components/nacl/loader/nonsfi/elf_loader.cc - Issue 196793023: Add seccomp sandbox for non-SFI NaCl

Side by Side Diff: components/nacl/loader/nonsfi/elf_loader.cc

Issue 196793023: Add seccomp sandbox for non-SFI NaCl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« components/nacl/loader/nacl_sandbox_linux.cc ('K') | « components/nacl/loader/nacl_sandbox_linux.cc ('k') | components/nacl/loader/nonsfi/nonsfi_main.cc » ('j') | components/nacl/loader/nonsfi/nonsfi_main.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/nacl/loader/nonsfi/elf_loader.h"	5 #include "components/nacl/loader/nonsfi/elf_loader.h"

6	6

7 #include <elf.h>	7 #include <elf.h>

8 #include <link.h>	8 #include <link.h>

9	9

10 #include <cstring>	10 #include <cstring>

(...skipping 252 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
263 }	263 }

264 return data_->ehdr.e_entry + data_->load_bias;	264 return data_->ehdr.e_entry + data_->load_bias;

265 }	265 }

266	266

267 NaClErrorCode ElfImage::Read(struct NaClDesc* descriptor) {	267 NaClErrorCode ElfImage::Read(struct NaClDesc* descriptor) {

268 DCHECK(!data_);	268 DCHECK(!data_);

269	269

270 ::scoped_ptr<Data> data(new Data);	270 ::scoped_ptr<Data> data(new Data);

271	271

272 // Read elf header.	272 // Read elf header.

273 ssize_t read_ret = (*NACL_VTBL(NaClDesc, descriptor)->PRead)(	273 ssize_t read_ret = (*NACL_VTBL(NaClDesc, descriptor)->Read)(
	Mark Seaborn 2014/03/28 01:38:25 Julien and I are both OK with allowing the pread() Julien and I are both OK with allowing the pread() syscall, so you can leave this as it was and change the BPF policy. hamaji 2014/03/28 12:06:10 OK, I'd remove this change. Show quoted text On 2014/03/28 01:38:25, Mark Seaborn wrote: > Julien and I are both OK with allowing the pread() syscall, so you can leave > this as it was and change the BPF policy. OK, I'd remove this change.
274 descriptor, &data->ehdr, sizeof(data->ehdr), 0);	274 descriptor, &data->ehdr, sizeof(data->ehdr));

275 if (NaClSSizeIsNegErrno(&read_ret) \|\|	275 if (NaClSSizeIsNegErrno(&read_ret) \|\|

276 static_cast<size_t>(read_ret) != sizeof(data->ehdr)) {	276 static_cast<size_t>(read_ret) != sizeof(data->ehdr)) {

277 LOG(ERROR) << "Could not load elf headers.";	277 LOG(ERROR) << "Could not load elf headers.";

278 return LOAD_READ_ERROR;	278 return LOAD_READ_ERROR;

279 }	279 }

280	280

281 NaClErrorCode error_code = ValidateElfHeader(data->ehdr);	281 NaClErrorCode error_code = ValidateElfHeader(data->ehdr);

282 if (error_code != LOAD_OK)	282 if (error_code != LOAD_OK)

283 return error_code;	283 return error_code;

284	284

285 // Read program headers.	285 // Read program headers.

286 if (data->ehdr.e_phnum > Data::MAX_PROGRAM_HEADERS) {	286 if (data->ehdr.e_phnum > Data::MAX_PROGRAM_HEADERS) {

287 LOG(ERROR) << "Too many program headers";	287 LOG(ERROR) << "Too many program headers";

288 return LOAD_TOO_MANY_PROG_HDRS;	288 return LOAD_TOO_MANY_PROG_HDRS;

289 }	289 }

290	290

291 if (data->ehdr.e_phentsize != sizeof(data->phdrs[0])) {	291 if (data->ehdr.e_phentsize != sizeof(data->phdrs[0])) {

292 LOG(ERROR) << "Bad program headers size\n"	292 LOG(ERROR) << "Bad program headers size\n"

293 << " ehdr_.e_phentsize = " << data->ehdr.e_phentsize << "\n"	293 << " ehdr_.e_phentsize = " << data->ehdr.e_phentsize << "\n"

294 << " sizeof phdrs[0] = " << sizeof(data->phdrs[0]);	294 << " sizeof phdrs[0] = " << sizeof(data->phdrs[0]);

295 return LOAD_BAD_PHENTSIZE;	295 return LOAD_BAD_PHENTSIZE;

296 }	296 }

297	297

	298 // We avoid the use of pread here to reduce the number of required

	299 // syscalls for non-SFI mode.

	300 off_t ret = (*NACL_VTBL(NaClDesc, descriptor)->Seek)(

	301 descriptor, data->ehdr.e_phoff, SEEK_SET);

	302 if (ret != static_cast<off_t>(data->ehdr.e_phoff)) {

	303 LOG(ERROR) << "Cannot load prog headers";

	304 return LOAD_READ_ERROR;

	305 }

	306

298 size_t read_size = data->ehdr.e_phnum * data->ehdr.e_phentsize;	307 size_t read_size = data->ehdr.e_phnum * data->ehdr.e_phentsize;

299 read_ret = (*NACL_VTBL(NaClDesc, descriptor)->PRead)(	308 read_ret = (*NACL_VTBL(NaClDesc, descriptor)->Read)(

300 descriptor, data->phdrs, read_size, data->ehdr.e_phoff);	309 descriptor, data->phdrs, read_size);

301	310

302 if (NaClSSizeIsNegErrno(&read_ret) \|\|	311 if (NaClSSizeIsNegErrno(&read_ret) \|\|

303 static_cast<size_t>(read_ret) != read_size) {	312 static_cast<size_t>(read_ret) != read_size) {

304 LOG(ERROR) << "Cannot load prog headers";	313 LOG(ERROR) << "Cannot load prog headers";

305 return LOAD_READ_ERROR;	314 return LOAD_READ_ERROR;

306 }	315 }

307	316

308 data_.swap(data);	317 data_.swap(data);

309 return LOAD_OK;	318 return LOAD_OK;

310 }	319 }

(...skipping 16 matching lines...) Expand all Loading...
327 if (error != LOAD_OK) {	336 if (error != LOAD_OK) {

328 LOG(ERROR) << "ElfImage::Load: Failed to load segments";	337 LOG(ERROR) << "ElfImage::Load: Failed to load segments";

329 return error;	338 return error;

330 }	339 }

331	340

332 return LOAD_OK;	341 return LOAD_OK;

333 }	342 }

334	343

335 } // namespace nonsfi	344 } // namespace nonsfi

336 } // namespace nacl	345 } // namespace nacl

OLD	NEW