fix bug 27 by flushing tlb for ghost memory before exiting sva_mm_loa…#29
Open
divyaojha wants to merge 115 commits intojtcriswell:masterfrom
Open
fix bug 27 by flushing tlb for ghost memory before exiting sva_mm_loa…#29divyaojha wants to merge 115 commits intojtcriswell:masterfrom
divyaojha wants to merge 115 commits intojtcriswell:masterfrom
Conversation
Modified the SVA Makefile to pass the -no-integrated-assembler option to clang. This allows us to use a newer version of the GNU Assembler (which supports the Intel MPX instructions) to assemble the resulting code.
Started writing code to initialize the MPX features on boot. The source code currently contains just assembly code fragments that I am trying to get to work properly.
Modified init_mpx() so that it sets RCX to 0 before trying to modify XCR0. This fixes the enabling of MPX (so far). Moved the call to init_mpx() before init_fpu() in case that makes a difference.
Added the testmpx() function for manually testing whether MPX is properly enabled and working; it generates an out-of-bounds error if MPX is working properly.
Added an option to the SVA SFI pass that will cause it to add MPX bounds checking instructions instead of bit-masking instructions. This option is currently enabled by default.
Added an option to the SVA configure script to enable the use of MPX. Modified the SVA SFI pass so that, by default, MPX support is disabled. An option in make.conf will add a command-line option to enable MPX support in the compiler when the configure script is given the option to enable MPX support.
Added code to init_mpx() to enable the bndPreserve feature. This keeps normal call and return instructions from clearing the bounds registers back to their initial values (thereby disabling bounds checking and our SFI enforcement). This appears to decrease performance but is necessary for correctness. Modified the range currently configured as valid for kernel code. This range includes Ghost Memory and SVA VM memory and needs to be fixed in a later commit. Modified the testmpx() function to use bounds register 1 (bnd1) so as not to interefere with the SFI instrumentation (which uses bnd0).
Modified the SFI pass so that it inserts the lower bounds check before calculating the address of the last byte that the instruction will read or write. This reduces the register pressure because the value in the register used for the bndcl instruction is dead.
Modified the configure script so that enabling MPX adds -no-integrated-as to the COPTFLAGS in make.conf. This causes the kernel build to use the GNU Assembler instead of the LLVM internal assembler when compiling.
Added -O2 -frename-registers -pipe -fno-strict-aliasing to the COPTFLAGS in make.conf. This forces compilation to use the same flags as the default FreeBSD 9.0 kernel build plus whatever other flags that the SVA script adds to COPTFLAGS. This fixes the kernel build when MPX support is disabled.
Modified the MPX SFI support so that it allows the Ghost Memory and SVA internal VM memory to be located anywhere in the virtual address space.
Modified the MPX SFI code to check the first address read or written by the load or store instead of the last address. We can use guard pages to prevent errant accesses in which a multi-byte read/write spills over into ghost memory, and checking the first address reduces register pressure as all values are subtracting the same value from each pointer.
… as page table page to avoid the attack of using its stale mapping to modify page table page
… count is 0 before zeroing the content of that page
…memory page before freeing it
…an release the ghost memory pages
change the order of handling COW fault in the following setps: (1)memcpy the content to the new page first; (2)update the pte; (3) invalidate the stale TLB entries
decouple creating the subtree of page table of ghost memory for the child and install the corresponding pml4 entry
jtcriswell
reviewed
Oct 23, 2017
| * Mark the page table pages as read-only again. | ||
| */ | ||
|
|
||
| sva_mm_flush_tlb(secmemp); |
Owner
There was a problem hiding this comment.
The address to flush is incorrect. You want to flush the entire ghost memory range. The easiest way to do this is to just flush the entire TLB. This code is just flushing the TLB associated with the virtual address in the page table that maps the ghost memory.
jtcriswell
reviewed
Oct 23, 2017
| */ | ||
|
|
||
| sva_mm_flush_tlb(secmemp); | ||
| invltlb(); |
Owner
There was a problem hiding this comment.
Your modification is functionally correct, but you're making SVA call kernel code. SVA does not trust kernel code, so we do not call into it (except for specific untrusted callbacks).
You need to write your own inline assembly code to flush the TLBs. Writing it should be straightforward if you've done inline assembly code in C before. If you haven't, please read up on it in the GCC documentation (search for Inline Assembly Constraints for GCC on Google).
jtcriswell
reviewed
Nov 2, 2017
| sva_mm_load_pgtable (void * pg_ptr) { | ||
| /* Cast the page table pointer to an integer */ | ||
| uintptr_t pg = (uintptr_t) pg_ptr; | ||
| u_long data = 0; |
Owner
There was a problem hiding this comment.
This should be a uintptr_t. This will ensure that the register is the same size as the system's pointer type.
Commented out code that records the number of times that various SVA operations are executed. This code requires changes to FreeBSD that are not included in the open-source SVA FreeBSD kernel patch.
Changed the default values for new configure script options so that new features not yet merged into the public SVA master branch are disabled by default. Fixed the new configure options so that users do not need to specify a value for them when running configure.
Fixed a grammatical error in a comment for the sva_invoke() intrinsic. No functionality changes.
Fixed the formatting of a few inline functions to match the coding style used within SVA. Improved a comment. No functionality changes.
Created the icat.h header file and placed all of the macros pertaining to Intel Cache Allocation Technology into this header file. This allows us to have a single copy of these macros instead of three different copies in three different source files. No functionality changes.
Fixed some static inline functions so that they following the SVA coding standards by adding spaces between if/while statements and the following expression and placing brackets at the end of lines.
Disabled the generation of temporary files during compilation of libsva. No functionality changes.
Created a new source file, profile.c, in which to place code and variables used by the SVA internal profiling code. This is a first step in making the profiling code more self-contained so that it does not rely on changes in the operating system kernel running on SVA.
Conflicts: SVA/lib/mmu.c
Improved formatting to match SVA coding standards. Improved some of the comments. No functionality changes.
Fixed some more formatting issues to match the SVA coding standards. No functionality changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix bug 27 by flushing tlb for ghost memory before exiting sva_mm_load_pgtable