diff options
| author | hans <hans@chromium.org> | 2015-05-15 11:47:25 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-05-15 18:47:43 +0000 |
| commit | aad01297ee28c48a3021339568cacaf16f37fdc0 (patch) | |
| tree | 7e70644537aba64700957e5151849dc6528f9ce4 /components | |
| parent | 5811284139852648ddc5e6332822de237e59ba8f (diff) | |
| download | chromium_src-aad01297ee28c48a3021339568cacaf16f37fdc0.zip chromium_src-aad01297ee28c48a3021339568cacaf16f37fdc0.tar.gz chromium_src-aad01297ee28c48a3021339568cacaf16f37fdc0.tar.bz2 | |
Revert of Non-SFI mode: Build nacl_helper_nonsfi_unittests (patchset #4 id:80001 of https://codereview.chromium.org/1137553003/)
Reason for revert:
This breaks the asan build. See comments on the original CL.
Original issue's description:
> Non-SFI mode: Build nacl_helper_nonsfi_unittests
>
> This CL starts to build nacl_helper_nonsfi_unittests.
> The binary is not yet enabled to run on bots. It will be done in a following CL.
>
> TEST=Ran locally. Ran build bots. Ran build bots with editing configuration to include nacl_helper_nonsfi_unittests.
> BUG=358465
>
> Committed: https://crrev.com/72c418b09bbf90505f54df2b76285650acd97960
> Cr-Commit-Position: refs/heads/master@{#330069}
TBR=mseaborn@chromium.org,mdempsky@chromium.org,thakis@chromium.org,jln@chromium.org,hidehiko@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=358465
Review URL: https://codereview.chromium.org/1145593002
Cr-Commit-Position: refs/heads/master@{#330147}
Diffstat (limited to 'components')
| -rw-r--r-- | components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc | 118 | ||||
| -rw-r--r-- | components/nacl_helper_nonsfi_unittests.isolate | 18 | ||||
| -rw-r--r-- | components/nacl_nonsfi.gyp | 130 |
3 files changed, 16 insertions, 250 deletions
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc index bd4ab95..98e95c2 100644 --- a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc +++ b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc @@ -25,7 +25,6 @@ #include <time.h> #include <unistd.h> -#include "base/at_exit.h" #include "base/bind.h" #include "base/callback.h" #include "base/compiler_specific.h" @@ -43,67 +42,6 @@ #include "sandbox/linux/system_headers/linux_signal.h" #include "sandbox/linux/system_headers/linux_syscalls.h" -// These defines are for PNaCl toolchain build. -#if !defined(F_DUPFD_CLOEXEC) -#define F_DUPFD_CLOEXEC 1030 -#endif - -#if !defined(MAP_POPULATE) -#define MAP_POPULATE 0x8000 -#endif - -#if !defined(PROT_GROWSDOWN) -#define PROT_GROWSDOWN 0x01000000 -#endif - -#if !defined(CLOCK_MONOTONIC_RAW) -#define CLOCK_MONOTONIC_RAW 4 -#endif - -#if !defined(AF_INET) -#define AF_INET 2 -#endif - -#if defined(__i386__) - -#if !defined(SYS_SOCKET) -#define SYS_SOCKET 1 -#endif - -#if !defined(SYS_BIND) -#define SYS_BIND 2 -#endif - -#if !defined(SYS_CONNECT) -#define SYS_CONNECT 3 -#endif - -#if !defined(SYS_LISTEN) -#define SYS_LISTEN 4 -#endif - -#if !defined(SYS_ACCEPT) -#define SYS_ACCEPT 5 -#endif - -#if !defined(SYS_GETSOCKNAME) -#define SYS_GETSOCKNAME 6 -#endif - -#if !defined(SYS_GETPEERNAME) -#define SYS_GETPEERNAME 7 -#endif - -#if !defined(SYS_SETSOCKOPT) -#define SYS_SETSOCKOPT 14 -#endif - -#if !defined(SYS_GETSOCKOPT) -#define SYS_GETSOCKOPT 15 -#endif - -#endif // defined(__i386__) - namespace { void DoPipe(base::ScopedFD* fds) { @@ -430,28 +368,18 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, fcntl(fds[0].get(), F_SETFL, O_APPEND); } -void DoFcntl(int fd, int cmd) { - // fcntl in PNaCl toolchain returns an error without calling actual system - // call for unknown |cmd|. So, instead, here we use syscall(). -#if defined(OS_NACL_NONSFI) - syscall(__NR_fcntl64, fd, cmd); -#else - fcntl(fd, cmd); -#endif -} - BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, fcntl_DUPFD, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - DoFcntl(0, F_DUPFD); + fcntl(0, F_DUPFD); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, fcntl_DUPFD_CLOEXEC, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - DoFcntl(0, F_DUPFD_CLOEXEC); + fcntl(0, F_DUPFD_CLOEXEC); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, @@ -475,14 +403,6 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, BPF_TEST_C(NaClNonSfiSandboxTest, StartingAndJoiningThreadWorks, nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { -#if defined(OS_NACL_NONSFI) - // base::Thread internally uses LazyInstance, which registers a callback to - // AtExitManager. However, in PNaCl toolchain build, it is not instantiated - // by the test runner, unlike host toolchain build (nacl_loader_unittests). - // Hence, declare it here so that the LazyInstance will work properly. - base::AtExitManager at_exit; -#endif - base::Thread thread("sandbox_tests"); BPF_ASSERT(thread.Start()); // |thread|'s destructor will join the thread. @@ -497,20 +417,9 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, _exit(1); } -void* DoMmap(int prot, int flags) { -#if defined(OS_NACL_NONSFI) - // When PROT_EXEC is set, PNaCl toolchain's mmap() system call wrapper uses - // two system calls mmap2(2) and mprotect(2), so that we cannot test - // sandbox with the wrapper. Instead, here we use syscall(). - return reinterpret_cast<void*>( - syscall(__NR_mmap2, NULL, getpagesize(), prot, flags, -1, 0)); -#else - return mmap(NULL, getpagesize(), prot, flags, -1, 0); -#endif -} - void* DoAllowedAnonymousMmap() { - return DoMmap(PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED); + return mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_SHARED, -1, 0); } BPF_TEST_C(NaClNonSfiSandboxTest, @@ -525,42 +434,45 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_unallowed_flag, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - DoMmap(PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_POPULATE); + mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_POPULATE, -1, 0); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_unallowed_prot, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - DoMmap(PROT_READ | PROT_GROWSDOWN, MAP_ANONYMOUS); + mmap(NULL, getpagesize(), PROT_READ | PROT_GROWSDOWN, + MAP_ANONYMOUS, -1, 0); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_exec, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - DoMmap(PROT_EXEC, MAP_ANONYMOUS); + mmap(NULL, getpagesize(), PROT_EXEC, MAP_ANONYMOUS, -1, 0); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_read_exec, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - DoMmap(PROT_READ | PROT_EXEC, MAP_ANONYMOUS); + mmap(NULL, getpagesize(), PROT_READ | PROT_EXEC, MAP_ANONYMOUS, -1, 0); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_write_exec, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - DoMmap(PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS); + mmap(NULL, getpagesize(), PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS, -1, 0); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_read_write_exec, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - DoMmap(PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS); + mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC, + MAP_ANONYMOUS, -1, 0); } BPF_TEST_C(NaClNonSfiSandboxTest, @@ -591,13 +503,9 @@ BPF_TEST_C(NaClNonSfiSandboxTest, // The kernel interface must return zero for brk. BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk)); // The libc wrapper translates it to ENOMEM. - - // Note: PNaCl toolchain does not provide brk() system call wrapper. -#if !defined(OS_NACL_NONSFI) errno = 0; BPF_ASSERT_EQ(-1, brk(next_brk)); BPF_ASSERT_EQ(ENOMEM, errno); -#endif } // clockid restrictions are mostly tested in sandbox/ with the diff --git a/components/nacl_helper_nonsfi_unittests.isolate b/components/nacl_helper_nonsfi_unittests.isolate deleted file mode 100644 index 8de0893..0000000 --- a/components/nacl_helper_nonsfi_unittests.isolate +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2014 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. -{ - 'conditions': [ - ['OS=="linux"', { - 'variables': { - 'command': [ - '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests', - ], - 'files': [ - '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests', - ], - 'read_only': 1, - }, - }], - ], -} diff --git a/components/nacl_nonsfi.gyp b/components/nacl_nonsfi.gyp index 2a1aa58..53ff394 100644 --- a/components/nacl_nonsfi.gyp +++ b/components/nacl_nonsfi.gyp @@ -56,6 +56,8 @@ 'nacl/loader/nacl_trusted_listener.cc', 'nacl/loader/nonsfi/nonsfi_listener.cc', 'nacl/loader/nonsfi/nonsfi_main.cc', + 'nacl/loader/nonsfi/nonsfi_sandbox.cc', + 'nacl/loader/sandbox_linux/nacl_sandbox_linux.cc', ], 'link_flags': [ @@ -72,7 +74,6 @@ '-lgpu_ipc_nacl', '-lipc_nacl_nonsfi', '-llatency_info_nacl', - '-lnacl_helper_nonsfi_sandbox', '-lplatform', '-lppapi_ipc_nacl', '-lppapi_proxy_nacl', @@ -98,7 +99,6 @@ '>(tc_lib_dir_nonsfi_helper32)/libgpu_ipc_nacl.a', '>(tc_lib_dir_nonsfi_helper32)/libipc_nacl_nonsfi.a', '>(tc_lib_dir_nonsfi_helper32)/liblatency_info_nacl.a', - '>(tc_lib_dir_nonsfi_helper32)/libnacl_helper_nonsfi_sandbox.a', '>(tc_lib_dir_nonsfi_helper32)/libplatform.a', '>(tc_lib_dir_nonsfi_helper32)/libppapi_ipc_nacl.a', '>(tc_lib_dir_nonsfi_helper32)/libppapi_proxy_nacl.a', @@ -123,7 +123,6 @@ '>(tc_lib_dir_nonsfi_helper_arm)/libgpu_ipc_nacl.a', '>(tc_lib_dir_nonsfi_helper_arm)/libipc_nacl_nonsfi.a', '>(tc_lib_dir_nonsfi_helper_arm)/liblatency_info_nacl.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libnacl_helper_nonsfi_sandbox.a', '>(tc_lib_dir_nonsfi_helper_arm)/libplatform.a', '>(tc_lib_dir_nonsfi_helper_arm)/libppapi_ipc_nacl.a', '>(tc_lib_dir_nonsfi_helper_arm)/libppapi_proxy_nacl.a', @@ -144,132 +143,9 @@ '../native_client/src/untrusted/nacl/nacl.gyp:nacl_lib_newlib', '../ppapi/ppapi_proxy_nacl.gyp:ppapi_proxy_nacl', '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi', - 'nacl_helper_nonsfi_sandbox', - ], - }, - - { - 'target_name': 'nacl_helper_nonsfi_sandbox', - 'type': 'none', - 'variables': { - 'nacl_untrusted_build': 1, - 'nlib_target': 'libnacl_helper_nonsfi_sandbox.a', - - 'build_glibc': 0, - 'build_newlib': 0, - 'build_irt': 0, - 'build_pnacl_newlib': 0, - 'build_nonsfi_helper': 1, - - 'sources': [ - 'nacl/loader/nonsfi/nonsfi_sandbox.cc', - 'nacl/loader/sandbox_linux/nacl_sandbox_linux.cc', - ], - }, - 'dependencies': [ - '../base/base_nacl.gyp:base_nacl_nonsfi', - '../content/content_nacl_nonsfi.gyp:content_common_nacl_nonsfi', - '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi', - ], - }, - - { - 'target_name': 'nacl_helper_nonsfi_unittests', - 'type': 'none', - 'variables': { - 'nacl_untrusted_build': 1, - 'nexe_target': 'nacl_helper_nonsfi_unittests', - # Rename the output binary file to nacl_helper_nonsfi_unittests - # and put it directly under out/{Debug,Release}/, so that this is - # in the standard location, for running on the buildbots. - 'out_newlib32_nonsfi': '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests', - 'out_newlib_arm_nonsfi': '<(PRODUCT_DIR)/nacl_helper_nonsfi_unitttests', - - 'build_glibc': 0, - 'build_newlib': 0, - 'build_irt': 0, - 'build_pnacl_newlib': 0, - 'build_nonsfi_helper': 1, - - 'sources': [ - 'nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc', - 'nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc', - ], - - 'link_flags': [ - '-lbase_nacl_nonsfi', - '-lcontent_common_nacl_nonsfi', - '-levent_nacl_nonsfi', - '-lgio', - '-lgtest_main_nacl', - '-lgtest_nacl', - '-lnacl_helper_nonsfi_sandbox', - '-lplatform', - '-lsandbox_nacl_nonsfi', - '-lsandbox_linux_test_utils_nacl_nonsfi', - ], - - 'conditions': [ - ['target_arch=="ia32" or target_arch=="x64"', { - 'extra_deps_newlib32_nonsfi': [ - '>(tc_lib_dir_nonsfi_helper32)/libbase_nacl_nonsfi.a', - '>(tc_lib_dir_nonsfi_helper32)/libcontent_common_nacl_nonsfi.a', - '>(tc_lib_dir_nonsfi_helper32)/libevent_nacl_nonsfi.a', - '>(tc_lib_dir_nonsfi_helper32)/libgio.a', - '>(tc_lib_dir_nonsfi_helper32)/libgtest_main_nacl.a', - '>(tc_lib_dir_nonsfi_helper32)/libgtest_nacl.a', - '>(tc_lib_dir_nonsfi_helper32)/libnacl_helper_nonsfi_sandbox.a', - '>(tc_lib_dir_nonsfi_helper32)/libplatform.a', - '>(tc_lib_dir_nonsfi_helper32)/libsandbox_nacl_nonsfi.a', - '>(tc_lib_dir_nonsfi_helper32)/libsandbox_linux_test_utils_nacl_nonsfi.a', - ], - }], - ['target_arch=="arm"', { - 'extra_deps_newlib_arm_nonsfi': [ - '>(tc_lib_dir_nonsfi_helper_arm)/libbase_nacl_nonsfi.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libcontent_common_nacl_nonsfi.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libevent_nacl_nonsfi.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libgio.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libgtest_main_nacl.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libgtest_nacl.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libnacl_helper_nonsfi_sandbox.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libplatform.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libsandbox_nacl_nonsfi.a', - '>(tc_lib_dir_nonsfi_helper_arm)/libsandbox_linux_test_utils_nacl_nonsfi.a', - ], - }], - ], - }, - - 'dependencies': [ - '../base/base_nacl.gyp:base_nacl_nonsfi', - '../content/content_nacl_nonsfi.gyp:content_common_nacl_nonsfi', - '../native_client/src/nonsfi/irt/irt.gyp:nacl_sys_private', - '../native_client/src/untrusted/nacl/nacl.gyp:nacl_lib_newlib', - '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi', - '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_linux_test_utils_nacl_nonsfi', - '../testing/gtest_nacl.gyp:gtest_main_nacl', - '../testing/gtest_nacl.gyp:gtest_nacl', - 'nacl_helper_nonsfi_sandbox', - ], - }, - ], - }], - ['disable_nacl==0 and disable_nacl_untrusted==0 and test_isolation_mode!="noop"', { - 'targets': [ - { - 'target_name': 'nacl_helper_nonsfi_unittests_run', - 'type': 'none', - 'dependencies': [ - 'nacl_helper_nonsfi_unittests', - ], - 'includes': [ - '../build/isolate.gypi', - ], - 'sources': [ - 'nacl_helper_nonsfi_unittests.isolate', ], }, + # TODO(hidehiko): Add Non-SFI version of nacl_loader_unittests. ], }], ], |