Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for more than two compartments #300

Merged
merged 16 commits into from
May 7, 2024
Merged

Add support for more than two compartments #300

merged 16 commits into from
May 7, 2024

Conversation

ayrtonm
Copy link
Contributor

@ayrtonm ayrtonm commented Oct 10, 2023
edited
Loading

Right now this just separates functions that need direct call gates based on whether they'll need one or more call gates, modifies define_shared_lib to allow invoking it more than once per tests and updates read_config to use 3 compartments. The expected behavior is an ld error when building the read_config_main_wrapped target since define_test doesn't pull in the third compartment DSO yet. Closes #276.

This was referenced Oct 10, 2023
Closed
Open
@ayrtonm
Copy link
Contributor Author

ayrtonm commented Oct 10, 2023

See this comment for latest status.

@ayrtonm ayrtonm force-pushed the am/multicompartment branch from 92473ed to 79e9d4f Compare October 11, 2023 02:24
@ayrtonm
Copy link
Contributor Author

ayrtonm commented Oct 11, 2023

CI is failing because I added a dummy .c to test out the objcopy step with more than one .o, but tests pass locally.

@ayrtonm
Copy link
Contributor Author

ayrtonm commented Oct 11, 2023
edited
Loading

TODO: bump CMake req to 3.27 for LIST JOIN in generator expression might not be necessary after all

@ayrtonm ayrtonm force-pushed the am/multicompartment branch 3 times, most recently from 99f179c to df2df21 Compare October 11, 2023 18:35
@fw-immunant fw-immunant self-requested a review October 16, 2023 20:23
rinon
rinon reviewed Oct 17, 2023
View reviewed changes
Copy link
Collaborator

@rinon rinon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cmake changes look alright to me after a quick pass

@rinon
Copy link
Collaborator

rinon commented Nov 9, 2023

I've hit some serious roadblocks with the current cmake rules (before this PR), so I'm working on rewriting those. I can integrate these changes pretty easily once that is done, so I'm happy to rebase this. I just wanted to let you know that I'm working on the build system now, @ayrtonm, so you don't end up putting time into something that is changing.

@ayrtonm ayrtonm mentioned this pull request Dec 19, 2023
Merged
@ayrtonm ayrtonm force-pushed the am/multicompartment branch 3 times, most recently from 3a39c51 to 2fbc712 Compare December 20, 2023 03:33
@ayrtonm ayrtonm changed the title WIP Add support for more than two compartments Add support for more than two compartments Dec 20, 2023
@ayrtonm ayrtonm mentioned this pull request Mar 6, 2024
Merged
@ayrtonm ayrtonm force-pushed the am/multicompartment branch from 2fbc712 to d7a98d6 Compare April 9, 2024 21:25
@ayrtonm
Copy link
Contributor Author

ayrtonm commented Apr 9, 2024

rebased on main but I think I dropped the nginx commit. The three pkeys test builds but I didn't get a chance to run it on an MPK machine

fw-immunant
fw-immunant reviewed Apr 10, 2024
View reviewed changes
cmake/ia2.cmake Outdated Show resolved Hide resolved
@ayrtonm
Copy link
Contributor Author

ayrtonm commented Apr 15, 2024

I'm not currently working on this @fw-immunant in case you have time to take a look at the test failure or make changes to this PR to minimize conflicts with the library-only mode stuff. Also the last two commits can probably be split off and merged independently though we should double check that the ignore_function doesn't break anything.

@fw-immunant fw-immunant force-pushed the am/multicompartment branch 2 times, most recently from e1ed606 to c2f4799 Compare April 23, 2024 00:34
@fw-immunant
Copy link
Contributor

@ayrtonm could I get review here on just the commit "rewriter: find filenames of macros more often"? Everything else I'm pretty confident about, but I want to make sure that that change isn't contradicting what you were trying to handle with "tools/rewriter: Fix ignore_function".

ayrtonm added 5 commits April 23, 2024 10:49
@ayrtonm @fw-immunant
rewriter: Generate objcopy args file in rewriter as necessary
0d57d1a 
The objcopy args file is used to rename colliding ELF symbol names to avoid
collisions with call gate names. This can happen with more than two compartments
when compartment A and B both call function foo in C. With less than three
compartments we normally generate one call gate for foo named __wrap_foo. With
two cross-compartment callers, we need unique call gates since the pkeys are
baked into the call gate .text so we need to suffix the call gate names with the
pkeys. Since ld --wrap replace references to bar with __wrap_bar we also need to
suffix the symbol names as seen in the caller DSOs.
@ayrtonm @fw-immunant
rewriter: Create objcopy args file unconditionally
c3201e6 
This simplifies our CMake test infrastructure though it's not strictly necessary
to run the objcopy step for all non-prebuilt object files.
@ayrtonm @fw-immunant
cmake: Add objcopy --redefine-syms step to add_ia2_compartment
a611454
@ayrtonm @fw-immunant
tests: Add three_keys_minimal test
b593bbe 
Currently indirect call control flow is not tested and memory access tests are
missing asserts so this test is expected to fail.
@ayrtonm @fw-immunant
tests: Fix compartment numbers in three keys test
f0bc996 
main binary must have pkey 1
@fw-immunant fw-immunant force-pushed the am/multicompartment branch from c2f4799 to 5d9aa91 Compare April 23, 2024 14:50
@fw-immunant
Copy link
Contributor

Rebased now that #349 has landed.

ayrtonm added 2 commits April 23, 2024 10:54
@ayrtonm @fw-immunant
cmake: Fix LIBIA2_DEBUG and ASSERT_PKRU in call gates
ba12d36
@ayrtonm @fw-immunant
tools/rewriter: Fix ignore_function
2648068 
get_filename doesn't seem to work for macros and the three_keys_minimal test
declared most of the lib functions in a macro
@fw-immunant fw-immunant force-pushed the am/multicompartment branch from 5d9aa91 to 3f57ca8 Compare April 23, 2024 14:55
ayrtonm
ayrtonm commented Apr 23, 2024
View reviewed changes
tools/rewriter/SourceRewriter.cpp Outdated Show resolved Hide resolved
tools/rewriter/SourceRewriter.cpp
@@ -103,6 +103,10 @@ static Filename get_filename(const clang::SourceLocation loc,
abort();
}
}
// if we could not get a filename for the spelling loc, use the expansion filename
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make more sense to explicitly use get_expansion_filename at the callsites instead of silently falling back to the expansion loc? I haven't looked at the uses in detail enough to know which is cleaner.

@fw-immunant fw-immunant force-pushed the am/multicompartment branch 2 times, most recently from 4fea557 to 4a7b6ae Compare May 7, 2024 01:15
@fw-immunant fw-immunant force-pushed the am/multicompartment branch from 4a7b6ae to 72987cb Compare May 7, 2024 02:39
@fw-immunant fw-immunant merged commit 56baf14 into main May 7, 2024
34 checks passed
@fw-immunant fw-immunant deleted the am/multicompartment branch May 28, 2024 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fw-immunant fw-immunant fw-immunant left review comments

@rinon rinon rinon left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for more than two compartments
3 participants
@ayrtonm @rinon @fw-immunant