Add hooks for setting bounds and permissions on exported pointers.

coder-mike / microvium

A compact, embeddable scripting engine for applications and microcontrollers for executing programs written in a subset of the JavaScript language.

MIT License

569 stars 25 forks source link

Add hooks for setting bounds and permissions on exported pointers. #80

Closed davidchisnall closed 7 months ago

davidchisnall commented 7 months ago

On a CHERI system, the pointers into the Microvium heap give full read-write access to the entire heap. This means that bounds errors (or passing string pointers to functions that try to mutate their arguments) will corrupt VM state.

The two hooks are:

Apply bounds to this pointer.
Remove the ability to load pointers or store through the pointer.

Both of these default to doing nothing, but no CHERI platforms they can be a csetbounds / candperms instruction.

davidchisnall commented 7 months ago

(Rebased, now applies cleanly)

coder-mike commented 7 months ago

The change makes sense, but it doesn't look like this PR changes native-vm/microvium.c which is the source of truth for the source code. The other microvium.c files are derived files that are generated during the build process.

davidchisnall commented 7 months ago

I also didn't change that file in #78. I guess I need to apply the same change from that as well?

davidchisnall commented 7 months ago

I've pushed an update that hopefully fixes it for the previous commit as well.

coder-mike commented 7 months ago

Yeah, looks good. Sorry, I should have caught that in the other PR as well.