| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef MOJO_NACL_MOJO_SYSCALL_INTERNAL_H_ | 5 #ifndef MOJO_NACL_MOJO_SYSCALL_INTERNAL_H_ |
| 6 #define MOJO_NACL_MOJO_SYSCALL_INTERNAL_H_ | 6 #define MOJO_NACL_MOJO_SYSCALL_INTERNAL_H_ |
| 7 | 7 |
| 8 #include "native_client/src/trusted/service_runtime/nacl_copy.h" | 8 #include "native_client/src/trusted/service_runtime/nacl_copy.h" |
| 9 #include "native_client/src/trusted/service_runtime/sel_ldr.h" | 9 #include "native_client/src/trusted/service_runtime/sel_ldr.h" |
| 10 | 10 |
| 11 namespace { | 11 namespace { |
| 12 | 12 |
| 13 class ScopedCopyLock { | 13 class ScopedCopyLock { |
| 14 public: | 14 public: |
| 15 explicit ScopedCopyLock(struct NaClApp* nap) : nap_(nap) { | 15 explicit ScopedCopyLock(struct NaClApp* nap) : nap_(nap) { |
| 16 NaClCopyTakeLock(nap_); | 16 NaClCopyTakeLock(nap_); |
| 17 } | 17 } |
| 18 ~ScopedCopyLock() { | 18 ~ScopedCopyLock() { NaClCopyDropLock(nap_); } |
| 19 NaClCopyDropLock(nap_); | 19 |
| 20 } | |
| 21 private: | 20 private: |
| 22 struct NaClApp* nap_; | 21 struct NaClApp* nap_; |
| 23 }; | 22 }; |
| 24 | 23 |
| 25 static inline uintptr_t NaClUserToSysAddrArray( | 24 static inline uintptr_t NaClUserToSysAddrArray(struct NaClApp* nap, |
| 26 struct NaClApp* nap, | 25 uint32_t uaddr, |
| 27 uint32_t uaddr, | 26 size_t count, |
| 28 size_t count, | 27 size_t size) { |
| 29 size_t size) { | |
| 30 // TODO(ncbray): overflow checking | 28 // TODO(ncbray): overflow checking |
| 31 size_t range = count * size; | 29 size_t range = count * size; |
| 32 return NaClUserToSysAddrRange(nap, uaddr, range); | 30 return NaClUserToSysAddrRange(nap, uaddr, range); |
| 33 } | 31 } |
| 34 | 32 |
| 35 // We don't use plain-old memcpy because reads and writes to the untrusted | 33 // We don't use plain-old memcpy because reads and writes to the untrusted |
| 36 // address space from trusted code must be volatile. Non-volatile memory | 34 // address space from trusted code must be volatile. Non-volatile memory |
| 37 // operations are dangerous because a compiler would be free to materialize a | 35 // operations are dangerous because a compiler would be free to materialize a |
| 38 // second load from the same memory address or materialize a load from a memory | 36 // second load from the same memory address or materialize a load from a memory |
| 39 // address that was stored, and assume the materialized load would return the | 37 // address that was stored, and assume the materialized load would return the |
| 40 // same value as the previous load or store. Data races could cause the | 38 // same value as the previous load or store. Data races could cause the |
| 41 // materialized load to return a different value, however, which could lead to | 39 // materialized load to return a different value, however, which could lead to |
| 42 // time of check vs. time of use problems, or worse. For this binding code in | 40 // time of check vs. time of use problems, or worse. For this binding code in |
| 43 // particular, where memcpy is being called with a constant size, it is entirely | 41 // particular, where memcpy is being called with a constant size, it is entirely |
| 44 // conceivable the function will be inlined, unrolled, and optimized. | 42 // conceivable the function will be inlined, unrolled, and optimized. |
| 45 static inline void memcpy_volatile_out( | 43 static inline void memcpy_volatile_out(void volatile* dst, |
| 46 void volatile* dst, | 44 const void* src, |
| 47 const void* src, | 45 size_t n) { |
| 48 size_t n) { | |
| 49 char volatile* c_dst = static_cast<char volatile*>(dst); | 46 char volatile* c_dst = static_cast<char volatile*>(dst); |
| 50 const char* c_src = static_cast<const char*>(src); | 47 const char* c_src = static_cast<const char*>(src); |
| 51 for (size_t i = 0; i < n; i++) { | 48 for (size_t i = 0; i < n; i++) { |
| 52 c_dst[i] = c_src[i]; | 49 c_dst[i] = c_src[i]; |
| 53 } | 50 } |
| 54 } | 51 } |
| 55 | 52 |
| 56 template <typename T> bool ConvertScalarInput( | 53 template <typename T> |
| 57 struct NaClApp* nap, | 54 bool ConvertScalarInput(struct NaClApp* nap, uint32_t user_ptr, T* value) { |
| 58 uint32_t user_ptr, | |
| 59 T* value) { | |
| 60 if (user_ptr) { | 55 if (user_ptr) { |
| 61 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, sizeof(T)); | 56 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, sizeof(T)); |
| 62 if (temp != kNaClBadAddress) { | 57 if (temp != kNaClBadAddress) { |
| 63 *value = *reinterpret_cast<T volatile*>(temp); | 58 *value = *reinterpret_cast<T volatile*>(temp); |
| 64 return true; | 59 return true; |
| 65 } | 60 } |
| 66 } | 61 } |
| 67 return false; | 62 return false; |
| 68 } | 63 } |
| 69 | 64 |
| 70 template <typename T> bool ConvertScalarOutput( | 65 template <typename T> |
| 71 struct NaClApp* nap, | 66 bool ConvertScalarOutput(struct NaClApp* nap, |
| 72 uint32_t user_ptr, | 67 uint32_t user_ptr, |
| 73 bool optional, | 68 bool optional, |
| 74 T volatile** sys_ptr) { | 69 T volatile** sys_ptr) { |
| 75 if (user_ptr) { | 70 if (user_ptr) { |
| 76 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, sizeof(T)); | 71 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, sizeof(T)); |
| 77 if (temp != kNaClBadAddress) { | 72 if (temp != kNaClBadAddress) { |
| 78 *sys_ptr = reinterpret_cast<T volatile*>(temp); | 73 *sys_ptr = reinterpret_cast<T volatile*>(temp); |
| 79 return true; | 74 return true; |
| 80 } | 75 } |
| 81 } else if (optional) { | 76 } else if (optional) { |
| 82 *sys_ptr = 0; | 77 *sys_ptr = 0; |
| 83 return true; | 78 return true; |
| 84 } | 79 } |
| 85 *sys_ptr = 0; // Paranoia. | 80 *sys_ptr = 0; // Paranoia. |
| 86 return false; | 81 return false; |
| 87 } | 82 } |
| 88 | 83 |
| 89 template <typename T> bool ConvertScalarInOut( | 84 template <typename T> |
| 90 struct NaClApp* nap, | 85 bool ConvertScalarInOut(struct NaClApp* nap, |
| 91 uint32_t user_ptr, | 86 uint32_t user_ptr, |
| 92 bool optional, | 87 bool optional, |
| 93 T* value, | 88 T* value, |
| 94 T volatile** sys_ptr) { | 89 T volatile** sys_ptr) { |
| 95 if (user_ptr) { | 90 if (user_ptr) { |
| 96 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, sizeof(T)); | 91 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, sizeof(T)); |
| 97 if (temp != kNaClBadAddress) { | 92 if (temp != kNaClBadAddress) { |
| 98 T volatile* converted = reinterpret_cast<T volatile*>(temp); | 93 T volatile* converted = reinterpret_cast<T volatile*>(temp); |
| 99 *sys_ptr = converted; | 94 *sys_ptr = converted; |
| 100 *value = *converted; | 95 *value = *converted; |
| 101 return true; | 96 return true; |
| 102 } | 97 } |
| 103 } else if (optional) { | 98 } else if (optional) { |
| 104 *sys_ptr = 0; | 99 *sys_ptr = 0; |
| 105 *value = static_cast<T>(0); // Paranoia. | 100 *value = static_cast<T>(0); // Paranoia. |
| 106 return true; | 101 return true; |
| 107 } | 102 } |
| 108 *sys_ptr = 0; // Paranoia. | 103 *sys_ptr = 0; // Paranoia. |
| 109 *value = static_cast<T>(0); // Paranoia. | 104 *value = static_cast<T>(0); // Paranoia. |
| 110 return false; | 105 return false; |
| 111 } | 106 } |
| 112 | 107 |
| 113 template <typename T> bool ConvertArray( | 108 template <typename T> |
| 114 struct NaClApp* nap, | 109 bool ConvertArray(struct NaClApp* nap, |
| 115 uint32_t user_ptr, | 110 uint32_t user_ptr, |
| 116 uint32_t length, | 111 uint32_t length, |
| 117 size_t element_size, | 112 size_t element_size, |
| 118 bool optional, | 113 bool optional, |
| 119 T** sys_ptr) { | 114 T** sys_ptr) { |
| 120 if (user_ptr) { | 115 if (user_ptr) { |
| 121 uintptr_t temp = NaClUserToSysAddrArray(nap, user_ptr, length, | 116 uintptr_t temp = |
| 122 element_size); | 117 NaClUserToSysAddrArray(nap, user_ptr, length, element_size); |
| 123 if (temp != kNaClBadAddress) { | 118 if (temp != kNaClBadAddress) { |
| 124 *sys_ptr = reinterpret_cast<T*>(temp); | 119 *sys_ptr = reinterpret_cast<T*>(temp); |
| 125 return true; | 120 return true; |
| 126 } | 121 } |
| 127 } else if (optional) { | 122 } else if (optional) { |
| 128 *sys_ptr = 0; | 123 *sys_ptr = 0; |
| 129 return true; | 124 return true; |
| 130 } | 125 } |
| 131 return false; | 126 return false; |
| 132 } | 127 } |
| 133 | 128 |
| 134 template <typename T> bool ConvertBytes( | 129 template <typename T> |
| 135 struct NaClApp* nap, | 130 bool ConvertBytes(struct NaClApp* nap, |
| 136 uint32_t user_ptr, | 131 uint32_t user_ptr, |
| 137 uint32_t length, | 132 uint32_t length, |
| 138 bool optional, | 133 bool optional, |
| 139 T** sys_ptr) { | 134 T** sys_ptr) { |
| 140 if (user_ptr) { | 135 if (user_ptr) { |
| 141 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, length); | 136 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, length); |
| 142 if (temp != kNaClBadAddress) { | 137 if (temp != kNaClBadAddress) { |
| 143 *sys_ptr = reinterpret_cast<T*>(temp); | 138 *sys_ptr = reinterpret_cast<T*>(temp); |
| 144 return true; | 139 return true; |
| 145 } | 140 } |
| 146 } else if (optional) { | 141 } else if (optional) { |
| 147 *sys_ptr = 0; | 142 *sys_ptr = 0; |
| 148 return true; | 143 return true; |
| 149 } | 144 } |
| 150 return false; | 145 return false; |
| 151 } | 146 } |
| 152 | 147 |
| 153 // TODO(ncbray): size validation and complete copy. | 148 // TODO(ncbray): size validation and complete copy. |
| 154 // TODO(ncbray): ensure non-null / missized structs are covered by a test case. | 149 // TODO(ncbray): ensure non-null / missized structs are covered by a test case. |
| 155 template <typename T> bool ConvertExtensibleStructInput( | 150 template <typename T> |
| 156 struct NaClApp* nap, | 151 bool ConvertExtensibleStructInput(struct NaClApp* nap, |
| 157 uint32_t user_ptr, | 152 uint32_t user_ptr, |
| 158 bool optional, | 153 bool optional, |
| 159 T** sys_ptr) { | 154 T** sys_ptr) { |
| 160 if (user_ptr) { | 155 if (user_ptr) { |
| 161 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, sizeof(T)); | 156 uintptr_t temp = NaClUserToSysAddrRange(nap, user_ptr, sizeof(T)); |
| 162 if (temp != kNaClBadAddress) { | 157 if (temp != kNaClBadAddress) { |
| 163 *sys_ptr = reinterpret_cast<T*>(temp); | 158 *sys_ptr = reinterpret_cast<T*>(temp); |
| 164 return true; | 159 return true; |
| 165 } | 160 } |
| 166 } else if (optional) { | 161 } else if (optional) { |
| 167 *sys_ptr = 0; | 162 *sys_ptr = 0; |
| 168 return true; | 163 return true; |
| 169 } | 164 } |
| 170 return false; | 165 return false; |
| 171 } | 166 } |
| 172 | 167 |
| 173 } // namespace | 168 } // namespace |
| 174 | 169 |
| 175 #endif // MOJO_NACL_MOJO_SYSCALL_INTERNAL_H_ | 170 #endif // MOJO_NACL_MOJO_SYSCALL_INTERNAL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 955113002:
Rearrange mojo/nacl files. (Closed)
Base URL: git@github.com:domokit/mojo.git@master