| OLD | NEW |
|---|
| 1 {{+bindTo:partials.standard_nacl_article}} | 1 {{+bindTo:partials.standard_nacl_article}} |
| 2 | 2 |
| 3 <section id="arm-32-bit-sandbox"> | 3 <section id="arm-32-bit-sandbox"> |
| 4 <h1 id="arm-32-bit-sandbox">ARM 32-bit Sandbox</h1> | 4 <span id="id1"></span><h1 id="arm-32-bit-sandbox"><span id="id1"></span>ARM 32-b
it Sandbox</h1> |
| 5 <p>Native Client for ARM is a sandboxing technology for running | 5 <p>Native Client for ARM is a sandboxing technology for running |
| 6 programs—even malicious ones—safely, on computers that use 32-bit | 6 programs—even malicious ones—safely, on computers that use 32-bit |
| 7 ARM processors. The ARM sandbox is an extension of earlier work on | 7 ARM processors. The ARM sandbox is an extension of earlier work on |
| 8 Native Client for x86 processors. Security is provided with a low | 8 Native Client for x86 processors. Security is provided with a low |
| 9 performance overhead of about 10% over regular ARM code, and as you’ll | 9 performance overhead of about 10% over regular ARM code, and as you’ll |
| 10 see in this document the sandbox model is beautifully simple, meaning | 10 see in this document the sandbox model is beautifully simple, meaning |
| 11 that the trusted codebase is much easier to validate.</p> | 11 that the trusted codebase is much easier to validate.</p> |
| 12 <p>As an implementation detail, the Native Client 32-bit ARM sandbox is | 12 <p>As an implementation detail, the Native Client 32-bit ARM sandbox is |
| 13 currently used by Portable Native Client to execute code on 32-bit ARM | 13 currently used by Portable Native Client to execute code on 32-bit ARM |
| 14 machines in a safe manner. The portable bitcode contained in a <strong>pexe</str
ong> | 14 machines in a safe manner. The portable bitcode contained in a <strong>pexe</str
ong> |
| 15 is translated to a 32-bit ARM <strong>nexe</strong> before execution. This may c
hange | 15 is translated to a 32-bit ARM <strong>nexe</strong> before execution. This may c
hange |
| 16 at a point in time: Portable Native Client doesn’t necessarily need this | 16 at a point in time: Portable Native Client doesn’t necessarily need this |
| 17 sandbox to execute code on ARM. Note that the Portable Native Client | 17 sandbox to execute code on ARM. Note that the Portable Native Client |
| 18 compiler itself is also untrusted: it too runs in the ARM sandbox | 18 compiler itself is also untrusted: it too runs in the ARM sandbox |
| 19 described in this document.</p> | 19 described in this document.</p> |
| 20 <p>On this page, we describe how Native Client works on 32-bit ARM. We | 20 <p>On this page, we describe how Native Client works on 32-bit ARM. We |
| 21 assume no prior knowledge about the internals of Native Client, on x86 | 21 assume no prior knowledge about the internals of Native Client, on x86 |
| 22 or any other architecture, but we do assume some familiarity with | 22 or any other architecture, but we do assume some familiarity with |
| 23 assembly languages in general.</p> | 23 assembly languages in general.</p> |
| 24 <div class="contents local" id="contents" style="display: none"> | 24 <div class="contents local" id="contents" style="display: none"> |
| 25 <ul class="small-gap"> | 25 <ul class="small-gap"> |
| 26 <li><p class="first"><a class="reference internal" href="#an-introduction-to-the
-arm-architecture" id="id2">An Introduction to the ARM Architecture</a></p> | 26 <li><p class="first"><a class="reference internal" href="#an-introduction-to-the
-arm-architecture" id="id3">An Introduction to the ARM Architecture</a></p> |
| 27 <ul class="small-gap"> | 27 <ul class="small-gap"> |
| 28 <li><a class="reference internal" href="#about-arm-and-armv7-a" id="id3">About A
RM and ARMv7-A</a></li> | 28 <li><a class="reference internal" href="#about-arm-and-armv7-a" id="id4">About A
RM and ARMv7-A</a></li> |
| 29 <li><a class="reference internal" href="#arm-programmer-s-model" id="id4">ARM Pr
ogrammer’s Model</a></li> | 29 <li><a class="reference internal" href="#arm-programmer-s-model" id="id5">ARM Pr
ogrammer’s Model</a></li> |
| 30 </ul> | 30 </ul> |
| 31 </li> | 31 </li> |
| 32 <li><p class="first"><a class="reference internal" href="#the-native-client-appr
oach" id="id5">The Native Client Approach</a></p> | 32 <li><p class="first"><a class="reference internal" href="#the-native-client-appr
oach" id="id6">The Native Client Approach</a></p> |
| 33 <ul class="small-gap"> | 33 <ul class="small-gap"> |
| 34 <li><p class="first"><a class="reference internal" href="#nacl-arm-pure-software
-fault-isolation" id="id6">NaCl/ARM: Pure Software Fault Isolation</a></p> | 34 <li><p class="first"><a class="reference internal" href="#nacl-arm-pure-software
-fault-isolation" id="id7">NaCl/ARM: Pure Software Fault Isolation</a></p> |
| 35 <ul class="small-gap"> | 35 <ul class="small-gap"> |
| 36 <li><a class="reference internal" href="#load-and-store" id="id7"><em>Load</em>
and <em>Store</em></a></li> | 36 <li><a class="reference internal" href="#load-and-store" id="id8"><em>Load</em>
and <em>Store</em></a></li> |
| 37 <li><a class="reference internal" href="#the-stack-pointer-thread-pointer-and-pr
ogram-counter" id="id8">The Stack Pointer, Thread Pointer, and Program Counter</
a></li> | 37 <li><a class="reference internal" href="#the-stack-pointer-thread-pointer-and-pr
ogram-counter" id="id9">The Stack Pointer, Thread Pointer, and Program Counter</
a></li> |
| 38 <li><a class="reference internal" href="#indirect-branch" id="id9"><em>Indirect
Branch</em></a></li> | 38 <li><a class="reference internal" href="#indirect-branch" id="id10"><em>Indirect
Branch</em></a></li> |
| 39 <li><a class="reference internal" href="#literal-pools-and-data-bundles" id="id1
0">Literal Pools and Data Bundles</a></li> | 39 <li><a class="reference internal" href="#literal-pools-and-data-bundles" id="id1
1">Literal Pools and Data Bundles</a></li> |
| 40 </ul> | 40 </ul> |
| 41 </li> | 41 </li> |
| 42 <li><p class="first"><a class="reference internal" href="#trampolines-and-memory
-layout" id="id11">Trampolines and Memory Layout</a></p> | 42 <li><p class="first"><a class="reference internal" href="#trampolines-and-memory
-layout" id="id12">Trampolines and Memory Layout</a></p> |
| 43 <ul class="small-gap"> | 43 <ul class="small-gap"> |
| 44 <li><a class="reference internal" href="#memory-map" id="id12">Memory Map</a></l
i> | 44 <li><a class="reference internal" href="#memory-map" id="id13">Memory Map</a></l
i> |
| 45 <li><a class="reference internal" href="#inside-a-trampoline" id="id13">Inside a
Trampoline</a></li> | 45 <li><a class="reference internal" href="#inside-a-trampoline" id="id14">Inside a
Trampoline</a></li> |
| 46 </ul> | 46 </ul> |
| 47 </li> | 47 </li> |
| 48 <li><p class="first"><a class="reference internal" href="#loose-ends" id="id14">
Loose Ends</a></p> | 48 <li><p class="first"><a class="reference internal" href="#loose-ends" id="id15">
Loose Ends</a></p> |
| 49 <ul class="small-gap"> | 49 <ul class="small-gap"> |
| 50 <li><a class="reference internal" href="#forbidden-instructions" id="id15">Forbi
dden Instructions</a></li> | 50 <li><a class="reference internal" href="#forbidden-instructions" id="id16">Forbi
dden Instructions</a></li> |
| 51 <li><a class="reference internal" href="#coprocessors" id="id16">Coprocessors</a
></li> | 51 <li><a class="reference internal" href="#coprocessors" id="id17">Coprocessors</a
></li> |
| 52 <li><a class="reference internal" href="#validator-code" id="id17">Validator Cod
e</a></li> | 52 <li><a class="reference internal" href="#validator-code" id="id18">Validator Cod
e</a></li> |
| 53 </ul> | 53 </ul> |
| 54 </li> | 54 </li> |
| 55 </ul> | 55 </ul> |
| 56 </li> | 56 </li> |
| 57 </ul> | 57 </ul> |
| 58 | 58 |
| 59 </div><section id="an-introduction-to-the-arm-architecture"> | 59 </div><section id="an-introduction-to-the-arm-architecture"> |
| 60 <h2 id="an-introduction-to-the-arm-architecture">An Introduction to the ARM Arch
itecture</h2> | 60 <h2 id="an-introduction-to-the-arm-architecture">An Introduction to the ARM Arch
itecture</h2> |
| 61 <p>In this section, we summarize the relevant parts of the ARM processor | 61 <p>In this section, we summarize the relevant parts of the ARM processor |
| 62 architecture.</p> | 62 architecture.</p> |
| (...skipping 740 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 803 <h4 id="validator-code">Validator Code</h4> | 803 <h4 id="validator-code">Validator Code</h4> |
| 804 <p>By now you’re itching to see the sandbox validator’s code and dis
sect | 804 <p>By now you’re itching to see the sandbox validator’s code and dis
sect |
| 805 it. You’ll have a disapointing read: at less that 500 lines of code | 805 it. You’ll have a disapointing read: at less that 500 lines of code |
| 806 <a class="reference external" href="http://src.chromium.org/viewvc/native_client
/trunk/src/native_client/src/trusted/validator_arm/validator.cc">validator.cc</a
> | 806 <a class="reference external" href="http://src.chromium.org/viewvc/native_client
/trunk/src/native_client/src/trusted/validator_arm/validator.cc">validator.cc</a
> |
| 807 is quite simple to understand and much shorter than this document. It’s | 807 is quite simple to understand and much shorter than this document. It’s |
| 808 of course dependent on the <a class="reference external" href="http://src.chromi
um.org/viewvc/native_client/trunk/src/native_client/src/trusted/validator_arm/ar
mv7.table">ARMv7 instruction table definition</a>, | 808 of course dependent on the <a class="reference external" href="http://src.chromi
um.org/viewvc/native_client/trunk/src/native_client/src/trusted/validator_arm/ar
mv7.table">ARMv7 instruction table definition</a>, |
| 809 which teaches it about the ARMv7 instruction set.</p> | 809 which teaches it about the ARMv7 instruction set.</p> |
| 810 </section></section></section></section> | 810 </section></section></section></section> |
| 811 | 811 |
| 812 {{/partials.standard_nacl_article}} | 812 {{/partials.standard_nacl_article}} |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 176473002:
PNaCl documentation: link to ARM 32-bit sandbox internals (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src