[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86emul/fuzz: adjust canonicalization in sanitize_input()



>>> On 29.03.19 at 20:20, <George.Dunlap@xxxxxxxxxx> wrote:
> However, the whole point of testing is to find places where your assumptions 
> are violated.  If the emulator ever *did* behave differently for canonical 
> and non-canonical addresses, or near the boundary of canonicity, we’d want 
> those behaviors to be tested.

In this case wouldn't it be preferable to not exactly canonicalize
registers, but only almost, to get them near the boundary, but
both above and below?

Also please let's not forget that there are several constituent
parts to a linear address calculation: Base address (any GPR or
none at all), scaled index (GPRs other than %rsp or none at all,
with AVX and later also [XYZ]MM registers), displacement
(possibly zero), and segment register base (typically but not
always zero). What matters (outside of the special cases that
Andrew did enumerate, where the emulator currently does
canonical checks on its own) is the result of the calculation, not
the value(s) of input registers. Of course, if any of the parts
is non-canonical, there's a good chance that the calculation
result too will be.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.