Resurrect Petr's 64-bit dynamic code modification CL:...

src/trusted/service_runtime/sel_validate_image.c

 /*
  * Copyright 2010 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can
  * be found in the LICENSE file.
  */
 
 #include "native_client/src/shared/platform/nacl_log.h"
 #include "native_client/src/trusted/service_runtime/sel_ldr.h"
 
 
 #if NACL_ARCH(NACL_BUILD_ARCH) == NACL_x86
 
+# include "native_client/src/trusted/validator_x86/nccopycode.h"
+
 # if NACL_TARGET_SUBARCH == 32
 
 #  include "native_client/src/trusted/validator_x86/ncvalidate.h"
-#  include "native_client/src/trusted/validator_x86/nccopycode.h"
 
 int NaClValidateCode(struct NaClApp *nap, uintptr_t guest_addr,
                      uint8_t *data, size_t size) {
   struct NCValidatorState *vstate;
   int validator_result;
 
   if (nap->validator_stub_out_mode) {
     /* In stub out mode, we do two passes.  The second pass acts as a
        sanity check that bad instructions were indeed overwritten with
        allowable HLTs. */
@@ skipping 24 matching lines @@
                                 uint8_t *data_old, uint8_t *data_new,
                                 size_t size) {
   struct NCValidatorState *vstate;
   int validator_result;
 
   if (nap->validator_stub_out_mode) {
     NaClLog(1, "NaClValidateCodeReplacement:  "
                "stub_out_mode not supported for code replacement\n");
     return LOAD_BAD_FILE;
   }
 

[bsy, 2010/12/15 04:06:50]

same CHECK as below would be good (yeah, i know, pre-existing code).

[elijahtaylor (use chromium), 2010/12/15 21:26:37]

Done

On 2010/12/15 04:06:50, bsy wrote:

   vstate = NCValidateInit(guest_addr, guest_addr + size, nap->bundle_size);
   if (vstate == NULL) {
     return LOAD_BAD_FILE;
   }
   NCValidateSegmentPair(data_old, data_new, guest_addr, size, vstate);
   validator_result = NCValidateFinish(vstate);
   NCValidateFreeState(&vstate);
   if (validator_result != 0) {
     return LOAD_VALIDATION_FAILED;
   }
@@ skipping 18 matching lines @@
 int NaClValidateCode(struct NaClApp *nap, uintptr_t guest_addr,
                      uint8_t *data, size_t size) {
   struct NaClValidatorState *vstate;
   int is_ok;
 
   vstate = NaClValidatorStateCreate(guest_addr, size, nap->bundle_size,
                                     RegR15);
   if (vstate == NULL) {
     return LOAD_BAD_FILE;
   }
+
   NaClValidatorStateSetLogVerbosity(vstate, LOG_ERROR);
 
   if (nap->validator_stub_out_mode) {
     /* In stub out mode, we do two passes. The second pass acts as a sanity
      * check, after illegal instructions have been stubbed out with allowable
      * HLTs.
      * Start pass one to find errors, and stub out illegal instructions.
      */
     NaClValidatorStateSetDoStubOut(vstate, TRUE);
     NaClValidateSegment(data, guest_addr, size, vstate);
     NaClValidatorStateDestroy(vstate);
     vstate = NaClValidatorStateCreate(guest_addr, size, nap->bundle_size,
                                       RegR15);
     NaClValidatorStateSetLogVerbosity(vstate, LOG_ERROR);
   }
   NaClValidateSegment(data, guest_addr, size, vstate);
   is_ok = NaClValidatesOk(vstate);
   NaClValidatorStateDestroy(vstate);
   if (!is_ok) {
     return LOAD_VALIDATION_FAILED;
   }
   return LOAD_OK;
 }
 
 int NaClValidateCodeReplacement(struct NaClApp *nap, uintptr_t guest_addr,
                                 uint8_t *data_old, uint8_t *data_new,
                                 size_t size) {
-  UNREFERENCED_PARAMETER(nap);
-  UNREFERENCED_PARAMETER(guest_addr);
-  UNREFERENCED_PARAMETER(data_old);
-  UNREFERENCED_PARAMETER(data_new);
-  UNREFERENCED_PARAMETER(size);
-  NaClLog(1, "NaClValidateCodeReplacement: "
-             "code replacement not yet supported on x86_64\n");
-  return LOAD_UNIMPLEMENTED;
+  struct NaClValidatorState *vstate;
+  int is_ok;
+
+  if (nap->validator_stub_out_mode) {
+    NaClLog(1, "NaClValidateCodeReplacement:  "
+               "stub_out_mode not supported for code replacement\n");
+    return LOAD_BAD_FILE;
+  }
+

[bsy, 2010/12/15 04:06:50]

a check here that guest_addr starts at bundle boundary and size is a multiple of
bundle size would be good.  this is a necessary precondition which is
(currently) satisfied, but we shouldn't let the code drift/rot.

[elijahtaylor (use chromium), 2010/12/15 21:26:37]

Done.

On 2010/12/15 04:06:50, bsy wrote:

+  vstate = NaClValidatorStateCreate(guest_addr, size, nap->bundle_size,
+                                    RegR15);
+  if (vstate == NULL) {
+    return LOAD_BAD_FILE;
+  }
+  NaClValidatorStateSetLogVerbosity(vstate, LOG_ERROR);
+
+  NaClValidateSegmentPair(data_old, data_new, guest_addr, size, vstate);
+  is_ok = NaClValidatesOk(vstate);
+  NaClValidatorStateDestroy(vstate);
+  if (!is_ok) {
+    return LOAD_VALIDATION_FAILED;
+  }
+  return LOAD_OK;
 }
 
-
 int NaClCopyCode(struct NaClApp *nap, uintptr_t guest_addr,
                  uint8_t *data_old, uint8_t *data_new,
                  size_t size) {
+  int result;
   UNREFERENCED_PARAMETER(nap);
-  UNREFERENCED_PARAMETER(guest_addr);
-  UNREFERENCED_PARAMETER(data_old);
-  UNREFERENCED_PARAMETER(data_new);
-  UNREFERENCED_PARAMETER(size);
-  NaClLog(1, "NaClCopyCode: "
-             "code replacement not yet supported on x86_64\n");
-  return LOAD_UNIMPLEMENTED;
+
+  result = NaClCopyCodeIter(data_old, data_new, guest_addr, size);
+  if (result != 0) {
+    return LOAD_UNLOADABLE;
+  }
+  return LOAD_OK;
 }
 
 # endif
 
 #elif NACL_ARCH(NACL_BUILD_ARCH) == NACL_arm
 
 # include "native_client/src/trusted/validator_arm/ncvalidate.h"
 
 int NaClValidateCode(struct NaClApp *nap, uintptr_t guest_addr,
                      uint8_t *data, size_t size) {
@@ skipping 58 matching lines @@
       NaClLog(LOG_ERROR, "VALIDATION FAILED.\n");
       NaClLog(LOG_ERROR,
               "Run sel_ldr in debug mode to ignore validation failure.\n");
       NaClLog(LOG_ERROR,
               "Run ncval <module-name> for validation error details.\n");
       rcode = LOAD_VALIDATION_FAILED;
     }
   }
   return rcode;
 }