[GR-40769] Check for native access when creating a Pointer

PullRequest: truffleruby/3474

Author: eregon

CHANGELOG.md

@@ -59,6 +59,10 @@ Changes:
 * Refactored sharing of array objects between threads using new `SharedArrayStorage` (@aardvark179).
 * Marking of native structures wrapped in objects is now done on C call exit to reduce memory overhead (@aardvark179).
 
+Security:
+
+* The native access permission is now properly checked before any native pointer (e.g. `Truffle::FFI::Pointer`) is created (@eregon).
+
 # 22.2.0
 
 New features:

src/main/java/org/truffleruby/cext/CExtNodes.java

@@ -22,6 +22,7 @@
 import org.jcodings.Encoding;
 import org.jcodings.IntHolder;
 import org.truffleruby.Layouts;
+import org.truffleruby.RubyContext;
 import org.truffleruby.RubyLanguage;
 import org.truffleruby.builtins.CoreMethod;
 import org.truffleruby.builtins.CoreMethodArrayArgumentsNode;
@@ -149,9 +150,9 @@ public class CExtNodes {
     public static final int RUBY_TAG_THROW = 0x7;
     public static final int RUBY_TAG_FATAL = 0x8;
 
-    public static Pointer newNativeStringPointer(int capacity, RubyLanguage language) {
+    public static Pointer newNativeStringPointer(RubyLanguage language, RubyContext context, int capacity) {
         // We need up to 4 \0 bytes for UTF-32. Always use 4 for speed rather than checking the encoding min length.
-        Pointer pointer = Pointer.mallocAutoRelease(capacity + 4, language);
+        Pointer pointer = Pointer.mallocAutoRelease(language, context, capacity + 4);
         pointer.writeInt(capacity, 0);
         return pointer;
     }
@@ -765,7 +766,7 @@ public abstract static class RbStrNewNulNode extends CoreMethodArrayArgumentsNod
         @Specialization
         protected RubyString rbStrNewNul(int byteLength,
                 @Cached MutableTruffleString.FromNativePointerNode fromNativePointerNode) {
-            final Pointer pointer = Pointer.callocAutoRelease(byteLength + 1, getLanguage());
+            final Pointer pointer = Pointer.callocAutoRelease(getLanguage(), getContext(), byteLength + 1);
             var nativeTString = fromNativePointerNode.execute(pointer, 0, byteLength, Encodings.BINARY.tencoding,
                     false);
             return createMutableString(nativeTString, Encodings.BINARY);
@@ -842,8 +843,8 @@ protected RubyString rbStrResize(RubyString string, int newByteLength,
                 string.clearCodeRange();
                 return string;
             } else {
-                var newNativeTString = TrStrCapaResizeNode.resize(pointer, newByteLength, newByteLength, tencoding,
-                        fromNativePointerNode, getLanguage());
+                var newNativeTString = TrStrCapaResizeNode.resize(getLanguage(), getContext(), pointer, newByteLength,
+                        newByteLength, tencoding, fromNativePointerNode);
                 string.setTString(newNativeTString);
 
                 // Like MRI's rb_str_resize()
@@ -869,18 +870,18 @@ protected RubyString trStrCapaResize(RubyString string, int newCapacity,
                 return string;
             } else {
                 int byteLength = string.tstring.byteLength(tencoding);
-                var newNativeTString = resize(pointer, newCapacity, byteLength, tencoding, fromNativePointerNode,
-                        getLanguage());
+                var newNativeTString = resize(getLanguage(), getContext(), pointer, newCapacity, byteLength, tencoding,
+                        fromNativePointerNode);
                 string.setTString(newNativeTString);
 
                 return string;
             }
         }
 
-        static MutableTruffleString resize(Pointer pointer, int newCapacity, int newByteLength,
-                TruffleString.Encoding tencoding, MutableTruffleString.FromNativePointerNode fromNativePointerNode,
-                RubyLanguage language) {
-            final Pointer newPointer = newNativeStringPointer(newCapacity, language);
+        static MutableTruffleString resize(RubyLanguage language, RubyContext context, Pointer pointer, int newCapacity,
+                int newByteLength, TruffleString.Encoding tencoding,
+                MutableTruffleString.FromNativePointerNode fromNativePointerNode) {
+            final Pointer newPointer = newNativeStringPointer(language, context, newCapacity);
             newPointer.writeBytes(0, pointer, 0, Math.min(pointer.getSize(), newCapacity));
 
             return fromNativePointerNode.execute(newPointer, 0, newByteLength, tencoding, false);
@@ -1285,8 +1286,8 @@ protected Pointer toNative(RubyString string,
                 pointer = (Pointer) getInternalNativePointerNode.execute(tstring, tencoding);
             } else {
                 int byteLength = tstring.byteLength(tencoding);
-                pointer = allocateAndCopyToNative(tstring, tencoding, byteLength, copyToNativeMemoryNode,
-                        getLanguage());
+                pointer = allocateAndCopyToNative(getLanguage(), getContext(), tstring, tencoding, byteLength,
+                        copyToNativeMemoryNode);
 
                 var nativeTString = fromNativePointerNode.execute(pointer, 0, byteLength, tencoding, false);
                 string.setTString(nativeTString);
@@ -1300,9 +1301,10 @@ protected Pointer toNativeImmutable(ImmutableRubyString string) {
             return string.getNativeString(getLanguage());
         }
 
-        public static Pointer allocateAndCopyToNative(AbstractTruffleString tstring, TruffleString.Encoding tencoding,
-                int capacity, TruffleString.CopyToNativeMemoryNode copyToNativeMemoryNode, RubyLanguage language) {
-            final Pointer pointer = newNativeStringPointer(capacity, language);
+        public static Pointer allocateAndCopyToNative(RubyLanguage language, RubyContext context,
+                AbstractTruffleString tstring, TruffleString.Encoding tencoding, int capacity,
+                TruffleString.CopyToNativeMemoryNode copyToNativeMemoryNode) {
+            final Pointer pointer = newNativeStringPointer(language, context, capacity);
             copyToNativeMemoryNode.execute(tstring, 0, pointer, 0, capacity, tencoding);
             return pointer;
         }
@@ -2026,7 +2028,7 @@ public abstract static class DataHolderCreate extends PrimitiveArrayArgumentsNod
 
         @Specialization
         protected DataHolder create(Object address) {
-            return new DataHolder(address, Pointer.NULL);
+            return new DataHolder(address, Pointer.getNullPointer(getContext()));
         }
     }
 

src/main/java/org/truffleruby/cext/DataHolder.java

@@ -26,17 +26,17 @@ public final class DataHolder implements TruffleObject {
     private Object pointer;
     private Object marker;
 
-    public DataHolder(Object address, Object marker) {
-        this.pointer = address;
+    public DataHolder(Object pointer, Object marker) {
+        this.pointer = pointer;
         this.marker = marker;
     }
 
     public Object getPointer() {
         return pointer;
     }
 
-    public void setPointer(Object address) {
-        this.pointer = address;
+    public void setPointer(Object pointer) {
+        this.pointer = pointer;
     }
 
     public Object getMarker() {

src/main/java/org/truffleruby/core/VMPrimitiveNodes.java

@@ -643,9 +643,9 @@ protected long argvLength() {
             }
 
             int argc = getContext().nativeArgc;
-            Pointer argv = new Pointer(getContext().nativeArgv, argc * Pointer.SIZE);
-            Pointer first = argv.readPointer(0);
-            Pointer last = argv.readPointer((argc - 1) * Pointer.SIZE);
+            Pointer argv = new Pointer(getContext(), getContext().nativeArgv, argc * Pointer.SIZE);
+            Pointer first = argv.readPointer(getContext(), 0);
+            Pointer last = argv.readPointer(getContext(), (argc - 1) * Pointer.SIZE);
             long lastByte = last.getAddress() + last.findNullByte(getContext(), InteropLibrary.getUncached(), 0);
             nativeArgvLength = lastByte - first.getAddress();
 

src/main/java/org/truffleruby/core/array/ArrayNodes.java

@@ -2325,7 +2325,7 @@ protected RubyArray storeToNative(RubyArray array,
                 @Cached IsSharedNode isSharedNode,
                 @Cached ConditionProfile sharedProfile) {
             final int size = arraySizeProfile.profile(array.size);
-            Pointer pointer = Pointer.mallocAutoRelease(size * Pointer.SIZE, getLanguage());
+            Pointer pointer = Pointer.mallocAutoRelease(getLanguage(), getContext(), size * Pointer.SIZE);
             Object newStore = new NativeArrayStorage(pointer, size);
             stores.copyContents(store, 0, newStore, 0, size);
             array.setStore(newStore);

src/main/java/org/truffleruby/core/array/library/NativeArrayStorage.java

@@ -18,6 +18,7 @@
 import com.oracle.truffle.api.CompilerDirectives.TruffleBoundary;
 import com.oracle.truffle.api.profiles.ConditionProfile;
 import com.oracle.truffle.api.profiles.LoopConditionProfile;
+import org.truffleruby.RubyContext;
 import org.truffleruby.cext.UnwrapNode;
 import org.truffleruby.cext.UnwrapNodeGen.UnwrapNativeNodeGen;
 import org.truffleruby.cext.ValueWrapper;
@@ -122,9 +123,10 @@ protected int capacity() {
     }
 
     @ExportMessage
-    protected NativeArrayStorage expand(int newCapacity) {
+    protected NativeArrayStorage expand(int newCapacity,
+            @CachedLibrary("this") ArrayStoreLibrary node) {
         final int capacity = this.length;
-        Pointer newPointer = Pointer.malloc(capacity);
+        Pointer newPointer = Pointer.malloc(RubyContext.get(node), capacity);
         newPointer.writeBytes(0, pointer, 0, capacity);
         newPointer.writeBytes(capacity, newCapacity - capacity, (byte) 0);
         /* We copy the contents of the marked objects to ensure the references will be kept alive even if the old store

src/main/java/org/truffleruby/core/encoding/EncodingManager.java

@@ -153,7 +153,7 @@ private void initializeLocaleEncoding(TruffleNFIPlatform nfi, NativeConfiguratio
             } catch (InteropException e) {
                 throw CompilerDirectives.shouldNotReachHere(e);
             }
-            final byte[] bytes = new Pointer(address).readZeroTerminatedByteArray(
+            final byte[] bytes = new Pointer(context, address).readZeroTerminatedByteArray(
                     context,
                     InteropLibrary.getUncached(),
                     0);

src/main/java/org/truffleruby/core/format/read/bytes/ReadStringPointerNode.java

@@ -48,7 +48,7 @@ protected MissingValue decode(Nil nil) {
     protected RubyString read(VirtualFrame frame, long address,
             @CachedLibrary(limit = "getRubyLibraryCacheLimit()") RubyLibrary rubyLibrary,
             @CachedLibrary(limit = "1") InteropLibrary interop) {
-        final Pointer pointer = new Pointer(address);
+        final Pointer pointer = new Pointer(getContext(), address);
         checkAssociated(
                 (Pointer[]) frame.getObject(FormatFrameDescriptor.SOURCE_ASSOCIATED_SLOT),
                 pointer);

src/main/java/org/truffleruby/core/string/ImmutableRubyString.java

@@ -84,8 +84,9 @@ private synchronized Pointer createNativeString(RubyLanguage language) {
         if (nativeString == null) {
             var tencoding = getEncodingUncached().tencoding;
             int byteLength = tstring.byteLength(tencoding);
-            nativeString = CExtNodes.StringToNativeNode.allocateAndCopyToNative(tstring, tencoding, byteLength,
-                    TruffleString.CopyToNativeMemoryNode.getUncached(), language);
+            nativeString = CExtNodes.StringToNativeNode.allocateAndCopyToNative(language,
+                    RubyLanguage.getCurrentContext(), tstring, tencoding, byteLength,
+                    TruffleString.CopyToNativeMemoryNode.getUncached());
         }
         return nativeString;
     }

src/main/java/org/truffleruby/core/string/StringNodes.java

@@ -1589,7 +1589,7 @@ protected Object initializeCopyNative(RubyString self, RubyString from,
             var tencoding = encoding.tencoding;
             final Pointer fromPointer = (Pointer) getInternalNativePointerNode.execute(tstring, tencoding);
 
-            final Pointer newPointer = Pointer.mallocAutoRelease(fromPointer.getSize(), getLanguage());
+            final Pointer newPointer = Pointer.mallocAutoRelease(getLanguage(), getContext(), fromPointer.getSize());
             newPointer.writeBytes(0, fromPointer, 0, fromPointer.getSize());
 
             // TODO (eregon, 2022): should we have the copy be native too, or rather take the opportunity of having to copy to be managed?