search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
imcplugin demo: Extend to support stat() call
[nativeclient.git] / service_runtime / nacl_desc_imc_shm.c
blob47702a2bd9baf1577c1e73c5ef2524a4d3095304
1 /*
2 * Copyright 2008, Google Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 *
9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above
12 * copyright notice, this list of conditions and the following disclaimer
13 * in the documentation and/or other materials provided with the
14 * distribution.
15 * * Neither the name of Google Inc. nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 /*
33 * NaCl Service Runtime. Transferrable shared memory objects.
34 */
35
36 #include "native_client/include/portability.h"
37 #include "native_client/include/nacl_platform.h"
38
39 #include <stdlib.h>
40 #include <string.h>
41
42 #include "native_client/service_runtime/nacl_desc_imc_shm.h"
43
44 #include "native_client/service_runtime/internal_errno.h"
45 #include "native_client/service_runtime/nacl_config.h"
46 #include "native_client/service_runtime/nacl_desc_base.h"
47 #include "native_client/service_runtime/nacl_desc_effector.h"
48 #include "native_client/service_runtime/nacl_desc_io.h"
49 #include "native_client/service_runtime/nacl_log.h"
50 #include "native_client/service_runtime/nacl_sync_checked.h"
51
52 #include "native_client/service_runtime/include/sys/errno.h"
53 #include "native_client/service_runtime/include/sys/mman.h"
54 #include "native_client/service_runtime/include/sys/stat.h"
55
56 #include "native_client/intermodule_comm/nacl_imc_c.h"
57
58 /*
59 * This file contains the implementation of the NaClDescImcShm
60 * subclass of NaClDesc.
61 *
62 * NaClDescImcShm is the subclass that wraps IMC shm descriptors.
63 */
64
65 int NaClDescImcShmCtor(struct NaClDescImcShm *self,
66 NaClHandle h,
67 off_t size)
68 {
69 struct NaClDesc *basep = (struct NaClDesc *) self;
70
71 /*
72 * off_t is signed, but size_t are not; historically size_t is for
73 * sizeof and similar, and off_t is also used for stat structure
74 * st_size member. This runtime test detects large object sizes
75 * that are silently converted to negative values.
76 */
77 basep->vtbl = (struct NaClDescVtbl *) NULL;
78 if (size < 0) {
79 return 0;
80 }
81
82 if (!NaClDescCtor(basep)) {
83 return 0;
84 }
85 self->h = h;
86 self->size = size;
87 basep->vtbl = &kNaClDescImcShmVtbl;
88 return 1;
89 }
90
91 void NaClDescImcShmDtor(struct NaClDesc *vself)
92 {
93 struct NaClDescImcShm *self = (struct NaClDescImcShm *) vself;
94
95 NaClClose(self->h);
96 self->h = NACL_INVALID_HANDLE;
97 vself->vtbl = (struct NaClDescVtbl *) NULL;
98 NaClDescDtor(vself);
99 }
100
101 int NaClDescImcShmMap(struct NaClDesc *vself,
102 struct NaClDescEffector *effp,
103 void *start_addr,
104 size_t len,
105 int prot,
106 int flags,
107 off_t offset)
108 {
109 struct NaClDescImcShm *self = (struct NaClDescImcShm *) vself;
110
111 int rv;
112 int nacl_prot;
113 int nacl_flags;
114 uintptr_t addr;
115 uintptr_t end_addr;
116 void *result;
117 off_t tmp_off;
118
119 /*
120 * prot must be not be PROT_NONE nor contain other than PROT_{READ|WRITE}
121 */
122 if (NACL_ABI_PROT_NONE == prot) {
123 NaClLog(LOG_INFO, "NaClDescImcShmMap: PROT_NONE not supported\n");
124 return -NACL_ABI_EINVAL;
125 }
126 if (0 != (~(NACL_ABI_PROT_READ | NACL_ABI_PROT_WRITE) & prot)) {
127 NaClLog(LOG_INFO,
128 "NaClDescImcShmMap: prot has other bits than PROT_{READ|WRITE}\n");
129 return -NACL_ABI_EINVAL;
130 }
131 /*
132 * Map from NACL_ABI_ prot and flags bits to IMC library flags,
133 * which will later map back into posix-style prot/flags on *x
134 * boxen, and to MapViewOfFileEx arguments on Windows.
135 */
136 nacl_prot = 0;
137 if (NACL_ABI_PROT_READ & prot) {
138 nacl_prot |= NACL_PROT_READ;
139 }
140 if (NACL_ABI_PROT_WRITE & prot) {
141 nacl_prot |= NACL_PROT_WRITE;
142 }
143 nacl_flags = NACL_MAP_SHARED | NACL_MAP_FIXED;
144
145 /*
146 * For *x, we just map with MAP_FIXED and the kernel takes care of
147 * atomically unmapping any existing memory. For Windows, we must
148 * unmap existing memory first, which creates a race condition,
149 * where some other innocent thread puts some other memory into the
150 * hole, and that memory becomes vulnerable to attack by the
151 * untrusted NaCl application.
152 *
153 * For now, abort the process. We will need to figure out how to
154 * re-architect this code to do the address space move, since it is
155 * deep surgery and we'll need to ensure that all threads have
156 * stopped and any addresses derived from the old address space
157 * would not be on any thread's call stack, i.e., stop the thread in
158 * user space or before entering real service runtime code. This
159 * means that no application thread may be indefinitely blocked
160 * performing a service call in the service runtime, since otherwise
161 * there is no way for us to stop all threads.
162 *
163 * TODO: We will probably return an internal error code
164 * -NACL_ABI_E_MOVE_ADDRESS_SPACE to ask the caller to do the address space
165 * dance.
166 */
167 for (addr = (uintptr_t) start_addr, end_addr = addr + len, tmp_off = offset;
168 addr < end_addr;
169 addr += NACL_MAP_PAGESIZE, tmp_off += NACL_MAP_PAGESIZE) {
170
171 /*
172 * Minimize the time between the unmap and the map for the same
173 * page: we interleave the unmap and map for the pages, rather
174 * than do all the unmap first and then do all of the map
175 * operations.
176 */
177 if (0 !=
178 (rv = (*effp->vtbl->UnmapMemory)(effp,
179 addr,
180 NACL_MAP_PAGESIZE))) {
181 NaClLog(LOG_FATAL,
182 ("NaClDescImcShmMap: error %d --"
183 " could not unmap 0x%08"PRIxPTR", length 0x%x\n"),
184 rv,
185 addr,
186 NACL_MAP_PAGESIZE);
187 }
188
189 result = NaClMap((void *) addr, NACL_MAP_PAGESIZE, nacl_prot, nacl_flags,
190 self->h, tmp_off);
191 if (NACL_MAP_FAILED == result) {
192 return -NACL_ABI_E_MOVE_ADDRESS_SPACE;
193 }
194 if (result != (void *) addr) {
195 NaClLog(LOG_FATAL,
196 ("NaClDescImcShmMap: NACL_MAP_FIXED but"
197 " got 0x%08"PRIxPTR" instead of 0x%08"PRIxPTR"\n"),
198 (uintptr_t) result, addr);
199 }
200 }
201 return (int) start_addr;
202 }
203
204 int NaClDescImcShmUnmapCommon(struct NaClDesc *vself,
205 struct NaClDescEffector *effp,
206 void *start_addr,
207 size_t len,
208 int safe_mode)
209 {
210 int status;
211 uintptr_t addr;
212 uintptr_t end_addr;
213
214 for (addr = (uintptr_t) start_addr, end_addr = addr + len;
215 addr < end_addr;
216 addr += NACL_MAP_PAGESIZE) {
217 /*
218 * Do the unmap "properly" through NaClUnmap, in case that the IMC
219 * library is changed to do some bookkeeping.
220 */
221 status = NaClUnmap((void *) addr, NACL_MAP_PAGESIZE);
222
223 if (0 != status) {
224 NaClLog(LOG_FATAL, "NaClDescImcShmUnmapCommon: NaClUnmap failed\n");
225 return -NACL_ABI_EINVAL;
226 }
227 /* there's still a race condition */
228 if (safe_mode) {
229 if (NaClIsNegErrno((*effp->vtbl->MapAnonymousMemory)(effp,
230 addr,
231 NACL_MAP_PAGESIZE,
232 PROT_NONE))) {
233 NaClLog(LOG_ERROR, "NaClDescImcShmUnmapCommon: could not fill hole\n");
234 return -NACL_ABI_E_MOVE_ADDRESS_SPACE;
235 }
236 }
237 }
238 return 0;
239 }
240
241 int NaClDescImcShmUnmapUnsafe(struct NaClDesc *vself,
242 struct NaClDescEffector *effp,
243 void *start_addr,
244 size_t len)
245 {
246 return NaClDescImcShmUnmapCommon(vself, effp, start_addr, len, 0);
247 }
248
249 int NaClDescImcShmUnmap(struct NaClDesc *vself,
250 struct NaClDescEffector *effp,
251 void *start_addr,
252 size_t len)
253 {
254 return NaClDescImcShmUnmapCommon(vself, effp, start_addr, len, 1);
255 }
256
257 int NaClDescImcShmFstat(struct NaClDesc *vself,
258 struct NaClDescEffector *effp,
259 struct nacl_abi_stat *stbp)
260 {
261 struct NaClDescImcShm *self = (struct NaClDescImcShm *) vself;
262
263 stbp->nacl_abi_st_dev = 0;
264 stbp->nacl_abi_st_ino = 0x6c43614e;
265 stbp->nacl_abi_st_mode = NACL_ABI_S_IFREG | NACL_ABI_S_IRWXU;
266 stbp->nacl_abi_st_nlink = 1;
267 stbp->nacl_abi_st_uid = -1;
268 stbp->nacl_abi_st_gid = -1;
269 stbp->nacl_abi_st_rdev = 0;
270 stbp->nacl_abi_st_size = self->size; /* the only real reason for fstat */
271 stbp->nacl_abi_st_blksize = 0;
272 stbp->nacl_abi_st_blocks = 0;
273 stbp->nacl_abi_st_atime = 0;
274 stbp->nacl_abi_st_mtime = 0;
275 stbp->nacl_abi_st_ctime = 0;
276
277 return 0;
278 }
279
280 int NaClDescImcShmClose(struct NaClDesc *vself,
281 struct NaClDescEffector *effp)
282 {
283 NaClDescUnref(vself);
284 return 0;
285 }
286
287 int NaClDescImcShmExternalizeSize(struct NaClDesc *vself,
288 size_t *nbytes,
289 size_t *nhandles)
290 {
291 struct NaClDescImcShm *self = (struct NaClDescImcShm *) vself;
292
293 *nbytes = sizeof self->size;
294 *nhandles = 1;
295
296 return 0;
297 }
298
299 int NaClDescImcShmExternalize(struct NaClDesc *vself,
300 struct NaClDescXferState *xfer)
301 {
302 struct NaClDescImcShm *self = (struct NaClDescImcShm *) vself;
303
304 *xfer->next_handle++ = self->h;
305 memcpy(xfer->next_byte, &self->size, sizeof self->size);
306 xfer->next_byte += sizeof self->size;
307 return 0;
308 }
309
310 struct NaClDescVtbl const kNaClDescImcShmVtbl = {
311 NaClDescImcShmDtor,
312 NaClDescImcShmMap,
313 NaClDescImcShmUnmapUnsafe,
314 NaClDescImcShmUnmap,
315 NaClDescReadNotImplemented,
316 NaClDescWriteNotImplemented,
317 NaClDescSeekNotImplemented,
318 NaClDescIoctlNotImplemented,
319 NaClDescImcShmFstat,
320 NaClDescImcShmClose,
321 NaClDescGetdentsNotImplemented,
322 NACL_DESC_SHM,
323 NaClDescImcShmExternalizeSize,
324 NaClDescImcShmExternalize,
325 NaClDescLockNotImplemented,
326 NaClDescTryLockNotImplemented,
327 NaClDescUnlockNotImplemented,
328 NaClDescWaitNotImplemented,
329 NaClDescTimedWaitAbsNotImplemented,
330 NaClDescSignalNotImplemented,
331 NaClDescBroadcastNotImplemented,
332 NaClDescSendMsgNotImplemented,
333 NaClDescRecvMsgNotImplemented,
334 NaClDescConnectAddrNotImplemented,
335 NaClDescAcceptConnNotImplemented,
336 NaClDescPostNotImplemented,
337 NaClDescSemWaitNotImplemented,
338 NaClDescGetValueNotImplemented,
339 };
340
341 int NaClDescImcShmInternalize(struct NaClDesc **baseptr,
342 struct NaClDescXferState *xfer)
343 {
344 int rv;
345 struct NaClDescImcShm *ndisp;
346 NaClHandle h;
347 off_t hsize;
348
349 rv = -NACL_ABI_EIO;
350 ndisp = NULL;
351
352 if (xfer->next_handle == xfer->handle_buffer_end) {
353 rv = -NACL_ABI_EIO;
354 goto cleanup;
355 }
356 if (xfer->next_byte + sizeof ndisp->size > xfer->byte_buffer_end) {
357 rv = -NACL_ABI_EIO;
358 goto cleanup;
359 }
360
361 ndisp = malloc(sizeof *ndisp);
362 if (NULL == ndisp) {
363 rv = -NACL_ABI_ENOMEM;
364 goto cleanup;
365 }
366
367 h = *xfer->next_handle;
368 *xfer->next_handle++ = NACL_INVALID_HANDLE;
369 memcpy(&hsize, xfer->next_byte, sizeof hsize);
370 xfer->next_byte += sizeof hsize;
371
372 NaClDescImcShmCtor(ndisp, h, hsize);
373
374 *baseptr = (struct NaClDesc *) ndisp;
375 rv = 0;
376
377 cleanup:
378 if (rv < 0) {
379 free(ndisp);
380 }
381 return rv;
382 }
Branch of Google Native Client