Chromium Code Reviews Chromium Code Reviews
Issue 832393003:
[gin] Fingerprint the V8 snapshot files on Windows and verify before loading the snapshot. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "gin/public/isolate_holder.h" | 5 #include "gin/public/isolate_holder.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include "base/files/memory_mapped_file.h" | 10 #include "base/files/memory_mapped_file.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/message_loop/message_loop.h" | 12 #include "base/message_loop/message_loop.h" |
| 13 #include "base/rand_util.h" | 13 #include "base/rand_util.h" |
| 14 #include "base/sys_info.h" | 14 #include "base/sys_info.h" |
| 15 #include "crypto/secure_hash.h" | |
| 16 #include "crypto/sha2.h" | |
| 15 #include "gin/array_buffer.h" | 17 #include "gin/array_buffer.h" |
| 16 #include "gin/debug_impl.h" | 18 #include "gin/debug_impl.h" |
| 17 #include "gin/function_template.h" | 19 #include "gin/function_template.h" |
| 18 #include "gin/per_isolate_data.h" | 20 #include "gin/per_isolate_data.h" |
| 19 #include "gin/public/v8_platform.h" | 21 #include "gin/public/v8_platform.h" |
| 20 #include "gin/run_microtasks_observer.h" | 22 #include "gin/run_microtasks_observer.h" |
| 21 | 23 |
| 22 #ifdef V8_USE_EXTERNAL_STARTUP_DATA | 24 #ifdef V8_USE_EXTERNAL_STARTUP_DATA |
| 23 #ifdef OS_MACOSX | 25 #ifdef OS_MACOSX |
| 24 #include "base/mac/foundation_util.h" | 26 #include "base/mac/foundation_util.h" |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 65 delete g_mapped_snapshot; | 67 delete g_mapped_snapshot; |
| 66 g_mapped_snapshot = NULL; | 68 g_mapped_snapshot = NULL; |
| 67 LOG(ERROR) << "Couldn't mmap v8 snapshot data file"; | 69 LOG(ERROR) << "Couldn't mmap v8 snapshot data file"; |
| 68 return false; | 70 return false; |
| 69 } | 71 } |
| 70 } | 72 } |
| 71 | 73 |
| 72 return true; | 74 return true; |
| 73 } | 75 } |
| 74 | 76 |
| 77 bool VerifyV8SnapshotFile(base::MemoryMappedFile* snapshot_file, | |
| 78 const unsigned char* fingerprint) { | |
| 79 scoped_ptr<crypto::SecureHash> hash( | |
|
grt (UTC plus 2)
2015/01/07 19:27:19
can you use crypto::SHA256HashString(base::StringP
rmcilroy
2015/01/08 15:05:35
Done.
| |
| 80 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); | |
| 81 hash->Update(snapshot_file->data(), snapshot_file->length()); | |
| 82 unsigned char output[crypto::kSHA256Length]; | |
| 83 hash->Finish(output, sizeof(output)); | |
| 84 for (size_t i = 0; i < crypto::kSHA256Length; i++) { | |
|
grt (UTC plus 2)
2015/01/07 19:27:19
?
return !memcmp(fingerprint, output, sizeof(out
rmcilroy
2015/01/08 15:05:35
Done.
| |
| 85 if (fingerprint[i] != output[i]) | |
| 86 return false; | |
| 87 } | |
| 88 return true; | |
| 89 } | |
| 90 | |
| 75 #if !defined(OS_MACOSX) | 91 #if !defined(OS_MACOSX) |
| 76 const int v8_snapshot_dir = | 92 const int v8_snapshot_dir = |
| 77 #if defined(OS_ANDROID) | 93 #if defined(OS_ANDROID) |
| 78 base::DIR_ANDROID_APP_DATA; | 94 base::DIR_ANDROID_APP_DATA; |
| 79 #elif defined(OS_POSIX) | 95 #elif defined(OS_POSIX) |
| 80 base::DIR_EXE; | 96 base::DIR_EXE; |
| 81 #endif // defined(OS_ANDROID) | 97 #endif // defined(OS_ANDROID) |
| 82 #endif // !defined(OS_MACOSX) | 98 #endif // !defined(OS_MACOSX) |
| 83 | 99 |
| 84 #endif // V8_USE_EXTERNAL_STARTUP_DATA | 100 #endif // V8_USE_EXTERNAL_STARTUP_DATA |
| 85 | 101 |
| 86 } // namespace | 102 } // namespace |
| 87 | 103 |
| 88 | 104 |
| 89 #ifdef V8_USE_EXTERNAL_STARTUP_DATA | 105 #ifdef V8_USE_EXTERNAL_STARTUP_DATA |
| 106 | |
| 107 // Declared in gen/gin/v8_snapshot_fingerprint.cc | |
|
grt (UTC plus 2)
2015/01/07 19:27:19
Declared -> Defined (these are declarations here)
rmcilroy
2015/01/08 15:05:35
Done.
| |
| 108 extern const unsigned char g_natives_fingerprint[]; | |
| 109 extern const unsigned char g_snapshot_fingerprint[]; | |
| 110 | |
| 90 // static | 111 // static |
| 91 bool IsolateHolder::LoadV8Snapshot() { | 112 bool IsolateHolder::LoadV8Snapshot() { |
| 92 if (g_mapped_natives && g_mapped_snapshot) | 113 if (g_mapped_natives && g_mapped_snapshot) |
| 93 return true; | 114 return true; |
| 94 | 115 |
| 95 #if !defined(OS_MACOSX) | 116 #if !defined(OS_MACOSX) |
| 96 base::FilePath data_path; | 117 base::FilePath data_path; |
| 97 PathService::Get(v8_snapshot_dir, &data_path); | 118 PathService::Get(v8_snapshot_dir, &data_path); |
| 98 DCHECK(!data_path.empty()); | 119 DCHECK(!data_path.empty()); |
| 99 | 120 |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 111 return MapV8Files(&natives_path, &snapshot_path); | 132 return MapV8Files(&natives_path, &snapshot_path); |
| 112 } | 133 } |
| 113 | 134 |
| 114 //static | 135 //static |
| 115 bool IsolateHolder::LoadV8SnapshotFD(int natives_fd, int snapshot_fd) { | 136 bool IsolateHolder::LoadV8SnapshotFD(int natives_fd, int snapshot_fd) { |
| 116 if (g_mapped_natives && g_mapped_snapshot) | 137 if (g_mapped_natives && g_mapped_snapshot) |
| 117 return true; | 138 return true; |
| 118 | 139 |
| 119 return MapV8Files(NULL, NULL, natives_fd, snapshot_fd); | 140 return MapV8Files(NULL, NULL, natives_fd, snapshot_fd); |
| 120 } | 141 } |
| 142 | |
| 143 // static | |
| 144 bool IsolateHolder::LoadAndVerifyV8Snapshot() { | |
| 145 if (!LoadV8Snapshot()) | |
| 146 return false; | |
| 147 return VerifyV8SnapshotFile(g_mapped_natives, g_natives_fingerprint) && | |
| 148 VerifyV8SnapshotFile(g_mapped_snapshot, g_snapshot_fingerprint); | |
| 149 } | |
| 150 | |
| 121 #endif // V8_USE_EXTERNAL_STARTUP_DATA | 151 #endif // V8_USE_EXTERNAL_STARTUP_DATA |
| 122 | 152 |
| 123 //static | 153 //static |
| 124 void IsolateHolder::GetV8ExternalSnapshotData(const char** natives_data_out, | 154 void IsolateHolder::GetV8ExternalSnapshotData(const char** natives_data_out, |
| 125 int* natives_size_out, | 155 int* natives_size_out, |
| 126 const char** snapshot_data_out, | 156 const char** snapshot_data_out, |
| 127 int* snapshot_size_out) { | 157 int* snapshot_size_out) { |
| 128 if (!g_mapped_natives || !g_mapped_snapshot) { | 158 if (!g_mapped_natives || !g_mapped_snapshot) { |
| 129 *natives_data_out = *snapshot_data_out = NULL; | 159 *natives_data_out = *snapshot_data_out = NULL; |
| 130 *natives_size_out = *snapshot_size_out = 0; | 160 *natives_size_out = *snapshot_size_out = 0; |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 214 base::MessageLoop::current()->AddTaskObserver(task_observer_.get()); | 244 base::MessageLoop::current()->AddTaskObserver(task_observer_.get()); |
| 215 } | 245 } |
| 216 | 246 |
| 217 void IsolateHolder::RemoveRunMicrotasksObserver() { | 247 void IsolateHolder::RemoveRunMicrotasksObserver() { |
| 218 DCHECK(task_observer_.get()); | 248 DCHECK(task_observer_.get()); |
| 219 base::MessageLoop::current()->RemoveTaskObserver(task_observer_.get()); | 249 base::MessageLoop::current()->RemoveTaskObserver(task_observer_.get()); |
| 220 task_observer_.reset(); | 250 task_observer_.reset(); |
| 221 } | 251 } |
| 222 | 252 |
| 223 } // namespace gin | 253 } // namespace gin |
| OLD | NEW |
