| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * Copyright (c) 2012 The Native Client Authors. All rights reserved. | |
| 3 * Use of this source code is governed by a BSD-style license that can be | |
| 4 * found in the LICENSE file. | |
| 5 */ | |
| 6 | |
| 7 /* | |
| 8 * nc_jumps_detailed.c - Validate jumps using a second pass of the | |
| 9 * isntructions. | |
| 10 */ | |
| 11 | |
| 12 #include "native_client/src/trusted/validator/x86/ncval_reg_sfi/nc_jumps_detaile
d.h" | |
| 13 | |
| 14 #include "native_client/src/shared/platform/nacl_log.h" | |
| 15 #include "native_client/src/trusted/validator/x86/decoder/nc_inst_state_internal
.h" | |
| 16 #include "native_client/src/trusted/validator/x86/ncval_reg_sfi/ncvalidate_iter.
h" | |
| 17 #include "native_client/src/trusted/validator/x86/ncval_reg_sfi/ncvalidate_iter_
internal.h" | |
| 18 #include "native_client/src/trusted/validator/x86/ncval_reg_sfi/nc_jumps.h" | |
| 19 | |
| 20 /* To turn on debugging of instruction decoding, change value of | |
| 21 * DEBUGGING to 1. | |
| 22 */ | |
| 23 #define DEBUGGING 0 | |
| 24 | |
| 25 #include "native_client/src/shared/utils/debugging.h" | |
| 26 | |
| 27 #include "native_client/src/trusted/validator/x86/decoder/ncop_exps_inl.c" | |
| 28 #include "native_client/src/trusted/validator/x86/decoder/nc_inst_iter_inl.c" | |
| 29 | |
| 30 /* Returns true if the given address is within the code segment. | |
| 31 */ | |
| 32 static Bool NaClCheckAddressRange(NaClPcAddress address, | |
| 33 NaClValidatorState* vstate) { | |
| 34 return address < vstate->codesize; | |
| 35 } | |
| 36 | |
| 37 static void NaClInstLayoutCheck(NaClValidatorState* vstate) { | |
| 38 NaClPcAddress start; | |
| 39 NaClPcAddress end; | |
| 40 NaClPcAddress i; | |
| 41 if (NULL == vstate->cur_inst_state) return; | |
| 42 | |
| 43 DEBUG(NaClLog(LOG_INFO, "Jump layout check: "); | |
| 44 NaClInstStateInstPrint(NaClLogGetGio(), vstate->cur_inst_state)); | |
| 45 | |
| 46 /* Check basic block boundaries. */ | |
| 47 start = vstate->cur_inst_state->inst_addr; | |
| 48 | |
| 49 /* Check that if first instruction in a basic block, it isn't in the | |
| 50 * middle of a pattern. | |
| 51 */ | |
| 52 if ((0 == (start & vstate->bundle_mask)) && | |
| 53 NaClAddressSetContains(vstate->jump_sets.removed_targets, | |
| 54 start, vstate)) { | |
| 55 NaClValidatorInstMessage( | |
| 56 LOG_ERROR, vstate, vstate->cur_inst_state, | |
| 57 "Instruction begins basic block, but in middle of nacl pattern\n"); | |
| 58 } | |
| 59 | |
| 60 /* Check that instruction doesn't cross block boundaries. */ | |
| 61 end = (NaClPcAddress) (start + vstate->cur_inst_state->bytes.length); | |
| 62 for (i = start + 1; i < end; ++i) { | |
| 63 if (0 == (i & vstate->bundle_mask)) { | |
| 64 NaClValidatorInstMessage( | |
| 65 LOG_ERROR, vstate, vstate->cur_inst_state, | |
| 66 "Instruction crosses basic block alignment\n"); | |
| 67 } | |
| 68 } | |
| 69 | |
| 70 /* Check jump targets. */ | |
| 71 if (NaClHasBit(vstate->cur_inst_state->inst->flags, | |
| 72 NACL_IFLAG(JumpInstruction) | NACL_IFLAG(ConditionalJump))) { | |
| 73 uint32_t i; | |
| 74 NaClExpVector* vector = NaClInstStateExpVector(vstate->cur_inst_state); | |
| 75 for (i = 0; i < vector->number_expr_nodes; ++i) { | |
| 76 NaClExp* node = &vector->node[i]; | |
| 77 if (NaClHasBit(node->flags, NACL_EFLAG(ExprJumpTarget)) | |
| 78 && node->kind == ExprConstant) { | |
| 79 /* Explicit jump value. Check if legal! */ | |
| 80 NaClPcAddress target = end + | |
| 81 (NaClPcNumber) NaClGetExprSignedValue(node); | |
| 82 /* Don't report targets that are out of range. They should have | |
| 83 * been reported in the first pass! | |
| 84 */ | |
| 85 if (NaClCheckAddressRange(target, vstate)) { | |
| 86 if (NaClAddressSetContains(vstate->jump_sets.possible_targets, | |
| 87 target, vstate)) { | |
| 88 if (NaClAddressSetContains(vstate->jump_sets.removed_targets, | |
| 89 target, vstate)) { | |
| 90 NaClValidatorInstMessage( | |
| 91 LOG_ERROR, vstate, vstate->cur_inst_state, | |
| 92 "Jumps into middle of nacl pattern\n"); | |
| 93 } | |
| 94 } else { | |
| 95 NaClValidatorInstMessage( | |
| 96 LOG_ERROR, vstate, vstate->cur_inst_state, | |
| 97 "Doesn't jump to instruction address\n"); | |
| 98 } | |
| 99 } | |
| 100 } | |
| 101 } | |
| 102 } | |
| 103 } | |
| 104 | |
| 105 void NaClJumpValidatorSummarizeDetailed(NaClValidatorState* vstate) { | |
| 106 if (vstate->quit) return; | |
| 107 NaClValidatorMessage( | |
| 108 LOG_INFO, vstate, | |
| 109 "Checking block alignment and jump targets: %"NACL_PRIxNaClPcAddress | |
| 110 " to %"NACL_PRIxNaClPcAddress"\n", | |
| 111 vstate->vbase, vstate->vbase + vstate->codesize); | |
| 112 | |
| 113 /* Check that code segment starts at an aligned address. */ | |
| 114 if (vstate->vbase & vstate->bundle_mask) { | |
| 115 NaClValidatorMessage( | |
| 116 LOG_ERROR, vstate, | |
| 117 "Code segment starts at 0x%"NACL_PRIxNaClPcAddress", " | |
| 118 "which isn't aligned properly.\n", | |
| 119 vstate->vbase); | |
| 120 } | |
| 121 | |
| 122 /* Perform second pass on instructions to find instructions crossing | |
| 123 * block boundaries, and (explicitly) branch to bad places. | |
| 124 */ | |
| 125 do { | |
| 126 if (!NaClValidatorStateIterReset(vstate)) { | |
| 127 NaClValidatorMessage(LOG_ERROR, vstate, | |
| 128 "Not enough memory to check jumps\n"); | |
| 129 break; | |
| 130 } | |
| 131 for (; NaClValidatorStateIterHasNext(vstate); | |
| 132 NaClValidatorStateIterAdvance(vstate)) { | |
| 133 NaClInstLayoutCheck(vstate); | |
| 134 } | |
| 135 NaClValidatorStateIterFinish(vstate); | |
| 136 } while (0); | |
| 137 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 625923004:
Delete old x86 validator. (Closed)
Base URL: svn://svn.chromium.org/native_client/trunk/src/native_client