diff options
Diffstat (limited to 'chrome/nacl')
| -rw-r--r-- | chrome/nacl/nacl_fork_delegate_linux.cc | 22 | ||||
| -rw-r--r-- | chrome/nacl/nacl_helper_bootstrap_linux.c | 24 | ||||
| -rw-r--r-- | chrome/nacl/nacl_helper_exports.txt | 10 | ||||
| -rw-r--r-- | chrome/nacl/nacl_helper_linux.cc | 24 |
4 files changed, 71 insertions, 9 deletions
diff --git a/chrome/nacl/nacl_fork_delegate_linux.cc b/chrome/nacl/nacl_fork_delegate_linux.cc index 794cfda..e5ee01a 100644 --- a/chrome/nacl/nacl_fork_delegate_linux.cc +++ b/chrome/nacl/nacl_fork_delegate_linux.cc @@ -13,9 +13,11 @@ #include "base/eintr_wrapper.h" #include "base/logging.h" #include "base/file_path.h" +#include "base/path_service.h" #include "base/process_util.h" #include "content/common/unix_domain_socket_posix.h" #include "content/common/zygote_fork_delegate_linux.h" +#include "chrome/common/chrome_paths.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/nacl_helper_linux.h" @@ -40,18 +42,24 @@ void NaClForkDelegate::Init(const bool sandboxed, base::file_handle_mapping_vector fds_to_map; fds_to_map.push_back(std::make_pair(fds[1], kNaClZygoteDescriptor)); fds_to_map.push_back(std::make_pair(sandboxdesc, kNaClSandboxDescriptor)); - // TODO(bradchen): Before making this the default for release builds, - // replace command line switch with PathService::Get(). - const std::string nacl_zygote_exe = - CommandLine::ForCurrentProcess()->GetSwitchValueASCII( - switches::kNaClLinuxHelper); + // TODO(bradchen): To make this the default for release builds, + // remove command line switch. ready_ = false; - if (nacl_zygote_exe.length() != 0) { + const bool use_helper = CommandLine::ForCurrentProcess()->HasSwitch( + switches::kNaClLinuxHelper); + FilePath helper_exe; + if (use_helper && PathService::Get(chrome::FILE_NACL_HELPER, &helper_exe)) { CommandLine::StringVector argv = CommandLine::ForCurrentProcess()->argv(); - argv[0] = nacl_zygote_exe; + argv[0] = helper_exe.value(); base::LaunchOptions options; options.fds_to_remap = &fds_to_map; options.clone_flags = CLONE_FS | SIGCHLD; + // LD_BIND_NOW forces non-lazy binding in the dynamic linker, to + // prevent the linker from trying to look at the text of the nacl_helper + // program after it has been replaced by the nacl module. + base::environment_vector env; + env.push_back(std::make_pair("LD_BIND_NOW", "1")); + options.environ = &env; ready_ = base::LaunchProcess(argv, options, NULL); // parent and error cases are handled below } diff --git a/chrome/nacl/nacl_helper_bootstrap_linux.c b/chrome/nacl/nacl_helper_bootstrap_linux.c new file mode 100644 index 0000000..7a0ace7 --- /dev/null +++ b/chrome/nacl/nacl_helper_bootstrap_linux.c @@ -0,0 +1,24 @@ +/* Copyright (c) 2011 The Chromium Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Bootstraping the nacl_helper. This executable reserves the bottom 1G + * of the address space, then invokes nacl_helper_init. Note that, + * as the text of this executable will eventually be overwritten by the + * native_client module, nacl_helper_init must not attempt to return. + */ + +#include <stdlib.h> + +/* reserve 1GB of space */ +#define ONEGIG (1 << 30) +char nacl_reserved_space[ONEGIG]; + +void nacl_helper_init(int argc, char *argv[], + const char *nacl_reserved_space); + +int main(int argc, char *argv[]) { + nacl_helper_init(argc, argv, nacl_reserved_space); + abort(); + return 0; // convince the tools I'm sane. +} diff --git a/chrome/nacl/nacl_helper_exports.txt b/chrome/nacl/nacl_helper_exports.txt new file mode 100644 index 0000000..af930c1 --- /dev/null +++ b/chrome/nacl/nacl_helper_exports.txt @@ -0,0 +1,10 @@ +# gnu-ld version script for exporting desired symbols from nacl_helper +# + +NACL_HELPER_1_0 { + global: + nacl_helper_init; + nacl_helper_get_1G_address; + local: + *; +}; diff --git a/chrome/nacl/nacl_helper_linux.cc b/chrome/nacl/nacl_helper_linux.cc index b943e2b..b53cf8d 100644 --- a/chrome/nacl/nacl_helper_linux.cc +++ b/chrome/nacl/nacl_helper_linux.cc @@ -116,14 +116,33 @@ void HandleForkRequest(const std::vector<int>& child_fds) { } // namespace -int main(int argc, char *argv[]) { +static const void* g_nacl_reserved_space = NULL; +extern "C" __attribute__((visibility("default"))) +const void* nacl_helper_get_1G_address() { + return g_nacl_reserved_space; +} + +// nacl_helper_init does the real work of this module. It is invoked as +// a static constructor and never returns, preventing main() from the +// nacl_helper_bootstrap program from being called. +// +// NOTE This routine must not return. +extern "C" __attribute__((visibility("default"))) +void nacl_helper_init(int argc, char *argv[], + const char *nacl_reserved_space) { CommandLine::Init(argc, argv); base::AtExitManager exit_manager; base::RandUint64(); // acquire /dev/urandom fd before sandbox is raised std::vector<int> empty; // for SendMsg() calls g_suid_sandbox_active = (NULL != getenv("SBX_D")); - + g_nacl_reserved_space = nacl_reserved_space; + if (!nacl_reserved_space) { + VLOG(1) << "nacl_reserved_space is NULL"; + } else { + VLOG(1) << "nacl_reserved_space is at " + << (void *)nacl_reserved_space; + } // Send the zygote a message to let it know we are ready to help if (!UnixDomainSocket::SendMsg(kNaClZygoteDescriptor, kNaClHelperStartupAck, @@ -163,4 +182,5 @@ int main(int argc, char *argv[]) { LOG(ERROR) << "*** send() to zygote failed"; } } + CHECK(false); // This routine must not return } |