Chromium Code Reviews Chromium Code Reviews
Issue 10134056:
Refactor the process of choosing validators. (Closed)
Base URL: svn://svn.chromium.org/native_client/trunk/src/native_client| Index: src/trusted/service_runtime/sel_validate_image.c |
| diff --git a/src/trusted/service_runtime/sel_validate_image.c b/src/trusted/service_runtime/sel_validate_image.c |
| index 5b30195b388942ba310e2fbe74fd8e8d3d3155d2..fd26125982a613136d89894f66fe7efca9a818bc 100644 |
| --- a/src/trusted/service_runtime/sel_validate_image.c |
| +++ b/src/trusted/service_runtime/sel_validate_image.c |
| @@ -27,29 +27,58 @@ static int NaClValidateStatus(NaClValidationStatus status) { |
| } |
| } |
| -typedef NaClValidationStatus (*ValidateFunc) ( |
| - uintptr_t, uint8_t*, size_t, int, int, |
| - const NaClCPUFeatures*, struct NaClValidationCache*); |
| - |
| -static ValidateFunc NaClSelectValidator(struct NaClApp *nap) { |
| - ValidateFunc ret = NACL_SUBARCH_NAME(ApplyValidator, |
| - NACL_TARGET_ARCH, NACL_TARGET_SUBARCH); |
| -#ifdef __arm__ |
| - UNREFERENCED_PARAMETER(nap); |
| -#else |
| - if (nap->enable_dfa_validator) { |
| - ret = NACL_SUBARCH_NAME(ApplyDfaValidator, |
| - NACL_TARGET_ARCH, NACL_TARGET_SUBARCH); |
| +static NaClValidationStatus ValidatorCopyNotImplemented( |
|
Nick Bray
2012/04/25 20:57:42
I think that each validator that doesn't implement
pasko-google - do not use
2012/04/26 15:17:01
hm, we seem to agreed that validator selection is
Nick Bray
2012/04/27 00:41:30
As I see it, each "validator" will always behave t
pasko-google - do not use
2012/04/27 17:32:11
Purely hypothetical: if we want to choose validato
Nick Bray
2012/04/27 22:21:36
That would affect the choice of validator and woul
|
| + uintptr_t guest_addr, |
| + uint8_t *data_old, |
| + uint8_t *data_new, |
| + size_t size, |
| + const NaClCPUFeatures *cpu_features) { |
| + UNREFERENCED_PARAMETER(guest_addr); |
| + UNREFERENCED_PARAMETER(data_old); |
| + UNREFERENCED_PARAMETER(data_new); |
| + UNREFERENCED_PARAMETER(size); |
| + UNREFERENCED_PARAMETER(cpu_features); |
| + return NaClValidationFailedNotImplemented; |
| +} |
| + |
| +static NaClValidationStatus ValidatorCodeReplacementNotImplemented( |
| + uintptr_t guest_addr, |
| + uint8_t *data_old, |
| + uint8_t *data_new, |
| + size_t size, |
| + const NaClCPUFeatures *cpu_features) { |
| + UNREFERENCED_PARAMETER(guest_addr); |
| + UNREFERENCED_PARAMETER(data_old); |
| + UNREFERENCED_PARAMETER(data_new); |
| + UNREFERENCED_PARAMETER(size); |
| + UNREFERENCED_PARAMETER(cpu_features); |
| + return NaClValidationFailedNotImplemented; |
| +} |
| + |
| +void NaClSelectValidator(struct NaClApp *nap) { |
| + nap->validate_func = NACL_SUBARCH_NAME(ApplyValidator, |
|
Nick Bray
2012/04/25 20:57:42
I'd reorganize this into mutually exclusive ifdefs
pasko-google - do not use
2012/04/26 15:17:01
That was my first thought as well. Mutually exclus
Nick Bray
2012/04/27 00:41:30
But if you require each validator declare its own
|
| + NACL_TARGET_ARCH, NACL_TARGET_SUBARCH); |
| +#if !defined(__arm__) && defined(NACL_STANDALONE) |
| + if (getenv("NACL_DANGEROUS_USE_DFA_VALIDATOR") != NULL) { |
| + fprintf(stderr, "DANGER! USING THE UNSTABLE DFA VALIDATOR!\n"); |
| + nap->validate_func = NACL_SUBARCH_NAME(ApplyDfaValidator, |
| + NACL_TARGET_ARCH, NACL_TARGET_SUBARCH); |
| } |
| #endif |
| - return ret; |
| + nap->validate_copy_func = ValidatorCopyNotImplemented; |
| + nap->validate_code_replacement_func = ValidatorCodeReplacementNotImplemented; |
| +#ifndef __arm__ |
| + nap->validate_copy_func = NACL_SUBARCH_NAME(ApplyValidatorCopy, |
| + NACL_TARGET_ARCH, NACL_TARGET_SUBARCH); |
| + nap->validate_code_replacement_func = NACL_SUBARCH_NAME( |
| + ApplyValidatorCodeReplacement, NACL_TARGET_ARCH, NACL_TARGET_SUBARCH); |
| +#endif |
| } |
| int NaClValidateCode(struct NaClApp *nap, uintptr_t guest_addr, |
| uint8_t *data, size_t size) { |
| NaClValidationStatus status = NaClValidationSucceeded; |
| struct NaClValidationCache *cache = nap->validation_cache; |
| - ValidateFunc validate_func = NaClSelectValidator(nap); |
| if (size < kMinimumCachedCodeSize) { |
| /* |
| @@ -84,20 +113,20 @@ int NaClValidateCode(struct NaClApp *nap, uintptr_t guest_addr, |
| /* In stub out mode, we do two passes. The second pass acts as a |
| sanity check that bad instructions were indeed overwritten with |
| allowable HLTs. */ |
| - status = validate_func(guest_addr, data, size, |
| - TRUE, /* stub out */ |
| - FALSE, /* text is not read-only */ |
| - &nap->cpu_features, |
| - cache); |
| + status = nap->validate_func(guest_addr, data, size, |
| + TRUE, /* stub out */ |
| + FALSE, /* text is not read-only */ |
| + &nap->cpu_features, |
| + cache); |
| } |
| if (status == NaClValidationSucceeded) { |
| /* Fixed feature CPU mode implies read-only. */ |
| int readonly_text = nap->fixed_feature_cpu_mode; |
| - status = validate_func(guest_addr, data, size, |
| - FALSE, /* do not stub out */ |
| - readonly_text, |
| - &nap->cpu_features, |
| - cache); |
| + status = nap->validate_func(guest_addr, data, size, |
| + FALSE, /* do not stub out */ |
| + readonly_text, |
| + &nap->cpu_features, |
| + cache); |
| } |
| return NaClValidateStatus(status); |
| } |
| @@ -113,11 +142,8 @@ int NaClValidateCodeReplacement(struct NaClApp *nap, uintptr_t guest_addr, |
| return LOAD_BAD_FILE; |
| } |
| - return NaClValidateStatus( |
| - NACL_SUBARCH_NAME(ApplyValidatorCodeReplacement, |
| - NACL_TARGET_ARCH, |
| - NACL_TARGET_SUBARCH) |
| - (guest_addr, data_old, data_new, size, &nap->cpu_features)); |
| + return NaClValidateStatus(nap->validate_code_replacement_func( |
| + guest_addr, data_old, data_new, size, &nap->cpu_features)); |
| } |
| int NaClCopyCode(struct NaClApp *nap, uintptr_t guest_addr, |
| @@ -129,11 +155,8 @@ int NaClCopyCode(struct NaClApp *nap, uintptr_t guest_addr, |
| * before reaching this. |
| */ |
| if (nap->fixed_feature_cpu_mode) return LOAD_BAD_FILE; |
| - return NaClValidateStatus( |
| - NACL_SUBARCH_NAME(ApplyValidatorCopy, |
| - NACL_TARGET_ARCH, |
| - NACL_TARGET_SUBARCH) |
| - (guest_addr, data_old, data_new, size, &nap->cpu_features)); |
| + return NaClValidateStatus(nap->validate_copy_func( |
| + guest_addr, data_old, data_new, size, &nap->cpu_features)); |
| } |
| NaClErrorCode NaClValidateImage(struct NaClApp *nap) { |
