Make ASSERT_PKRU
print a backtrace and make IA2_DEBUG
on by default
#452
Labels
enhancement
New feature or request
ergonomics
Would make the compartmentalization API more user-friendly.
Medium priority
Given that the initial and target compartments of every call gate are known statically, we don't need to check the PKRU in properly compartmentalized programs. For cases that want the extra security of runtime PKRU checks in the callgates we had
-DIA2_DEBUG=1
(disabled by default) and the call gates conceptually look like thisHowever the exact details of control-flow are usually not be immediately obvious after inserting call gates. Often while debugging compartmentalized code it's easy to end up in a state with a partially-compartmentalized program and
IA2_DEBUG
can be helpful for debugging this kind of issue. Currently the PKRU assertion just does ardpkru
andud2
if the result doesn't match the expected value. That means the process ends with aSIGILL
at that point.This is better than letting it continue and ending with a
SIGSEGV
later on because it's easier to see that the problem is control-flow not missing memory permissions. It points to a problem earlier on though so I want to make the assertion more useful by having it print a backtrace (this is easy to do manually in gdb but gets a little annoying when processes fork). That would make our tests easier to debug while working on the runtime, but I wanted to see if @kkysen @randomPoison had suggestions about what else might be helpful here. Also I think since this is a debugging feature now it may be useful to add an additional assertion after calling the call gate's target function.The text was updated successfully, but these errors were encountered: