question about nacl-llvm auto-sandboxing expander's memory sfi

[KnoooW]

hi all,

  I'm reading source code of pnacl-llvm. and i find in X86MCNaClExpander.cpp, 

you process string instruction separated from other memory operations, 

so what's the reason ?

I think the general emitSandboxMemOps can process all the string instructions as well,

also, I find you missed 'SCASB/W/L/Q' in your string instruction process,

///////////
static bool isStringOperation(const MCInst &Inst) {
  switch (Inst.getOpcode()) {
  case X86::CMPSB:
  case X86::CMPSW:
  case X86::CMPSL:
  case X86::CMPSQ:
  case X86::MOVSB:
  case X86::MOVSW:
  case X86::MOVSL:
  case X86::MOVSQ:
  case X86::STOSB:
  case X86::STOSW:
  case X86::STOSL:
  case X86::STOSQ:
    return true;                     /// no scas
  }
  return false;
}
/////////////////

[Victor Khimenko]

String instructions have all the operands implicit which means it's impossible to inject %r15 into them. They are supported by NaCl - but only as part of special sequences. This is totally different from all other memory-accessing instructions.

--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.
To post to this group, send email to native-cli...@googlegroups.com.
Visit this group at http://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.

[Derek Schuff]

As Victor says, string instructions require special handling. See 
   llvm/test/MC/X86/nacl-autosandbox/x86-64-stringop.s in the PNaCl LLVM repo for an example of how string instructions are expanded.

 Also, scas is not allowed at all in NaCl  (see src/trusted/validator_ragel/instruction_definitions/general_purpose_instructions.def in the NaCl repo)

[KnoooW]

yeah !

I understand your idea , but why nacl don't support scas ?

can it break out ?,  I didn't find a way...

在 2015年11月13日星期五 UTC+8下午2:26:46，Derek Schuff写道：

To unsubscribe from this group and stop receiving emails from it, send an email to native-client-discuss+unsub...@googlegroups.com.

[Victor Khimenko]

On Tue, Nov 17, 2015 at 6:06 AM, KnoooW <3n4...@gmail.com> wrote:

yeah !

I understand your idea , but why nacl don't support scas ?

can it break out ?,  I didn't find a way...

scas is supported on NaCl, I have no idea why it's not supported by PNaCl LLVM... It's not regular instruction thus it's forbidden in src/trusted/validator_ragel/instruction_definitions/general_purpose_instructions.def, but allowed as part of "superinstruction" in src/trusted/validator_ragel/validator_x86_64.rl - it's the same approach as with all other string instructions: movs, lods, cmps, maskmovdqu...

 

To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.

[paul prochnow]

I haven't done any advanced stuff at all.

What about Chrome Store, what about Android Store

so tablets can run it when they are unused and charging?

To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.

To post to this group, send email to native-cli...@googlegroups.com.
Visit this group at http://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.

[Victor Khimenko]

On Tue, Nov 17, 2015 at 6:09 PM, paul prochnow <321...@gmail.com> wrote:

I haven't done any advanced stuff at all.

What about Chrome Store, what about Android Store

so tablets can run it when they are unused and charging?

No solutions using Chrome, unfortunately. There's Folding@Home in Google Play, though: https://folding.stanford.edu/home/first-full-version-of-our-foldinghome-client-for-android-mobile-phones/

[Derek Schuff]

On Tue, Nov 17, 2015 at 12:37 AM Victor Khimenko <kh...@chromium.org> wrote:

On Tue, Nov 17, 2015 at 6:06 AM, KnoooW <3n4...@gmail.com> wrote:

yeah !

I understand your idea , but why nacl don't support scas ?

can it break out ?,  I didn't find a way...

scas is supported on NaCl, I have no idea why it's not supported by PNaCl LLVM...

I think this is just an oversight.

 

It's not regular instruction thus it's forbidden in src/trusted/validator_ragel/instruction_definitions/general_purpose_instructions.def, but allowed as part of "superinstruction" in src/trusted/validator_ragel/validator_x86_64.rl - it's the same approach as with all other string instructions: movs, lods, cmps, maskmovdqu...

So IIUC an example of a correct superinstruction would be:

.bundle_lock

 mov %edi,%edi

 lea (%r15,%rdi),%rdi

 repne scas %es:(%rdi),%al

.bundle_unlock

We could probably add auto-sandboxing support to LLVM for this. However if you want to use scas you don't need to wait for that, you could just write it directly. Anything you put in side a .bundle_lock/.bundle_unlock pair will be left alone by the auto-sandboxer.

[KnoooW]

yeah， derek，I think scas should be ok if we use the same sandboxing with stos/lods.

I've included it in my nacl64 implement.

在 2015年11月18日星期三 UTC+8上午2:10:53，Derek Schuff写道：