QEMU impl for Legacy Load and Store Inst

Q&A

  • Where is the DDC check during legacy ld/st?

Reference reference

check_cap

Who call it?

target_ulong check_ddc(CPUArchState *env, uint32_t perm,
                                     uint64_t ddc_offset, uint32_t len,
                                     uintptr_t retpc)

void CHERI_HELPER_IMPL(ddc_check_bounds(CPUArchState *env, target_ulong addr,
                                        target_ulong num_bytes))

target_ulong CHERI_HELPER_IMPL(pcc_check_load(CPUArchState *env,
                                              target_ulong pcc_offset,
                                              MemOp op))
            
void CHERI_HELPER_IMPL(raise_exception_ddc_perms(CPUArchState *env,
                                                 uint32_t required_perms))

void CHERI_HELPER_IMPL(raise_exception_ddc_bounds(CPUArchState *env,
                                                     target_ulong addr,
                                                     uint32_t num_bytes))

void CHERI_HELPER_IMPL(ccheck_load_pcrel(CPUArchState *env, target_ulong addr,
                                         uint32_t len))

ddc_check_bounds

ddc_check_bounds caller _generate_ddc_checked_ptr, and upper callers:

decode_i64_mips16
decode_extended_mips16_opc
decode_mips16_opc
decode_micromips32_opc
decode_micromips_opc
decode_nanomips_32_48_opc
decode_opc_special3_r6 // target/mips/translate.c:28026
decode_opc_special3 // target/mips/translate.c:28936
decode_opc          // target/mips/translate.c:30893
  => gen_ld        // target/mips/translate.c
    => generate_ddc_checked_load_ptr
       => _generate_ddc_checked_ptr()
        => ddc_check_bounds

// relations between decode_xxx

mips_tr_ops.translate_insn
= mips_tr_translate_insn // a member 
   => decode_opc
      => // todo
   => decode_micromips_opc
   => decode_mips16_opc (not CHERI compatible)
      => decode_i64_mips16
      => decode_extended_mips16_opc => decode_i64_mips16

// todo
gen_ldst_pair // target/mips/translate.c
=> generate_ddc_checked_load_ptr
   => _generate_ddc_checked_ptr()
      => ddc_check_bounds

// todo
gen_ddc_interposed_ld_i64  // target/cheri-common/cheri-translate-util.h
gen_ddc_interposed_ld_i32  // target/cheri-common/cheri-translate-util.h
=> generate_ddc_checked_load_ptr
   => _generate_ddc_checked_ptr()
      => ddc_check_bounds

// todo
generate_ddc_checked_store_ptr
   => _generate_ddc_checked_ptr()
      => ddc_check_bounds

// todo
generate_ddc_checked_rmw_ptr
   => _generate_ddc_checked_ptr()
      => ddc_check_bounds

check_ddc

Who calls check_ddc?

target_ulong CHERI_HELPER_IMPL(ccheck_load_right(CPUArchState *env, target_ulong offset, uint32_t len))

target_ulong CHERI_HELPER_IMPL(ccheck_store(CPUArchState *env, target_ulong offset, uint32_t len))

target_ulong CHERI_HELPER_IMPL(ccheck_load(CPUArchState *env, target_ulong offset, uint32_t len))

static inline target_ulong ccheck_store_right(CPUMIPSState *env, target_ulong offset, uint32_t len, uintptr_t retpc)

void helper_swl(CPUMIPSState *env, target_ulong arg1, target_ulong arg2,
                int mem_idx)

void helper_sdl(CPUMIPSState *env, target_ulong arg1, target_ulong arg2,
                int mem_idx)

More

Created Aug 10, 2020 // Last Updated May 18, 2021

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?