NaCl: Expose NaClApp to the embedding layer.

src/trusted/service_runtime/sel_main_chrome.c

 /*
  * Copyright (c) 2012 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 #include "native_client/src/trusted/service_runtime/sel_main_chrome.h"
 
 #include "native_client/src/include/portability.h"
 #include "native_client/src/include/portability_io.h"
@@ skipping 25 matching lines @@
 #include "native_client/src/trusted/service_runtime/nacl_globals.h"
 #include "native_client/src/trusted/service_runtime/nacl_debug_init.h"
 #include "native_client/src/trusted/service_runtime/nacl_signal.h"
 #include "native_client/src/trusted/service_runtime/osx/mach_exception_handler.h"
 #include "native_client/src/trusted/service_runtime/sel_addrspace.h"
 #include "native_client/src/trusted/service_runtime/sel_ldr.h"
 #include "native_client/src/trusted/service_runtime/sel_qualify.h"
 #include "native_client/src/trusted/service_runtime/win/exception_patch/ntdll_patch.h"
 #include "native_client/src/trusted/validator/validation_metadata.h"
 
+static void NaClCleanupAndExit(struct NaClApp *nap, NaClErrorCode errcode);
+
 struct NaClChromeMainArgs *NaClChromeMainArgsCreate(void) {
   struct NaClChromeMainArgs *args = malloc(sizeof(*args));
   if (args == NULL)
     return NULL;
   args->imc_bootstrap_handle = NACL_INVALID_HANDLE;
   args->irt_fd = -1;
   args->initial_ipc_desc = NULL;
   args->enable_exception_handling = 0;
   args->enable_debug_stub = 0;
   args->enable_dyncode_syscalls = 1;
@@ skipping 61 matching lines @@
   if (errcode != LOAD_OK) {
     NaClLog(LOG_FATAL,
             "NaClLoadIrt: Failed to load the integrated runtime (IRT): %s\n",
             NaClErrorString(errcode));
   }
 
   NaClMetadataDtor(&metadata);
   NaClDescUnref(nd);
 }
 
-void NaClChromeMainStart(struct NaClChromeMainArgs *args) {
-  char *av[1];
-  int ac = 1;
-  const char **envp;
-  struct NaClApp state;
-  struct NaClApp *nap = &state;
+struct NaClApp *NaClChromeMainCreateApp(struct NaClChromeMainArgs *args) {
+  struct NaClApp *nap = (struct NaClApp *)malloc(sizeof(struct NaClApp));
   NaClErrorCode errcode = LOAD_INTERNAL;
-  int ret_code = 1;
-  struct NaClEnvCleanser env_cleanser;
   int skip_qualification;
 
-#if NACL_OSX
-  /* Mac dynamic libraries cannot access the environ variable directly. */
-  envp = (const char **) *_NSGetEnviron();
-#else
-  /* Overzealous code style check is overzealous. */
-  /* @IGNORE_LINES_FOR_CODE_HYGIENE[1] */
-  extern char **environ;
-  envp = (const char **) environ;
-#endif
-
 #if NACL_LINUX || NACL_OSX
   /* This needs to happen before NaClAllModulesInit(). */
   if (args->urandom_fd != -1)
     NaClSecureRngModuleSetUrandomFd(args->urandom_fd);
 #endif
 
   /*
    * Clear state so that NaClBootstrapChannelErrorReporter will be
    * able to know if the bootstrap channel is available or not.
    */
-  memset(&state, 0, sizeof state);
+  memset(nap, 0, sizeof(struct NaClApp));
   NaClAllModulesInit();
   NaClBootstrapChannelErrorReporterInit();
-  NaClErrorLogHookInit(NaClBootstrapChannelErrorReporter, &state);
+  NaClErrorLogHookInit(NaClBootstrapChannelErrorReporter, nap);
 
-  /* to be passed to NaClMain, eventually... */
-  av[0] = "NaClMain";
-
-  if (NACL_FI_ERROR_COND("AppCtor", !NaClAppCtor(&state))) {
+  if (NACL_FI_ERROR_COND("AppCtor", !NaClAppCtor(nap))) {
     NaClLog(LOG_FATAL, "Error while constructing app state\n");
-    goto done;
+    NaClCleanupAndExit(nap, errcode);
+    free(nap);
+    return NULL;
   }
 
   errcode = LOAD_OK;
 
   /* Allow or disallow dyncode API based on args. */
   nap->enable_dyncode_syscalls = args->enable_dyncode_syscalls;
   nap->initial_nexe_max_code_bytes = args->initial_nexe_max_code_bytes;
 
 #if NACL_LINUX
   g_prereserved_sandbox_size = args->prereserved_sandbox_size;
@@ skipping 83 matching lines @@
         args->attach_debug_exception_handler_func;
 #else
 # error Unknown host OS
 #endif
   }
 #if NACL_LINUX
   NaClSignalHandlerInit();
 #endif
 
   /* Give debuggers a well known point at which xlate_base is known.  */
-  NaClGdbHook(&state);
+  NaClGdbHook(nap);
 
   NaClCreateServiceSocket(nap);
   /*
    * LOG_FATAL errors that occur before NaClSetUpBootstrapChannel will
    * not be reported via the crash log mechanism (for Chromium
    * embedding of NaCl, shown in the JavaScript console).
    *
    * Some errors, such as due to NaClRunSelQualificationTests, do not
    * trigger a LOG_FATAL but instead set module_load_status to be sent
    * in the start_module RPC reply.  Log messages associated with such
    * errors would be seen, since NaClSetUpBootstrapChannel will get
    * called.
    */
   NaClSetUpBootstrapChannel(nap, args->imc_bootstrap_handle);
 
   NACL_FI_FATAL("BeforeSecureCommandChannel");
   /*
    * NB: Spawns a thread that uses the command channel.  We do this
    * after NaClAppLoadFile so that the NaClApp object is more fully
    * populated.  Hereafter any changes to nap should be done while
    * holding locks.
    */
   NaClSecureCommandChannel(nap);
 
   NaClLog(4, "NaClSecureCommandChannel has spawned channel\n");
 
   NaClLog(4, "secure service = %"NACL_PRIxPTR"\n",
           (uintptr_t) nap->secure_service);
-  NACL_FI_FATAL("BeforeWaitForStartModule");
 
-  if (NULL != nap->secure_service) {
-    NaClErrorCode start_result;
-    /*
-     * wait for start_module RPC call on secure channel thread.
-     */
-    start_result = NaClWaitForStartModuleCommand(nap);
-    if (LOAD_OK == errcode) {
-      errcode = start_result;
+  if (args->enable_debug_stub) {
+#if NACL_LINUX || NACL_OSX
+    if (args->debug_stub_server_bound_socket_fd != NACL_INVALID_SOCKET) {
+      NaClDebugSetBoundSocket(args->debug_stub_server_bound_socket_fd);
+    }
+#endif
+    if (!NaClDebugInit(nap)) {
+      NaClCleanupAndExit(nap, errcode);
+      free(nap);
+      return NULL;
     }
   }
 
-  NACL_FI_FATAL("BeforeLoadIrt");
+  free(args);
+  return nap;
+}
 
-  /*
-   * error reporting done; can quit now if there was an error earlier.
-   */
-  if (LOAD_OK != errcode) {
-    goto done;
+NaClErrorCode NaClChromeMainLoadModule(struct NaClApp *nap,
+                              struct NaClDesc *nexe_desc) {
+  NaClAppLoadModule(nap, nexe_desc, NULL, NULL);
+  return nap->module_load_status;
+}
+
+void NaClChromeMainStartModule(struct NaClApp *nap, int irt_fd) {
+  char *av[1];
+  int ac = 1;
+  int ret_code = 1;
+  struct NaClEnvCleanser env_cleanser;
+  const char **envp;
+  enum NaClModuleInitializationState state;
+
+#if NACL_OSX
+  /* Mac dynamic libraries cannot access the environ variable directly. */
+  envp = (const char **) *_NSGetEnviron();
+#else
+  /* Overzealous code style check is overzealous. */
+  /* @IGNORE_LINES_FOR_CODE_HYGIENE[1] */
+  extern char **environ;
+  envp = (const char **) environ;
+#endif
+
+  NACL_FI_FATAL("BeforeWaitForStartModule");
+
+  /* When using SRPC, the module is already started for us.
+   * When using Chromium IPC, we have to expliticlty start the module here. */
+  NaClXMutexLock(&nap->mu);
+  state = nap->module_initialization_state;
+  NaClXMutexUnlock(&nap->mu);
+  if (state != NACL_MODULE_STARTED) {
+    NaClAppStartModule(nap, NULL, NULL);
+  }
+  NaClXMutexLock(&nap->mu);
+  state = nap->module_initialization_state;
+  NaClXMutexUnlock(&nap->mu);
+  /* If we haven't started the module now, cleanup and exit. */
+  if (state != NACL_MODULE_STARTED) {
+    NaClCleanupAndExit(nap, LOAD_OK);
+    return;
   }
 
+  NACL_FI_FATAL("BeforeLoadIrt");
   /*
    * Load the integrated runtime (IRT) library.
    */
-  if (args->irt_fd != -1 && !nap->irt_loaded) {
-    NaClLoadIrt(nap, args->irt_fd);
+  if (irt_fd != -1 && !nap->irt_loaded) {
+    NaClLoadIrt(nap, irt_fd);
     nap->irt_loaded = 1;
   }
 
   NACL_FI_FATAL("BeforeEnvCleanserCtor");
 
   NaClEnvCleanserCtor(&env_cleanser, 1);
   if (!NaClEnvCleanserInit(&env_cleanser, envp, NULL)) {
     NaClLog(LOG_FATAL, "Failed to initialise env cleanser\n");
   }
 
   if (NACL_FI_ERROR_COND("LaunchServiceThreads",
                          !NaClAppLaunchServiceThreads(nap))) {
     NaClLog(LOG_FATAL, "Launch service threads failed\n");
   }
 
-  if (args->enable_debug_stub) {
-#if NACL_LINUX || NACL_OSX
-    if (args->debug_stub_server_bound_socket_fd != NACL_INVALID_SOCKET) {
-      NaClDebugSetBoundSocket(args->debug_stub_server_bound_socket_fd);
-    }
-#endif
-    if (!NaClDebugInit(nap)) {
-      goto done;
-    }
-  }
-
-  free(args);
-  args = NULL;
+  /* to be passed to NaClMain, eventually... */
+  av[0] = "NaClMain";
 
   if (NACL_FI_ERROR_COND(
           "CreateMainThread",
           !NaClCreateMainThread(nap, ac, av,
                                 NaClEnvCleanserEnvironment(&env_cleanser)))) {
     NaClLog(LOG_FATAL, "creating main thread failed\n");
   }
   NACL_FI_FATAL("BeforeEnvCleanserDtor");
-
   NaClEnvCleanserDtor(&env_cleanser);
 
   ret_code = NaClWaitForMainThreadToExit(nap);
 
   if (NACL_ABI_WIFEXITED(nap->exit_status)) {
     /*
      * Under Chrome, a call to _exit() often indicates that something
      * has gone awry, so we report it here to aid debugging.
      *
      * This conditional does not run if the NaCl process was
      * terminated forcibly, which is the normal case under Chrome.
      * This forcible exit is triggered by the renderer closing the
      * trusted SRPC channel, which we record as NACL_ABI_SIGKILL
      * internally.
      */
     NaClLog(LOG_INFO, "NaCl untrusted code called _exit(0x%x)\n", ret_code);
   }
 
   /*
    * exit_group or equiv kills any still running threads while module
    * addr space is still valid.  otherwise we'd have to kill threads
    * before we clean up the address space.
    */
   NaClExit(ret_code);
+}
 
- done:
+static void NaClCleanupAndExit(struct NaClApp *nap, NaClErrorCode errcode) {
   fflush(stdout);
 
   /*
    * If there is a secure command channel, we sent an RPC reply with
    * the reason that the nexe was rejected.  If we exit now, that
    * reply may still be in-flight and the various channel closure (esp
    * reverse channel) may be detected first.  This would result in a
    * crash being reported, rather than the error in the RPC reply.
    * Instead, we wait for the hard-shutdown on the command channel.
    */
   if (LOAD_OK != errcode) {
     NaClBlockIfCommandChannelExists(nap);
   }
 
   NaClAllModulesFini();
 
-  NaClExit(ret_code);
+  NaClExit(1);
 }
+
+void NaClChromeMainStart(struct NaClChromeMainArgs *args) {
+  int irt_fd = args->irt_fd;
+  struct NaClApp *nap = NaClChromeMainCreateApp(args);
+  if (NULL != nap) {
+    if (NULL != nap->secure_service) {
+      NaClErrorCode errcode;
+      /*
+       * wait for start_module RPC call on secure channel thread.
+       */
+      errcode = NaClWaitForStartModuleCommand(nap);
+      if (LOAD_OK != errcode) {
+        NaClCleanupAndExit(nap, errcode);
+        return;
+      }
+      /* Assume the module has already been loaded. */
+      NaClChromeMainStartModule(nap, irt_fd);
+    }
+  }
+}