Chromium Code Reviews Chromium Code Reviews
Issue 11141016:
mprotect system call exposed to the untrusted code. (Closed)
Base URL: svn://svn.chromium.org/native_client/trunk/src/native_client| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (c) 2012 The Native Client Authors. All rights reserved. | 2 * Copyright (c) 2012 The Native Client Authors. All rights reserved. |
| 3 * Use of this source code is governed by a BSD-style license that can be | 3 * Use of this source code is governed by a BSD-style license that can be |
| 4 * found in the LICENSE file. | 4 * found in the LICENSE file. |
| 5 */ | 5 */ |
| 6 | 6 |
| 7 #include <assert.h> | 7 #include <assert.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <setjmp.h> | 10 #include <setjmp.h> |
| (...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 262 /* | 262 /* |
| 263 * Note that, on Windows, NaCl's mprotect() has different code paths | 263 * Note that, on Windows, NaCl's mprotect() has different code paths |
| 264 * for anonymous and file-backed mappings. This test case only | 264 * for anonymous and file-backed mappings. This test case only |
| 265 * covers the anonymous case. | 265 * covers the anonymous case. |
| 266 */ | 266 */ |
| 267 size_t map_size = 0x20000; | 267 size_t map_size = 0x20000; |
| 268 char *addr = (char *) mmap(NULL, map_size, PROT_READ | PROT_WRITE, | 268 char *addr = (char *) mmap(NULL, map_size, PROT_READ | PROT_WRITE, |
| 269 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); | 269 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); |
| 270 assert(addr != MAP_FAILED); | 270 assert(addr != MAP_FAILED); |
| 271 printf("mmap done\n"); | 271 printf("mmap done\n"); |
| 272 /* | 272 /* Change the protection to make the page unreadable. */ |
| 273 * Change the protection to make the page unreadable. TODO(phosek): use | 273 int rc = mprotect(addr, map_size, PROT_NONE); |
|
Mark Seaborn
2012/10/14 00:47:16
For this to work, you'll need to add an mprotect()
Petr Hosek
2012/10/14 00:53:21
Undone.
| |
| 274 * the mprotect() wrapper function once mprotect() is added to the IRT. | |
| 275 */ | |
| 276 int rc = NACL_SYSCALL(mprotect)(addr, map_size, PROT_NONE); | |
| 277 assert(rc == 0); | 274 assert(rc == 0); |
| 278 assert_addr_is_unreadable(addr); | 275 assert_addr_is_unreadable(addr); |
| 279 assert_addr_is_unreadable(addr + 0x1000); | 276 assert_addr_is_unreadable(addr + 0x1000); |
| 280 assert_addr_is_unreadable(addr + 0x10000); | 277 assert_addr_is_unreadable(addr + 0x10000); |
| 281 /* Change the protection to make the page accessible again. */ | 278 /* Change the protection to make the page accessible again. */ |
| 282 rc = NACL_SYSCALL(mprotect)(addr, map_size, PROT_READ | PROT_WRITE); | 279 rc = mprotect(addr, map_size, PROT_READ | PROT_WRITE); |
| 283 assert(rc == 0); | 280 assert(rc == 0); |
| 284 addr[0] = '5'; | 281 addr[0] = '5'; |
| 285 /* Change the protection to make the page read-only. */ | 282 /* Change the protection to make the page read-only. */ |
| 286 rc = NACL_SYSCALL(mprotect)(addr, map_size, PROT_READ); | 283 rc = mprotect(addr, map_size, PROT_READ); |
| 287 assert(rc == 0); | 284 assert(rc == 0); |
| 288 assert_addr_is_unwritable(addr, '9'); | 285 assert_addr_is_unwritable(addr, '9'); |
| 289 assert('5' == addr[0]); | 286 assert('5' == addr[0]); |
| 290 printf("mprotect good\n"); | 287 printf("mprotect good\n"); |
| 291 /* We can still munmap() the memory. */ | 288 /* We can still munmap() the memory. */ |
| 292 rc = munmap(addr, map_size); | 289 rc = munmap(addr, map_size); |
| 293 assert(rc == 0); | 290 assert(rc == 0); |
| 294 return true; | 291 return true; |
| 295 } | 292 } |
| 296 | 293 |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 308 */ | 305 */ |
| 309 size_t map_size = 0x20000; | 306 size_t map_size = 0x20000; |
| 310 char *addr = (char *) mmap(NULL, map_size, PROT_READ | PROT_WRITE, | 307 char *addr = (char *) mmap(NULL, map_size, PROT_READ | PROT_WRITE, |
| 311 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); | 308 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); |
| 312 assert(addr != MAP_FAILED); | 309 assert(addr != MAP_FAILED); |
| 313 printf("mmap done\n"); | 310 printf("mmap done\n"); |
| 314 /* Unmap the mapped memory region. */ | 311 /* Unmap the mapped memory region. */ |
| 315 int rc = munmap(addr, map_size); | 312 int rc = munmap(addr, map_size); |
| 316 assert(rc == 0); | 313 assert(rc == 0); |
| 317 printf("munmap done\n"); | 314 printf("munmap done\n"); |
| 318 /* | 315 /* Change the protection to make the page unreadable. */ |
| 319 * Change the protection to make the page unreadable. TODO(phosek): use | 316 rc = mprotect(addr, map_size, PROT_NONE); |
| 320 * the mprotect() wrapper function once mprotect() is added to the IRT. | 317 if (-1 == rc && EACCES == errno) { |
| 321 */ | |
| 322 rc = NACL_SYSCALL(mprotect)(addr, map_size, PROT_NONE); | |
| 323 if (-EACCES == rc) { | |
| 324 printf("mprotect good (failed as expected)\n"); | 318 printf("mprotect good (failed as expected)\n"); |
| 325 return true; | 319 return true; |
| 326 } | 320 } |
| 327 return false; | 321 return false; |
| 328 } | 322 } |
| 329 | 323 |
| 330 | 324 |
| 331 /* | 325 /* |
| 332 * Verify that the last page in a file can be mmapped when the file's | 326 * Verify that the last page in a file can be mmapped when the file's |
| 333 * size is not a multiple of the page size. | 327 * size is not a multiple of the page size. |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 442 passed = testSuite(); | 436 passed = testSuite(); |
| 443 | 437 |
| 444 if (passed) { | 438 if (passed) { |
| 445 printf("All tests PASSED\n"); | 439 printf("All tests PASSED\n"); |
| 446 exit(0); | 440 exit(0); |
| 447 } else { | 441 } else { |
| 448 printf("One or more tests FAILED\n"); | 442 printf("One or more tests FAILED\n"); |
| 449 exit(-1); | 443 exit(-1); |
| 450 } | 444 } |
| 451 } | 445 } |
| OLD | NEW |
