From 2152f51130290169c83734f2911925bb74a84a3c Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:30:02 -0400 Subject: [PATCH 01/20] partition-alloc: cmake: propagate LIBIA2_AARCH64 as ARCH_CPU_ARM64 --- runtime/partition-alloc/CMakeLists.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/runtime/partition-alloc/CMakeLists.txt b/runtime/partition-alloc/CMakeLists.txt index d05b260fe..1c6828f4f 100644 --- a/runtime/partition-alloc/CMakeLists.txt +++ b/runtime/partition-alloc/CMakeLists.txt @@ -84,6 +84,14 @@ target_include_directories(partition-alloc_unpadded BEFORE PRIVATE ${EXTERNAL_DIR}/chromium/src) +# Propagage ARM64 define +if(LIBIA2_AARCH64) + target_compile_options(partition-alloc_unpadded + PRIVATE + "-DARCH_CPU_ARM64" + ) +endif() + target_compile_options(partition-alloc_unpadded PRIVATE "-fPIC" From 7c278645a70d0296b93b521aeed8d7600d2394c9 Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:26:35 -0400 Subject: [PATCH 02/20] partition-alloc: hard-code 4K page size on ARM this is not necessarily what we want ultimately but we need a real constant here because PA_THREAD_ISOLATED_ALIGN_SZ is passed to alignas --- .../partition_allocator/page_allocator_constants.h | 8 ++++++++ .../partition_allocator/partition_address_space.h | 2 +- .../partition_allocator/thread_isolation/alignment.h | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/external/chromium/src/base/allocator/partition_allocator/page_allocator_constants.h b/external/chromium/src/base/allocator/partition_allocator/page_allocator_constants.h index 380042ddc..07e290fa8 100644 --- a/external/chromium/src/base/allocator/partition_allocator/page_allocator_constants.h +++ b/external/chromium/src/base/allocator/partition_allocator/page_allocator_constants.h @@ -107,6 +107,14 @@ PageAllocationGranularityShift() { #endif } +PA_ALWAYS_INLINE constexpr size_t SystemPageSizeMax() { +#if BUILDFLAG(IS_LINUX) && defined(ARCH_CPU_ARM64) + return 4*1024; +#else + return 1 << PageAllocationGranularityShift(); +#endif +} + PA_ALWAYS_INLINE PAGE_ALLOCATOR_CONSTANTS_DECLARE_CONSTEXPR size_t PageAllocationGranularity() { #if BUILDFLAG(IS_APPLE) && defined(ARCH_CPU_64_BITS) diff --git a/external/chromium/src/base/allocator/partition_allocator/partition_address_space.h b/external/chromium/src/base/allocator/partition_allocator/partition_address_space.h index a4fe68b69..043e18ad2 100644 --- a/external/chromium/src/base/allocator/partition_allocator/partition_address_space.h +++ b/external/chromium/src/base/allocator/partition_allocator/partition_address_space.h @@ -390,7 +390,7 @@ class PA_COMPONENT_EXPORT(PARTITION_ALLOC) PartitionAddressSpace { #endif }; #if BUILDFLAG(ENABLE_THREAD_ISOLATION) - static_assert(sizeof(PoolSetup) % SystemPageSize() == 0, + static_assert(sizeof(PoolSetup) % SystemPageSizeMax() == 0, "PoolSetup has to fill a page(s)"); #else static_assert(sizeof(PoolSetup) % kPartitionCachelineSize == 0, diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/alignment.h b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/alignment.h index 493a1bd63..3d7c2e6ce 100644 --- a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/alignment.h +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/alignment.h @@ -11,7 +11,7 @@ #include "base/allocator/partition_allocator/page_allocator_constants.h" -#define PA_THREAD_ISOLATED_ALIGN_SZ partition_alloc::internal::SystemPageSize() +#define PA_THREAD_ISOLATED_ALIGN_SZ partition_alloc::internal::SystemPageSizeMax() #define PA_THREAD_ISOLATED_ALIGN_OFFSET_MASK (PA_THREAD_ISOLATED_ALIGN_SZ - 1) #define PA_THREAD_ISOLATED_ALIGN_BASE_MASK \ (~PA_THREAD_ISOLATED_ALIGN_OFFSET_MASK) From 8426a8f33a21f0bdbb68be04a4a5278ed3a95f9e Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:29:14 -0400 Subject: [PATCH 03/20] partition-alloc: forbid compiling pkey thread isolation on ARM --- .../allocator/partition_allocator/thread_isolation/pkey.cc | 4 ++++ runtime/partition-alloc/src/get_pkey.cc | 2 ++ 2 files changed, 6 insertions(+) diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/pkey.cc b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/pkey.cc index 9f2f7924a..ecfb6f9e3 100644 --- a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/pkey.cc +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/pkey.cc @@ -19,6 +19,10 @@ #error "This pkey code is currently only supported on Linux" #endif +#ifdef ARCH_CPU_ARM64 +#error "This pkey code is supported only on x86_64 architecture" +#endif + namespace partition_alloc::internal { PA_COMPONENT_EXPORT(PARTITION_ALLOC) diff --git a/runtime/partition-alloc/src/get_pkey.cc b/runtime/partition-alloc/src/get_pkey.cc index ce9d4d2d1..ecfac8bad 100644 --- a/runtime/partition-alloc/src/get_pkey.cc +++ b/runtime/partition-alloc/src/get_pkey.cc @@ -4,6 +4,7 @@ // the allocator against libia2 itself. We want users with libia2 disabled to // still be able to call `shared_malloc` etc. +#ifdef __x86_64__ __attribute__((__visibility__("hidden"))) uint32_t ia2_get_pkru() { uint32_t pkru = 0; @@ -75,3 +76,4 @@ size_t ia2_get_pkey() { } } } +#endif From 7b14908d707184094c84336bc2938d84a2f94f80 Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 22 Jul 2024 16:00:32 -0400 Subject: [PATCH 04/20] partition-alloc: add MTE codepaths (but do not yet tag memory) --- .../partition_alloc_buildflags.h | 6 +++ .../thread_isolation/mte.cc | 48 +++++++++++++++++++ .../thread_isolation/mte.h | 33 +++++++++++++ .../thread_isolation/thread_isolation.cc | 8 ++++ .../thread_isolation/thread_isolation.h | 17 +++++-- runtime/partition-alloc/CMakeLists.txt | 1 + 6 files changed, 109 insertions(+), 4 deletions(-) create mode 100644 external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc create mode 100644 external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.h diff --git a/external/chromium/src/base/allocator/partition_allocator/partition_alloc_buildflags.h b/external/chromium/src/base/allocator/partition_allocator/partition_alloc_buildflags.h index 10ccf7140..fc74cc426 100644 --- a/external/chromium/src/base/allocator/partition_allocator/partition_alloc_buildflags.h +++ b/external/chromium/src/base/allocator/partition_allocator/partition_alloc_buildflags.h @@ -33,7 +33,13 @@ #define BUILDFLAG_INTERNAL_USE_FREELIST_POOL_OFFSETS() (0) #define BUILDFLAG_INTERNAL_USE_STARSCAN() (1) #define BUILDFLAG_INTERNAL_PCSCAN_STACK_SUPPORTED() (0) +#ifdef ARCH_CPU_ARM64 +#define BUILDFLAG_INTERNAL_ENABLE_PKEYS() (0) +#define BUILDFLAG_INTERNAL_ENABLE_MTE_ISOLATION() (1) +#else #define BUILDFLAG_INTERNAL_ENABLE_PKEYS() (1) +#define BUILDFLAG_INTERNAL_ENABLE_MTE_ISOLATION() (0) +#endif #define BUILDFLAG_INTERNAL_ENABLE_THREAD_ISOLATION() (1) #define BUILDFLAG_INTERNAL_WRAP_SHIM() (1) diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc new file mode 100644 index 000000000..e101852d3 --- /dev/null +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc @@ -0,0 +1,48 @@ +// Copyright 2022 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/allocator/partition_allocator/thread_isolation/mte.h" + +#if BUILDFLAG(ENABLE_MTE_ISOLATION) + +#include +#include +#include + +#include "base/allocator/partition_allocator/partition_alloc_base/cpu.h" +#include "base/allocator/partition_allocator/partition_alloc_check.h" +#include "base/allocator/partition_allocator/thread_isolation/thread_isolation.h" + +#if !BUILDFLAG(IS_LINUX) +#error "This MTE code is currently only supported on Linux" +#endif + +namespace partition_alloc::internal { + +PA_COMPONENT_EXPORT(PARTITION_ALLOC) +bool CPUHasMteSupport() { + // Check for Armv8.5-A MTE support, exposed via HWCAP2 + unsigned long hwcap2 = getauxval(AT_HWCAP2); + return hwcap2 & HWCAP2_MTE; +} + +PA_COMPONENT_EXPORT(PARTITION_ALLOC) +int PkeyMprotect(void *addr, size_t len, int prot, int pkey) { +#ifdef ARCH_CPU_ARM64 + return; +#endif + return syscall(SYS_pkey_mprotect, addr, len, prot, pkey); +} + +void TagMemoryWithMte(int pkey, void *address, size_t size) { + PA_DCHECK((reinterpret_cast(address) & + PA_THREAD_ISOLATED_ALIGN_OFFSET_MASK) == 0); +#ifdef ARCH_CPU_ARM64 +// return; +#endif +} + +} // namespace partition_alloc::internal + +#endif // BUILDFLAG(ENABLE_MTE_ISOLATION) diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.h b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.h new file mode 100644 index 000000000..141caf10b --- /dev/null +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.h @@ -0,0 +1,33 @@ +// Copyright 2022 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_ALLOCATOR_PARTITION_ALLOCATOR_THREAD_ISOLATION_MTE_H_ +#define BASE_ALLOCATOR_PARTITION_ALLOCATOR_THREAD_ISOLATION_MTE_H_ + +#include "base/allocator/partition_allocator/partition_alloc_buildflags.h" + +#if BUILDFLAG(ENABLE_MTE_ISOLATION) + +#include "base/allocator/partition_allocator/partition_alloc_base/component_export.h" +#include "base/allocator/partition_allocator/partition_alloc_base/debug/debugging_buildflags.h" +#include "base/allocator/partition_allocator/thread_isolation/alignment.h" + +#include +#include + +namespace partition_alloc::internal { + +constexpr int kDefaultPkey = 0; +constexpr int kInvalidPkey = -1; + +// Check if the CPU supports pkeys. +bool CPUHasMteSupport(); + +void TagMemoryWithMte(int tag, void* address, size_t size); + +} // namespace partition_alloc::internal + +#endif // BUILDFLAG(ENABLE_MTE_ISOLATION) + +#endif // BASE_ALLOCATOR_PARTITION_ALLOCATOR_THREAD_ISOLATION_MTE_H_ diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.cc b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.cc index 0e326bbee..834bc9b4c 100644 --- a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.cc +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.cc @@ -15,6 +15,10 @@ #include "base/allocator/partition_allocator/thread_isolation/pkey.h" #endif +#if BUILDFLAG(ENABLE_MTE_ISOLATION) +#include "base/allocator/partition_allocator/thread_isolation/mte.h" +#endif + namespace partition_alloc::internal { #if BUILDFLAG(PA_DCHECK_IS_ON) @@ -30,6 +34,10 @@ void WriteProtectThreadIsolatedMemory(ThreadIsolationOption thread_isolation, partition_alloc::internal::TagMemoryWithPkey( thread_isolation.enabled ? thread_isolation.pkey : kDefaultPkey, address, size); +#elif BUILDFLAG(ENABLE_MTE_ISOLATION) + partition_alloc::internal::TagMemoryWithMte( + thread_isolation.enabled ? thread_isolation.pkey : kDefaultPkey, address, + size); #else #error unexpected thread isolation mode #endif diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.h b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.h index b780edac8..7e74e3095 100644 --- a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.h +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.h @@ -21,6 +21,10 @@ #include "base/allocator/partition_allocator/thread_isolation/pkey.h" #endif +#if BUILDFLAG(ENABLE_MTE_ISOLATION) +#include "base/allocator/partition_allocator/thread_isolation/mte.h" +#endif + #if !BUILDFLAG(HAS_64_BIT_POINTERS) #error "thread isolation support requires 64 bit pointers" #endif @@ -33,23 +37,23 @@ struct ThreadIsolationOption { constexpr ThreadIsolationOption() = default; explicit ThreadIsolationOption(bool enabled) : enabled(enabled) {} -#if BUILDFLAG(ENABLE_PKEYS) +#if BUILDFLAG(ENABLE_PKEYS) || BUILDFLAG(ENABLE_MTE_ISOLATION) explicit ThreadIsolationOption(int pkey, size_t compartment) : pkey(pkey), compartment(compartment) { enabled = pkey != internal::kInvalidPkey; } int pkey = -1; Compartment compartment = 0; -#endif // BUILDFLAG(ENABLE_PKEYS) +#endif // BUILDFLAG(ENABLE_PKEYS) || BUILDFLAG(ENABLE_MTE_ISOLATION) bool enabled = false; bool operator==(const ThreadIsolationOption& other) const { -#if BUILDFLAG(ENABLE_PKEYS) +#if BUILDFLAG(ENABLE_PKEYS) || BUILDFLAG(ENABLE_MTE_ISOLATION) if (pkey != other.pkey) { return false; } -#endif // BUILDFLAG(ENABLE_PKEYS) +#endif // BUILDFLAG(ENABLE_PKEYS) || BUILDFLAG(ENABLE_MTE_ISOLATION) return enabled == other.enabled; } }; @@ -69,7 +73,12 @@ struct PA_THREAD_ISOLATED_ALIGN ThreadIsolationSettings { using LiftThreadIsolationScope = DoNotLiftPkeyRestrictionsScope; +#elif BUILDFLAG(ENABLE_MTE_ISOLATION) + +using LiftThreadIsolationScope = void*; + #endif // BUILDFLAG(ENABLE_PKEYS) + #endif // BUILDFLAG(PA_DCHECK_IS_ON) void WriteProtectThreadIsolatedGlobals( diff --git a/runtime/partition-alloc/CMakeLists.txt b/runtime/partition-alloc/CMakeLists.txt index 1c6828f4f..84da5ca5a 100644 --- a/runtime/partition-alloc/CMakeLists.txt +++ b/runtime/partition-alloc/CMakeLists.txt @@ -39,6 +39,7 @@ set(PA_SRCS partition_page.cc partition_root.cc partition_stats.cc + thread_isolation/mte.cc thread_isolation/pkey.cc thread_isolation/thread_isolation.cc random.cc From 71e6b12849451b8b3381fafca53ed5de4afa279e Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Tue, 23 Jul 2024 12:03:50 -0400 Subject: [PATCH 05/20] partition-alloc: use PROT_MTE on mmap and mprotect --- .../page_allocator_internals_posix.h | 4 ++++ .../thread_isolation/mte.cc | 18 +++++++++--------- .../partition_allocator/thread_isolation/mte.h | 2 ++ .../thread_isolation/thread_isolation.cc | 4 ++++ 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/external/chromium/src/base/allocator/partition_allocator/page_allocator_internals_posix.h b/external/chromium/src/base/allocator/partition_allocator/page_allocator_internals_posix.h index 906cdde06..1210c316e 100644 --- a/external/chromium/src/base/allocator/partition_allocator/page_allocator_internals_posix.h +++ b/external/chromium/src/base/allocator/partition_allocator/page_allocator_internals_posix.h @@ -195,6 +195,10 @@ uintptr_t SystemAllocPagesInternal(uintptr_t hint, } #endif +#if BUILDFLAG(ENABLE_MTE_ISOLATION) + access_flag |= PROT_MTE; +#endif + void* ret = mmap(reinterpret_cast(hint), length, access_flag, map_flags, fd, 0); if (ret == MAP_FAILED) { diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc index e101852d3..59dad4e9e 100644 --- a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc @@ -7,6 +7,8 @@ #if BUILDFLAG(ENABLE_MTE_ISOLATION) #include +#include +#include #include #include @@ -27,20 +29,18 @@ bool CPUHasMteSupport() { return hwcap2 & HWCAP2_MTE; } +extern "C" int ia2_mprotect_with_tag(void *addr, size_t len, int prot, int tag); + PA_COMPONENT_EXPORT(PARTITION_ALLOC) -int PkeyMprotect(void *addr, size_t len, int prot, int pkey) { -#ifdef ARCH_CPU_ARM64 - return; -#endif - return syscall(SYS_pkey_mprotect, addr, len, prot, pkey); +int MteMprotect(void* addr, size_t len, int prot, int tag) { + return ia2_mprotect_with_tag(addr, len, prot, tag); } -void TagMemoryWithMte(int pkey, void *address, size_t size) { +PA_COMPONENT_EXPORT(PARTITION_ALLOC) +void TagMemoryWithMte(int tag, void *address, size_t size) { PA_DCHECK((reinterpret_cast(address) & PA_THREAD_ISOLATED_ALIGN_OFFSET_MASK) == 0); -#ifdef ARCH_CPU_ARM64 -// return; -#endif + PA_PCHECK(ia2_mprotect_with_tag(address, size, PROT_READ|PROT_WRITE, tag) == 0); } } // namespace partition_alloc::internal diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.h b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.h index 141caf10b..57219f091 100644 --- a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.h +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.h @@ -24,6 +24,8 @@ constexpr int kInvalidPkey = -1; // Check if the CPU supports pkeys. bool CPUHasMteSupport(); +int MteMprotect(void* addr, size_t len, int prot, int tag); + void TagMemoryWithMte(int tag, void* address, size_t size); } // namespace partition_alloc::internal diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.cc b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.cc index 834bc9b4c..3740d178d 100644 --- a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.cc +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/thread_isolation.cc @@ -57,6 +57,10 @@ int MprotectWithThreadIsolation(void* addr, ThreadIsolationOption thread_isolation) { #if BUILDFLAG(ENABLE_PKEYS) return PkeyMprotect(addr, len, prot, thread_isolation.pkey); +#elif BUILDFLAG(ENABLE_MTE_ISOLATION) + return MteMprotect(addr, len, prot, thread_isolation.pkey); +#else +#error unexpected thread isolation mode #endif } From d19b90c0c3b25c6311b1b830adefc530bf7cabe5 Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Fri, 26 Jul 2024 17:48:12 -0400 Subject: [PATCH 06/20] partition-alloc: only allow building MTE isolation on ARM --- .../allocator/partition_allocator/thread_isolation/mte.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc index 59dad4e9e..53450e62b 100644 --- a/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc +++ b/external/chromium/src/base/allocator/partition_allocator/thread_isolation/mte.cc @@ -20,6 +20,10 @@ #error "This MTE code is currently only supported on Linux" #endif +#ifndef ARCH_CPU_ARM64 +#error "MTE is only available on the AArch64 architecture" +#endif + namespace partition_alloc::internal { PA_COMPONENT_EXPORT(PARTITION_ALLOC) From f34bf4a76999c2607d41feca456897659bab4d02 Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Wed, 24 Jul 2024 14:31:57 -0400 Subject: [PATCH 07/20] runtime/partition-alloc: implement get_pkey for aarch64 this should be renamed get_tag --- runtime/partition-alloc/src/get_pkey.cc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/runtime/partition-alloc/src/get_pkey.cc b/runtime/partition-alloc/src/get_pkey.cc index ecfac8bad..2aada8c5d 100644 --- a/runtime/partition-alloc/src/get_pkey.cc +++ b/runtime/partition-alloc/src/get_pkey.cc @@ -77,3 +77,12 @@ size_t ia2_get_pkey() { } } #endif + +#ifdef __aarch64__ +__attribute__((__visibility__("hidden"))) +size_t ia2_get_pkey() { + size_t x18; + asm("mov %0, x18" : "=r"(x18)); + return x18 >> 56; +} +#endif From 80f9f9cca47375fe07f8392b1a077abc92b32e89 Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Tue, 23 Jul 2024 12:08:25 -0400 Subject: [PATCH 08/20] runtime/partition-alloc: cmake: link libstdc++ explicitly for unclear reasons this seems to be necessary on ARM64 --- runtime/partition-alloc/CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/runtime/partition-alloc/CMakeLists.txt b/runtime/partition-alloc/CMakeLists.txt index 84da5ca5a..9164338ed 100644 --- a/runtime/partition-alloc/CMakeLists.txt +++ b/runtime/partition-alloc/CMakeLists.txt @@ -74,6 +74,10 @@ add_library(partition-alloc_unpadded SHARED pad_tls_library(partition-alloc_unpadded partition-alloc) +target_link_libraries(partition-alloc_unpadded PRIVATE + stdc++ +) + target_include_directories(partition-alloc BEFORE INTERFACE ${CMAKE_CURRENT_SOURCE_DIR}/include From 28a7b65c7bc5e94a64b7880c38f0ad53ccff1c6c Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:33:36 -0400 Subject: [PATCH 09/20] runtime: do not try to build PKRU tools on arm --- runtime/tracer/CMakeLists.txt | 2 ++ runtime/tracer/get_inferior_pkru.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/runtime/tracer/CMakeLists.txt b/runtime/tracer/CMakeLists.txt index 67be2b5fc..f953e0346 100644 --- a/runtime/tracer/CMakeLists.txt +++ b/runtime/tracer/CMakeLists.txt @@ -12,10 +12,12 @@ set_property(TARGET memory-map PROPERTY IMPORTED_LOCATION ${CMAKE_CURRENT_BINARY add_custom_target(memory-map-tgt DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/release/libmemory_map.so) add_dependencies(memory-map memory-map-tgt) +if(LIBIA2_X86_64) add_executable(read-pkru read_pkru_demo.c get_inferior_pkru.c ) +endif() add_executable(track-memory-map track_memory_map_demo.c diff --git a/runtime/tracer/get_inferior_pkru.c b/runtime/tracer/get_inferior_pkru.c index f55ba9196..855c2e7b8 100644 --- a/runtime/tracer/get_inferior_pkru.c +++ b/runtime/tracer/get_inferior_pkru.c @@ -1,3 +1,4 @@ +#ifdef __x86_64__ #include #include #include @@ -64,3 +65,4 @@ bool get_inferior_pkru(pid_t pid, uint32_t *pkru_out) { memcpy(pkru_out, &xstateregs[xstate_pkru_offset], sizeof(*pkru_out)); return true; } +#endif From f1b4782b78fbdbe2649b37662f5ab5b7812bac1c Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:35:17 -0400 Subject: [PATCH 10/20] runtime/tracer: port syscall interpretation to arm64 --- runtime/tracer/mmap_event.c | 10 ++++++++-- runtime/tracer/mmap_event.h | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/runtime/tracer/mmap_event.c b/runtime/tracer/mmap_event.c index 6b57162d3..5cb672980 100644 --- a/runtime/tracer/mmap_event.c +++ b/runtime/tracer/mmap_event.c @@ -1,9 +1,13 @@ +#ifdef __x86_64__ #include +#else +#include +#endif #include "mmap_event.h" -enum mmap_event event_from_syscall(uint64_t rax) { - switch (rax) { +enum mmap_event event_from_syscall(uint64_t syscall_nr) { + switch (syscall_nr) { case __NR_mmap: return EVENT_MMAP; case __NR_munmap: @@ -18,7 +22,9 @@ enum mmap_event event_from_syscall(uint64_t rax) { return EVENT_PKEY_MPROTECT; case __NR_wait4: case __NR_clone: +#ifdef __NR_clone3 case __NR_clone3: +#endif return EVENT_CLONE; case __NR_execve: case __NR_execveat: diff --git a/runtime/tracer/mmap_event.h b/runtime/tracer/mmap_event.h index 3ff1da976..4a4530a5b 100644 --- a/runtime/tracer/mmap_event.h +++ b/runtime/tracer/mmap_event.h @@ -102,4 +102,4 @@ static inline const struct range *event_target_range(enum mmap_event event, cons } } -enum mmap_event event_from_syscall(uint64_t rax); +enum mmap_event event_from_syscall(uint64_t syscall_nr); From f015b257dfdaf7750f2eeee45a6e5a99f7a2b6ec Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:38:03 -0400 Subject: [PATCH 11/20] runtime/tracer: port memory map tracking to arm64 --- runtime/tracer/track_memory_map.c | 156 +++++++++++++++++++++--------- 1 file changed, 109 insertions(+), 47 deletions(-) diff --git a/runtime/tracer/track_memory_map.c b/runtime/tracer/track_memory_map.c index 73864f017..59ae1e9f8 100644 --- a/runtime/tracer/track_memory_map.c +++ b/runtime/tracer/track_memory_map.c @@ -6,7 +6,12 @@ #include #include +#include +#include + +#ifdef __x86_64__ #include "get_inferior_pkru.h" +#endif #include "memory_map.h" #include "mmap_event.h" #include "track_memory_map.h" @@ -294,8 +299,29 @@ static void print_event(enum mmap_event event, const union event_info *event_inf static bool interpret_syscall(struct user_regs_struct *regs, unsigned char pkey, enum mmap_event *event, union event_info *event_info, enum trace_mode mode) { +#ifdef __x86_64__ +#define reg_pc regs->rip +#define reg_syscall regs->orig_rax +#define reg_retval regs->rax +#define reg_arg0 regs->rdi +#define reg_arg1 regs->rsi +#define reg_arg2 regs->rdx +#define reg_arg3 regs->r10 +#define reg_arg4 regs->r8 +#elif defined(__aarch64__) +#define reg_pc regs->pc +#define reg_syscall regs->regs[8] +#define reg_retval regs->regs[0] +#define reg_arg0 regs->regs[0] +#define reg_arg1 regs->regs[1] +#define reg_arg2 regs->regs[2] +#define reg_arg3 regs->regs[3] +#define reg_arg4 regs->regs[4] +#else +#error unsupported CPU architecture +#endif /* determine event from syscall # */ - unsigned long long syscall = regs->orig_rax; + unsigned long long syscall = reg_syscall; *event = event_from_syscall(syscall); /* dispatch on event and read args from registers. @@ -304,31 +330,31 @@ static bool interpret_syscall(struct user_regs_struct *regs, unsigned char pkey, case EVENT_MMAP: { struct mmap_info *info = &event_info->mmap; info->range.start = - regs->rdi; /* this will be replaced with the actual addr on return */ - info->range.len = regs->rsi; - info->prot = regs->rdx; - info->flags = regs->r10; - info->fildes = regs->r8; + reg_arg0; /* this will be replaced with the actual addr on return */ + info->range.len = reg_arg1; + info->prot = reg_arg2; + info->flags = reg_arg3; + info->fildes = reg_arg4; info->pkey = pkey; break; } case EVENT_MUNMAP: { struct munmap_info *info = &event_info->munmap; - info->range.start = regs->rdi; - info->range.len = regs->rsi; + info->range.start = reg_arg0; + info->range.len = reg_arg1; info->pkey = pkey; break; } case EVENT_MREMAP: { struct mremap_info *info = &event_info->mremap; - info->old_range.start = regs->rdi; - info->old_range.len = regs->rsi; - info->new_range.len = regs->rdx; - info->flags = regs->r10; + info->old_range.start = reg_arg0; + info->old_range.len = reg_arg1; + info->new_range.len = reg_arg2; + info->flags = reg_arg3; if (info->flags & MREMAP_FIXED) info->new_range.start = - regs->r8; // accepts a 5th arg if this flag is present + reg_arg4; // accepts a 5th arg if this flag is present else info->new_range.start = info->old_range.start; @@ -337,26 +363,26 @@ static bool interpret_syscall(struct user_regs_struct *regs, unsigned char pkey, } case EVENT_MADVISE: { struct madvise_info *info = &event_info->madvise; - info->range.start = regs->rdi; - info->range.len = regs->rsi; + info->range.start = reg_arg0; + info->range.len = reg_arg1; info->pkey = pkey; - info->advice = regs->rdx; + info->advice = reg_arg2; break; } case EVENT_MPROTECT: { struct mprotect_info *info = &event_info->mprotect; - info->range.start = regs->rdi; - info->range.len = regs->rsi; - info->prot = regs->rdx; + info->range.start = reg_arg0; + info->range.len = reg_arg1; + info->prot = reg_arg2; info->pkey = pkey; break; } case EVENT_PKEY_MPROTECT: { struct pkey_mprotect_info *info = &event_info->pkey_mprotect; - info->range.start = regs->rdi; - info->range.len = regs->rsi; - info->prot = regs->rdx; - info->new_owner_pkey = regs->r10; + info->range.start = reg_arg0; + info->range.len = reg_arg1; + info->prot = reg_arg2; + info->new_owner_pkey = reg_arg3; info->pkey = pkey; break; } @@ -388,7 +414,7 @@ static bool interpret_syscall(struct user_regs_struct *regs, unsigned char pkey, static bool update_event_with_result(struct user_regs_struct *regs, enum mmap_event event, union event_info *event_info) { - if ((int64_t)regs->rax < 0) { + if ((int64_t)reg_retval < 0) { return false; } /* if mremap(MREMAP_MAYMOVE) or regular mmap() sans MAP_FIXED, we need to @@ -398,15 +424,15 @@ static bool update_event_with_result(struct user_regs_struct *regs, case EVENT_MMAP: { /* read result from registers */ struct mmap_info *info = &event_info->mmap; - debug_event_update("new start = %08llx\n", regs->rax); - info->range.start = regs->rax; + debug_event_update("new start = %08llx\n", reg_retval); + info->range.start = reg_retval; break; } case EVENT_MREMAP: { /* read result from registers */ struct mremap_info *info = &event_info->mremap; - debug_event_update("new start = %08llx\n", regs->rax); - info->new_range.start = regs->rax; + debug_event_update("new start = %08llx\n", reg_retval); + info->new_range.start = reg_retval; break; } default: { @@ -538,16 +564,43 @@ static enum wait_trap_result wait_for_next_trap(pid_t pid, pid_t *pid_out, int * return WAIT_ERROR; } +long get_regs(pid_t pid, struct user_regs_struct *regs) { +#ifdef __x86_64__ + return ptrace(PTRACE_GETREGS, pid, 0, regs); +#elif defined(__aarch64__) + struct iovec iov; + iov.iov_base = (void *)®s; + iov.iov_len = sizeof(regs); + return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &iov); +#else +#error unsupported CPU architecture +#endif +} + +long set_regs(pid_t pid, struct user_regs_struct *regs) { +#ifdef __x86_64__ + return ptrace(PTRACE_SETREGS, pid, 0, regs); +#elif defined(__aarch64__) + struct iovec iov; + iov.iov_base = (void *)®s; + iov.iov_len = sizeof(regs); + return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, &iov); +#else +#error unsupported CPU architecture +#endif +} + static void return_syscall_eperm(pid_t pid) { - struct user_regs_struct regs = {0}; - if (ptrace(PTRACE_GETREGS, pid, 0, ®s) < 0) { + struct user_regs_struct regs_storage = {0}; + struct user_regs_struct *regs = ®s_storage; + if (get_regs(pid, regs) < 0) { perror("could not PTRACE_GETREGS"); return; } /* set to invalid syscall */ - regs.orig_rax = -1; - ptrace(PTRACE_SETREGS, pid, 0, ®s); + reg_syscall = -1; + set_regs(pid, regs); debug_forbid("set syscall # to -1\n"); /* run syscall until exit */ @@ -555,13 +608,13 @@ static void return_syscall_eperm(pid_t pid) { waitpid(pid, NULL, __WALL); debug_forbid("continued\n"); - if (ptrace(PTRACE_GETREGS, pid, 0, ®s) < 0) { + if (get_regs(pid, regs) < 0) { perror("could not PTRACE_GETREGS"); return; } /* return -EPERM */ - regs.rax = -EPERM; - ptrace(PTRACE_SETREGS, pid, 0, ®s); + reg_retval = -EPERM; + set_regs(pid, regs); debug_forbid("wrote -eperm to rax\n"); } @@ -702,12 +755,13 @@ bool track_memory_map(pid_t pid, int *exit_status_out, enum trace_mode mode) { case WAIT_SYSCALL: break; case WAIT_ERROR: { - struct user_regs_struct regs = {0}; - if (ptrace(PTRACE_GETREGS, waited_pid, 0, ®s) < 0) { + struct user_regs_struct regs_storage = {0}; + struct user_regs_struct *regs = ®s_storage; + if (get_regs(waited_pid, regs) < 0) { perror("could not PTRACE_GETREGS"); return false; } - fprintf(stderr, "error at rip=%p\n", (void *)regs.rip); + fprintf(stderr, "error at rip=%p\n", (void *)reg_pc); for (int i = 0; i < maps.n_maps; i++) { for (int j = 0; j < maps.maps_for_processes[i].n_pids; j++) { pid_t pid = maps.maps_for_processes[i].pids[j]; @@ -783,17 +837,19 @@ bool track_memory_map(pid_t pid, int *exit_status_out, enum trace_mode mode) { struct memory_map *map = map_for_procs->map; /* read which syscall is being called and its args */ - struct user_regs_struct regs = {0}; - if (ptrace(PTRACE_GETREGS, waited_pid, 0, ®s) < 0) { + struct user_regs_struct regs_storage = {0}; + struct user_regs_struct *regs = ®s_storage; + if (get_regs(waited_pid, regs) < 0) { perror("could not PTRACE_GETREGS"); return false; } /* if syscall number is -1, finish and kill process */ - if (regs.orig_rax == -1) { + if (reg_syscall == -1) { return false; } +#ifdef __x86_64__ /* read pkru */ uint32_t pkru = -1; bool res = get_inferior_pkru(waited_pid, &pkru); @@ -807,10 +863,16 @@ bool track_memory_map(pid_t pid, int *exit_status_out, enum trace_mode mode) { pkru); return false; } +#elif defined(__aarch64__) + /* read compartment tag from x18 */ + unsigned char pkey = regs->regs[18]; +#else +#error unsupported CPU architecture +#endif union event_info event_info = {0}; enum mmap_event event = EVENT_NONE; - if (!interpret_syscall(®s, pkey, &event, &event_info, mode)) { + if (!interpret_syscall(regs, pkey, &event, &event_info, mode)) { fprintf(stderr, "could not interpret syscall!\n"); return false; } @@ -818,7 +880,7 @@ bool track_memory_map(pid_t pid, int *exit_status_out, enum trace_mode mode) { /* pick up signal marking IA2 init finished to start forbidding init-only operations */ if (event_marks_init_finished(event, &event_info)) { if (!memory_map_mark_init_finished(map)) { - fprintf(stderr, "attempting to re-finish init! (rip=%p)\n", (void *)regs.rip); + fprintf(stderr, "attempting to re-finish init! (rip=%p)\n", (void *)reg_pc); return false; } debug_op("init finished\n"); @@ -851,7 +913,7 @@ bool track_memory_map(pid_t pid, int *exit_status_out, enum trace_mode mode) { continue; } else { debug_policy("operation allowed: %s (syscall %lld)\n", event_name(event), - regs.orig_rax); + reg_syscall); } // if we are in TRACE_MODE_PTRACE_SYSCALL, we will see EXITED/PTRACE_CLONE here @@ -909,16 +971,16 @@ bool track_memory_map(pid_t pid, int *exit_status_out, enum trace_mode mode) { } /* read syscall result from registers */ - if (ptrace(PTRACE_GETREGS, waited_pid, 0, ®s) < 0) { + if (get_regs(waited_pid, regs) < 0) { perror("could not PTRACE_GETREGS"); return false; } /* if syscall succeeded, update event */ - if (update_event_with_result(®s, event, &event_info)) { + if (update_event_with_result(regs, event, &event_info)) { /* track effect of syscall on memory map */ if (!update_memory_map(map, event, &event_info)) { - fprintf(stderr, "could not update memory map! (operation=%s, rip=%p)\n", event_name(event), (void *)regs.rip); + fprintf(stderr, "could not update memory map! (operation=%s, rip=%p)\n", event_name(event), (void *)reg_pc); return false; } } From cdea6900a761285437c476a36b8e490dab47c8d5 Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:36:04 -0400 Subject: [PATCH 12/20] runtime/seccomp-filter: avoid mentioning obsolete syscalls on arm64 --- runtime/tracer/seccomp_filter.c | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/runtime/tracer/seccomp_filter.c b/runtime/tracer/seccomp_filter.c index a39bcbee7..2c3fe0a04 100644 --- a/runtime/tracer/seccomp_filter.c +++ b/runtime/tracer/seccomp_filter.c @@ -7,6 +7,9 @@ #include #include #include +#ifndef __x86_64__ +#include +#endif #include "seccomp_filter.h" @@ -38,15 +41,23 @@ struct sock_filter ia2_filter[] = { /* pkey syscalls */ BPF_SYSCALL_POLICY(pkey_alloc, ALLOW), BPF_SYSCALL_POLICY(pkey_mprotect, TRACE), - /* basic process syscalls */ +/* basic process syscalls */ +#ifdef __NR_access BPF_SYSCALL_POLICY(access, ALLOW), +#endif +#ifdef __NR_open BPF_SYSCALL_POLICY(open, ALLOW), +#endif +#ifdef __NR_arch_prctl BPF_SYSCALL_POLICY(arch_prctl, ALLOW), +#endif BPF_SYSCALL_POLICY(brk, ALLOW), BPF_SYSCALL_POLICY(clone3, ALLOW), BPF_SYSCALL_POLICY(close, ALLOW), BPF_SYSCALL_POLICY(dup, ALLOW), +#ifdef __NR_dup2 BPF_SYSCALL_POLICY(dup2, ALLOW), +#endif BPF_SYSCALL_POLICY(execve, ALLOW), BPF_SYSCALL_POLICY(exit_group, ALLOW), BPF_SYSCALL_POLICY(fcntl, ALLOW), @@ -56,7 +67,9 @@ struct sock_filter ia2_filter[] = { BPF_SYSCALL_POLICY(getcwd, ALLOW), BPF_SYSCALL_POLICY(lseek, ALLOW), BPF_SYSCALL_POLICY(syslog, ALLOW), +#ifdef __NR_getdents BPF_SYSCALL_POLICY(getdents, ALLOW), +#endif BPF_SYSCALL_POLICY(getdents64, ALLOW), BPF_SYSCALL_POLICY(getegid, ALLOW), BPF_SYSCALL_POLICY(geteuid, ALLOW), @@ -71,7 +84,9 @@ struct sock_filter ia2_filter[] = { BPF_SYSCALL_POLICY(faccessat2, ALLOW), BPF_SYSCALL_POLICY(sched_getaffinity, ALLOW), BPF_SYSCALL_POLICY(sched_setaffinity, ALLOW), +#ifdef __NR_alarm BPF_SYSCALL_POLICY(alarm, ALLOW), +#endif BPF_SYSCALL_POLICY(statx, ALLOW), BPF_SYSCALL_POLICY(newfstatat, ALLOW), BPF_SYSCALL_POLICY(openat, ALLOW), @@ -80,7 +95,9 @@ struct sock_filter ia2_filter[] = { BPF_SYSCALL_POLICY(pwrite64, ALLOW), BPF_SYSCALL_POLICY(read, ALLOW), BPF_SYSCALL_POLICY(readv, ALLOW), +#ifdef __NR_readlink BPF_SYSCALL_POLICY(readlink, ALLOW), +#endif BPF_SYSCALL_POLICY(readlinkat, ALLOW), BPF_SYSCALL_POLICY(eventfd2, ALLOW), BPF_SYSCALL_POLICY(epoll_create1, ALLOW), @@ -93,7 +110,9 @@ struct sock_filter ia2_filter[] = { BPF_SYSCALL_POLICY(accept4, ALLOW), BPF_SYSCALL_POLICY(sendmsg, ALLOW), BPF_SYSCALL_POLICY(recvmsg, ALLOW), +#ifdef __NR_unlink BPF_SYSCALL_POLICY(unlink, ALLOW), +#endif BPF_SYSCALL_POLICY(ftruncate, ALLOW), BPF_SYSCALL_POLICY(mincore, ALLOW), BPF_SYSCALL_POLICY(clone, ALLOW), @@ -109,10 +128,14 @@ struct sock_filter ia2_filter[] = { BPF_SYSCALL_POLICY(exit, ALLOW), BPF_SYSCALL_POLICY(clock_nanosleep, ALLOW), BPF_SYSCALL_POLICY(sigaltstack, ALLOW), +#ifdef __NR_epoll_wait BPF_SYSCALL_POLICY(epoll_wait, ALLOW), +#endif BPF_SYSCALL_POLICY(setsid, ALLOW), BPF_SYSCALL_POLICY(pipe2, ALLOW), +#ifdef __NR_poll BPF_SYSCALL_POLICY(poll, ALLOW), +#endif BPF_SYSCALL_POLICY(waitid, ALLOW), BPF_SYSCALL_POLICY(restart_syscall, ALLOW), /* tracee syscalls */ @@ -139,8 +162,8 @@ struct sock_filter example_filter[] = { /* equivalent: */ /*BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_seccomp, 0, 1), BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),*/ - /* compare syscall number to open() and jump to kill insn if different */ - BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_open, 0, 3), + /* compare syscall number to openat() and jump to kill insn if different */ + BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_openat, 0, 3), /* load argument 1 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, (offsetof(struct seccomp_data, args[1]))), From 544edcbf848bceacd9dcc7c0e8b98bd1c6eaf9b1 Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:31:54 -0400 Subject: [PATCH 13/20] runtime/memory-map: cmake: adapt cargo integration for cross compilation --- runtime/tracer/CMakeLists.txt | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/runtime/tracer/CMakeLists.txt b/runtime/tracer/CMakeLists.txt index f953e0346..3f2fb14ff 100644 --- a/runtime/tracer/CMakeLists.txt +++ b/runtime/tracer/CMakeLists.txt @@ -1,15 +1,22 @@ cmake_minimum_required(VERSION 3.12) project(tracer) +if (LIBIA2_AARCH64) +set(CARGO_TARGET_FLAG "--target=aarch64-unknown-linux-gnu" "--config" "target.aarch64-unknown-linux-gnu.linker=\\\"aarch64-linux-gnu-gcc\\\"") +set(CARGO_ARCH_SUFFIX "aarch64-unknown-linux-gnu") +else() +set(CARGO_TARGET_FLAG "") +set(CARGO_ARCH_SUFFIX "") +endif() add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/release/libmemory_map.so - COMMAND CARGO_TARGET_DIR=${CMAKE_CURRENT_BINARY_DIR} cargo build --manifest-path ${CMAKE_CURRENT_SOURCE_DIR}/memory-map/Cargo.toml --release + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${CARGO_ARCH_SUFFIX}/release/libmemory_map.so + COMMAND CARGO_TARGET_DIR=${CMAKE_CURRENT_BINARY_DIR} cargo build ${CARGO_TARGET_FLAG} --manifest-path ${CMAKE_CURRENT_SOURCE_DIR}/memory-map/Cargo.toml --release DEPENDS memory-map/Cargo.toml memory-map/src/lib.rs ) add_library(memory-map STATIC IMPORTED) -set_property(TARGET memory-map PROPERTY IMPORTED_LOCATION ${CMAKE_CURRENT_BINARY_DIR}/release/libmemory_map.so) -add_custom_target(memory-map-tgt DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/release/libmemory_map.so) +set_property(TARGET memory-map PROPERTY IMPORTED_LOCATION ${CMAKE_CURRENT_BINARY_DIR}/${CARGO_ARCH_SUFFIX}/release/libmemory_map.so) +add_custom_target(memory-map-tgt DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${CARGO_ARCH_SUFFIX}/release/libmemory_map.so) add_dependencies(memory-map memory-map-tgt) if(LIBIA2_X86_64) From 39fa729e3706249bc5f355a82108dee42467bf7d Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 10 Jun 2024 17:34:21 -0400 Subject: [PATCH 14/20] runtime/memory-map: update cargo.toml syntax --- runtime/tracer/memory-map/Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/runtime/tracer/memory-map/Cargo.toml b/runtime/tracer/memory-map/Cargo.toml index 02782b40a..5bf4b4b9d 100644 --- a/runtime/tracer/memory-map/Cargo.toml +++ b/runtime/tracer/memory-map/Cargo.toml @@ -3,11 +3,11 @@ name = "memory-map" version = "0.1.0" edition = "2021" [lib] -crate_type = ["cdylib"] +crate-type = ["cdylib"] [dependencies] libc_alloc = "1.0.5" -nonoverlapping_interval_tree = { version = "0.1.5", default_features = false } +nonoverlapping_interval_tree = { version = "0.1.5", default-features = false } [profile.dev] panic = "abort" From 5fb0ecc037e56875a82de0eeebb176e90a545c8b Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Thu, 18 Jul 2024 15:22:20 -0400 Subject: [PATCH 15/20] runtime/memory-map: silence rustc check-cfg warnings --- runtime/tracer/memory-map/Cargo.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/runtime/tracer/memory-map/Cargo.toml b/runtime/tracer/memory-map/Cargo.toml index 5bf4b4b9d..b883939d1 100644 --- a/runtime/tracer/memory-map/Cargo.toml +++ b/runtime/tracer/memory-map/Cargo.toml @@ -9,6 +9,9 @@ crate-type = ["cdylib"] libc_alloc = "1.0.5" nonoverlapping_interval_tree = { version = "0.1.5", default-features = false } +[lints.rust] +unexpected_cfgs = { level = "warn", check-cfg = ['cfg(debug)', 'cfg(list_regions)'] } + [profile.dev] panic = "abort" strip = "symbols" From 71d3dae2cc0804927dd7d0363bb784a98965858f Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Wed, 24 Jul 2024 14:55:30 -0400 Subject: [PATCH 16/20] cmake: add library path needed for libstdc++ to qemu invocation --- cmake/define-test.cmake | 1 + 1 file changed, 1 insertion(+) diff --git a/cmake/define-test.cmake b/cmake/define-test.cmake index 9dbd6ee97..b98b0ab82 100644 --- a/cmake/define-test.cmake +++ b/cmake/define-test.cmake @@ -144,6 +144,7 @@ function(define_test) COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} "-one-insn-per-tb" "-L" "${CMAKE_BINARY_DIR}/external/glibc/sysroot/usr/" + "-E" "LD_LIBRARY_PATH=/usr/aarch64-linux-gnu/lib:/usr/aarch64-linux-gnu/lib64" ${CMAKE_CURRENT_BINARY_DIR}/${TEST_NAME} WORKING_DIRECTORY ${CMAKE_BINARY_DIR}) elseif (DEFINE_TEST_WITHOUT_SANDBOX OR NOT ${IA2_TRACER}) From e8063d90cc868b667efe18f48d5b949aeb7ab2bf Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Fri, 26 Jul 2024 16:41:53 -0400 Subject: [PATCH 17/20] cmake: put glibc sysroot in LD_LIBRARY_PATH --- cmake/define-test.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmake/define-test.cmake b/cmake/define-test.cmake index b98b0ab82..c1cc95673 100644 --- a/cmake/define-test.cmake +++ b/cmake/define-test.cmake @@ -144,7 +144,7 @@ function(define_test) COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} "-one-insn-per-tb" "-L" "${CMAKE_BINARY_DIR}/external/glibc/sysroot/usr/" - "-E" "LD_LIBRARY_PATH=/usr/aarch64-linux-gnu/lib:/usr/aarch64-linux-gnu/lib64" + "-E" "LD_LIBRARY_PATH=${CMAKE_BINARY_DIR}/external/glibc/sysroot/usr/lib:/usr/aarch64-linux-gnu/lib:/usr/aarch64-linux-gnu/lib64" ${CMAKE_CURRENT_BINARY_DIR}/${TEST_NAME} WORKING_DIRECTORY ${CMAKE_BINARY_DIR}) elseif (DEFINE_TEST_WITHOUT_SANDBOX OR NOT ${IA2_TRACER}) From cdcfe77cf2c1a20d2473b2ce5582f34dc3bc652d Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Mon, 22 Jul 2024 14:57:55 -0400 Subject: [PATCH 18/20] cmake: also use partition-alloc on arm this is a partial revert of 0bb563e4ccac147baa661345c7e22b1b1b860cba which was intended to be temporary, now that partition-alloc should now work on ARM --- cmake/ia2.cmake | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cmake/ia2.cmake b/cmake/ia2.cmake index 665be0789..4d19291a1 100644 --- a/cmake/ia2.cmake +++ b/cmake/ia2.cmake @@ -1,9 +1,7 @@ if(LIBIA2_AARCH64) set(UBSAN_FLAG "") - set(PARTITION_ALLOC "") else() set(UBSAN_FLAG "-fsanitize=undefined") - set(PARTITION_ALLOC "partition-alloc") endif() # Creates a compartmentalized IA2 target # @@ -71,7 +69,7 @@ function(add_ia2_compartment NAME TYPE) target_link_options(${NAME} PRIVATE ${UBSAN_FLAG}) endif() - target_link_libraries(${NAME} PRIVATE dl libia2 ${PARTITION_ALLOC}) + target_link_libraries(${NAME} PRIVATE dl libia2 partition-alloc) target_link_options(${NAME} PRIVATE "-Wl,--export-dynamic") target_link_libraries(${NAME} PRIVATE ${ARG_LIBRARIES}) From 7e1cf19cae5272447daa567be1e3f3b2aedbd15a Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Tue, 23 Jul 2024 13:44:21 -0400 Subject: [PATCH 19/20] cmake: tests: always use partition-alloc partial revert of 0b389164c92b601a52f7cb74cec91b0565127589 now that partition-alloc works on ARM64 --- tests/CMakeLists.txt | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a941533ec..5659d479a 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -23,15 +23,9 @@ configure_lit_site_cfg( set(IA2_TEST_DEPENDS tools) -if (LIBIA2_AARCH64) - set(IA2_ALLOCATOR "") -else() - set(IA2_ALLOCATOR partition-alloc) -endif() - add_lit_testsuite(check-ia2 "Running the IA2 tests" ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS ${IA2_TEST_DEPENDS} ${IA2_ALLOCATOR} + DEPENDS ${IA2_TEST_DEPENDS} partition-alloc ARGS "--verbose" ) set_target_properties(check-ia2 PROPERTIES FOLDER "tests") From 04d30069ae57820d87e5773ed22afc7d7baf2db0 Mon Sep 17 00:00:00 2001 From: Frances Wingerter Date: Tue, 23 Jul 2024 13:42:19 -0400 Subject: [PATCH 20/20] cmake: enable heap tests on ARM64 --- tests/CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 5659d479a..276dc8a7f 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -62,12 +62,12 @@ add_subdirectory(two_shared_ranges) add_subdirectory(global_fn_ptr) add_subdirectory(rewrite_macros) add_subdirectory(sighandler) +add_subdirectory(heap_two_keys) +add_subdirectory(three_keys_minimal) # The following tests are not supported on ARM64 yet if (NOT LIBIA2_AARCH64) - # not supported on ARM because they allocate - add_subdirectory(heap_two_keys) + # strange bug with indirect calls add_subdirectory(read_config) - add_subdirectory(three_keys_minimal) # ARM does not support threads yet add_subdirectory(threads) add_subdirectory(protected_threads)