| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <dirent.h> | 5 #include <dirent.h> |
| 6 #include <map> | 6 #include <map> |
| 7 | 7 |
| 8 #include "debug.h" | 8 #include "debug.h" |
| 9 #include "sandbox_impl.h" | 9 #include "sandbox_impl.h" |
| 10 #include "syscall_table.h" | 10 #include "syscall_table.h" |
| 11 | 11 |
| 12 namespace playground { | 12 namespace playground { |
| 13 | 13 |
| 14 struct Thread { | 14 struct Thread { |
| 15 int fdPub, fd; | 15 int fdPub, fd; |
| 16 SecureMem::Args* mem; | 16 SecureMem::Args* mem; |
| 17 }; | 17 }; |
| 18 | 18 |
| 19 SecureMem::Args* Sandbox::getSecureMem() { | 19 SecureMem::Args* Sandbox::getSecureMem() { |
| 20 if (!secureMemPool_.empty()) { | 20 if (!secureMemPool_.empty()) { |
| 21 SecureMem::Args* rc = secureMemPool_.back(); | 21 SecureMem::Args* rc = secureMemPool_.back(); |
| 22 secureMemPool_.pop_back(); | 22 secureMemPool_.pop_back(); |
| 23 memset(rc->scratchPage, 0, sizeof(rc->scratchPage)); |
| 23 return rc; | 24 return rc; |
| 24 } | 25 } |
| 25 return NULL; | 26 return NULL; |
| 26 } | 27 } |
| 27 | 28 |
| 28 void Sandbox::trustedProcess(int parentMapsFd, int processFdPub, int sandboxFd, | 29 void Sandbox::trustedProcess(int parentMapsFd, int processFdPub, int sandboxFd, |
| 29 int cloneFd, SecureMem::Args* secureArena) { | 30 int cloneFd, SecureMem::Args* secureArena) { |
| 31 // The trusted process doesn't have access to TLS. Zero out the segment |
| 32 // registers so that we can later test that we are in the trusted process. |
| 33 #if defined(__x86_64__) |
| 34 asm volatile("mov %0, %%gs\n" : : "r"(0)); |
| 35 #elif defined(__i386__) |
| 36 asm volatile("mov %0, %%fs\n" : : "r"(0)); |
| 37 #else |
| 38 #error Unsupported target platform |
| 39 #endif |
| 40 |
| 30 std::map<long long, struct Thread> threads; | 41 std::map<long long, struct Thread> threads; |
| 31 SysCalls sys; | 42 SysCalls sys; |
| 32 long long cookie = 0; | 43 long long cookie = 0; |
| 33 | 44 |
| 34 // The very first entry in the secure memory arena has been assigned to the | 45 // The very first entry in the secure memory arena has been assigned to the |
| 35 // initial thread. The remaining entries are available for allocation. | 46 // initial thread. The remaining entries are available for allocation. |
| 36 SecureMem::Args* startAddress = secureArena; | 47 SecureMem::Args* startAddress = secureArena; |
| 37 SecureMem::Args* nextThread = startAddress; | 48 SecureMem::Args* nextThread = startAddress; |
| 38 for (int i = 0; i < kMaxThreads-1; i++) { | 49 for (int i = 0; i < kMaxThreads-1; i++) { |
| 39 secureMemPool_.push_back(++startAddress); | 50 secureMemPool_.push_back(++startAddress); |
| (...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 246 | 257 |
| 247 // We are still in the untrusted code. Deny access to restricted resources. | 258 // We are still in the untrusted code. Deny access to restricted resources. |
| 248 mprotect(secureArena, 8192*kMaxThreads, PROT_NONE); | 259 mprotect(secureArena, 8192*kMaxThreads, PROT_NONE); |
| 249 mprotect(&syscall_mutex_, 4096, PROT_NONE); | 260 mprotect(&syscall_mutex_, 4096, PROT_NONE); |
| 250 close(sandboxFd); | 261 close(sandboxFd); |
| 251 | 262 |
| 252 return secureArena; | 263 return secureArena; |
| 253 } | 264 } |
| 254 | 265 |
| 255 } // namespace | 266 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 997009:
Compute and pring the time that it takes to execute system calls. This data... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/