service_runtime/linux/nacl_ldt.c

   1 /*
   2  * Copyright 2008, Google Inc.
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions are
   7  * met:
   8  *
   9  *     * Redistributions of source code must retain the above copyright
  10  * notice, this list of conditions and the following disclaimer.
  11  *     * Redistributions in binary form must reproduce the above
  12  * copyright notice, this list of conditions and the following disclaimer
  13  * in the documentation and/or other materials provided with the
  14  * distribution.
  15  *     * Neither the name of Google Inc. nor the names of its
  16  * contributors may be used to endorse or promote products derived from
  17  * this software without specific prior written permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  22  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  23  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  24  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  25  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  29  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30  */
  31
  32 /*
  33  * NaCl local descriptor table manipulation support.
  34  */
  35
  36 #include <asm/ldt.h>
  37 #include <errno.h>
  38 #include <stdio.h>
  39
  40 #include "native_client/service_runtime/nacl_ldt.h"
  41 #include "native_client/service_runtime/nacl_sync.h"
  42
  43 /*
  44  * The modify_ldt system call is used to get and set the local descriptor
  45  * table.
  46  */
  47 extern int modify_ldt(int func, void* ptr, unsigned long bytecount);
  48
  49 /*
  50  * A static helper for finding unused LDT entry.
  51  */
  52 static int NaClFindUnusedEntryNumber();
  53
  54 /* struct LdtEntry is a structure that is laid out exactly as the segment
  55  * descriptors described in the Intel reference manuals.  This is needed
  56  * because Mac and Windows use this representation in the methods used to
  57  * set and get entries in the local descriptor table (LDT), but use different
  58  * names for the members.  Linux uses a different representation to set, but
  59  * also reads entries back in this format.  It needs to be laid out packed,
  60  * bitwise, little endian.
  61  */
  62 struct LdtEntry {
  63   uint16_t limit_00to15;
  64   uint16_t base_00to15;
  65   // NOTE: the bitfields are using a gcc extension switching
  66   //       to "unsigned:<n>" is NOT straight forward
  67   uint8_t base_16to23;
  68   uint8_t type : 5;
  69   uint8_t descriptor_privilege : 2;
  70   uint8_t present : 1;
  71   uint8_t limit_16to19 : 4;
  72   uint8_t available : 1;
  73   uint8_t code_64_bit : 1;
  74   uint8_t op_size_32 : 1;
  75   uint8_t granularity : 1;
  76   uint8_t base_24to31;
  77 };
  78
  79 /*
  80  * The module initializer and finalizer set up a mutex used to guard LDT
  81  * manipulation.
  82  */
  83 static struct NaClMutex nacl_ldt_mutex;
  84
  85 int NaClLdtInitPlatformSpecific() {
  86   return NaClMutexCtor(&nacl_ldt_mutex);
  87 }
  88
  89 void NaClLdtFiniPlatformSpecific() {
  90   NaClMutexDtor(&nacl_ldt_mutex);
  91 }
  92
  93 /*
  94  * Find and allocate an available selector, inserting an LDT entry with the
  95  * appropriate permissions.
  96  */
  97 uint16_t NaClLdtAllocateSelector(int32_t entry_number,
  98                                  int size_is_in_pages,
  99                                  NaClLdtDescriptorType type,
 100                                  int read_exec_only,
 101                                  void* base_addr,
 102                                  uint32_t size_minus_one) {
 103   struct user_desc ud;
 104   int retval;
 105
 106   NaClMutexLock(&nacl_ldt_mutex);
 107
 108   if (-1 == entry_number) {
 109     /* -1 means caller did not specify -- allocate */
 110     entry_number = NaClFindUnusedEntryNumber();
 111
 112     if (-1 == entry_number) {
 113       /*
 114        * No free entries were available.
 115        */
 116       goto alloc_error;
 117     }
 118   }
 119   ud.entry_number = entry_number;
 120
 121   switch (type) {
 122     case NACL_LDT_DESCRIPTOR_DATA:
 123       ud.contents = MODIFY_LDT_CONTENTS_DATA;
 124       break;
 125     case NACL_LDT_DESCRIPTOR_CODE:
 126       ud.contents = MODIFY_LDT_CONTENTS_CODE;
 127       break;
 128     default:
 129       goto alloc_error;
 130   }
 131   ud.read_exec_only = read_exec_only;
 132   ud.seg_32bit = 1;
 133   ud.seg_not_present = 0;
 134   ud.useable = 1;
 135
 136   if (size_is_in_pages && ((unsigned long) base_addr & 0xfff)) {
 137     /*
 138      * The base address needs to be page aligned.
 139      */
 140     goto alloc_error;
 141   };
 142   ud.base_addr = (unsigned long) base_addr;
 143
 144   if (size_minus_one > 0xfffff) {
 145     /*
 146      * If size is in pages, no more than 2**20 pages can be protected.
 147      * If size is in bytes, no more than 2**20 bytes can be protected.
 148      */
 149     goto alloc_error;
 150   }
 151   ud.limit = size_minus_one;
 152   ud.limit_in_pages = size_is_in_pages;
 153
 154   /*
 155    * Install the LDT entry.
 156    */
 157   retval = modify_ldt(1, &ud, sizeof ud);
 158   if (-1 == retval) {
 159     goto alloc_error;
 160   }
 161
 162   /*
 163    * Return an LDT selector with a requested privilege level of 3.
 164    */
 165   NaClMutexUnlock(&nacl_ldt_mutex);
 166   return (ud.entry_number << 3) | 0x7;
 167
 168   /*
 169    * All error returns go through this epilog.
 170    */
 171  alloc_error:
 172   NaClMutexUnlock(&nacl_ldt_mutex);
 173   return 0;
 174 }
 175
 176 /*
 177  * Allocates a selector whose size is specified in pages.
 178  * Page granular protection requires that the start address be page-aligned.
 179  */
 180 uint16_t NaClLdtAllocatePageSelector(NaClLdtDescriptorType type,
 181                                      int read_exec_only,
 182                                      void* base_addr,
 183                                      uint32_t size_in_pages) {
 184   return NaClLdtAllocateSelector(-1, 1, type, read_exec_only, base_addr,
 185                                  size_in_pages - 1);
 186 }
 187
 188 /*
 189  * Allocates a selector whose size is specified in bytes.
 190  */
 191 uint16_t NaClLdtAllocateByteSelector(NaClLdtDescriptorType type,
 192                                      int read_exec_only,
 193                                      void* base_addr,
 194                                      uint32_t size_in_bytes) {
 195   return NaClLdtAllocateSelector(-1, 0, type, read_exec_only, base_addr,
 196                                  size_in_bytes - 1);
 197 }
 198
 199 /*
 200  * Change a selector whose size is specified in pages.
 201  * Page granular protection requires that the start address be page-aligned.
 202  */
 203 uint16_t NaClLdtChangePageSelector(int32_t entry_number,
 204                                    NaClLdtDescriptorType type,
 205                                    int read_exec_only,
 206                                    void* base_addr,
 207                                    uint32_t size_in_pages) {
 208   if ((uint32_t) entry_number >= LDT_ENTRIES) {
 209     return 0;
 210   }
 211   return NaClLdtAllocateSelector(entry_number, 1, type, read_exec_only,
 212                                  base_addr, size_in_pages - 1);
 213 }
 214
 215 /*
 216  * Change a selector whose size is specified in bytes.
 217  */
 218 uint16_t NaClLdtChangeByteSelector(int32_t entry_number,
 219                                    NaClLdtDescriptorType type,
 220                                    int read_exec_only,
 221                                    void* base_addr,
 222                                    uint32_t size_in_bytes) {
 223   if ((uint32_t) entry_number >= LDT_ENTRIES) {
 224     return 0;
 225   }
 226   return NaClLdtAllocateSelector(entry_number, 0, type, read_exec_only,
 227                                  base_addr, size_in_bytes - 1);
 228 }
 229
 230
 231 void NaClLdtPrintSelector(uint16_t selector) {
 232   /* type_name converts the segment type into print name */
 233   static const char* type_name[] = {
 234     "data read only",
 235     "data read_only accessed",
 236     "data read write",
 237     "data read write accessed",
 238     "data read expand",
 239     "data read expand accessed",
 240     "data read write expand",
 241     "data read write expand accessed",
 242     "code execute",
 243     "code execute accessed",
 244     "code execute read",
 245     "code execute read accessed",
 246     "code execute conforming",
 247     "code execute conforming accessed",
 248     "code execute read conforming",
 249     "code execute read conforming accessed"
 250   };
 251
 252   struct LdtEntry entries[LDT_ENTRIES];
 253   struct LdtEntry entry;
 254   int retval = modify_ldt(0, entries, sizeof(entries));
 255   if (-1 == retval) {
 256     return;
 257   }
 258   entry = entries[selector >> 3];
 259   printf("DESCRIPTOR for selector %04x\n", selector);
 260   // create functions to do base, limit, and type.
 261   printf("  base        %08x\n", (entry.base_24to31 << 24)
 262          | (entry.base_16to23 << 16) | entry.base_00to15);
 263   printf("  limit       %08x%s\n",
 264          (((entry.limit_16to19 << 16) | entry.limit_00to15)
 265           << (entry.granularity ? 12 : 0)),
 266          (entry.granularity ? " (page granularity)" : ""));
 267   printf("  type        %s, %s\n", ((entry.type & 0x10) ? "user" : "system"),
 268          type_name[entry.type & 0xf]);
 269   printf("  privilege   %d\n", entry.descriptor_privilege);
 270   printf("  present %s\n", (entry.present ? "yes" : "no"));
 271   printf("  available %s\n", (entry.available ? "yes" : "no"));
 272   printf("  64-bit code %s\n", (entry.code_64_bit ? "yes" : "no"));
 273   printf("  op size %s\n", (entry.op_size_32 ? "32" : "16"));
 274 }
 275
 276 /*
 277  * Mark a selector as available for future reuse.
 278  */
 279 void NaClLdtDeleteSelector(uint16_t selector) {
 280   struct user_desc ud;
 281   ud.entry_number = selector >> 3;
 282   ud.seg_not_present = 1;
 283   ud.base_addr = 0;
 284   ud.limit = 0;
 285   ud.limit_in_pages = 0;
 286   ud.read_exec_only = 0;
 287   ud.seg_32bit = 0;
 288   ud.useable = 0;
 289   ud.contents = MODIFY_LDT_CONTENTS_DATA;
 290   NaClMutexLock(&nacl_ldt_mutex);
 291   modify_ldt(1, &ud, sizeof ud);
 292   NaClMutexUnlock(&nacl_ldt_mutex);
 293 }
 294
 295 /*
 296  * Find a free selector.  Always invoked while holding nacl_ldt_mutex.
 297  */
 298 static int NaClFindUnusedEntryNumber() {
 299   int size = sizeof(struct LdtEntry) * LDT_ENTRIES;
 300   struct LdtEntry *entries = malloc(size);
 301   int i;
 302
 303   int retval = modify_ldt(0, entries, size);
 304
 305   if (-1 != retval) {
 306     retval = -1;  /* In case we don't find any free entry */
 307     for (i = 0; i < LDT_ENTRIES; ++i) {
 308     if (!entries[i].present) {
 309       retval = i;
 310       break;
 311       }
 312     }
 313   }
 314
 315   free(entries);
 316   return retval;
 317 }