From 76df5b346854206a1cd688bb422ce6d639ce6f8b Mon Sep 17 00:00:00 2001 From: Sebastian Rauch Date: Tue, 21 Dec 2021 13:22:51 +0100 Subject: [PATCH] Fix gate replacement for non-EPT backends. --- kraft/app/app.py | 8 ++- kraft/sec/rules/gatereplacer_ept.cocci.in | 65 +++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 kraft/sec/rules/gatereplacer_ept.cocci.in diff --git a/kraft/app/app.py b/kraft/app/app.py index 83e4e3fb..75d56697 100644 --- a/kraft/app/app.py +++ b/kraft/app/app.py @@ -837,18 +837,22 @@ def simple_replace(template_path, path, marker, shstack_enabled=True): add_local_linkerscript(lib, fulldiff=fulldiff) # then generate cocci files dynamically from the template - gr_rule_template = get_sec_rule("gatereplacer.cocci.in") + if is_ept: + gr_rule_template = get_sec_rule("gatereplacer_ept.cocci.in") + else: + gr_rule_template = get_sec_rule("gatereplacer.cocci.in") if FCALLS_enabled: cb_rule_template = get_sec_rule("rmcallbacks.cocci.in") else: cb_rule_template = get_sec_rule("callbackreplacer.cocci.in") + gr_rule_template = gr_rule_template.replace("{{ comp_cur_nb }}", str(lib.compartment.number)) + ept_rpc_id_prefix = "_RPC_ID_" if is_ept else "" cb_rule_template = cb_rule_template.replace("{{ comp_cur_nb }}", str(lib.compartment.number)) gr_rule = "" - ept_rpc_id_prefix = "_RPC_ID_" if is_ept else "" if (is_ept): rpc_id_gen_template = get_sec_rule("rpc_id_gen.cocci.in") rpc_id_gen_template = rpc_id_gen_template.replace("{{ filename }}", diff --git a/kraft/sec/rules/gatereplacer_ept.cocci.in b/kraft/sec/rules/gatereplacer_ept.cocci.in new file mode 100644 index 00000000..54d657ab --- /dev/null +++ b/kraft/sec/rules/gatereplacer_ept.cocci.in @@ -0,0 +1,65 @@ +@gatereplacer_return0_{{ rule_nr }}@ +identifier func; +expression ret, lname; +fresh identifier func_id = "{{ ept_id_prefix }}" ## func; +@@ +- flexos_gate_r({{ lib_dest_name }}, ret, func); ++ {{ gate_r }}({{ comp_cur_nb }}, {{ comp_dest_nb }}, ret, func_id); + +@script:python@ +func_name << gatereplacer_return0_{{ rule_nr }}.func; +@@ +fname = str(func_name) +if fname not in entries: + entries[fname] = entry_cnt + entry_cnt += 1 + +@gatereplacer_return{{ rule_nr }}@ +identifier func; +expression list EL; +expression ret, lname; +fresh identifier func_id = "{{ ept_id_prefix }}" ## func; +@@ +- flexos_gate_r({{ lib_dest_name }}, ret, func, EL); ++ {{ gate_r }}({{ comp_cur_nb }}, {{ comp_dest_nb }}, ret, func_id, EL); + +@script:python@ +func_name << gatereplacer_return{{ rule_nr }}.func; +@@ +fname = str(func_name) +if fname not in entries: + entries[fname] = entry_cnt + entry_cnt += 1 + +@gatereplacer_noreturn0_{{ rule_nr }}@ +identifier func; +expression lname; +fresh identifier func_id = "{{ ept_id_prefix }}" ## func; +@@ +- flexos_gate({{ lib_dest_name }}, func); ++ {{ gate }}({{ comp_cur_nb }}, {{ comp_dest_nb }}, func_id); + +@script:python@ +func_name << gatereplacer_noreturn0_{{ rule_nr }}.func; +@@ +fname = str(func_name) +if fname not in entries: + entries[fname] = entry_cnt + entry_cnt += 1 + +@gatereplacer_noreturn{{ rule_nr }}@ +identifier func; +expression list EL; +expression lname; +fresh identifier func_id = "{{ ept_id_prefix }}" ## func; +@@ +- flexos_gate({{ lib_dest_name }}, func, EL); ++ {{ gate }}({{ comp_cur_nb }}, {{ comp_dest_nb }}, func_id, EL); + +@script:python@ +func_name << gatereplacer_noreturn{{ rule_nr }}.func; +@@ +fname = str(func_name) +if fname not in entries: + entries[fname] = entry_cnt + entry_cnt += 1