Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix setting bounds (non-canonical) untagged capabilities #11

Merged
merged 5 commits into from
Feb 1, 2023
Merged

Fix setting bounds (non-canonical) untagged capabilities #11

merged 5 commits into from
Feb 1, 2023

Conversation

arichardson
Copy link
Member

@arichardson arichardson commented Jan 11, 2023
edited
Loading

This was found by the fuzzer since it triggered an assertion, now it
matches the sail outputs.
When calling decompress_raw we have to use req_base and not the current
address to infer the bounds. This did not matter previously since we only
called the function on in-bounds caps, so the result was the same, but now
that we allow out-of-bounds untagged values, we have to use req_base
instead and set the address to req_base.

@arichardson arichardson requested a review from jrtc27 January 12, 2023 11:14
@arichardson arichardson requested a review from jrtc27 January 13, 2023 11:59
@arichardson
Copy link
Member Author

Rebased and fixed issues.

@arichardson
Extend the fuzzer to also compare setting bounds against sail
384bc3e
@arichardson
Restrict _cc_N(setbounds_impl) validity assertions to tagged capabili…
c1b8a5a 
…ties

When called on untagged quantities these do not necessarily hold.
@arichardson
Fix and add test for setting bounds on a non-canonical untagged capab…
1374b6b 
…ility

This was found by the fuzzer since it triggered an assertion, now it
matches the sail outputs.
When calling decompress_raw we have to use req_base and not the current
address to infer the bounds. This did not matter previously since we only
called the function on in-bounds caps, so the result was the same, but now
that we allow out-of-bounds untagged values, we have to use req_base
instead and set the address to req_base.
@arichardson
Relax another assertion for untagged inputs
cb47aab 
Due to the way we decode top/bot it is possible for top to decode to
1<<66, but that is then truncated to zero and can therefore be less than
the base of the capability. The example test case was found by TestRIG

See CTSRD-CHERI/sail-cheri-riscv#36 for an
alternative decoding approach that guarantees top >= base.
@arichardson
Copy link
Member Author

Found another assertion that can be triggered on untagged inputs. Relaxing this also seems fine unless we decide to merge CTSRD-CHERI/sail-cheri-riscv#36.

@arichardson
Improve setbounds fuzzer coverage
25d3e11 
Actually request more than 2 addresses worth of input, so we end up with
a non-zero req_len input. With this change the assertion relaxed in the
last commit is also found by libfuzzer.
@arichardson arichardson mentioned this pull request Jan 17, 2023
Merged
@arichardson
Copy link
Member Author

If there are no further comments I will merge this tomorrow.

@arichardson arichardson merged commit bc17a9a into CTSRD-CHERI:master Feb 1, 2023
@arichardson arichardson deleted the untagged-setbounds branch February 10, 2023 18:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LawrenceEsswood LawrenceEsswood Awaiting requested review from LawrenceEsswood

@jrtc27 jrtc27 Awaiting requested review from jrtc27

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arichardson @jrtc27