Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(57)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 8275008: Make validator require read sandboxing on ARM. (Closed)

Created:
9 years, 2 months ago by sehr (please use chromium)
Modified:
9 years, 2 months ago
CC:
native-client-reviews_googlegroups.com
Visibility:
Public.

Description

Make validator require read sandboxing on ARM. Added some minor test extensions for write sandboxing also (SP updates and two-address stores). BUG= http://code.google.com/p/nativeclient/issues/detail?id=2129 TEST=utman_test.sh Committed: http://src.chromium.org/viewvc/native_client?view=rev&revision=6991

Patch Set 1 #

Total comments: 3

Patch Set 2 : '' #

Patch Set 3 : '' #

Patch Set 4 : '' #

Patch Set 5 : '' #

Patch Set 6 : '' #

Total comments: 6

Patch Set 7 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats (+328 lines, -60 lines) Patch
M src/trusted/validator_arm/build.scons View 1 2 3 4 5 6 1 chunk +2 lines, -0 lines 0 comments Download
M src/trusted/validator_arm/inst_classes.h View 1 2 3 4 5 6 11 chunks +27 lines, -5 lines 0 comments Download
M src/trusted/validator_arm/inst_classes.cc View 1 2 3 4 5 6 6 chunks +75 lines, -1 line 0 comments Download
M src/trusted/validator_arm/testdata/compile_tests.sh View 1 2 3 4 5 6 1 chunk +9 lines, -7 lines 0 comments Download
M src/trusted/validator_arm/testdata/test_external_jumps.nexe View 1 2 3 4 5 6 1 chunk +2 lines, -2 lines 0 comments Download
M src/trusted/validator_arm/testdata/test_forbidden_instructions.nexe View 1 2 Binary file 0 comments Download
M src/trusted/validator_arm/testdata/test_internal_jumps.nexe View 1 2 3 4 5 6 1 chunk +2 lines, -2 lines 0 comments Download
A src/trusted/validator_arm/testdata/test_loads.S View 1 2 3 4 5 6 1 chunk +95 lines, -0 lines 0 comments Download
A src/trusted/validator_arm/testdata/test_loads.err View 1 2 3 4 5 6 1 chunk +13 lines, -0 lines 0 comments Download
M src/trusted/validator_arm/testdata/test_loads.nexe View 1 2 3 4 5 6 Binary file 0 comments Download
M src/trusted/validator_arm/testdata/test_sp_updates.nexe View 1 2 Binary file 0 comments Download
M src/trusted/validator_arm/testdata/test_stores.S View 1 2 3 4 5 6 1 chunk +6 lines, -0 lines 0 comments Download
M src/trusted/validator_arm/testdata/test_stores.err View 1 2 3 4 5 6 1 chunk +9 lines, -7 lines 0 comments Download
M src/trusted/validator_arm/testdata/test_stores.nexe View 1 2 Binary file 0 comments Download
A src/trusted/validator_arm/testdata/test_vector_loads.S View 1 2 1 chunk +40 lines, -0 lines 0 comments Download
A src/trusted/validator_arm/testdata/test_vector_loads.err View 1 2 1 chunk +4 lines, -0 lines 0 comments Download
M src/trusted/validator_arm/testdata/test_vector_stores.err View 1 2 3 4 5 6 1 chunk +1 line, -1 line 0 comments Download
M src/trusted/validator_arm/testdata/test_vector_stores.nexe View 1 2 Binary file 0 comments Download
M src/trusted/validator_arm/validation-report.py View 1 2 3 4 5 6 2 chunks +5 lines, -6 lines 0 comments Download
M src/trusted/validator_arm/validator.h View 1 2 3 4 5 6 3 chunks +9 lines, -6 lines 0 comments Download
M src/trusted/validator_arm/validator.cc View 1 2 3 4 5 6 5 chunks +18 lines, -13 lines 0 comments Download
M src/trusted/validator_arm/validator_tests.cc View 1 2 3 4 5 6 4 chunks +10 lines, -10 lines 0 comments Download
M src/untrusted/stubs/setjmp_arm.S View 1 2 3 4 5 6 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 12 (0 generated)
sehr (please use chromium)
One more try.
9 years, 2 months ago (2011-10-13 22:45:12 UTC) #1
jasonwkim
http://codereview.chromium.org/8275008/diff/1/src/trusted/validator_arm/inst_classes.cc File src/trusted/validator_arm/inst_classes.cc (right): http://codereview.chromium.org/8275008/diff/1/src/trusted/validator_arm/inst_classes.cc#newcode219 src/trusted/validator_arm/inst_classes.cc:219: bool pre_index = i.bit(24); some comments? http://codereview.chromium.org/8275008/diff/1/src/trusted/validator_arm/inst_classes.cc#newcode281 src/trusted/validator_arm/inst_classes.cc:281: if ...
9 years, 2 months ago (2011-10-13 23:05:41 UTC) #2
sehr
On 2011/10/13 23:05:41, jasonwkim wrote: > http://codereview.chromium.org/8275008/diff/1/src/trusted/validator_arm/inst_classes.cc > File src/trusted/validator_arm/inst_classes.cc (right): > > http://codereview.chromium.org/8275008/diff/1/src/trusted/validator_arm/inst_classes.cc#newcode219 > ...
9 years, 2 months ago (2011-10-14 21:36:39 UTC) #3
sehr (please use chromium)
ping.
9 years, 2 months ago (2011-10-18 18:46:39 UTC) #4
robertm
Since it is very likely that we have to revisit the load sandboxing when people ...
9 years, 2 months ago (2011-10-18 21:19:55 UTC) #5
sehr (please use chromium)
Thanks for the reviews. Requested tests were added. PTAL. http://codereview.chromium.org/8275008/diff/11004/src/trusted/service_runtime/arch/arm/nacl_switch_to_app_arm.c File src/trusted/service_runtime/arch/arm/nacl_switch_to_app_arm.c (left): http://codereview.chromium.org/8275008/diff/11004/src/trusted/service_runtime/arch/arm/nacl_switch_to_app_arm.c#oldcode47 src/trusted/service_runtime/arch/arm/nacl_switch_to_app_arm.c:47: ...
9 years, 2 months ago (2011-10-18 22:44:11 UTC) #6
robertm
How difficult is it to turn read sandboxing off again if we have to. is ...
9 years, 2 months ago (2011-10-19 14:28:00 UTC) #7
sehr (please use chromium)
It should be as simple as removing the safety and base_register methods on the load ...
9 years, 2 months ago (2011-10-19 19:56:14 UTC) #8
robertm
LGTM On 2011/10/19 19:56:14, sehr wrote: > It should be as simple as removing the ...
9 years, 2 months ago (2011-10-19 20:00:12 UTC) #9
jasonwkim
On Wed, Oct 19, 2011 at 12:56 PM, <sehr@google.com> wrote: > It should be as ...
9 years, 2 months ago (2011-10-19 20:00:59 UTC) #10
sehr (please use chromium)
Thanks. Committed as r6991. On 2011/10/19 20:00:59, jasonwkim wrote: > On Wed, Oct 19, 2011 ...
9 years, 2 months ago (2011-10-20 19:53:14 UTC) #11
sehr (please use chromium)
9 years, 2 months ago (2011-10-20 21:12:02 UTC) #12 
And reverted in r6993.  Broke trusted_mmap_test.

On 2011/10/20 19:53:14, sehr wrote:
> Thanks.  Committed as r6991.
> 
> On 2011/10/19 20:00:59, jasonwkim wrote:
> > On Wed, Oct 19, 2011 at 12:56 PM, <mailto:sehr@google.com> wrote:
> > 
> > > It should be as simple as removing the safety and base_register methods on
> > > the
> > > load classes in inst_classes.h, plus removing the related tests.
> > >
> > >
> > Making this switchable on the fly will be a bit of work - probably beyond
> > scope of this CL
> > Besides, I am due to face merge from hell once I restart thumb2 stuff again.
> > 
> > In short All your sandboxes and thumbs are belong to me :-)
> > I say LGTM unless robert has a strong objection
> > 
> > 
> > >  On 2011/10/19 14:28:00, robertm wrote:
> > >
> > >> How difficult is it to turn read sandboxing off again if we have to.
> > >> is there a flags in the validator or is it hardcoded
> > >>
> > >
> > >  On 2011/10/18 22:44:11, sehr wrote:
> > >> > Thanks for the reviews.  Requested tests were added.  PTAL.
> > >> >
> > >> >
> > >>
> > >
> > > http://codereview.chromium.**org/8275008/diff/11004/src/**
> > >
> >
>
trusted/service_runtime/arch/**arm/nacl_switch_to_app_arm.c<http://codereview.chromium.org/8275008/diff/11004/src/trusted/service_runtime/arch/arm/nacl_switch_to_app_arm.c>
> > >
> > >> > File src/trusted/service_runtime/**arch/arm/nacl_switch_to_app_**arm.c
> > >> (left):
> > >> >
> > >> >
> > >>
> > >
> > > http://codereview.chromium.**org/8275008/diff/11004/src/**
> > >
> >
>
trusted/service_runtime/arch/**arm/nacl_switch_to_app_arm.c#**oldcode47<http://codereview.chromium.org/8275008/diff/11004/src/trusted/service_runtime/arch/arm/nacl_switch_to_app_arm.c#oldcode47>
> > >
> > >> > src/trusted/service_runtime/**arch/arm/nacl_switch_to_app_**arm.c:47:
> > >> /*
> > >>
> > > Skipping
> > >
> > >> a
> > >> > 2-byte halt brings us to 0 mod 16. */
> > >> > On 2011/10/18 21:19:55, robertm wrote:
> > >> > > this change was not mentioned in the description
> > >> >
> > >> > Thanks.  This was not intended for this CL.
> > >> >
> > >> >
> > >>
> > >
> > > http://codereview.chromium.**org/8275008/diff/11004/src/**
> > >
> >
>
trusted/validator_arm/**testdata/test_loads.S<http://codereview.chromium.org/8275008/diff/11004/src/trusted/validator_arm/testdata/test_loads.S>
> > >
> > >> > File src/trusted/validator_arm/**testdata/test_loads.S (right):
> > >> >
> > >> >
> > >>
> > >
> > > http://codereview.chromium.**org/8275008/diff/11004/src/**
> > >
> >
>
trusted/validator_arm/**testdata/test_loads.S#**newcode17<http://codereview.chromium.org/8275008/diff/11004/src/trusted/validator_arm/testdata/test_loads.S#newcode17>
> > >
> > >> > src/trusted/validator_arm/**testdata/test_loads.S:17: bundle0:
> > >> > On 2011/10/18 21:19:55, robertm wrote:
> > >> > > maybe add some pc and sp loads
> > >> >
> > >> > Done.
> > >> >
> > >> >
> > >>
> > >
> > > http://codereview.chromium.**org/8275008/diff/11004/src/**
> > >
> >
>
trusted/validator_arm/**testdata/test_loads.S#**newcode21<http://codereview.chromium.org/8275008/diff/11004/src/trusted/validator_arm/testdata/test_loads.S#newcode21>
> > >
> > >> > src/trusted/validator_arm/**testdata/test_loads.S:21: bic r1, r1, #MASK
> > >>
> > > @
> > >
> > >> > Confining an address in place
> > >> > On 2011/10/18 21:19:55, robertm wrote:
> > >> > > not sure whether those are tested elsewhere but
> > >> > >
> > >> > > ldr r0, [r1,r2]
> > >> > > should also be covered
> > >> >
> > >> > Done.
> > >>
> > >
> > >
> > >
> > >
> >
>
http://codereview.chromium.**org/8275008/%253Chttp://codereview.chromium.org/...>
> > >
> > 
> > -- 
> > You received this message because you are subscribed to the Google Groups
> > "Native-Client-Reviews" group.
> > To post to this group, send email to
> mailto:native-client-reviews@googlegroups.com.
> > To unsubscribe from this group, send email to
> > mailto:native-client-reviews+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/native-client-reviews?hl=en.
> >

Powered by Google App Engine
This is Rietveld 408576698