ARM. TODO(bradchen): deal with num_bytes.
+ *
+ * Out parameter p should be either:
+ *   0: reserved memory was not found
+ *   less than 128K: indicates the bottom 1G was reserved.
+ */
+int   NaCl_find_prereserved_sandbox_memory(void   **p,
+                                           size_t num_bytes) {

[bsy, 2011/08/23 18:31:23]

UNREFERENCED_PARAMETER(num_bytes);

[Brad Chen, 2011/08/23 21:15:09]

Done.

+  typedef uintptr_t (base_addr_func)();
+  void *nacl_helper_so = dlopen(NULL, RTLD_LAZY | RTLD_NOLOAD);

[Mark Seaborn, 2011/08/23 18:26:36]

I think it would be been neater to pass the sandbox address as an argument via
NaClMainForChromium() in sel_main_chrome.c rather than using global state via
dlopen(), but the latter is OK.

[Brad Chen, 2011/08/23 21:15:09]

The reason I liked this way of doing it is it works with or without the Chrome
support, eliminating an irritating dependency. I will leave it as is unless you
insist.

On 2011/08/23 18:26:36, Mark Seaborn wrote:

+  base_addr_func *nacl_helper_get_base_addr;
+  uintptr_t tmpint;
+  uintptr_t base_addr;
+
+  NaClLog(2, "NaCl_find_preserved_sandbox_memory(p, 0x%08"NACL_PRIxPTR")\n",
+          num_bytes);
+  *p = 0;
+  if (!nacl_helper_so) {
+    return 0;
+  }
+  tmpint = (uintptr_t)dlsym(nacl_helper_so, "nacl_helper_get_1G_address");

[Mark Seaborn, 2011/08/23 18:26:36]

BTW, the usual style in service_runtime is a space after the cast.

[bsy, 2011/08/23 18:31:23]

style: space between (type) and expr

[Brad Chen, 2011/08/23 21:15:09]

Done.

[Brad Chen, 2011/08/23 21:15:09]

Done.

+  nacl_helper_get_base_addr = (base_addr_func*)tmpint;

[Mark Seaborn, 2011/08/23 18:26:36]

Nit: Space before '*'

You could just do a double cast and remove tmpint.

[bsy, 2011/08/23 18:31:23]

style: spaces in (type *) expr;

[Brad Chen, 2011/08/23 21:15:09]

Done.

[Brad Chen, 2011/08/23 21:15:09]

Done.

+
+  if (!nacl_helper_get_base_addr) {

[bsy, 2011/08/23 18:31:23]

if (NULL == nacl_helper_get_base_addr) {

[Brad Chen, 2011/08/23 21:15:09]

Done.

+    return 0;
+  }
+  base_addr = nacl_helper_get_base_addr();
+  if (!base_addr) {

[Mark Seaborn, 2011/08/23 18:26:36]

This is a bit odd because one might expect the base address to be zero if the
zero-based sandbox were successfully reserved.

[Brad Chen, 2011/08/23 21:15:09]

Agreed. However the Windows version of this same routine is returning 0 for
failure, and it seems better to keep things consistent.

On 2011/08/23 18:26:36, Mark Seaborn wrote:

+    return 0;
+  }
+  NaClLog(2, "NaCl_find_preserved_sandbox_memory() at 0x%08"NACL_PRIxPTR"\n",
+          base_addr);
+  *p = (void *)base_addr;

[bsy, 2011/08/23 18:31:23]

style nit: space in (void *) base_addr;

[Brad Chen, 2011/08/23 21:15:09]

Done.

+  return 1;
+}
+
 void NaCl_page_free(void     *p,
                     size_t   size) {
   if (p == 0 || size == 0)