Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(547)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: lib/Transforms/NaCl/SandboxMemoryAccesses.cpp

Issue 29743003: Add passes for applying SFI sandboxing at the LLVM IR level Base URL: http://git.chromium.org/native_client/pnacl-llvm.git@master
Patch Set: Retry upload Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « lib/Transforms/NaCl/SandboxIndirectCalls.cpp ('k') | lib/Transforms/NaCl/StripTls.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 //===- SandboxMemoryAccesses.cpp - Add SFI to memory accesses--------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // XXX
11 //
12 //===----------------------------------------------------------------------===//
13
14 #include "llvm/IR/Function.h"
15 #include "llvm/IR/Instructions.h"
16 #include "llvm/IR/IntrinsicInst.h"
17 #include "llvm/IR/Module.h"
18 #include "llvm/Pass.h"
19 // #include "llvm/Support/raw_ostream.h"
20 #include "llvm/Transforms/NaCl.h"
21
22 using namespace llvm;
23
24 namespace {
25 // This is a ModulePass so that XXX...
26 class SandboxMemoryAccesses : public ModulePass {
27 Value *MemBaseVar;
28 Value *MemBase;
29
30 Value *sandboxPtr(Value *Ptr, Instruction *InsertPt);
31 void sandboxOperand(Instruction *Inst, unsigned OpNum);
32 void convertFunc(Function *Func);
33
34 public:
35 static char ID; // Pass identification, replacement for typeid
36 SandboxMemoryAccesses() : ModulePass(ID) {
37 initializeSandboxMemoryAccessesPass(*PassRegistry::getPassRegistry());
38 }
39
40 virtual bool runOnModule(Module &M);
41 };
42 }
43
44 char SandboxMemoryAccesses::ID = 0;
45 INITIALIZE_PASS(SandboxMemoryAccesses, "sandbox-memory-accesses",
46 "Add SFI sandboxing to memory accesses",
47 false, false)
48
49 Value *SandboxMemoryAccesses::sandboxPtr(Value *Ptr, Instruction *InsertPt) {
50 if (!MemBase) {
51 Function *Func = InsertPt->getParent()->getParent();
52 Instruction *MemBaseInst = new LoadInst(MemBaseVar, "mem_base");
53 Func->getEntryBlock().getInstList().push_front(MemBaseInst);
54 MemBase = MemBaseInst;
55 }
56
57 Type *I32 = Type::getInt32Ty(InsertPt->getContext());
58 Type *I64 = Type::getInt64Ty(InsertPt->getContext());
59
60 // Look for the pattern produced by ExpandGetElementPtr.
61 // TODO: ExpandGetElementPtr should really put a "nuw" attr on the
62 // add, and we should check for this here.
63 if (IntToPtrInst *Cast = dyn_cast<IntToPtrInst>(Ptr)) {
64 if (BinaryOperator *Op = dyn_cast<BinaryOperator>(Cast->getOperand(0))) {
65 if (Op->getOpcode() == Instruction::Add) {
66 if (ConstantInt *CI = dyn_cast<ConstantInt>(Op->getOperand(1))) {
67 uint64_t Addend = CI->getZExtValue();
68 if (Addend < 0x10000) {
69 Value *ZExt = new ZExtInst(Op->getOperand(0), I64, "", InsertPt);
70 Value *Add1 = BinaryOperator::Create(
71 BinaryOperator::Add, MemBase, ZExt, "", InsertPt);
72 Value *Add2 = BinaryOperator::Create(
73 BinaryOperator::Add, Add1, ConstantInt::get(I64, Addend),
74 "", InsertPt);
75 return new IntToPtrInst(Add2, Ptr->getType(), "", InsertPt);
76 }
77 }
78 }
79 }
80 }
81
82
83 Value *Truncated = new PtrToIntInst(Ptr, I32, "", InsertPt);
84 Value *ZExt = new ZExtInst(Truncated, I64, "", InsertPt);
85 Value *Added = BinaryOperator::Create(BinaryOperator::Add, MemBase, ZExt,
86 "", InsertPt);
87 return new IntToPtrInst(Added, Ptr->getType(), "", InsertPt);
88 }
89
90 void SandboxMemoryAccesses::sandboxOperand(Instruction *Inst, unsigned OpNum) {
91 Inst->setOperand(OpNum, sandboxPtr(Inst->getOperand(OpNum), Inst));
92 }
93
94 void SandboxMemoryAccesses::convertFunc(Function *Func) {
95 MemBase = NULL;
96 for (Function::iterator BB = Func->begin(), E = Func->end(); BB != E; ++BB) {
97 for (BasicBlock::iterator Inst = BB->begin(), E = BB->end(); Inst != E;
98 ++Inst) {
99 if (isa<LoadInst>(Inst)) {
100 sandboxOperand(Inst, 0);
101 } else if (isa<StoreInst>(Inst)) {
102 sandboxOperand(Inst, 1);
103 } else if (isa<MemCpyInst>(Inst) || isa<MemMoveInst>(Inst)) {
104 sandboxOperand(Inst, 0);
105 sandboxOperand(Inst, 1);
106 } else if (isa<MemSetInst>(Inst)) {
107 sandboxOperand(Inst, 0);
108 }
109 }
110 }
111 }
112
113 bool SandboxMemoryAccesses::runOnModule(Module &M) {
114 Type *I64 = Type::getInt64Ty(M.getContext());
115 MemBaseVar = M.getOrInsertGlobal("__sfi_memory_base", I64);
116 for (Module::iterator Func = M.begin(), E = M.end(); Func != E; ++Func) {
117 convertFunc(Func);
118 }
119 return true;
120 }
121
122 ModulePass *llvm::createSandboxMemoryAccessesPass() {
123 return new SandboxMemoryAccesses();
124 }
OLDNEW
« no previous file with comments | « lib/Transforms/NaCl/SandboxIndirectCalls.cpp ('k') | lib/Transforms/NaCl/StripTls.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698