Add AOT module validation to ensure memory constraints are met

lum1n0us · lum1n0us · commit 716fcb774d95 · 2024-12-31T02:06:06.000Z
diff --git a/core/iwasm/aot/aot_loader.c b/core/iwasm/aot/aot_loader.c
@@ -10,6 +10,7 @@
 #include "../common/wasm_native.h"
 #include "../common/wasm_loader_common.h"
 #include "../compilation/aot.h"
+#include "aot_validator.h"
 
 #if WASM_ENABLE_DEBUG_AOT != 0
 #include "debug/elf_parser.h"
@@ -1106,9 +1107,6 @@ load_memory_info(const uint8 **p_buf, const uint8 *buf_end, AOTModule *module,
     const uint8 *buf = *p_buf;
 
     read_uint32(buf, buf_end, module->import_memory_count);
-    /* We don't support import_memory_count > 0 currently */
-    if (module->import_memory_count > 0)
-        return false;
 
     read_uint32(buf, buf_end, module->memory_count);
     total_size = sizeof(AOTMemory) * (uint64)module->memory_count;
@@ -4403,6 +4401,12 @@ aot_load_from_aot_file(const uint8 *buf, uint32 size, const LoadArgs *args,
     os_thread_jit_write_protect_np(true); /* Make memory executable */
     os_icache_flush(module->code, module->code_size);
 
+    /*TODO: use a CLI option to control? */
+    if (!aot_module_validate(module, error_buf, error_buf_size)) {
+        aot_unload(module);
+        return NULL;
+    }
+
     LOG_VERBOSE("Load module success.\n");
     return module;
 }
diff --git a/core/iwasm/aot/aot_validator.c b/core/iwasm/aot/aot_validator.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2019 Intel Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+ */
+
+#include "aot_validator.h"
+
+static void
+set_error_buf(char *error_buf, uint32 error_buf_size, const char *string)
+{
+    if (error_buf != NULL) {
+        snprintf(error_buf, error_buf_size,
+                 "AOT module load failed: from validator. %s", string);
+    }
+}
+
+static bool
+aot_memory_info_validate(const AOTModule *module, char *error_buf,
+                         uint32 error_buf_size)
+{
+    if (module->import_memory_count > 0) {
+        set_error_buf(error_buf, error_buf_size,
+                      "import memory is not supported");
+        return false;
+    }
+
+    if (module->memory_count < 1) {
+        set_error_buf(error_buf, error_buf_size,
+                      "there should be >=1 memory in one aot module");
+        return false;
+    }
+
+    return true;
+}
+
+bool
+aot_module_validate(const AOTModule *module, char *error_buf,
+                    uint32 error_buf_size)
+{
+    if (!aot_memory_info_validate(module, error_buf, error_buf_size)) {
+        return false;
+    }
+
+    return true;
+}
diff --git a/core/iwasm/aot/aot_validator.h b/core/iwasm/aot/aot_validator.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) 2019 Intel Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+ */
+
+#ifndef _AOT_VALIDATOR_H_
+#define _AOT_VALIDATOR_H_
+
+#include "aot_runtime.h"
+
+bool
+aot_module_validate(const AOTModule *module, char *error_buf,
+                    uint32 error_buf_size);
+
+#endif /* _AOT_VALIDATOR_H_ */
