question about NACL stack(rbp,rsp) sfi design

24 views
Skip to first unread message

KnoooW

unread,
Nov 17, 2015, 3:59:40 AM11/17/15
to Native-Client-Discuss
hi all,
 I notice NACL's stack (rbp/rsp) sfi inplement like this:

sub $0x20, %rsp ===>  sub $0x20, %esp  /// clear high 32bits
                                    add %r15, %rsp   /// add base address

BUT, this only correct when r15(base address) is larger than 0xffffffff.

because in 'sub $0x20, %esp' , rsp is a real address rather than a sandboxed address,
and if base&mask not is zero, we will get error,

for example:

if r15 = 0x10000
rsp = 0x20020

then sub $0x20, %rsp will be translated into 

(0x20020-0x20) + 0x10000 = 0x30000

but what we want is ((0x20020-0x10000)-0x20) + 0x10000 = 0x20000 !

did nacl do something that can KEEP r15 larger than 0xffffffff ??
If not, it could be encounter error when r15 < 0xffffffff in stack access !


Victor Khimenko

unread,
Nov 17, 2015, 4:43:55 AM11/17/15
to Native Client Discuss

  • R15 (aka RBASE and RZP) is never modified by code (the validator must ensure this). Low 32 bits of RZP are all zero (loader must ensure this).

KnoooW

unread,
Nov 17, 2015, 4:46:50 AM11/17/15
to Native-Client-Discuss
oops !
thanks khim,
that's good.
how can loader ensure this ?
use suggested address in mmap when allocate NEXE memory space ?


在 2015年11月17日星期二 UTC+8下午5:43:55,khim写道:

Victor Khimenko

unread,
Nov 17, 2015, 4:56:52 AM11/17/15
to Native Client Discuss
On Tue, Nov 17, 2015 at 12:46 PM, KnoooW <3n4...@gmail.com> wrote:
oops !
thanks khim,
that's good.
how ca40Gin loader ensure this ?
use suggested address in mmap when allocate NEXE memory space ?

I don't know how exactly it does it. It needs to reserve (but not allocate!) 40GiB (2GiB below the "untrusted zone" and 34GiB above the untrusted zone), too - thus I think it just allocated 44GiB+, then aligns the "untrusted zone" in that region...

Actual allocation of code/data/etc is done with MAP_FIXED flag, but I'm not sure if initial [huge] allocation or the reserved address space also uses it or not. It uses MAP_NORESERVE for sure...
 

--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.
To post to this group, send email to native-cli...@googlegroups.com.
Visit this group at http://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.

Message has been deleted

KnoooW

unread,
Nov 17, 2015, 5:56:18 AM11/17/15
to Native-Client-Discuss
yeah, khim,
you are right !
I checked the nacl source code, it did reserve memory first then round it to high-32-bits alignment,
then free the front-extra memory. 
and the reserved size is 40GB+4GB+40GB




在 2015年11月17日星期二 UTC+8下午5:56:52,khim写道:

To unsubscribe from this group and stop receiving emails from it, send an email to native-client-discuss+unsub...@googlegroups.com.

Victor Khimenko

unread,
Nov 17, 2015, 6:33:09 AM11/17/15
to Native Client Discuss
On Tue, Nov 17, 2015 at 1:56 PM, KnoooW <3n4...@gmail.com> wrote:
yeah, khim,
you are right !
I checked the nacl source code, it did reserve memory first then round it to high-32-bits alignment,
then free the front-extra memory. 
and the reserved size is 40GB+4GB+40GB

Not really sure what they are protecting against by using these huge "buffer zones": you could only go below "safe zone" 2GiB by using minimal negative offset (maximal by absolute value) and above by 34GiB by using 4GiB offset plus 8 scale plus maximal positive offset, but hey, they are pretty cheap on Linux thus i don't think they would try to reduce that area...
 
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.
To post to this group, send email to native-cli...@googlegroups.com.
Visit this group at http://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.

paul prochnow

unread,
Nov 17, 2015, 10:08:05 AM11/17/15
to native-cli...@googlegroups.com
I am not trying to butt in but I was 
wondering why it will not run on a TABLET in Chrome [ a mobile Chrome App ]
I tried to NaCl in the browser of the tablet [ has no enablement for extension like a PC]
.......are you finding a solution?

😱

Victor Khimenko

unread,
Nov 17, 2015, 12:20:24 PM11/17/15
to Native Client Discuss
On Tue, Nov 17, 2015 at 6:08 PM, paul prochnow <321...@gmail.com> wrote:
I am not trying to butt in but I was 
wondering why it will not run on a TABLET in Chrome [ a mobile Chrome App ]
I tried to NaCl in the browser of the tablet [ has no enablement for extension like a PC]
.......are you finding a solution?

😱

PPAPI is not available in Android version of Chrome thus both Flash and NaCl are not available, too. There are no solution, sadly.

paul prochnow

unread,
Nov 17, 2015, 12:32:14 PM11/17/15
to native-cli...@googlegroups.com
I see....Sony Experia only.......

😲

Sorry to be a pest.
Reply all
Reply to author
Forward
0 new messages