[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86emul/fuzz: adjust canonicalization in sanitize_input()
>>> On 29.03.19 at 20:20, <George.Dunlap@xxxxxxxxxx> wrote: > However, the whole point of testing is to find places where your assumptions > are violated. If the emulator ever *did* behave differently for canonical > and non-canonical addresses, or near the boundary of canonicity, we’d want > those behaviors to be tested. In this case wouldn't it be preferable to not exactly canonicalize registers, but only almost, to get them near the boundary, but both above and below? Also please let's not forget that there are several constituent parts to a linear address calculation: Base address (any GPR or none at all), scaled index (GPRs other than %rsp or none at all, with AVX and later also [XYZ]MM registers), displacement (possibly zero), and segment register base (typically but not always zero). What matters (outside of the special cases that Andrew did enumerate, where the emulator currently does canonical checks on its own) is the result of the calculation, not the value(s) of input registers. Of course, if any of the parts is non-canonical, there's a good chance that the calculation result too will be. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |