runtime, syscall: use the new get_random_bytes syscall for NaCl

The SecureRandom named service was removed in https://codereview.chromium.org/550523002. And the new syscall was introduced in https://codereview.chromium.org/537543003. Accepting this will remove the support for older version of sel_ldr. I've confirmed that both pepper_40 and current pepper_canary have this syscall. After this change, we need sel_ldr from pepper_39 or above to work. Fixes #9261 Change-Id: I096973593aa302ade61f259a3a71ebc7c1a57913 Signed-off-by: Shenghou Ma <minux@golang.org> Reviewed-on: https://go-review.googlesource.com/1755 Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
2014-12-18 03:26:08 -05:00 · 2014-12-18 03:26:08 -05:00 · 003dccfac4
parent 41d58c3739
commit 003dccfac4
12 changed files with 120 additions and 31 deletions
--- a/misc/nacl/README
+++ b/misc/nacl/README
@ -8,7 +8,7 @@ Go 1.3 supports three architectures
 * nacl/386 which is standard 386.
 * nacl/amd64p32 which is a 64 bit architecture, where the address space is
-   limited to a 4gb window. 
+   limited to a 4gb window.
 * nacl/arm which is 32-bit ARMv7A architecture with 1GB address space.
 For background it is recommended that you read http://golang.org/s/go13nacl.
@ -37,21 +37,20 @@ sdk. These are released every 6-8 weeks, in line with Chrome releases.
 	% cd /opt/nacl_sdk
 	% ./naclsdk update
-At this time pepper_34 is the stable version. If naclsdk downloads a later
+At this time pepper_40 is the stable version. The NaCl port needs at least pepper_39
-version, please adjust accordingly. As of June 2014, only the canary sdk
+to work. If naclsdk downloads a later version, please adjust accordingly.
 provides support for nacl/arm.
 The cmd/go helper scripts expect that the loaders sel_ldr_{x86_{32,64},arm} and
 nacl_helper_bootstrap_arm are in your path. I find it easiest to make a symlink
 from the NaCl distribution to my $GOPATH/bin directory.
-	% ln -nfs /opt/nacl_sdk/pepper_34/tools/sel_ldr_x86_32 $GOPATH/bin/sel_ldr_x86_32
+	% ln -nfs /opt/nacl_sdk/pepper_39/tools/sel_ldr_x86_32 $GOPATH/bin/sel_ldr_x86_32
-	% ln -nfs /opt/nacl_sdk/pepper_34/tools/sel_ldr_x86_64 $GOPATH/bin/sel_ldr_x86_64
+	% ln -nfs /opt/nacl_sdk/pepper_39/tools/sel_ldr_x86_64 $GOPATH/bin/sel_ldr_x86_64
-	% ln -nfs /opt/nacl_sdk/pepper_canary/tools/sel_ldr_arm $GOPATH/bin/sel_ldr_arm
+	% ln -nfs /opt/nacl_sdk/pepper_39/tools/sel_ldr_arm $GOPATH/bin/sel_ldr_arm
 Additionally, for NaCl/ARM only:
-	% ln -nfs /opt/nacl_sdk/pepper_canary/tools/nacl_helper_bootstrap_arm $GOPATH/bin/nacl_helper_bootstrap_arm 
+	% ln -nfs /opt/nacl_sdk/pepper_39/tools/nacl_helper_bootstrap_arm $GOPATH/bin/nacl_helper_bootstrap_arm
 Support scripts
 ---------------
@ -110,7 +109,7 @@ Then, run the program as:
 The -g flag instructs the loader to stop at startup. Then, in another console:
-	% /opt/nacl_sdk/pepper_34/toolchain/linux_x86_glibc/bin/x86_64-nacl-gdb
+	% /opt/nacl_sdk/pepper_39/toolchain/linux_x86_glibc/bin/x86_64-nacl-gdb
 	% nacl-manifest mybin.manifest
 	% target remote :4014
@ -118,5 +117,5 @@ If you see that the program is stopped in _rt0_amd64p32_nacl, then symbols are
 loaded successfully and you can type 'c' to start the program.
 Next time you can automate it as:
-	% /opt/nacl_sdk/pepper_34/toolchain/linux_x86_glibc/bin/x86_64-nacl-gdb \
+	% /opt/nacl_sdk/pepper_39/toolchain/linux_x86_glibc/bin/x86_64-nacl-gdb \
 		-ex 'nacl-manifest mybin.manifest' -ex 'target remote :4014'
--- a/src/runtime/os1_nacl.go
+++ b/src/runtime/os1_nacl.go
@ -46,11 +46,8 @@ func crash() {
 	*(*int32)(nil) = 0
 }
-//go:nosplit
+//go:noescape
-func getRandomData(r []byte) {
+func getRandomData([]byte)
 	// TODO: does nacl have a random source we can use?
 	extendRandom(r, 0)
 }
 func goenvs() {
 	goenvs_unix()
--- a/src/runtime/sys_nacl_386.s
+++ b/src/runtime/sys_nacl_386.s
@ -362,3 +362,12 @@ ret:
 	// 36(BP) is saved EFLAGS, never to be seen again
 	MOVL	32(BP), BP // saved PC
 	JMP	BP
 // func getRandomData([]byte)
 TEXT runtime·getRandomData(SB),NOSPLIT,$8-12
 	MOVL buf+0(FP), AX
 	MOVL AX, 0(SP)
 	MOVL len+4(FP), AX
 	MOVL AX, 4(SP)
 	NACL_SYSCALL(SYS_get_random_bytes)
 	RET
--- a/src/runtime/sys_nacl_amd64p32.s
+++ b/src/runtime/sys_nacl_amd64p32.s
@ -412,6 +412,13 @@ nog:
 // cannot do real signal handling yet, because gsignal has not been allocated.
 MOVL $1, DI; NACL_SYSCALL(SYS_exit)
 // func getRandomData([]byte)
 TEXT runtime·getRandomData(SB),NOSPLIT,$0-12
 	MOVL buf+0(FP), DI
 	MOVL len+4(FP), SI
 	NACL_SYSCALL(SYS_get_random_bytes)
 	RET
 TEXT runtime·nacl_sysinfo(SB),NOSPLIT,$16
 /*
 	MOVL	di+0(FP), DI
--- a/src/runtime/sys_nacl_arm.s
+++ b/src/runtime/sys_nacl_arm.s
@ -301,6 +301,13 @@ nog:
 TEXT runtime·nacl_sysinfo(SB),NOSPLIT,$16
 	RET
 // func getRandomData([]byte)
 TEXT runtime·getRandomData(SB),NOSPLIT,$0-12
 	MOVW buf+0(FP), R0
 	MOVW len+4(FP), R1
 	NACL_SYSCALL(SYS_get_random_bytes)
 	RET
 TEXT runtime·casp1(SB),NOSPLIT,$0
 	B	runtime·cas(SB)
--- a/src/runtime/syscall_nacl.h
+++ b/src/runtime/syscall_nacl.h
@ -8,10 +8,10 @@
 #define SYS_read 12
 #define SYS_write 13
 #define SYS_lseek 14
 #define SYS_ioctl 15
 #define SYS_stat 16
 #define SYS_fstat 17
 #define SYS_chmod 18
 #define SYS_isatty 19
 #define SYS_brk 20
 #define SYS_mmap 21
 #define SYS_munmap 22
@ -69,3 +69,16 @@
 #define SYS_test_crash 110
 #define SYS_test_syscall_1 111
 #define SYS_test_syscall_2 112
 #define SYS_futex_wait_abs 120
 #define SYS_futex_wake 121
 #define SYS_pread 130
 #define SYS_pwrite 131
 #define SYS_truncate 140
 #define SYS_lstat 141
 #define SYS_link 142
 #define SYS_rename 143
 #define SYS_symlink 144
 #define SYS_access 145
 #define SYS_readlink 146
 #define SYS_utimes 147
 #define SYS_get_random_bytes 150
--- a/src/syscall/fs_nacl.go
+++ b/src/syscall/fs_nacl.go
@ -772,29 +772,24 @@ func (f *zeroFile) pread(b []byte, offset int64) (int, error) {
 	return len(b), nil
 }
-type randomFile struct {
+type randomFile struct{}
 	naclFD int
 }
 func openRandom() (devFile, error) {
-	fd, err := openNamedService("SecureRandom", O_RDONLY)
+	return randomFile{}, nil
 	if err != nil {
 		return nil, err
 	}
 	return &randomFile{naclFD: fd}, nil
 }
-func (f *randomFile) close() error {
+func (f randomFile) close() error {
 	naclClose(f.naclFD)
 	f.naclFD = -1
 	return nil
 }
-func (f *randomFile) pread(b []byte, offset int64) (int, error) {
+func (f randomFile) pread(b []byte, offset int64) (int, error) {
-	return naclRead(f.naclFD, b)
+	if err := naclGetRandomBytes(b); err != nil {
 		return 0, err
 	}
 	return len(b), nil
 }
-func (f *randomFile) pwrite(b []byte, offset int64) (int, error) {
+func (f randomFile) pwrite(b []byte, offset int64) (int, error) {
 	return 0, EPERM
 }
--- a/src/syscall/syscall_nacl.go
+++ b/src/syscall/syscall_nacl.go
@ -14,6 +14,7 @@ import (
 //sys	naclFstat(fd int, stat *Stat_t) (err error) = sys_fstat
 //sys	naclRead(fd int, b []byte) (n int, err error) = sys_read
 //sys	naclSeek(fd int, off *int64, whence int) (err error) = sys_lseek
 //sys	naclGetRandomBytes(b []byte) (err error) = sys_get_random_bytes
 const direntSize = 8 + 8 + 2 + 256
--- a/src/syscall/tables_nacl.go
+++ b/src/syscall/tables_nacl.go
@ -15,10 +15,10 @@ const (
 	sys_read                 = 12
 	sys_write                = 13
 	sys_lseek                = 14
 	sys_ioctl                = 15
 	sys_stat                 = 16
 	sys_fstat                = 17
 	sys_chmod                = 18
 	sys_isatty               = 19
 	sys_brk                  = 20
 	sys_mmap                 = 21
 	sys_munmap               = 22
@ -76,6 +76,19 @@ const (
 	sys_test_crash           = 110
 	sys_test_syscall_1       = 111
 	sys_test_syscall_2       = 112
 	sys_futex_wait_abs       = 120
 	sys_futex_wake           = 121
 	sys_pread                = 130
 	sys_pwrite               = 131
 	sys_truncate             = 140
 	sys_lstat                = 141
 	sys_link                 = 142
 	sys_rename               = 143
 	sys_symlink              = 144
 	sys_access               = 145
 	sys_readlink             = 146
 	sys_utimes               = 147
 	sys_get_random_bytes     = 150
 )
 // TODO: Auto-generate some day. (Hard-coded in binaries so not likely to change.)
--- a/src/syscall/zsyscall_nacl_386.go
+++ b/src/syscall/zsyscall_nacl_386.go
@ -61,3 +61,19 @@ func naclSeek(fd int, off *int64, whence int) (err error) {
 	}
 	return
 }
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 func naclGetRandomBytes(b []byte) (err error) {
 	var _p0 unsafe.Pointer
 	if len(b) > 0 {
 		_p0 = unsafe.Pointer(&b[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
 	_, _, e1 := Syscall(sys_get_random_bytes, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = e1
 	}
 	return
 }
--- a/src/syscall/zsyscall_nacl_amd64p32.go
+++ b/src/syscall/zsyscall_nacl_amd64p32.go
@ -61,3 +61,19 @@ func naclSeek(fd int, off *int64, whence int) (err error) {
 	}
 	return
 }
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 func naclGetRandomBytes(b []byte) (err error) {
 	var _p0 unsafe.Pointer
 	if len(b) > 0 {
 		_p0 = unsafe.Pointer(&b[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
 	_, _, e1 := Syscall(sys_get_random_bytes, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = e1
 	}
 	return
 }
--- a/src/syscall/zsyscall_nacl_arm.go
+++ b/src/syscall/zsyscall_nacl_arm.go
@ -61,3 +61,19 @@ func naclSeek(fd int, off *int64, whence int) (err error) {
 	}
 	return
 }
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 func naclGetRandomBytes(b []byte) (err error) {
 	var _p0 unsafe.Pointer
 	if len(b) > 0 {
 		_p0 = unsafe.Pointer(&b[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
 	_, _, e1 := Syscall(sys_get_random_bytes, uintptr(_p0), uintptr(len(b)), 0)
 	if e1 != 0 {
 		err = e1
 	}
 	return
 }