| blob | c7f2dd3b9b73aa1f2a3da79ed33f528cd6d184ad |
1 /*
2 * Copyright 2008, Google Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 *
9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above
12 * copyright notice, this list of conditions and the following disclaimer
13 * in the documentation and/or other materials provided with the
14 * distribution.
15 * * Neither the name of Google Inc. nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
32 /* NaCl Simple/secure ELF loader (NaCl SEL) memory map.
33 */
37 #include <assert.h>
38 #include <stdlib.h>
39 #include <stdio.h>
49 #define REMOVE_MARKED_DEBUG 0
51 /*
52 * The memory map structure is a simple array of memory regions which
53 * may have different access protections. We do not yet merge regions
54 * with the same access protections together to reduce the region
55 * number, but may do so in the future.
56 *
57 * Regions are described by (relative) starting page number, the
58 * number of pages, and the protection that the pages should have.
59 *
60 * Takes ownership of NaClMemObj.
61 */
67 {
76 }
84 }
87 {
96 }
98 }
100 /*
101 * Print debug.
102 */
105 {
110 }
113 {
117 }
120 {
125 }
129 }
132 {
137 }
140 }
142 /*
143 * Comparison function for qsort. Should never encounter a
144 * removed/invalid entry.
145 */
149 {
156 }
159 {
166 #if REMOVE_MARKED_DEBUG
168 #endif
169 /*
170 * Linearly scan with a move-end-to-front strategy to get rid of
171 * marked-to-be-removed entries.
172 */
174 /* forall j in [0, self->nvalid): NULL != self->vmentry[j] */
178 }
181 }
183 /* forall j in [0, last]: NULL != self->vmentry[j] */
185 /* 0 <= last < self->nvalid && !self->vmentry[last]->removed */
188 /* forall j in (last, self->nvalid): NULL == self->vmentry[j] */
190 /* loop invar: forall j in [0, i): !self->vmentry[j]->removed */
194 }
195 /* self->vmentry[i]->removed */
201 /* forall j in [last, self->nvalid): NULL == self->vmentry[j] */
202 /* forall j in [0, i]: !self->vmentry[j]->removed */
207 }
208 /*
209 * since !self->vmentry[i]->removed, we are guaranteed that
210 * !self->vmentry[last]->removed when the while loop terminates.
211 *
212 * forall j in (last, self->nvalid):
213 * NULL == self->vmentry[j]->removed
214 */
215 }
216 /* i == last */
217 /* forall j in [0, last]: !self->vmentry[j]->removed */
218 /* forall j in (last, self->nvalid): NULL == self->vmentry[j] */
222 #if REMOVE_MARKED_DEBUG
224 #endif
225 }
228 {
237 NaClVmmapCmpEntries);
239 #if REMOVE_MARKED_DEBUG
241 #endif
242 }
244 /*
245 * Adds an entry. Does not sort.
246 */
252 {
266 }
269 }
270 /* self->nvalid < self->size */
278 }
280 /*
281 * Update the virtual memory map. Deletion is handled by a remove
282 * flag, since a NULL nmop just means that the memory is backed by the
283 * system paging file.
284 */
292 {
293 /* update existing entries or create new entry as needed */
308 off_t additional_offset =
312 /*
313 * Split existing mapping into two parts, with new mapping in
314 * the middle.
315 */
317 new_region_end_page,
322 }
326 /* New mapping overlaps end of existing mapping. */
330 /* New mapping overlaps start of existing mapping. */
339 /* New mapping covers all of the existing mapping. */
342 /* No overlap */
344 }
345 }
350 }
353 }
357 {
371 }
375 {
388 NaClVmmapContainCmpEntries));
390 }
395 {
408 NaClVmmapContainCmpEntries));
414 }
416 }
419 {
421 }
423 /*
424 * IterStar only permissible if not AtEnd
425 */
427 {
429 }
432 {
434 }
436 /*
437 * Iterator becomes invalid after Erase. We could have a version that
438 * keep the iterator valid by copying forward, but it is unclear
439 * whether that is needed.
440 */
442 {
449 }
455 {
462 }
463 }
465 /*
466 * Linear search, from high addresses down.
467 */
470 {
485 }
486 }
488 /*
489 * in user addresses, page 0 is always trampoline, and user
490 * addresses are contained in system addresses, so returning a
491 * system page number of 0 can serve as error indicator: it is at
492 * worst the trampoline page, and likely to be below it.
493 */
494 }
496 /*
497 * Linear search, from high addresses down. For mmap, so the starting
498 * address of the region found must be NACL_MAP_PAGESIZE aligned.
499 *
500 * For general mmap it is better to use as high an address as
501 * possible, since the stack size for the main thread is currently
502 * fixed, and the heap is the only thing that grows.
503 */
506 {
529 }
530 }
533 }
534 }
536 /*
537 * in user addresses, page 0 is always trampoline, and user
538 * addresses are contained in system addresses, so returning a
539 * system page number of 0 can serve as error indicator: it is at
540 * worst the trampoline page, and likely to be below it.
541 */
542 }
544 /*
545 * Linear search, from uaddr up.
546 */
550 {
577 }
578 }
581 }
583 /* found a gap at or after uaddr that's big enough */
585 }
586 }
588 }
590 /* Returns whether the given range contains any executable mappings. */
593 {
602 }
604 }