NaClErrorCode NaClAppLoadFileDynamically(struct NaClApp *nap,
struct Gio *gio_file) {
struct NaClElfImage *image = NULL;
NaClErrorCode ret = LOAD_INTERNAL;
image = NaClElfImageNew((struct Gio *) gio_file, &ret);
if (NULL == image) {
goto done;
}
ret = NaClElfImageValidateElfHeader(image);
if (LOAD_OK != ret) {
goto done;
}
ret = NaClElfImageLoadDynamically(image, nap, gio_file);
if (LOAD_OK != ret) {
goto done;
}
nap->user_entry_pt = nap->initial_entry_pt;
nap->initial_entry_pt = NaClElfImageGetEntryPoint(image);
done:
NaClElfImageDelete(image);
return ret;
}
NaClErrorCode NaClAppLoadFile(struct Gio *gp,
struct NaClApp *nap,
enum NaClAbiCheckOption check_abi) {
NaClErrorCode ret = LOAD_INTERNAL;
NaClErrorCode subret;
uintptr_t rodata_end;
uintptr_t data_end;
uintptr_t max_vaddr;
struct NaClElfImage *image = NULL;
/* NACL_MAX_ADDR_BITS < 32 */
if (nap->addr_bits > NACL_MAX_ADDR_BITS) {
ret = LOAD_ADDR_SPACE_TOO_BIG;
goto done;
}
nap->stack_size = NaClRoundAllocPage(nap->stack_size);
/* temporay object will be deleted at end of function */
image = NaClElfImageNew(gp, &subret);
if (NULL == image) {
ret = subret;
goto done;
}
#if 0 == NACL_DANGEROUS_DEBUG_MODE_DISABLE_INNER_SANDBOX
check_abi = NACL_ABI_CHECK_OPTION_CHECK;
#endif
if (NACL_ABI_CHECK_OPTION_CHECK == check_abi) {
subret = NaClElfImageValidateAbi(image);
if (subret != LOAD_OK) {
ret = subret;
goto done;
}
}
subret = NaClElfImageValidateElfHeader(image);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
subret = NaClElfImageValidateProgramHeaders(image,
nap->addr_bits,
&nap->static_text_end,
&nap->rodata_start,
&rodata_end,
&nap->data_start,
&data_end,
&max_vaddr);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
if (0 == nap->data_start) {
if (0 == nap->rodata_start) {
if (NaClRoundAllocPage(max_vaddr) - max_vaddr < NACL_HALT_SLED_SIZE) {
/*
* if no rodata and no data, we make sure that there is space for
* the halt sled.
*/
max_vaddr += NACL_MAP_PAGESIZE;
}
} else {
/*
* no data, but there is rodata. this means max_vaddr is just
* where rodata ends. this might not be at an allocation
* boundary, and in this the page would not be writable. round
* max_vaddr up to the next allocation boundary so that bss will
* be at the next writable region.
*/
;
}
max_vaddr = NaClRoundAllocPage(max_vaddr);
}
/*
* max_vaddr -- the break or the boundary between data (initialized
* and bss) and the address space hole -- does not have to be at a
* page boundary.
*/
nap->break_addr = max_vaddr;
nap->data_end = max_vaddr;
NaClLog(4, "Values from NaClElfImageValidateProgramHeaders:\n");
NaClLog(4, "rodata_start = 0x%08"NACL_PRIxPTR"\n", nap->rodata_start);
NaClLog(4, "rodata_end = 0x%08"NACL_PRIxPTR"\n", rodata_end);
NaClLog(4, "data_start = 0x%08"NACL_PRIxPTR"\n", nap->data_start);
NaClLog(4, "data_end = 0x%08"NACL_PRIxPTR"\n", data_end);
NaClLog(4, "max_vaddr = 0x%08"NACL_PRIxPTR"\n", max_vaddr);
#if 0 == NACL_DANGEROUS_DEBUG_MODE_DISABLE_INNER_SANDBOX
nap->bundle_size = NaClElfImageGetBundleSize(image);
if (nap->bundle_size == 0) {
ret = LOAD_BAD_ABI;
goto done;
}
#else
/* pick some reasonable default for an un-sandboxed nexe */
nap->bundle_size = 32;
#endif
nap->entry_pt = NaClElfImageGetEntryPoint(image);
NaClLog(2,
"NaClApp addr space layout:\n");
NaClLog(2,
"nap->static_text_end = 0x%016"NACL_PRIxPTR"\n",
nap->static_text_end);
NaClLog(2,
"nap->dynamic_text_start = 0x%016"NACL_PRIxPTR"\n",
nap->dynamic_text_start);
NaClLog(2,
"nap->dynamic_text_end = 0x%016"NACL_PRIxPTR"\n",
nap->dynamic_text_end);
NaClLog(2,
"nap->rodata_start = 0x%016"NACL_PRIxPTR"\n",
nap->rodata_start);
NaClLog(2,
"nap->data_start = 0x%016"NACL_PRIxPTR"\n",
nap->data_start);
NaClLog(2,
"nap->data_end = 0x%016"NACL_PRIxPTR"\n",
nap->data_end);
NaClLog(2,
"nap->break_addr = 0x%016"NACL_PRIxPTR"\n",
nap->break_addr);
NaClLog(2,
"nap->entry_pt = 0x%016"NACL_PRIxPTR"\n",
nap->entry_pt);
NaClLog(2,
"nap->bundle_size = 0x%x\n",
nap->bundle_size);
if (!NaClAddrIsValidEntryPt(nap, nap->entry_pt)) {
ret = LOAD_BAD_ENTRY;
goto done;
}
/*
* Basic address space layout sanity check.
*/
if (0 != nap->data_start) {
if (data_end != max_vaddr) {
NaClLog(LOG_INFO, "data segment is not last\n");
ret = LOAD_DATA_NOT_LAST_SEGMENT;
goto done;
}
} else if (0 != nap->rodata_start) {
if (NaClRoundAllocPage(rodata_end) != max_vaddr) {
/*
* This should be unreachable, but we include it just for
* completeness.
*
* Here is why it is unreachable:
*
* NaClPhdrChecks checks the test segment starting address. The
* only allowed loaded segments are text, data, and rodata.
* Thus unless the rodata is in the trampoline region, it must
* be after the text. And NaClElfImageValidateProgramHeaders
* ensures that all segments start after the trampoline region.
*/
NaClLog(LOG_INFO, "no data segment, but rodata segment is not last\n");
ret = LOAD_NO_DATA_BUT_RODATA_NOT_LAST_SEGMENT;
goto done;
}
}
if (0 != nap->rodata_start && 0 != nap->data_start) {
if (rodata_end > nap->data_start) {
NaClLog(LOG_INFO, "rodata_overlaps data.\n");
ret = LOAD_RODATA_OVERLAPS_DATA;
goto done;
}
}
if (0 != nap->rodata_start) {
if (NaClRoundAllocPage(NaClEndOfStaticText(nap)) > nap->rodata_start) {
ret = LOAD_TEXT_OVERLAPS_RODATA;
goto done;
}
} else if (0 != nap->data_start) {
if (NaClRoundAllocPage(NaClEndOfStaticText(nap)) > nap->data_start) {
ret = LOAD_TEXT_OVERLAPS_DATA;
goto done;
}
}
if (0 != nap->rodata_start &&
NaClRoundAllocPage(nap->rodata_start) != nap->rodata_start) {
NaClLog(LOG_INFO, "rodata_start not a multiple of allocation size\n");
ret = LOAD_BAD_RODATA_ALIGNMENT;
goto done;
}
if (0 != nap->data_start &&
NaClRoundAllocPage(nap->data_start) != nap->data_start) {
NaClLog(LOG_INFO, "data_start not a multiple of allocation size\n");
ret = LOAD_BAD_DATA_ALIGNMENT;
goto done;
}
NaClLog(2, "Allocating address space\n");
subret = NaClAllocAddrSpace(nap);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
/*
* NB: mem_map object has been initialized, but is empty.
* NaClMakeDynamicTextShared does not touch it.
*
* NaClMakeDynamicTextShared also fills the dynamic memory region
* with the architecture-specific halt instruction. If/when we use
* memory mapping to save paging space for the dynamic region and
* lazily halt fill the memory as the pages become
* readable/executable, we must make sure that the *last*
* NACL_MAP_PAGESIZE chunk is nonetheless mapped and written with
* halts.
*/
NaClLog(2,
("Replacing gap between static text and"
" (ro)data with shareable memory\n"));
subret = NaClMakeDynamicTextShared(nap);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
/*
* Make sure the static image pages are marked writable before we try
* to write them.
* TODO(ilewis): See if this can be enabled for Win32 as well. (issue 40077)
*/
NaClLog(2, "Loading into memory\n");
#if NACL_WINDOWS && NACL_ARCH_CPU_X86_64
ret = NaCl_mprotect((void*) nap->mem_start,
NaClRoundAllocPage(nap->data_end),
PROT_READ|PROT_WRITE);
if (ret) {
NaClLog(LOG_FATAL, "Couldn't get writeable pages for image. "
"Error code 0x%X\n", ret);
}
#endif
subret = NaClElfImageLoad(image, gp, nap->addr_bits, nap->mem_start);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
/*
* NaClFillEndOfTextRegion will fill with halt instructions the
* padding space after the static text region.
*
* Shm-backed dynamic text space was filled with halt instructions
* in NaClMakeDynamicTextShared. This extends to the rodata. For
* non-shm-backed text space, this extend to the next page (and not
* allocation page). static_text_end is updated to include the
* padding.
*/
NaClFillEndOfTextRegion(nap);
#if 0 == NACL_DANGEROUS_DEBUG_MODE_DISABLE_INNER_SANDBOX
NaClLog(2, "Validating image\n");
subret = NaClValidateImage(nap);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
#endif
NaClLog(2, "Installing trampoline\n");
NaClLoadTrampoline(nap);
NaClLog(2, "Installing springboard\n");
NaClLoadSpringboard(nap);
NaClLog(2, "Applying memory protection\n");
/*
* NaClMemoryProtect also initializes the mem_map w/ information
* about the memory pages and their current protection value.
*
* The contents of the dynamic text region will get remapped as
* non-writable.
*/
subret = NaClMemoryProtection(nap);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
NaClLog(2,
"NaClAppLoadFile done; addr space layout:\n");
NaClLog(2,
"nap->static_text_end = 0x%016"NACL_PRIxPTR"\n",
nap->static_text_end);
NaClLog(2,
"nap->dynamic_text_start = 0x%016"NACL_PRIxPTR"\n",
nap->dynamic_text_start);
NaClLog(2,
"nap->dynamic_text_end = 0x%016"NACL_PRIxPTR"\n",
nap->dynamic_text_end);
NaClLog(2,
"nap->rodata_start = 0x%016"NACL_PRIxPTR"\n",
nap->rodata_start);
NaClLog(2,
"nap->data_start = 0x%016"NACL_PRIxPTR"\n",
nap->data_start);
NaClLog(2,
"nap->data_end = 0x%016"NACL_PRIxPTR"\n",
nap->data_end);
NaClLog(2,
"nap->break_addr = 0x%016"NACL_PRIxPTR"\n",
nap->break_addr);
NaClLog(2,
"nap->entry_pt = 0x%016"NACL_PRIxPTR"\n",
nap->entry_pt);
NaClLog(2,
"nap->bundle_size = 0x%x\n",
nap->bundle_size);
ret = LOAD_OK;
done:
NaClElfImageDelete(image);
return ret;
}
struct NaClElfImage *NaClElfImageNew(struct NaClDesc *ndp,
NaClErrorCode *err_code) {
ssize_t read_ret;
struct NaClElfImage *result;
struct NaClElfImage image;
union {
Elf32_Ehdr ehdr32;
#if NACL_BUILD_SUBARCH == 64
Elf64_Ehdr ehdr64;
#endif
} ehdr;
int cur_ph;
memset(image.loadable, 0, sizeof image.loadable);
/*
* We read the larger size of an ELFCLASS64 header even if it turns out
* we're reading an ELFCLASS32 file. No usable ELFCLASS32 binary could
* be so small that it's not larger than Elf64_Ehdr anyway.
*/
read_ret = (*NACL_VTBL(NaClDesc, ndp)->PRead)(ndp, &ehdr, sizeof ehdr, 0);
if (NaClSSizeIsNegErrno(&read_ret) || (size_t) read_ret != sizeof ehdr) {
*err_code = LOAD_READ_ERROR;
NaClLog(2, "could not load elf headers\n");
return 0;
}
#if NACL_BUILD_SUBARCH == 64
if (ELFCLASS64 == ehdr.ehdr64.e_ident[EI_CLASS]) {
/*
* Convert ELFCLASS64 format to ELFCLASS32 format.
* The initial four fields are the same in both classes.
*/
memcpy(image.ehdr.e_ident, ehdr.ehdr64.e_ident, EI_NIDENT);
image.ehdr.e_ident[EI_CLASS] = ELFCLASS32;
image.ehdr.e_type = ehdr.ehdr64.e_type;
image.ehdr.e_machine = ehdr.ehdr64.e_machine;
image.ehdr.e_version = ehdr.ehdr64.e_version;
if (ehdr.ehdr64.e_entry > 0xffffffffU ||
ehdr.ehdr64.e_phoff > 0xffffffffU ||
ehdr.ehdr64.e_shoff > 0xffffffffU) {
*err_code = LOAD_EHDR_OVERFLOW;
NaClLog(2, "ELFCLASS64 file header fields overflow 32 bits\n");
return 0;
}
image.ehdr.e_entry = (Elf32_Addr) ehdr.ehdr64.e_entry;
image.ehdr.e_phoff = (Elf32_Off) ehdr.ehdr64.e_phoff;
image.ehdr.e_shoff = (Elf32_Off) ehdr.ehdr64.e_shoff;
image.ehdr.e_flags = ehdr.ehdr64.e_flags;
if (ehdr.ehdr64.e_ehsize != sizeof(ehdr.ehdr64)) {
*err_code = LOAD_BAD_EHSIZE;
NaClLog(2, "ELFCLASS64 file e_ehsize != %d\n", (int) sizeof(ehdr.ehdr64));
return 0;
}
image.ehdr.e_ehsize = sizeof(image.ehdr);
image.ehdr.e_phentsize = sizeof(image.phdrs[0]);
image.ehdr.e_phnum = ehdr.ehdr64.e_phnum;
image.ehdr.e_shentsize = ehdr.ehdr64.e_shentsize;
image.ehdr.e_shnum = ehdr.ehdr64.e_shnum;
image.ehdr.e_shstrndx = ehdr.ehdr64.e_shstrndx;
} else
#endif
{
image.ehdr = ehdr.ehdr32;
}
NaClDumpElfHeader(2, &image.ehdr);
*err_code = NaClElfImageValidateElfHeader(&image);
if (LOAD_OK != *err_code) {
return 0;
}
/* read program headers */
if (image.ehdr.e_phnum > NACL_MAX_PROGRAM_HEADERS) {
*err_code = LOAD_TOO_MANY_PROG_HDRS;
NaClLog(2, "too many prog headers\n");
return 0;
}
#if NACL_BUILD_SUBARCH == 64
if (ELFCLASS64 == ehdr.ehdr64.e_ident[EI_CLASS]) {
/*
* We'll load the 64-bit phdrs and convert them to 32-bit format.
*/
Elf64_Phdr phdr64[NACL_MAX_PROGRAM_HEADERS];
if (ehdr.ehdr64.e_phentsize != sizeof(Elf64_Phdr)) {
*err_code = LOAD_BAD_PHENTSIZE;
NaClLog(2, "bad prog headers size\n");
NaClLog(2, " ehdr64.e_phentsize = 0x%"NACL_PRIxElf_Half"\n",
ehdr.ehdr64.e_phentsize);
NaClLog(2, " sizeof(Elf64_Phdr) = 0x%"NACL_PRIxS"\n",
sizeof(Elf64_Phdr));
return 0;
}
/*
* We know the multiplication won't overflow since we rejected
* e_phnum values larger than the small constant NACL_MAX_PROGRAM_HEADERS.
*/
read_ret = (*NACL_VTBL(NaClDesc, ndp)->
PRead)(ndp,
&phdr64[0],
image.ehdr.e_phnum * sizeof phdr64[0],
(nacl_off64_t) image.ehdr.e_phoff);
if (NaClSSizeIsNegErrno(&read_ret) ||
(size_t) read_ret != image.ehdr.e_phnum * sizeof phdr64[0]) {
*err_code = LOAD_READ_ERROR;
NaClLog(2, "cannot load tp prog headers\n");
return 0;
}
for (cur_ph = 0; cur_ph < image.ehdr.e_phnum; ++cur_ph) {
if (phdr64[cur_ph].p_offset > 0xffffffffU ||
phdr64[cur_ph].p_vaddr > 0xffffffffU ||
phdr64[cur_ph].p_paddr > 0xffffffffU ||
phdr64[cur_ph].p_filesz > 0xffffffffU ||
phdr64[cur_ph].p_memsz > 0xffffffffU ||
phdr64[cur_ph].p_align > 0xffffffffU) {
*err_code = LOAD_PHDR_OVERFLOW;
NaClLog(2, "ELFCLASS64 program header fields overflow 32 bits\n");
return 0;
}
image.phdrs[cur_ph].p_type = phdr64[cur_ph].p_type;
image.phdrs[cur_ph].p_offset = (Elf32_Off) phdr64[cur_ph].p_offset;
image.phdrs[cur_ph].p_vaddr = (Elf32_Addr) phdr64[cur_ph].p_vaddr;
image.phdrs[cur_ph].p_paddr = (Elf32_Addr) phdr64[cur_ph].p_paddr;
image.phdrs[cur_ph].p_filesz = (Elf32_Word) phdr64[cur_ph].p_filesz;
image.phdrs[cur_ph].p_memsz = (Elf32_Word) phdr64[cur_ph].p_memsz;
image.phdrs[cur_ph].p_flags = phdr64[cur_ph].p_flags;
image.phdrs[cur_ph].p_align = (Elf32_Word) phdr64[cur_ph].p_align;
}
} else
#endif
{
if (image.ehdr.e_phentsize != sizeof image.phdrs[0]) {
*err_code = LOAD_BAD_PHENTSIZE;
NaClLog(2, "bad prog headers size\n");
NaClLog(2, " image.ehdr.e_phentsize = 0x%"NACL_PRIxElf_Half"\n",
image.ehdr.e_phentsize);
NaClLog(2, " sizeof image.phdrs[0] = 0x%"NACL_PRIxS"\n",
sizeof image.phdrs[0]);
return 0;
}
read_ret = (*NACL_VTBL(NaClDesc, ndp)->
PRead)(ndp,
&image.phdrs[0],
image.ehdr.e_phnum * sizeof image.phdrs[0],
(nacl_off64_t) image.ehdr.e_phoff);
if (NaClSSizeIsNegErrno(&read_ret) ||
(size_t) read_ret != image.ehdr.e_phnum * sizeof image.phdrs[0]) {
*err_code = LOAD_READ_ERROR;
NaClLog(2, "cannot load tp prog headers\n");
return 0;
}
}
NaClLog(2, "=================================================\n");
NaClLog(2, "Elf Program headers\n");
NaClLog(2, "==================================================\n");
for (cur_ph = 0; cur_ph < image.ehdr.e_phnum; ++cur_ph) {
NaClDumpElfProgramHeader(2, &image.phdrs[cur_ph]);
}
/* we delay allocating till the end to avoid cleanup code */
result = malloc(sizeof image);
if (result == 0) {
*err_code = LOAD_NO_MEMORY;
NaClLog(LOG_FATAL, "no enough memory for image meta data\n");
return 0;
}
memcpy(result, &image, sizeof image);
*err_code = LOAD_OK;
return result;
}
NaClErrorCode NaClAppLoadFile(struct Gio *gp,
struct NaClApp *nap) {
NaClErrorCode ret = LOAD_INTERNAL;
NaClErrorCode subret;
uintptr_t rodata_end;
uintptr_t data_end;
uintptr_t max_vaddr;
struct NaClElfImage *image = NULL;
struct NaClPerfCounter time_load_file;
NaClPerfCounterCtor(&time_load_file, "NaClAppLoadFile");
/* NACL_MAX_ADDR_BITS < 32 */
if (nap->addr_bits > NACL_MAX_ADDR_BITS) {
ret = LOAD_ADDR_SPACE_TOO_BIG;
goto done;
}
nap->stack_size = NaClRoundAllocPage(nap->stack_size);
/* temporay object will be deleted at end of function */
image = NaClElfImageNew(gp, &subret);
if (NULL == image) {
ret = subret;
goto done;
}
subret = NaClElfImageValidateElfHeader(image);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
subret = NaClElfImageValidateProgramHeaders(image,
nap->addr_bits,
&nap->static_text_end,
&nap->rodata_start,
&rodata_end,
&nap->data_start,
&data_end,
&max_vaddr);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
if (0 == nap->data_start) {
if (0 == nap->rodata_start) {
if (NaClRoundAllocPage(max_vaddr) - max_vaddr < NACL_HALT_SLED_SIZE) {
/*
* if no rodata and no data, we make sure that there is space for
* the halt sled.
*/
max_vaddr += NACL_MAP_PAGESIZE;
}
} else {
/*
* no data, but there is rodata. this means max_vaddr is just
* where rodata ends. this might not be at an allocation
* boundary, and in this the page would not be writable. round
* max_vaddr up to the next allocation boundary so that bss will
* be at the next writable region.
*/
;
}
max_vaddr = NaClRoundAllocPage(max_vaddr);
}
/*
* max_vaddr -- the break or the boundary between data (initialized
* and bss) and the address space hole -- does not have to be at a
* page boundary.
*/
nap->break_addr = max_vaddr;
nap->data_end = max_vaddr;
NaClLog(4, "Values from NaClElfImageValidateProgramHeaders:\n");
NaClLog(4, "rodata_start = 0x%08"NACL_PRIxPTR"\n", nap->rodata_start);
NaClLog(4, "rodata_end = 0x%08"NACL_PRIxPTR"\n", rodata_end);
NaClLog(4, "data_start = 0x%08"NACL_PRIxPTR"\n", nap->data_start);
NaClLog(4, "data_end = 0x%08"NACL_PRIxPTR"\n", data_end);
NaClLog(4, "max_vaddr = 0x%08"NACL_PRIxPTR"\n", max_vaddr);
/* We now support only one bundle size. */
nap->bundle_size = NACL_INSTR_BLOCK_SIZE;
nap->initial_entry_pt = NaClElfImageGetEntryPoint(image);
NaClLogAddressSpaceLayout(nap);
if (!NaClAddrIsValidEntryPt(nap, nap->initial_entry_pt)) {
ret = LOAD_BAD_ENTRY;
goto done;
}
subret = NaClCheckAddressSpaceLayoutSanity(nap, rodata_end, data_end,
max_vaddr);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
NaClLog(2, "Allocating address space\n");
NaClPerfCounterMark(&time_load_file, "PreAllocAddrSpace");
NaClPerfCounterIntervalLast(&time_load_file);
subret = NaClAllocAddrSpace(nap);
NaClPerfCounterMark(&time_load_file,
NACL_PERF_IMPORTANT_PREFIX "AllocAddrSpace");
NaClPerfCounterIntervalLast(&time_load_file);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
/*
* Make sure the static image pages are marked writable before we try
* to write them.
*/
NaClLog(2, "Loading into memory\n");
ret = NaCl_mprotect((void *) (nap->mem_start + NACL_TRAMPOLINE_START),
NaClRoundAllocPage(nap->data_end) - NACL_TRAMPOLINE_START,
NACL_ABI_PROT_READ | NACL_ABI_PROT_WRITE);
if (0 != ret) {
NaClLog(LOG_FATAL,
"NaClAppLoadFile: Failed to make image pages writable. "
"Error code 0x%x\n",
ret);
}
subret = NaClElfImageLoad(image, gp, nap->addr_bits, nap->mem_start);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
/*
* NB: mem_map object has been initialized, but is empty.
* NaClMakeDynamicTextShared does not touch it.
*
* NaClMakeDynamicTextShared also fills the dynamic memory region
* with the architecture-specific halt instruction. If/when we use
* memory mapping to save paging space for the dynamic region and
* lazily halt fill the memory as the pages become
* readable/executable, we must make sure that the *last*
* NACL_MAP_PAGESIZE chunk is nonetheless mapped and written with
* halts.
*/
NaClLog(2,
("Replacing gap between static text and"
" (ro)data with shareable memory\n"));
subret = NaClMakeDynamicTextShared(nap);
NaClPerfCounterMark(&time_load_file,
NACL_PERF_IMPORTANT_PREFIX "MakeDynText");
NaClPerfCounterIntervalLast(&time_load_file);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
/*
* NaClFillEndOfTextRegion will fill with halt instructions the
* padding space after the static text region.
*
* Shm-backed dynamic text space was filled with halt instructions
* in NaClMakeDynamicTextShared. This extends to the rodata. For
* non-shm-backed text space, this extend to the next page (and not
* allocation page). static_text_end is updated to include the
* padding.
*/
NaClFillEndOfTextRegion(nap);
#if 0 == NACL_DANGEROUS_DEBUG_MODE_DISABLE_INNER_SANDBOX
NaClLog(2, "Validating image\n");
subret = NaClValidateImage(nap);
NaClPerfCounterMark(&time_load_file,
NACL_PERF_IMPORTANT_PREFIX "ValidateImg");
NaClPerfCounterIntervalLast(&time_load_file);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
#endif
NaClLog(2, "Initializing arch switcher\n");
NaClInitSwitchToApp(nap);
NaClLog(2, "Installing trampoline\n");
NaClLoadTrampoline(nap);
/*
* NaClMemoryProtect also initializes the mem_map w/ information
* about the memory pages and their current protection value.
*
* The contents of the dynamic text region will get remapped as
* non-writable.
*/
NaClLog(2, "Applying memory protection\n");
subret = NaClMemoryProtection(nap);
if (LOAD_OK != subret) {
ret = subret;
goto done;
}
NaClLog(2, "NaClAppLoadFile done; ");
NaClLogAddressSpaceLayout(nap);
ret = LOAD_OK;
done:
NaClElfImageDelete(image);
NaClPerfCounterMark(&time_load_file, "EndLoadFile");
NaClPerfCounterIntervalTotal(&time_load_file);
return ret;
}
