Chromium Code Reviews Chromium Code Reviews
Issue 239763005:
Add workaround for mmap() with PROT_EXEC on Chrome OS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <errno.h> | 5 #include <errno.h> |
| 6 #include <sys/mman.h> | 6 #include <sys/mman.h> |
| 7 | 7 |
| 8 #include "base/logging.h" | |
| 8 #include "components/nacl/loader/nonsfi/irt_interfaces.h" | 9 #include "components/nacl/loader/nonsfi/irt_interfaces.h" |
| 9 #include "components/nacl/loader/nonsfi/irt_util.h" | 10 #include "components/nacl/loader/nonsfi/irt_util.h" |
| 10 #include "native_client/src/trusted/service_runtime/include/machine/_types.h" | 11 #include "native_client/src/trusted/service_runtime/include/machine/_types.h" |
| 11 #include "native_client/src/trusted/service_runtime/include/sys/mman.h" | 12 #include "native_client/src/trusted/service_runtime/include/sys/mman.h" |
| 12 | 13 |
| 13 namespace nacl { | 14 namespace nacl { |
| 14 namespace nonsfi { | 15 namespace nonsfi { |
| 15 namespace { | 16 namespace { |
| 16 | 17 |
| 17 int NaClProtToProt(int nacl_prot) { | 18 int NaClProtToProt(int nacl_prot) { |
| 18 int prot = 0; | 19 int prot = 0; |
| 19 if ((nacl_prot & NACL_ABI_PROT_MASK) == NACL_ABI_PROT_NONE) | 20 if ((nacl_prot & NACL_ABI_PROT_MASK) == NACL_ABI_PROT_NONE) |
| 20 return PROT_NONE; | 21 return PROT_NONE; |
| 21 | 22 |
| 22 if (nacl_prot & NACL_ABI_PROT_READ) | 23 if (nacl_prot & NACL_ABI_PROT_READ) |
| 23 prot |= PROT_READ; | 24 prot |= PROT_READ; |
| 24 if (nacl_prot & NACL_ABI_PROT_WRITE) | 25 if (nacl_prot & NACL_ABI_PROT_WRITE) |
| 25 prot |= PROT_WRITE; | 26 prot |= PROT_WRITE; |
| 26 if (nacl_prot & NACL_ABI_PROT_EXEC) | 27 if (nacl_prot & NACL_ABI_PROT_EXEC) |
| 27 prot |= PROT_EXEC; | 28 prot |= PROT_EXEC; |
| 28 return prot; | 29 return prot; |
|
jln (very slow on Chromium)
2014/04/16 23:28:08
Could we make sure here that PROT_WRITE and PROT_E
mazda
2014/04/17 04:23:07
Do you mean PROT_WRITE and PROT_EXEC should never
| |
| 29 } | 30 } |
| 30 | 31 |
| 31 int NaClFlagsToFlags(int nacl_flags) { | 32 int NaClFlagsToFlags(int nacl_flags) { |
| 32 int flags = 0; | 33 int flags = 0; |
| 33 | 34 |
| 34 if (nacl_flags & NACL_ABI_MAP_SHARED) | 35 if (nacl_flags & NACL_ABI_MAP_SHARED) |
| 35 flags |= MAP_SHARED; | 36 flags |= MAP_SHARED; |
| 36 if (nacl_flags & NACL_ABI_MAP_PRIVATE) | 37 if (nacl_flags & NACL_ABI_MAP_PRIVATE) |
| 37 flags |= MAP_PRIVATE; | 38 flags |= MAP_PRIVATE; |
| 38 if (nacl_flags & NACL_ABI_MAP_FIXED) | 39 if (nacl_flags & NACL_ABI_MAP_FIXED) |
| 39 flags |= MAP_FIXED; | 40 flags |= MAP_FIXED; |
| 40 | 41 |
| 41 // Note: NACL_ABI_MAP_ANON is an alias of NACL_ABI_MAP_ANONYMOUS. | 42 // Note: NACL_ABI_MAP_ANON is an alias of NACL_ABI_MAP_ANONYMOUS. |
| 42 if (nacl_flags & NACL_ABI_MAP_ANONYMOUS) | 43 if (nacl_flags & NACL_ABI_MAP_ANONYMOUS) |
| 43 flags |= MAP_ANONYMOUS; | 44 flags |= MAP_ANONYMOUS; |
| 44 return flags; | 45 return flags; |
| 45 } | 46 } |
| 46 | 47 |
| 47 int IrtMMap(void** addr, size_t len, int prot, int flags, | 48 int IrtMMap(void** addr, size_t len, int prot, int flags, |
| 48 int fd, nacl_abi_off_t off) { | 49 int fd, nacl_abi_off_t off) { |
| 49 void* result = | 50 const int host_prot = NaClProtToProt(prot); |
| 50 mmap(*addr, len, NaClProtToProt(prot), NaClFlagsToFlags(flags), fd, off); | 51 // On Chrome OS, mmap can fail if PROT_EXEC is set in |host_prot|, |
| 52 // but mprotect will allow changing the permissions later. | |
| 53 // This is because Chrome OS mounts writable filesystems with "noexec". | |
| 54 void* result = mmap( | |
| 55 *addr, len, host_prot & ~PROT_EXEC, NaClFlagsToFlags(flags), fd, off); | |
| 51 if (result == MAP_FAILED) | 56 if (result == MAP_FAILED) |
| 52 return errno; | 57 return errno; |
| 58 if (host_prot & PROT_EXEC) { | |
| 59 if (mprotect(result, len, host_prot) != 0) { | |
| 60 // This aborts here because it cannot easily undo the mmap() call. | |
| 61 LOG_ERRNO(FATAL) << "IrtMMap: mprotect to turn on PROT_EXEC failed."; | |
| 62 } | |
| 63 } | |
| 53 | 64 |
| 54 *addr = result; | 65 *addr = result; |
| 55 return 0; | 66 return 0; |
| 56 } | 67 } |
| 57 | 68 |
| 58 int IrtMUnmap(void* addr, size_t len) { | 69 int IrtMUnmap(void* addr, size_t len) { |
| 59 return CheckError(munmap(addr, len)); | 70 return CheckError(munmap(addr, len)); |
| 60 } | 71 } |
| 61 | 72 |
| 62 int IrtMProtect(void* addr, size_t len, int prot) { | 73 int IrtMProtect(void* addr, size_t len, int prot) { |
| 63 return CheckError(mprotect(addr, len, NaClProtToProt(prot))); | 74 return CheckError(mprotect(addr, len, NaClProtToProt(prot))); |
| 64 } | 75 } |
| 65 | 76 |
| 66 } // namespace | 77 } // namespace |
| 67 | 78 |
| 68 // For mmap, the argument types should be nacl_abi_off_t rather than off_t. | 79 // For mmap, the argument types should be nacl_abi_off_t rather than off_t. |
| 69 // However, the definition of nacl_irt_memory uses the host type off_t, so here | 80 // However, the definition of nacl_irt_memory uses the host type off_t, so here |
| 70 // we need to cast it. | 81 // we need to cast it. |
| 71 const nacl_irt_memory kIrtMemory = { | 82 const nacl_irt_memory kIrtMemory = { |
| 72 reinterpret_cast<int(*)(void**, size_t, int, int, int, off_t)>(IrtMMap), | 83 reinterpret_cast<int(*)(void**, size_t, int, int, int, off_t)>(IrtMMap), |
| 73 IrtMUnmap, | 84 IrtMUnmap, |
| 74 IrtMProtect, | 85 IrtMProtect, |
| 75 }; | 86 }; |
| 76 | 87 |
| 77 } // namespace nonsfi | 88 } // namespace nonsfi |
| 78 } // namespace nacl | 89 } // namespace nacl |
| OLD | NEW |
