Initial implementation of Bare Metal Mode for NaCl.

components/nacl/loader/nonsfi/elf_loader.cc

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/nacl/loader/nonsfi/elf_loader.h"
+
+#include <elf.h>
+#include <link.h>
+
+#include <cstring>
+#include <string>
+#include <sys/mman.h>
+
+#include "base/logging.h"
+#include "base/strings/string_number_conversions.h"
+#include "native_client/src/include/portability.h"
+#include "native_client/src/shared/platform/nacl_host_desc.h"
+#include "native_client/src/trusted/desc/nacl_desc_base.h"
+#include "native_client/src/trusted/desc/nacl_desc_effector_trusted_mem.h"
+
+// Extracted from native_client/src/trusted/service_runtime/nacl_config.h.
+// Also, here we define EM_386 also for x86-64 architecture.
+// Currently, on 64bit architecture, we expect the code can be compiled, but
+// don't expect that the code runs correctly. We should revisit here, when we

[Mark Seaborn, 2013/12/10 19:56:44]

I would like to be able to run this on x86-64 to test, not just compile-test it.
:-)  There's just two parts to change to make this work on x86-64:
 * make the ELF class check accept ELFCLASS64 on x86-64
 * accept the e_machine value for x86-64

[hidehiko, 2013/12/11 07:56:14]

Done.

+// start to implement non-sfi mode on 64bit architecure. Also, we should add
+// ARM support, too.
+// TODO(hidehiko): Support ARM and 64bit architecture.
+#if NACL_ARCH(NACL_BUILD_ARCH) == NACL_x86
+# define NACL_ELF_E_MACHINE EM_386

[Mark Seaborn, 2013/12/10 19:56:44]

Since you don't define NACL_ELF_E_MACHINE on non-x86, the code below will fail
to compile on ARM and MIPS.

Please run these changes through the Chromium trybots (as I mentioned before)! 
You can test x86-32 with "linux_rel_precise32" and (less obviously) ARM with
"cros_daisy".

[hidehiko, 2013/12/11 07:56:14]

Done, and sorry for my less test.
Ran trybot. If more test should be run, please let me know.

+#endif
+
+// Copied from native_client/src/trusted/service_runtime/include/bits/mman.h

[Mark Seaborn, 2013/12/10 19:56:44]

This is one header from service_runtime that it's OK to depend on, because
you're calling NaClDesc methods which take NACL_ABI_* flags.  So you should
#include this rather than duplicating definitions which could get out of sync
with the code you're calling.

[hidehiko, 2013/12/11 07:56:14]

I see. Done. Should the file be moved eventually?

+#define NACL_ABI_PROT_READ        0x1   // Page can be read.
+#define NACL_ABI_PROT_WRITE       0x2   // Page can be written.
+#define NACL_ABI_PROT_EXEC        0x4   // Page can be executed.
+#define NACL_ABI_PROT_NONE        0x0   // Page can not be accessed.
+#define NACL_ABI_MAP_PRIVATE      0x02  // Changes are private.
+#define NACL_ABI_MAP_FIXED        0x10  // Interpret addr exactly.
+
+namespace nacl {
+namespace nonsfi {
+namespace {
+
+// Page size for non-SFI Mode.
+const ElfW(Addr) kNonSfiPageSize = 4096;
+const ElfW(Addr) kNonSfiPageMask = kNonSfiPageSize - 1;
+
+void DumpElfHeader(const ElfW(Ehdr)& ehdr) {
+#define DUMP(member) \
+  #member << " = 0x" << base::HexEncode(&ehdr.member, sizeof(ehdr.member))
+// For expanding and stringify ElfW(Ehdr).
+#define QUOTE(name) QUOTE_1(name)
+#define QUOTE_1(name) #name
+
+  VLOG(2) << "\n" <<
+      "=================================================\n"
+      "Elf header\n"
+      "==================================================\n" <<
+      std::string(
+          reinterpret_cast<const char*>(ehdr.e_ident + 1), 3) << "\n" <<
+      DUMP(e_type) << "\n" <<
+      DUMP(e_machine) << "\n" <<
+      DUMP(e_version) << "\n" <<
+      DUMP(e_entry) << "\n" <<
+      DUMP(e_phoff) << "\n" <<
+      DUMP(e_shoff) << "\n" <<
+      DUMP(e_flags) << "\n" <<
+      DUMP(e_ehsize) << "\n" <<
+      DUMP(e_phentsize) << "\n" <<
+      DUMP(e_phnum) << "\n" <<
+      DUMP(e_shentsize) << "\n" <<
+      DUMP(e_shnum) << "\n" <<
+      DUMP(e_shstrndx) << "\n" <<
+      "sizeof(" << QUOTE(ElfW(Ehdr)) << ") = " << sizeof(ElfW(Ehdr));
+#undef QUOTE_1
+#undef QUOTE
+#undef DUMP
+}
+
+void DumpElfProgramHeader(const ElfW(Phdr)& phdr) {
+#define DUMP(member) \
+  #member << " = 0x" << base::HexEncode(&phdr.member, sizeof(phdr.member))
+
+  VLOG(2) <<
+      DUMP(p_type) << "\n" <<
+      DUMP(p_offset) << "\n" <<
+      DUMP(p_vaddr) << "\n" <<
+      DUMP(p_paddr) << "\n" <<
+      DUMP(p_filesz) << "\n" <<
+      DUMP(p_memsz) << "\n" <<
+      DUMP(p_flags) << "\n" <<
+      " (" << ((phdr.p_flags & PF_R) ? "PF_R" : "") << " "
+           << ((phdr.p_flags & PF_W) ? "PF_W" : "") << " "
+           << ((phdr.p_flags & PF_W) ? "PF_X" : "") << ")\n" <<
+      DUMP(p_align) << "\n\n";
+#undef  DUMP
+}
+
+NonSfiErrorCode ValidateElfHeader(const ElfW(Ehdr)& ehdr) {
+  if (std::memcmp(ehdr.e_ident, ELFMAG, SELFMAG)) {
+    LOG(ERROR) << "Bad elf magic";
+    return LOAD_BAD_ELF_MAGIC;
+  }
+
+  if (ehdr.e_ident[EI_CLASS] != ELFCLASS32) {
+    LOG(ERROR) << "Bad elf class";
+    return LOAD_NOT_32_BIT;
+  }
+
+  if (ehdr.e_type != ET_DYN) {
+    LOG(ERROR) << "Non executable";

[Mark Seaborn, 2013/12/10 19:56:44]

Nit: should be something like "Not a relocatable (ET_DYN) ELF object"

[hidehiko, 2013/12/11 07:56:14]

Done.

+    return LOAD_NOT_EXEC;
+  }
+
+  if (ehdr.e_machine != NACL_ELF_E_MACHINE) {
+    LOG(ERROR) << "Bad machine: "
+               << base::HexEncode(&ehdr.e_machine, sizeof(ehdr.e_machine));
+    return LOAD_BAD_MACHINE;
+  }
+
+  if (ehdr.e_version != EV_CURRENT) {
+    LOG(ERROR) << "Bad elf version: "
+               << base::HexEncode(&ehdr.e_version, sizeof(ehdr.e_version));
+  }
+
+  return LOAD_OK;
+}
+
+// Returns the address of the page starting at address 'addr' for non-SFI mode.
+ElfW(Addr) GetPageStart(ElfW(Addr) addr) {
+  return addr & ~kNonSfiPageMask;
+}
+
+// Returns the offset of address 'addr' in its memory page. In other words,
+// this equals to 'addr' - GetPageStart(addr).
+ElfW(Addr) GetPageOffset(ElfW(Addr) addr) {
+  return addr & kNonSfiPageMask;
+}
+
+// Returns the address of the next page after address 'addr', unless 'addr' is
+// at the start of a page. This equals to:
+//   addr == GetPageStart(addr) ? addr : GetPageStart(addr) + kNonSfiPageSize
+ElfW(Addr) GetPageEnd(ElfW(Addr) addr) {
+  return GetPageStart(addr + kNonSfiPageSize - 1);
+}
+
+// Converts the pflags (in phdr) to mmap's prot flags.
+int PFlagsToProt(int pflags) {
+  return ((pflags & PF_X) ? PROT_EXEC : 0) |
+         ((pflags & PF_R) ? PROT_READ : 0) |
+         ((pflags & PF_W) ? PROT_WRITE : 0);
+}
+
+// Converts the pflags (in phdr) to NaCl ABI's prot flags.
+int PFlagsToNaClProt(int pflags) {
+  return ((pflags & PF_X) ? NACL_ABI_PROT_EXEC : 0) |
+         ((pflags & PF_R) ? NACL_ABI_PROT_READ : 0) |
+         ((pflags & PF_W) ? NACL_ABI_PROT_WRITE : 0);
+}
+
+// Returns the load size for the given phdrs, or 0 on error.
+ElfW(Addr) GetLoadSize(const ElfW(Phdr)* phdrs, int phnum) {
+  ElfW(Addr) begin = 0xFFFFFFFFU;
+  ElfW(Addr) end = 0;
+
+  VLOG(4) << "GetLoadSize: phnum=" << phnum;
+  for (int i = 0; i < phnum; ++i) {
+    const ElfW(Phdr)& phdr = phdrs[i];
+    if (phdr.p_type != PT_LOAD) {
+      // Do nothing for non PT_LOAD header.
+      continue;
+    }
+
+    begin = std::min(begin, phdr.p_vaddr);
+    end = std::max(end, phdr.p_vaddr + phdr.p_memsz);
+  }
+
+  if (begin > end) {
+    // The end address looks overflowing.
+    return 0;
+  }
+
+  return GetPageEnd(end) - GetPageStart(begin);
+}
+
+// Reserves the memory for the given phdrs, and stores the memory address,
+// its size and bias to the load_start, load_size and load_bias.
+NonSfiErrorCode ReserveMemory(const ElfW(Phdr)* phdrs,
+                              int phnum,
+                              ElfW(Addr)* load_bias) {
+  VLOG(4) << "ReserveMemory";
+
+  ElfW(Addr) size = GetLoadSize(phdrs, phnum);
+  if (size == 0) {
+    LOG(ERROR) << "ReserveMemory failed to calculate size";
+    return LOAD_UNLOADABLE;
+  }
+  VLOG(4) << "ReserveMemory: size=" << size;
+
+  // Make sure that the given program headers represents PIE binary.
+  for (int i = 0; i < phnum; ++i) {
+    if (phdrs[i].p_type == PT_LOAD) {
+      // Here, phdrs[i] is the first loadable segment.
+      if (phdrs[i].p_vaddr != 0) {
+        // The binary is not PIE (i.e. needs to be loaded onto fixed addressed
+        // memory. We don't support such a case.
+        LOG(ERROR)
+            << "Reservememory: Non-PIE binary loading is not supported.";
+        return LOAD_UNLOADABLE;
+      }
+      break;
+    }
+  }
+
+  void* start = mmap(0, size, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+  if (start == MAP_FAILED) {
+    LOG(ERROR) << "ReserveMemory: failed to mmap.";
+    return LOAD_NO_MEMORY;
+  }
+
+  *load_bias = reinterpret_cast<ElfW(Addr)>(start);
+  VLOG(4) << "ReserveMemory: success";
+  return LOAD_OK;
+}
+
+NonSfiErrorCode LoadSegments(
+    const ElfW(Phdr)* phdrs, int phnum, ElfW(Addr) load_bias,
+    struct NaClDesc* descriptor) {
+  for (int i = 0; i < phnum; ++i) {
+    const ElfW(Phdr)& phdr = phdrs[i];
+    if (phdr.p_type != PT_LOAD) {
+      // Not a load target.
+      VLOG(4) << "LoadSegments: [" << i << "] Skipped";
+      continue;
+    }
+
+    VLOG(4) << "LoadSegments: [" << i << "] Loading...";
+
+    // Addresses on the memory.
+    ElfW(Addr) seg_start = phdr.p_vaddr + load_bias;
+    ElfW(Addr) seg_end = seg_start + phdr.p_memsz;
+    ElfW(Addr) seg_page_start = GetPageStart(seg_start);
+    ElfW(Addr) seg_page_end = GetPageEnd(seg_end);
+    ElfW(Addr) seg_file_end = seg_start + phdr.p_filesz;
+
+    // Addresses on the file content.
+    ElfW(Addr) file_start = phdr.p_offset;
+    ElfW(Addr) file_end = file_start + phdr.p_filesz;
+    ElfW(Addr) file_page_start = GetPageStart(file_start);
+
+    uintptr_t seg_addr = (*NACL_VTBL(NaClDesc, descriptor)->Map)(
+        descriptor,
+        NaClDescEffectorTrustedMem(),
+        reinterpret_cast<void *>(seg_page_start),
+        file_end - file_page_start,
+        PFlagsToNaClProt(phdr.p_flags),
+        NACL_ABI_MAP_PRIVATE | NACL_ABI_MAP_FIXED,
+        file_page_start);
+    if (NaClPtrIsNegErrno(&seg_addr)) {
+      LOG(ERROR) << "LoadSegments: [" << i << "] mmap failed, " << seg_addr;
+      return LOAD_NO_MEMORY;
+    }
+
+    // Fill Zero between the segment end and the page boundary if necessary
+    // (i.e. if the segment doesn't end on a page boundary).
+    ElfW(Addr) seg_file_end_offset = GetPageOffset(seg_file_end);
+    if ((phdr.p_flags & PF_W) && seg_file_end_offset > 0) {
+      memset(reinterpret_cast<void *>(seg_file_end), 0,
+             kNonSfiPageSize - seg_file_end_offset);
+    }
+
+    // Hereafter, seg_file_end is now the first page address after the file
+    // content. If seg_end is larger, we need to zero anything between them.
+    // This is done by using a private anonymous mmap for all extra pages.
+    seg_file_end = GetPageEnd(seg_file_end);
+    if (seg_page_end > seg_file_end) {
+      void* zeromap = mmap(reinterpret_cast<void *>(seg_file_end),
+                           seg_page_end - seg_file_end,
+                           PFlagsToProt(phdr.p_flags),
+                           MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE,
+                           -1, 0);
+      if (zeromap == MAP_FAILED) {
+        LOG(ERROR) << "LoadSegments: [" << i << "] Failed to zeromap.";
+        return LOAD_NO_MEMORY;
+      }
+    }
+  }
+  return LOAD_OK;
+}
+
+}  // namespace
+
+ElfImage::ElfImage() {
+}
+
+ElfImage::~ElfImage() {
+}
+
+NonSfiErrorCode ElfImage::Read(struct NaClDesc* descriptor) {
+  // Read elf header.
+  ssize_t read_ret = (*NACL_VTBL(NaClDesc, descriptor)->PRead)(
+      descriptor, &ehdr_, sizeof(ehdr_), 0);
+  if (NaClSSizeIsNegErrno(&read_ret) ||
+      static_cast<size_t>(read_ret) != sizeof(ehdr_)) {
+    LOG(ERROR) << "Could not load elf headers.";
+    return LOAD_READ_ERROR;
+  }
+
+  DumpElfHeader(ehdr_);
+  NonSfiErrorCode error_code = ValidateElfHeader(ehdr_);
+  if (error_code != LOAD_OK)
+    return error_code;
+
+  // Read program headers.
+  if (ehdr_.e_phnum > MAX_PROGRAM_HEADERS) {
+    LOG(ERROR) << "Too many program headers";
+    return LOAD_TOO_MANY_PROG_HDRS;
+  }
+
+  if (ehdr_.e_phentsize != sizeof(phdrs_[0])) {
+    LOG(ERROR) << "Bad program headers size\n"
+               << "  ehdr_.e_phentsize = " << ehdr_.e_phentsize << "\n"
+               << "  sizeof phdrs_[0] = " << sizeof(phdrs_[0]);
+    return LOAD_BAD_PHENTSIZE;
+  }
+
+  size_t read_size = ehdr_.e_phnum * ehdr_.e_phentsize;
+  read_ret = (*NACL_VTBL(NaClDesc, descriptor)->PRead)(
+      descriptor, phdrs_, read_size, ehdr_.e_phoff);
+
+  if (NaClSSizeIsNegErrno(&read_ret) ||
+      static_cast<size_t>(read_ret) != read_size) {
+    LOG(ERROR) << "Cannot load prog headers";
+    return LOAD_READ_ERROR;
+  }
+
+  VLOG(2) << "\n" <<
+      "=================================================\n"
+      "Elf Program headers\n"
+      "==================================================\n";
+  for (int i = 0; i < ehdr_.e_phnum; ++i) {
+    DumpElfProgramHeader(phdrs_[i]);
+  }
+
+  return LOAD_OK;
+}
+
+NonSfiErrorCode ElfImage::Load(struct NaClDesc* descriptor) {
+  VLOG(3) << "ElfImage::Load";
+
+  NonSfiErrorCode error = ReserveMemory(phdrs_, ehdr_.e_phnum, &load_bias_);
+  if (error != LOAD_OK) {
+    LOG(ERROR) << "ElfImage::Load: Failed to allocate memory.";
+    return error;
+  }
+  VLOG(3) << "ElfImage::Load: Loader maps the program to 0x"
+          << base::HexEncode(&load_bias_, sizeof(load_bias_));
+
+  error = LoadSegments(phdrs_, ehdr_.e_phnum, load_bias_, descriptor);
+  if (error != LOAD_OK) {
+    LOG(ERROR) << "ElfImage::Load: Failed to load segments";
+    return error;
+  }
+
+  return LOAD_OK;
+}
+
+}  // namespace nonsfi
+}  // namespace nacl