├── .gitignore
├── Makefile
├── README
├── apps
    ├── Makefile
    ├── sandbox
    │   ├── Makefile
    │   ├── boxer.h
    │   ├── exec.c
    │   ├── main.c
    │   ├── nullsandbox.c
    │   ├── sandbox.h
    │   ├── sandbox.ld
    │   ├── sandbox_wrap.sh
    │   ├── trap.c
    │   └── umm.c
    ├── ufirewall
    │   ├── Makefile
    │   ├── firewall.c
    │   ├── firewall.h
    │   ├── firewall_test.c
    │   └── ufw.rules
    └── wedge
    │   ├── Makefile
    │   ├── bench.c
    │   ├── httpd.c
    │   ├── index.html
    │   ├── sthread.c
    │   ├── sthread.h
    │   ├── test.c
    │   └── wedge_bench.sh
├── bench
    ├── Makefile
    ├── bench.h
    ├── bench_dune.c
    ├── bench_dune_ring.c
    └── bench_linux.c
├── build-eglibc.sh
├── dune_env.sh
├── dune_req.sh
├── eglibc-2.14.diff
├── kern
    ├── Makefile
    ├── compat.h
    ├── core.c
    ├── dune.h
    ├── ept.c
    ├── extract_symbol.sh
    ├── preempttrap.c
    ├── preempttrap.h
    ├── vmx.c
    └── vmx.h
├── libdune
    ├── Makefile
    ├── cpu-x86.h
    ├── debug.c
    ├── debug.h
    ├── dune.S
    ├── dune.h
    ├── elf.c
    ├── elf.h
    ├── entry.c
    ├── fpu.h
    ├── local.h
    ├── mmu-x86.h
    ├── mmu.h
    ├── page.c
    ├── procmap.c
    ├── trap.c
    ├── types.h
    ├── util.c
    ├── vm.c
    └── vsyscall.S
└── test
    ├── Makefile
    ├── hello.c
    ├── hugepages.c
    ├── hugepages.h
    ├── hugepages_mod.c
    ├── test.c
    ├── test_sandbox.c
    └── timetest.c


/.gitignore:
--------------------------------------------------------------------------------
 1 | *.o
 2 | *.d
 3 | *.a
 4 | *.swp
 5 | *.hi
 6 | *.cmd
 7 | *.out
 8 | dist
 9 | apps/sandbox/sandbox
10 | apps/ufirewall/ufirewall
11 | apps/ufirewall/firewall_test
12 | apps/wedge/bench
13 | apps/wedge/httpd
14 | apps/wedge/test
15 | bench/bench_dune
16 | bench/bench_dune_ring
17 | bench/bench_linux
18 | eglibc-2.14/
19 | kern/Module.symvers
20 | kern/dune.ko
21 | kern/dune.mod.c
22 | kern/modules.order
23 | kern/tmp/
24 | test/hello
25 | test/test
26 | test/test_sandbox
27 | test/timetest
28 | tags
29 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | LIBC	= eglibc-2.14/eglibc-build/libc.so
 2 | SUBDIRS	= kern libdune
 3 | 
 4 | all: $(SUBDIRS)
 5 | libc: $(LIBC)
 6 | 
 7 | $(SUBDIRS):
 8 | 	$(MAKE) -C $(@)
 9 | 
10 | $(LIBC):
11 | 	sh build-eglibc.sh
12 | 
13 | clean:
14 | 	for dir in $(SUBDIRS); do \
15 | 		$(MAKE) -C $$dir $(@); \
16 | 	done
17 | 
18 | distclean: clean
19 | 	rm -fr eglibc-2.14
20 | 
21 | .PHONY: $(SUBDIRS) clean distclean
22 | 


--------------------------------------------------------------------------------
/README:
--------------------------------------------------------------------------------
 1 | Overview
 2 | ========
 3 | 
 4 | Dune is a system that lets you safely run applications in Ring 0 by using
 5 | hardware virtualization.  This lets applications access privileged CPU features
 6 | and do things like change their own page table, register interrupt handlers and
 7 | more, while still being able to perform normal system calls.  More information
 8 | is available here:
 9 | 
10 | 	http://dune.scs.stanford.edu/
11 | 
12 | Dune has two components:
13 | 
14 | 1.  A kernel module to enable virtualization (kern)
15 | 2.  A utility library to help with using Dune (libdune)
16 | 
17 | We also provide an optional patched glibc (eglibc-2.14). It slightly
18 | improves system call performance by performing a VMCALL directly.
19 | If used, it does not need to be installed globally.
20 | 
21 | Dune is enabled only on applications that call dune_init().  All other
22 | applications on the system remain unaffected.
23 | 
24 | The directory layout of this archive is as follows:
25 | kern/    -> the Dune kernel module
26 | libdune/ -> the Dune library OS
27 | bench/   -> a series of benchmarks to compare Dune and Linux performance
28 | test/    -> simple test programs and examples
29 | sandbox/ -> a generic implementation for sandboxing untrusted binaries
30 | 
31 | Requirements
32 | ============
33 | 
34 | * A 64-bit x86 Linux environment
35 | * A recent Intel CPU (we use Nehalem and later) with VT-x support.
36 | * A recent kernel version --- We use 3.0 and later, but earlier versions
37 |   may also work.
38 | * Kernel headers must be installed for the running kernel.
39 | 
40 | We provide a script called dune_req.sh that will attempt to verify
41 | if these requirements are met.
42 | 
43 | Setup
44 | =====
45 | 
46 | # make
47 | # insmod kern/dune.ko
48 | # test/hello
49 | 
50 | You'll need to be root to load the module. However, applications can use
51 | Dune without running as root; simply change the permission of '/dev/dune'
52 | accordingly.
53 | 
54 | Another program worth trying after Dune is setup is the Dune benchmark suite.
55 | It can be run with the following command:
56 | 
57 | # bench/bench_dune
58 | 
59 | Run the following command to build a faster version of glibc (optional):
60 | 
61 | # make libc
62 | 
63 | If eglibc build fails some systems (e.g. Ubuntu) may have incompatible default
64 | CFLAGS set.  Before running the libc build set the following flags.
65 | 
66 | # setenv CFLAGS "-U_FORTIFY_SOURCE -O2 -fno-stack-protector"
67 | 
68 | The alternate glibc can be used by prefixing dune apps with the
69 | dune_env.sh script.
70 | 
71 | Limitations
72 | ===========
73 | 
74 | Dune is fairly far along, but could benefit from better support for signals
75 | and more robust pthread support inside libdune. We're currently working on
76 | these issues.
77 | 
78 | Programming
79 | ===========
80 | 
81 | 1.  Call dune_init() to enter dune mode.  (Link to libdune.)
82 | 2.  The application will continue to function as normal.  You can use printf,
83 |     use sockets, access files, etc.
84 | 3.  But you can then also perform privileged CPU instructions.
85 | 
86 | Questions?
87 | ==========
88 | 
89 | Contact us at dune@scs.stanford.edu.
90 | 
91 | Last edited: 10/05/12
92 | 
93 | 


--------------------------------------------------------------------------------
/apps/Makefile:
--------------------------------------------------------------------------------
 1 | SUBDIRS	= sandbox wedge ufirewall
 2 | 
 3 | all: $(SUBDIRS)
 4 | 
 5 | $(SUBDIRS):
 6 | 	$(MAKE) -C $(@)
 7 | 
 8 | clean:
 9 | 	for dir in $(SUBDIRS); do \
10 | 		$(MAKE) -C $$dir $(@); \
11 | 	done
12 | 
13 | .PHONY: $(SUBDIRS) clean
14 | 


--------------------------------------------------------------------------------
/apps/sandbox/Makefile:
--------------------------------------------------------------------------------
 1 | CC      = gcc
 2 | LD	= ld
 3 | RANLIB	= ranlib
 4 | CFLAGS  = -Wall -O2 -MD -I ../../
 5 | LDFLAGS = -O2 -L. -L ../../libdune -lsandbox -ldune -lpthread -T sandbox.ld
 6 | OBJ     = main.o umm.o trap.o exec.o
 7 | 
 8 | all: libsandbox.a sandbox
 9 | 
10 | libsandbox.a: $(OBJ)
11 | 	$(AR) cru $(@) $(OBJ)
12 | 	$(RANLIB) $(@)
13 | 
14 | sandbox: nullsandbox.o libsandbox.a ../../libdune/libdune.a
15 | 	$(CC) -o $(@) $(<) $(LDFLAGS)
16 | 
17 | clean:
18 | 	rm -f *.o test *.d sandbox libsandbox.a
19 | 
20 | -include *.d
21 | 


--------------------------------------------------------------------------------
/apps/sandbox/boxer.h:
--------------------------------------------------------------------------------
 1 | #ifndef __BOXER_H__
 2 | #define __BOXER_H__
 3 | 
 4 | typedef int (*boxer_syscall_cb)(struct dune_tf *tf);
 5 | 
 6 | extern void boxer_register_syscall_monitor(boxer_syscall_cb cb);
 7 | extern int boxer_main(int argc, char *argv[]);
 8 | 
 9 | #endif /* __BOXER_H__ */
10 | 


--------------------------------------------------------------------------------
/apps/sandbox/exec.c:
--------------------------------------------------------------------------------
  1 | 
  2 | #include <assert.h>
  3 | #include <stdio.h>
  4 | #include <stdlib.h>
  5 | #include <stdbool.h>
  6 | 
  7 | #include <unistd.h>
  8 | #include <errno.h>
  9 | #include <fcntl.h>
 10 | #include <sys/types.h>
 11 | 
 12 | #define EXECPGSIZE 4096
 13 | 
 14 | extern char **environ;
 15 | const char *sandbox_path = "./sandbox";
 16 | const char *ld_path = "/lib64/ld-linux-x86-64.so.2";
 17 | 
 18 | int
 19 | getlen(char *const arr[])
 20 | {
 21 |     int i;
 22 | 
 23 |     for (i = 0; arr[i] != NULL; i++)
 24 |         ;
 25 | 
 26 |     return i;
 27 | }
 28 | 
 29 | int
 30 | exec_execev(const char *filename, char *const argv[], char *const envp[])
 31 | {
 32 |     int fd;
 33 |     int len;
 34 |     char page[EXECPGSIZE];
 35 | 
 36 |     fd = open(filename, O_RDONLY);
 37 |     if (fd < 0) {
 38 |         return -errno;
 39 |     }
 40 | 
 41 |     len = read(fd, page, EXECPGSIZE);
 42 |     if (len < 2) {
 43 |         return -ENOEXEC;
 44 |     }
 45 | 
 46 |     close(fd);
 47 | 
 48 |     if (len < EXECPGSIZE)
 49 |         page[len] = 0;
 50 | 
 51 |     if (page[0] == 0x7f && page[1] == 'E' && page[2] == 'L'&& page[3] == 'F') {
 52 |         int i;
 53 |         int arglen = getlen(argv);
 54 |         const char **new_argv = (const char **)malloc(sizeof(char *)*(arglen+4));
 55 | 
 56 |         //printf("ELF!\n");
 57 | 
 58 |         new_argv[0] = sandbox_path;
 59 |         new_argv[1] = ld_path;
 60 |         for (i = 0; i <= arglen; i++)
 61 |             new_argv[i + 2] = argv[i];
 62 |         new_argv[arglen + 3] = NULL;
 63 | 
 64 |         /*for (i = 0; new_argv[i] != NULL; i++)
 65 |             printf("'%s' ", new_argv[i]);
 66 |         printf("\n");*/
 67 | 
 68 |         int status = fork();
 69 |         if (status < 0)
 70 |             return status;
 71 |         else if (status > 0)
 72 |             exit(0);
 73 | 
 74 |         execve(sandbox_path, (char* const*)new_argv, envp);
 75 |         // We can't handle this case currently...
 76 |         assert(false);
 77 | 
 78 |         return -errno;
 79 |     }
 80 | 
 81 |     if (page[0] == '#' || page[1] == '!') {
 82 |         bool no_args;
 83 |         int i;
 84 |         int arglen = getlen(argv);
 85 |         const char **new_argv = (const char **)malloc(sizeof(char *)*(arglen+7));
 86 | 
 87 |         //printf("SHELL!\n");
 88 | 
 89 |         // Parse interpreter and arguments.  According to FreeBSD's historical 
 90 |         // note in sys/kern/imgact_shell.c the most compatible behavoir is to 
 91 |         // parse all interpreter arguements as a single argv into the 
 92 |         // application.  If there are no arguements the first arguement will be 
 93 |         // the script itself.  Parsing excess whitespace from the beginning and 
 94 |         // end is optional and most systems do not do that.
 95 | 
 96 |         // Call sandbox with the following arguements:
 97 |         // /lib64/ld... <interp> <argstring> <script> <arg1> ... <argn>
 98 | 
 99 |         for (i = 2; i < EXECPGSIZE; i++) {
100 |             if (page[i] != ' ' && page[i] != '\t')
101 |                 break;
102 |         }
103 |         int interp_begin = i;
104 |         for (; i < EXECPGSIZE; i++) {
105 |             if (page[i] == ' ' || page[i] == '\t' ||
106 |                 page[i] == '\n' || page[i] == '\0')
107 |                 break;
108 |         }
109 |         int interp_end = i;
110 |         if (interp_begin == interp_end || page[interp_begin] == '\0') {
111 |             return -ENOEXEC;
112 |         }
113 | 
114 |         int arg_begin, arg_end;
115 |         if (page[interp_end] == '\n') {
116 |             no_args = true;
117 |         } else {
118 |             no_args = false;
119 |             for (; i < EXECPGSIZE; i++) {
120 |                 if (page[i] == '\n' || page[i] == '\0')
121 |                     break;
122 |             }
123 | 
124 |             arg_begin = interp_end + 1;
125 |             arg_end = i;
126 |             page[i] = '\0';
127 |         }
128 |         page[interp_end] = '\0';
129 | 
130 |         new_argv[0] = sandbox_path;
131 |         new_argv[1] = ld_path;
132 |         new_argv[2] = page + interp_begin;
133 |         if (no_args) {
134 |             new_argv[3] = filename;
135 |             for (i = 0; i <= arglen; i++)
136 |                 new_argv[i + 4] = argv[i];
137 |             new_argv[arglen + 5] = NULL;
138 |         } else {
139 |             new_argv[3] = page + arg_begin;
140 |             new_argv[4] = filename;
141 |             for (i = 0; i <= arglen; i++)
142 |                 new_argv[i + 5] = argv[i];
143 |             new_argv[arglen + 6] = NULL;
144 |         }
145 | 
146 |         /*for (i = 0; new_argv[i] != NULL; i++)
147 |             printf("'%s' ", new_argv[i]);
148 |         printf("\n");*/
149 | 
150 |         int status = fork();
151 |         if (status < 0)
152 |             return status;
153 |         else if (status > 0)
154 |             exit(0);
155 | 
156 |         execve(sandbox_path, (char* const*)new_argv, envp);
157 |         // We can't handle this case currently...
158 |         assert(false);
159 | 
160 |         return -errno;
161 |     }
162 | 
163 |     return -ENOEXEC;
164 | }
165 | 
166 | #ifdef TEST_EXEC
167 | 
168 | int main(int argc, char *argv[])
169 | {
170 |     char *const args[] = { NULL };
171 | 
172 |     //exec_execev("/bin/ls", args, environ);
173 |     //exec_execev("test.sh", args, environ);
174 | 
175 |     return 0;
176 | }
177 | 
178 | #endif /* TEST_EXEC */
179 | 
180 | 


--------------------------------------------------------------------------------
/apps/sandbox/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | 
  3 | #include <stdio.h>
  4 | #include <errno.h>
  5 | #include <string.h>
  6 | 
  7 | #include "sandbox.h"
  8 | 
  9 | #define NUM_AUX 13
 10 | 
 11 | struct elf_data {
 12 | 	uintptr_t entry;
 13 | 	Elf64_Phdr *phdr;
 14 | 	int phnum;
 15 | };
 16 | 
 17 | static int process_elf_ph(struct dune_elf *elf, Elf64_Phdr *phdr)
 18 | {
 19 | 	int ret;
 20 | 	int perm = PERM_U;
 21 | 	off_t off;
 22 | 
 23 | 	if (phdr->p_type == PT_INTERP) {
 24 | 		printf("sandbox: .interp sections are not yet supported\n");
 25 | 		return -EINVAL;
 26 | 	}
 27 | 
 28 | 	if (phdr->p_type != PT_LOAD)
 29 | 		return 0; // continue to next section
 30 | #if 0
 31 | 	printf("sandbox: loading segment - va 0x%09lx, len %lx\n",
 32 | 	       phdr->p_vaddr, phdr->p_memsz);
 33 | #endif
 34 | 	if (elf->hdr.e_type == ET_DYN)
 35 | 		off = LOADER_VADDR_OFF;
 36 | 	else
 37 | 		off = 0;
 38 | 
 39 | 	if (phdr->p_vaddr + off + phdr->p_memsz > APP_MAX_ELF_VADDR ||
 40 | 	    phdr->p_memsz > APP_MAX_ELF_VADDR || // for overflow
 41 | 	    phdr->p_filesz > phdr->p_memsz) {
 42 | 		printf("sandbox: segment address is insecure\n");
 43 | 		return -EINVAL;
 44 | 	}
 45 | 
 46 | 	ret = dune_vm_map_phys(pgroot,
 47 | 			      (void *) (phdr->p_vaddr + off),
 48 | 			      phdr->p_memsz,
 49 | 			      (void *) (phdr->p_vaddr + off),
 50 | 			      PERM_R | PERM_W);
 51 | 	if (ret) {
 52 | 		printf("sandbox: segment mapping failed\n");
 53 | 		return ret;
 54 | 	}
 55 | 
 56 | 	ret = dune_elf_load_ph(elf, phdr, off);
 57 | 	if (ret) {
 58 | 		printf("sandbox: segment load failed\n");
 59 | 		return ret;
 60 | 	}
 61 | 
 62 | 	if (phdr->p_flags & PF_X)
 63 | 		perm |= PERM_X;
 64 | 	if (phdr->p_flags & PF_R)
 65 | 		perm |= PERM_R;
 66 | 	if (phdr->p_flags & PF_W)
 67 | 		perm |= PERM_W;
 68 | 
 69 | 	ret = dune_vm_mprotect(pgroot, (void *) (phdr->p_vaddr + off),
 70 | 			      phdr->p_memsz, perm);
 71 | 	if (ret) {
 72 | 		printf("sandbox: segment protection failed\n");
 73 | 		return ret;
 74 | 	}
 75 | 
 76 | 	return 0;
 77 | }
 78 | 
 79 | static int load_elf(const char *path, struct elf_data *data)
 80 | {
 81 | 	int ret;
 82 | 	struct dune_elf elf;
 83 | 
 84 | 	ret = dune_elf_open(&elf, path);
 85 | 	if (ret)
 86 | 		return ret;
 87 | 
 88 | 	if (elf.hdr.e_type != ET_EXEC &&
 89 | 	    elf.hdr.e_type != ET_DYN) {
 90 | 		printf("sandbox: ELF is not a valid type\n");
 91 | 		ret = -EINVAL;
 92 | 		goto out;
 93 | 	}
 94 | 
 95 | 	ret = dune_elf_iter_ph(&elf, &process_elf_ph);
 96 | 	if (ret)
 97 | 		goto out;
 98 | 
 99 | 
100 | 	if (elf.hdr.e_type == ET_DYN) {
101 | 		data->entry = (uintptr_t) (elf.hdr.e_entry + LOADER_VADDR_OFF);
102 | 		data->phdr = (Elf64_Phdr *) (elf.hdr.e_phoff + LOADER_VADDR_OFF);
103 | 	} else {
104 | 		data->entry = (uintptr_t) elf.hdr.e_entry;
105 | 		// FIXME: could probably make this more robust
106 | 		data->phdr = (Elf64_Phdr *) (elf.hdr.e_phoff + 0x400000);
107 | 	}
108 | 	data->phnum = elf.hdr.e_phnum;
109 | 
110 | out:
111 | 	dune_elf_close(&elf);
112 | 	return ret;
113 | }
114 | 
115 | static void count_args(char *argv[], int *argc, size_t *arglen)
116 | {
117 | 	int i = 0;
118 | 
119 | 	while (argv[i])
120 | 		i++;
121 | 
122 | 	*argc = i;
123 | 	if (!i) {
124 | 		*arglen = 0;
125 | 		return;
126 | 	}
127 | 
128 | 	*arglen = (size_t) rawmemchr(argv[i - 1], 0) -
129 | 		  (size_t) argv[0] + 1;
130 | }
131 | 
132 | static Elf64_auxv_t * find_aux_entry(Elf64_auxv_t *aux, uint64_t type)
133 | {
134 | 	while (aux->a_type) {
135 | 		if (aux->a_type == type)
136 | 			return aux;
137 | 		aux++;
138 | 	}
139 | 
140 | 	return NULL;
141 | }
142 | 
143 | static inline void copy_aux(Elf64_auxv_t *ref, Elf64_auxv_t *cur, uint64_t type)
144 | {
145 | 	Elf64_auxv_t *found;
146 | 
147 | 	cur->a_type = type;
148 | 	found = find_aux_entry(ref, type);
149 | 	assert(found);
150 | 	cur->a_un.a_val = found->a_un.a_val;
151 | 
152 | }
153 | 
154 | static void
155 | setup_aux(Elf64_auxv_t *ref, Elf64_auxv_t *cur, struct elf_data data)
156 | {
157 | 
158 | 	copy_aux(ref, cur, AT_HWCAP);
159 | 	cur++;
160 | 	copy_aux(ref, cur, AT_PAGESZ);
161 | 	cur++;
162 | 	copy_aux(ref, cur, AT_CLKTCK);
163 | 	cur++;
164 | 	cur->a_type = AT_PHDR;
165 | 	cur->a_un.a_val = (uintptr_t) data.phdr;
166 | 	cur++;
167 | 	cur->a_type = AT_PHNUM;
168 | 	cur->a_un.a_val = data.phnum;
169 | 	cur++;
170 | 	copy_aux(ref, cur, AT_FLAGS);
171 | 	cur++;
172 | 	cur->a_type = AT_ENTRY;
173 | 	cur->a_un.a_val = data.entry;
174 | 	cur++;
175 | 	// FIXME: Should we allow UID to pass through?
176 | 	copy_aux(ref, cur, AT_UID);
177 | 	cur++;
178 | 	copy_aux(ref, cur, AT_EUID);
179 | 	cur++;
180 | 	copy_aux(ref, cur, AT_GID);
181 | 	cur++;
182 | 	copy_aux(ref, cur, AT_EGID);
183 | 	cur++;
184 | 	cur->a_type = AT_SECURE;
185 | 	cur->a_un.a_val = 0;
186 | 	cur++;
187 | 
188 | 	/*
189 | 	 * FIXME: Dumb linux distros use __ASSUME_AT_RANDOM which requires
190 | 	 * this to be filled. This is not secure we need to map in a page
191 | 	 * with 16 random bytes.
192 | 	 */
193 | 	cur->a_type = AT_RANDOM;
194 | 	cur->a_un.a_val = (uintptr_t) data.phdr;
195 | 	cur++;
196 | 
197 | 	cur->a_type = 0; // aux end
198 | }
199 | 
200 | static uintptr_t
201 | setup_arguments(uintptr_t sp, const char *path,
202 | 		char *argv[], char*envv[],
203 | 		struct elf_data data)
204 | {
205 | 	char *data_ptr;
206 | 	uintptr_t *arg_ptr;
207 | 	Elf64_auxv_t *aux_ptr;
208 | 	size_t tmp, len = 0;
209 | 	int argc, envc, i;
210 | 
211 | 	// determine data pointer
212 | 	count_args(argv, &argc, &tmp);
213 | 	len += tmp;
214 | 	count_args(envv, &envc, &tmp);
215 | 	len += tmp;
216 | 	len += strlen(path) + 1;
217 | 	data_ptr = (char *) sp - len;
218 | 
219 | 	// determine aux pointer
220 | 	aux_ptr = (Elf64_auxv_t *) &envv[envc + 1];
221 | 	len += sizeof(Elf64_auxv_t) * NUM_AUX;
222 | 
223 | 	// determine argument pointer
224 | 	len += (argc + envc + 4) * sizeof(uintptr_t);
225 | 
226 | 	// The System V AMD64 ABI requires 16-byte stack alignment. We go
227 | 	// with 32-bytes to be extra conservative (e.g. in case of AVX)
228 | 	len = (len + 0x1f) & ~0x1f;
229 | 
230 | 	arg_ptr = (uintptr_t *) (sp - len);
231 | 	*arg_ptr = argc + 1;
232 | 	arg_ptr++;
233 | 
234 | 	// setup application name argument
235 | 	*arg_ptr = (uintptr_t) data_ptr;
236 | 	arg_ptr++;
237 | 	data_ptr = stpcpy(data_ptr, path) + 1;
238 | 
239 | 	// setup remaining arguments
240 | 	for (i = 0; i < argc; i++) {
241 | 		*arg_ptr = (uintptr_t) data_ptr;
242 | 		arg_ptr++;
243 | 		data_ptr = stpcpy(data_ptr, argv[i]) + 1;
244 | 	}
245 | 	*arg_ptr = (uintptr_t) NULL; // arg end
246 | 	arg_ptr++;
247 | 
248 | 	// setup environment
249 | 	for (i = 0; i < envc; i++) {
250 | 		*arg_ptr = (uintptr_t) data_ptr;
251 | 		arg_ptr++;
252 | 		data_ptr = stpcpy(data_ptr, envv[i]) + 1;
253 | 	}
254 | 	*arg_ptr = (uintptr_t) NULL; // env end
255 | 	arg_ptr++;
256 | 
257 | 	// setup aux entries
258 | 	setup_aux(aux_ptr, (Elf64_auxv_t *) arg_ptr, data);
259 | 
260 | 	return sp - len;
261 | }
262 | 
263 | static int run_app(uintptr_t sp, uintptr_t e_entry)
264 | {
265 | 	struct dune_tf tf;
266 | 
267 | 	memset(&tf, 0, sizeof(struct dune_tf));
268 | 	tf.rip = e_entry;
269 | 	tf.rsp = sp;
270 | 	tf.rflags = 0x0;
271 | 
272 | 	return dune_jump_to_user(&tf);
273 | }
274 | 
275 | extern char **environ;
276 | 
277 | int boxer_main(int argc, char *argv[])
278 | {
279 | 	int ret;
280 | 	uintptr_t sp;
281 | 	struct elf_data data;
282 | 
283 | 	if (argc < 2)
284 | 		return -EINVAL;
285 | 
286 | 	/* XXX needed.  Probably does some libc stuff */
287 | 	printf(" \b"); 
288 | 
289 | //	printf("%s\n", environ[0]);
290 | 
291 | 	ret = dune_init(0);
292 | 	if (ret) {
293 | 		printf("sandbox: failed to initialize Dune\n");
294 | 		return ret;
295 | 	}
296 | 
297 | 	ret = dune_enter();
298 | 	if (ret) {
299 | 		printf("sandbox: failed to enter Dune mode\n");
300 | 		return ret;
301 | 	}
302 | 
303 | 	ret = load_elf(argv[1], &data);
304 | 	if (ret)
305 | 		return ret;
306 | 
307 | //	printf("sandbox: entry addr is %lx\n", data.entry);
308 | 
309 | 	dune_set_user_fs(0); // default starting fs
310 | 
311 | 	ret = trap_init();
312 | 	if (ret) {
313 | 		printf("failed to initialize trap handlers\n");
314 | 		return ret;
315 | 	}
316 | 
317 | 	ret = umm_alloc_stack(&sp);
318 | 	if (ret) {
319 | 		printf("failed to alloc stack\n");
320 | 		return ret;
321 | 	}
322 | 
323 | 	sp = setup_arguments(sp, argv[1], &argv[2], environ, data);
324 | 	if (!sp) {
325 | 		printf("failed to setup arguments\n");
326 | 		return -EINVAL;
327 | 	}
328 | 
329 | 	ret = run_app(sp, data.entry);
330 | 
331 | 	return ret;
332 | }
333 | 


--------------------------------------------------------------------------------
/apps/sandbox/nullsandbox.c:
--------------------------------------------------------------------------------
 1 | #include <sys/syscall.h>
 2 | #include <stdio.h>
 3 | 
 4 | #include <libdune/dune.h>
 5 | #include "boxer.h"
 6 | 
 7 | static int syscall_monitor(struct dune_tf *tf)
 8 | {
 9 | 	switch (tf->rax) {
10 | 	case SYS_open:
11 | 		printf("opening file %s\n", (char*) ARG0(tf));
12 | 		break;
13 | 	}
14 | 
15 | 	return 1;
16 | }
17 | 
18 | int main(int argc, char *argv[])
19 | {
20 | 	boxer_register_syscall_monitor(syscall_monitor);
21 | 	return boxer_main(argc, argv);
22 | }
23 | 


--------------------------------------------------------------------------------
/apps/sandbox/sandbox.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * sandbox.h - the main local header
 3 |  */
 4 | 
 5 | #ifndef __DUNESB_SANDBOX_H__
 6 | #define __DUNESB_SANDBOX_H__
 7 | 
 8 | #include <errno.h>
 9 | #include <sys/types.h>
10 | #include <stdint.h>
11 | 
12 | #include "libdune/dune.h"
13 | 
14 | // address layout
15 | // - Each untrusted memory reference must be less then
16 | //   APP_MAX_VADDR. (2 for GB .code and .data)
17 | // - Or can be between mmap_base - APP_MMAP_BASE_OFF
18 | //   and mmap_base - APP_MMAP_END_OFF.
19 | //   (8 GB for stack, heap, and mappings)
20 | #define LOADER_VADDR_OFF	0x6F000000
21 | #define APP_MAX_ELF_VADDR	0x70000000
22 | #define APP_MMAP_BASE_OFF	0x200000000
23 | #define APP_MMAP_LEN		0x200000000
24 | #define APP_STACK_SIZE		0x800000 /* 8 megabytes */
25 | 
26 | /**
27 |  * mem_ref_is_safe - determines if a memory range belongs to the sandboxed app
28 |  * @ptr: the base address
29 |  * @len: the length
30 |  */
31 | static inline bool mem_ref_is_safe(const void *ptr, size_t len)
32 | {
33 | 	uintptr_t begin = (uintptr_t) ptr;
34 | 	uintptr_t end = (uintptr_t) (ptr + len);
35 | 
36 | 	if (len <= APP_MAX_ELF_VADDR &&
37 | 	    begin >= 0 &&
38 | 	    end <= APP_MAX_ELF_VADDR)
39 | 		return true;
40 | 
41 | 	if (len <= APP_MMAP_LEN &&
42 | 	    begin >= mmap_base &&
43 | 	    end < mmap_base + APP_MMAP_LEN)
44 | 		return true;
45 | 
46 | 	return false;
47 | }
48 | 
49 | extern int check_extent(const void *ptr, size_t len);
50 | extern int check_string(const void *ptr);
51 | 
52 | static inline long get_err(long ret)
53 | {
54 | 	if (ret < 0)
55 | 		return -errno;
56 | 	else
57 | 		return ret;
58 | }
59 | 
60 | extern int elf_load(const char *path);
61 | 
62 | extern unsigned long umm_brk(unsigned long brk);
63 | extern unsigned long umm_mmap(void *addr, size_t length, int prot, int flags,
64 | 			      int fd, off_t offset);
65 | extern int umm_munmap(void *addr, size_t len);
66 | extern int umm_mprotect(void *addr, size_t len, unsigned long prot);
67 | extern void *umm_shmat(int shmid, void *addr, int shmflg);
68 | extern int umm_alloc_stack(uintptr_t *stack_top);
69 | extern void *umm_mremap(void *old_address, size_t old_size,
70 | 			size_t new_size, int flags, void *new_address);
71 | 
72 | extern int trap_init(void);
73 | 
74 | #endif /* __DUNESB_SANDBOX_H__ */
75 | 
76 | 


--------------------------------------------------------------------------------
/apps/sandbox/sandbox.ld:
--------------------------------------------------------------------------------
  1 | /* Script for -z combreloc: combine and sort reloc sections */
  2 | OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64",
  3 | 	      "elf64-x86-64")
  4 | OUTPUT_ARCH(i386:x86-64)
  5 | ENTRY(_start)
  6 | SEARCH_DIR("/usr/x86_64-linux-gnu/lib64"); SEARCH_DIR("=/usr/local/lib/x86_64-linux-gnu"); SEARCH_DIR("=/usr/local/lib64"); SEARCH_DIR("=/lib/x86_64-linux-gnu"); SEARCH_DIR("=/lib64"); SEARCH_DIR("=/usr/lib/x86_64-linux-gnu"); SEARCH_DIR("=/usr/lib64"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib");
  7 | SECTIONS
  8 | {
  9 |   /* Read-only sections, merged into text segment: */
 10 |   PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x70000000)); . = SEGMENT_START("text-segment", 0x70000000) + SIZEOF_HEADERS;
 11 |   .interp         : { *(.interp) }
 12 |   .note.gnu.build-id : { *(.note.gnu.build-id) }
 13 |   .hash           : { *(.hash) }
 14 |   .gnu.hash       : { *(.gnu.hash) }
 15 |   .dynsym         : { *(.dynsym) }
 16 |   .dynstr         : { *(.dynstr) }
 17 |   .gnu.version    : { *(.gnu.version) }
 18 |   .gnu.version_d  : { *(.gnu.version_d) }
 19 |   .gnu.version_r  : { *(.gnu.version_r) }
 20 |   .rela.dyn       :
 21 |     {
 22 |       *(.rela.init)
 23 |       *(.rela.text .rela.text.* .rela.gnu.linkonce.t.*)
 24 |       *(.rela.fini)
 25 |       *(.rela.rodata .rela.rodata.* .rela.gnu.linkonce.r.*)
 26 |       *(.rela.data .rela.data.* .rela.gnu.linkonce.d.*)
 27 |       *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*)
 28 |       *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*)
 29 |       *(.rela.ctors)
 30 |       *(.rela.dtors)
 31 |       *(.rela.got)
 32 |       *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*)
 33 |       *(.rela.ldata .rela.ldata.* .rela.gnu.linkonce.l.*)
 34 |       *(.rela.lbss .rela.lbss.* .rela.gnu.linkonce.lb.*)
 35 |       *(.rela.lrodata .rela.lrodata.* .rela.gnu.linkonce.lr.*)
 36 |       *(.rela.ifunc)
 37 |     }
 38 |   .rela.plt       :
 39 |     {
 40 |       *(.rela.plt)
 41 |       PROVIDE_HIDDEN (__rela_iplt_start = .);
 42 |       *(.rela.iplt)
 43 |       PROVIDE_HIDDEN (__rela_iplt_end = .);
 44 |     }
 45 |   .init           :
 46 |   {
 47 |     KEEP (*(.init))
 48 |   } =0x90909090
 49 |   .plt            : { *(.plt) *(.iplt) }
 50 |   .text           :
 51 |   {
 52 |     *(.text.unlikely .text.*_unlikely)
 53 |     *(.text.exit .text.exit.*)
 54 |     *(.text.startup .text.startup.*)
 55 |     *(.text.hot .text.hot.*)
 56 |     *(.text .stub .text.* .gnu.linkonce.t.*)
 57 |     /* .gnu.warning sections are handled specially by elf32.em.  */
 58 |     *(.gnu.warning)
 59 |   } =0x90909090
 60 |   .fini           :
 61 |   {
 62 |     KEEP (*(.fini))
 63 |   } =0x90909090
 64 |   PROVIDE (__etext = .);
 65 |   PROVIDE (_etext = .);
 66 |   PROVIDE (etext = .);
 67 |   .rodata         : { *(.rodata .rodata.* .gnu.linkonce.r.*) }
 68 |   .rodata1        : { *(.rodata1) }
 69 |   .eh_frame_hdr : { *(.eh_frame_hdr) }
 70 |   .eh_frame       : ONLY_IF_RO { KEEP (*(.eh_frame)) }
 71 |   .gcc_except_table   : ONLY_IF_RO { *(.gcc_except_table
 72 |   .gcc_except_table.*) }
 73 |   /* These sections are generated by the Sun/Oracle C++ compiler.  */
 74 |   .exception_ranges   : ONLY_IF_RO { *(.exception_ranges
 75 |   .exception_ranges*) }
 76 |   /* Adjust the address for the data segment.  We want to adjust up to
 77 |      the same address within the page on the next page up.  */
 78 |   . = ALIGN (CONSTANT (MAXPAGESIZE)) - ((CONSTANT (MAXPAGESIZE) - .) & (CONSTANT (MAXPAGESIZE) - 1)); . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE));
 79 |   /* Exception handling  */
 80 |   .eh_frame       : ONLY_IF_RW { KEEP (*(.eh_frame)) }
 81 |   .gcc_except_table   : ONLY_IF_RW { *(.gcc_except_table .gcc_except_table.*) }
 82 |   .exception_ranges   : ONLY_IF_RW { *(.exception_ranges .exception_ranges*) }
 83 |   /* Thread Local Storage sections  */
 84 |   .tdata	  : { *(.tdata .tdata.* .gnu.linkonce.td.*) }
 85 |   .tbss		  : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
 86 |   .preinit_array     :
 87 |   {
 88 |     PROVIDE_HIDDEN (__preinit_array_start = .);
 89 |     KEEP (*(.preinit_array))
 90 |     PROVIDE_HIDDEN (__preinit_array_end = .);
 91 |   }
 92 |   .init_array     :
 93 |   {
 94 |     PROVIDE_HIDDEN (__init_array_start = .);
 95 |     KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*)))
 96 |     KEEP (*(.init_array))
 97 |     KEEP (*(EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .ctors))
 98 |     PROVIDE_HIDDEN (__init_array_end = .);
 99 |   }
100 |   .fini_array     :
101 |   {
102 |     PROVIDE_HIDDEN (__fini_array_start = .);
103 |     KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*)))
104 |     KEEP (*(.fini_array))
105 |     KEEP (*(EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o ) .dtors))
106 |     PROVIDE_HIDDEN (__fini_array_end = .);
107 |   }
108 |   .ctors          :
109 |   {
110 |     /* gcc uses crtbegin.o to find the start of
111 |        the constructors, so we make sure it is
112 |        first.  Because this is a wildcard, it
113 |        doesn't matter if the user does not
114 |        actually link against crtbegin.o; the
115 |        linker won't look for a file to match a
116 |        wildcard.  The wildcard also means that it
117 |        doesn't matter which directory crtbegin.o
118 |        is in.  */
119 |     KEEP (*crtbegin.o(.ctors))
120 |     KEEP (*crtbegin?.o(.ctors))
121 |     /* We don't want to include the .ctor section from
122 |        the crtend.o file until after the sorted ctors.
123 |        The .ctor section from the crtend file contains the
124 |        end of ctors marker and it must be last */
125 |     KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .ctors))
126 |     KEEP (*(SORT(.ctors.*)))
127 |     KEEP (*(.ctors))
128 |   }
129 |   .dtors          :
130 |   {
131 |     KEEP (*crtbegin.o(.dtors))
132 |     KEEP (*crtbegin?.o(.dtors))
133 |     KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o ) .dtors))
134 |     KEEP (*(SORT(.dtors.*)))
135 |     KEEP (*(.dtors))
136 |   }
137 |   .jcr            : { KEEP (*(.jcr)) }
138 |   .data.rel.ro : { *(.data.rel.ro.local* .gnu.linkonce.d.rel.ro.local.*) *(.data.rel.ro* .gnu.linkonce.d.rel.ro.*) }
139 |   .dynamic        : { *(.dynamic) }
140 |   .got            : { *(.got) *(.igot) }
141 |   . = DATA_SEGMENT_RELRO_END (24, .);
142 |   .got.plt        : { *(.got.plt)  *(.igot.plt) }
143 |   .data           :
144 |   {
145 |     *(.data .data.* .gnu.linkonce.d.*)
146 |     SORT(CONSTRUCTORS)
147 |   }
148 |   .data1          : { *(.data1) }
149 |   _edata = .; PROVIDE (edata = .);
150 |   __bss_start = .;
151 |   .bss            :
152 |   {
153 |    *(.dynbss)
154 |    *(.bss .bss.* .gnu.linkonce.b.*)
155 |    *(COMMON)
156 |    /* Align here to ensure that the .bss section occupies space up to
157 |       _end.  Align after .bss to ensure correct alignment even if the
158 |       .bss section disappears because there are no input sections.
159 |       FIXME: Why do we need it? When there is no .bss section, we don't
160 |       pad the .data section.  */
161 |    . = ALIGN(. != 0 ? 64 / 8 : 1);
162 |   }
163 |   .lbss   :
164 |   {
165 |     *(.dynlbss)
166 |     *(.lbss .lbss.* .gnu.linkonce.lb.*)
167 |     *(LARGE_COMMON)
168 |   }
169 |   . = ALIGN(64 / 8);
170 |   .lrodata   ALIGN(CONSTANT (MAXPAGESIZE)) + (. & (CONSTANT (MAXPAGESIZE) - 1)) :
171 |   {
172 |     *(.lrodata .lrodata.* .gnu.linkonce.lr.*)
173 |   }
174 |   .ldata   ALIGN(CONSTANT (MAXPAGESIZE)) + (. & (CONSTANT (MAXPAGESIZE) - 1)) :
175 |   {
176 |     *(.ldata .ldata.* .gnu.linkonce.l.*)
177 |     . = ALIGN(. != 0 ? 64 / 8 : 1);
178 |   }
179 |   . = ALIGN(64 / 8);
180 |   _end = .; PROVIDE (end = .);
181 |   . = DATA_SEGMENT_END (.);
182 |   /* Stabs debugging sections.  */
183 |   .stab          0 : { *(.stab) }
184 |   .stabstr       0 : { *(.stabstr) }
185 |   .stab.excl     0 : { *(.stab.excl) }
186 |   .stab.exclstr  0 : { *(.stab.exclstr) }
187 |   .stab.index    0 : { *(.stab.index) }
188 |   .stab.indexstr 0 : { *(.stab.indexstr) }
189 |   .comment       0 : { *(.comment) }
190 |   /* DWARF debug sections.
191 |      Symbols in the DWARF debugging sections are relative to the beginning
192 |      of the section so we begin them at 0.  */
193 |   /* DWARF 1 */
194 |   .debug          0 : { *(.debug) }
195 |   .line           0 : { *(.line) }
196 |   /* GNU DWARF 1 extensions */
197 |   .debug_srcinfo  0 : { *(.debug_srcinfo) }
198 |   .debug_sfnames  0 : { *(.debug_sfnames) }
199 |   /* DWARF 1.1 and DWARF 2 */
200 |   .debug_aranges  0 : { *(.debug_aranges) }
201 |   .debug_pubnames 0 : { *(.debug_pubnames) }
202 |   /* DWARF 2 */
203 |   .debug_info     0 : { *(.debug_info .gnu.linkonce.wi.*) }
204 |   .debug_abbrev   0 : { *(.debug_abbrev) }
205 |   .debug_line     0 : { *(.debug_line) }
206 |   .debug_frame    0 : { *(.debug_frame) }
207 |   .debug_str      0 : { *(.debug_str) }
208 |   .debug_loc      0 : { *(.debug_loc) }
209 |   .debug_macinfo  0 : { *(.debug_macinfo) }
210 |   /* SGI/MIPS DWARF 2 extensions */
211 |   .debug_weaknames 0 : { *(.debug_weaknames) }
212 |   .debug_funcnames 0 : { *(.debug_funcnames) }
213 |   .debug_typenames 0 : { *(.debug_typenames) }
214 |   .debug_varnames  0 : { *(.debug_varnames) }
215 |   /* DWARF 3 */
216 |   .debug_pubtypes 0 : { *(.debug_pubtypes) }
217 |   .debug_ranges   0 : { *(.debug_ranges) }
218 |   .gnu.attributes 0 : { KEEP (*(.gnu.attributes)) }
219 |   /DISCARD/ : { *(.note.GNU-stack) *(.gnu_debuglink) *(.gnu.lto_*) }
220 | }
221 | 


--------------------------------------------------------------------------------
/apps/sandbox/sandbox_wrap.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | CMD=`which $1`
4 | shift 1
5 | 
6 | #../../dune_env.sh
7 | ./sandbox /lib64/ld-linux-x86-64.so.2 $CMD $*
8 | 


--------------------------------------------------------------------------------
/apps/sandbox/umm.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * umm.c - Memory management routines for the untrusted process
  3 |  * 
  4 |  * FIXME: Need some sort of balanced tree to determine which address
  5 |  * ranges are free. For now we just use a heuristic approach that
  6 |  * potentially wastes virtual address space, but should still
  7 |  * otherwise be safe.
  8 |  */
  9 | 
 10 | #define _GNU_SOURCE
 11 | 
 12 | #include <stdio.h>
 13 | #include <errno.h>
 14 | #include <sys/mman.h>
 15 | #include <sys/shm.h>
 16 | #include <stdlib.h>
 17 | 
 18 | #include "sandbox.h"
 19 | 
 20 | #define USE_BIG_MEM 0
 21 | 
 22 | 
 23 | // FIXME: these might need to be made thread safe
 24 | static size_t brk_len = 0;
 25 | static size_t mmap_len = 0;
 26 | 
 27 | static inline bool umm_space_left(size_t len)
 28 | {
 29 | 	return (brk_len + mmap_len + len) < APP_MMAP_LEN;
 30 | }
 31 | 
 32 | static inline uintptr_t umm_get_map_pos(void)
 33 | {
 34 | 	return mmap_base + APP_MMAP_BASE_OFF - mmap_len;
 35 | }
 36 | 
 37 | static inline int prot_to_perm(int prot)
 38 | {
 39 | 	int perm = PERM_U;
 40 | 
 41 | 	if (prot & PROT_READ)
 42 | 		perm |= PERM_R;
 43 | 	if (prot & PROT_WRITE)
 44 | 		perm |= PERM_W;
 45 | 	if (prot & PROT_EXEC)
 46 | 		perm |= PERM_X;
 47 | 
 48 | 	return perm;
 49 | }
 50 | 
 51 | static int umm_mmap_anom(void *addr, size_t len, int prot, bool big)
 52 | {
 53 | 	int ret;
 54 | 	void *mem;
 55 | 	int flags = MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS;
 56 | 	int perm = prot_to_perm(prot);
 57 | 
 58 | 	if (big) {
 59 | 		flags |= MAP_HUGETLB;
 60 | 		perm |= PERM_BIG;
 61 | 	}
 62 | 
 63 | 	mem = mmap(addr, len, prot, flags, -1, 0);
 64 | 	if (mem != addr)
 65 | 		return -errno;
 66 | 
 67 | 	ret = dune_vm_map_phys(pgroot, addr, len,
 68 | 			      (void *) dune_va_to_pa(addr),
 69 | 			      perm);
 70 | 	if (ret) {
 71 | 		munmap(addr, len);
 72 | 		return ret;
 73 | 	}
 74 | 
 75 | 	return 0;
 76 | }
 77 | 
 78 | static int umm_mmap_file(void *addr, size_t len, int prot, int flags,
 79 | 			 int fd, off_t offset)
 80 | {
 81 | 	int ret;
 82 | 	void *mem;
 83 | 
 84 | 	mem = mmap(addr, len, prot,
 85 | 		   MAP_FIXED | flags,
 86 | 		   fd, offset);
 87 | 	if (mem != addr)
 88 | 		return -errno;
 89 | 
 90 | 	ret = dune_vm_map_phys(pgroot, addr, len,
 91 | 			      (void *) dune_va_to_pa(addr),
 92 | 			      prot_to_perm(prot));
 93 | 	if (ret) {
 94 | 		munmap(addr, len);
 95 | 		return ret;
 96 | 	}
 97 | 
 98 | 	return 0;
 99 | }
100 | 
101 | unsigned long umm_brk(unsigned long brk)
102 | {
103 | 	size_t len;
104 | 	int ret;
105 | 
106 | 	if (!brk)
107 | 		return mmap_base;
108 | 
109 | 	if (brk < mmap_base)
110 | 		return -EINVAL;
111 | 
112 | 	len = brk - mmap_base;
113 | 
114 | #if USE_BIG_MEM
115 | 	len = BIG_PGADDR(len + BIG_PGSIZE - 1);
116 | #else
117 | 	len = PGADDR(len + PGSIZE - 1);
118 | #endif
119 | 
120 | 	if (!umm_space_left(len))
121 | 		return -ENOMEM;
122 | 
123 | 	if (len == brk_len) {
124 | 		return brk;
125 | 	} else if (len < brk_len) {
126 | //		printf("freeing heap %lx\n", brk_len - len);
127 | 		ret = munmap((void *) (mmap_base + len), brk_len - len);
128 | 		if (ret)
129 | 			return -errno;
130 | 		dune_vm_unmap(pgroot, (void *) (mmap_base + len),
131 | 			      brk_len - len);
132 | 	} else {
133 | 		ret = umm_mmap_anom((void *) (mmap_base + brk_len),
134 | 				    len - brk_len,
135 | 				    PROT_READ | PROT_WRITE, USE_BIG_MEM);
136 | 		if (ret)
137 | 			return ret;
138 | 	}
139 | 
140 | 	brk_len = len;
141 | 	return brk;
142 | }
143 | 
144 | unsigned long umm_map_big(size_t len, int prot)
145 | {
146 | 	int ret;
147 | 	size_t full_len;
148 | 	void *addr;
149 | 
150 | //	printf("setting up a big page mapping of len %lx\n", len);
151 | 
152 | 	full_len = BIG_PGADDR(len + BIG_PGSIZE - 1) +
153 | 		   BIG_PGOFF(umm_get_map_pos());
154 | 	addr = (void *) (umm_get_map_pos() - full_len);
155 | 
156 | 	ret = umm_mmap_anom(addr, len, prot, 1);
157 | 	if (ret)
158 | 		return ret;
159 | 
160 | 	mmap_len += full_len;
161 | 	return (unsigned long) addr;
162 | }
163 | 
164 | unsigned long umm_mmap(void *addr, size_t len, int prot,
165 | 	       int flags, int fd, off_t offset)
166 | {
167 | 	int adjust_mmap_len = 0;
168 | 	int ret;
169 | 
170 | #if USE_BIG_MEM
171 | 	if (len >= BIG_PGSIZE && (flags & MAP_ANONYMOUS) && !addr)
172 | 		return umm_map_big(len, prot);
173 | #endif
174 | 
175 | 	if (!addr) {
176 | 		if (!umm_space_left(len))
177 | 			return -ENOMEM;
178 | 		adjust_mmap_len = 1;
179 | 		addr = (void *) umm_get_map_pos() - PGADDR(len + PGSIZE - 1);	
180 | 	} else if (!mem_ref_is_safe(addr, len))
181 | 		return -EINVAL;
182 | 
183 | 	if (flags & MAP_ANONYMOUS) {
184 | 		ret = umm_mmap_anom(addr, len, prot, 0);
185 | 		if (ret)
186 | 			return ret;
187 | 	} else if (fd > 0) {
188 | 		ret = umm_mmap_file(addr, len, prot, flags, fd, offset);
189 | 		if (ret)
190 | 			return ret;
191 | 	} else
192 | 		return -EINVAL;
193 | 
194 | 	if (adjust_mmap_len)
195 | 		mmap_len +=  PGADDR(len + PGSIZE - 1);
196 | 
197 | 	return (unsigned long) addr;
198 | 	
199 | }
200 | 
201 | int umm_munmap(void *addr, size_t len)
202 | {
203 | 	int ret;
204 | 
205 | 	if (!mem_ref_is_safe(addr, len))
206 | 		return -EACCES;
207 | 
208 | 	ret = munmap(addr, len);
209 | 	if (ret) {
210 | 		printf("hack to unmap big pages %p len %lx\n", addr, len);
211 | 		ret = munmap(addr, BIG_PGADDR(len + BIG_PGSIZE - 1));
212 | 		if (ret)
213 | 			return -errno;
214 | 		dune_vm_unmap(pgroot, addr, BIG_PGADDR(len + BIG_PGSIZE - 1));
215 | 		return 0;
216 | 	}
217 | 
218 | 	dune_vm_unmap(pgroot, addr, len);
219 | 
220 | 	return 0;
221 | 	
222 | }
223 | 
224 | int umm_mprotect(void *addr, size_t len, unsigned long prot)
225 | {
226 | 	int ret;
227 | 
228 | 	if (!mem_ref_is_safe(addr, len))
229 | 		return -EACCES;
230 | 
231 | 	ret = mprotect(addr, len, prot);
232 | 	if (ret)
233 | 		return -errno;
234 | 
235 | 	ret = dune_vm_mprotect(pgroot, addr, len, prot_to_perm(prot));
236 | 	assert(!ret);
237 | 
238 | 	return 0;
239 | }
240 | 
241 | void *umm_shmat(int shmid, void *addr, int shmflg)
242 | {
243 | 	struct shmid_ds shm;
244 | 	unsigned long len;
245 | 	void *mem;
246 | 	int ret;
247 | 	int perm;
248 | 	int prot = PROT_READ;
249 | 	int adjust_mmap_len = 0;
250 | 
251 | 	if (!(shmflg & SHM_RDONLY))
252 | 		prot |= PROT_WRITE;
253 | 
254 | 	perm = prot_to_perm(prot);
255 | 
256 | 	if (shmctl(shmid, IPC_STAT, &shm) == -1)
257 | 		return (void*) -1;
258 | 
259 | 	len = shm.shm_segsz;
260 | 
261 | 	if (!addr) {
262 | 		if (!umm_space_left(len))
263 | 			return (void*) -ENOMEM;
264 | 		adjust_mmap_len = 1;
265 | 		addr = (void *) umm_get_map_pos() - PGADDR(len + PGSIZE - 1);	
266 | 	} else if (!mem_ref_is_safe(addr, len))
267 | 		return (void*) -EINVAL;
268 | 
269 | 	mem = shmat(shmid, addr, shmflg);
270 | 	if (mem != addr)
271 | 		return (void*) (long) -errno;
272 | 
273 | 	ret = dune_vm_map_phys(pgroot, addr, len,
274 | 			      (void *) dune_va_to_pa(addr),
275 | 			      perm);
276 | 	if (ret) {
277 | 		shmdt(addr);
278 | 		return (void*) (long) ret;
279 | 	}
280 | 
281 | 	if (adjust_mmap_len)
282 | 		mmap_len +=  PGADDR(len + PGSIZE - 1);
283 | 
284 | 	return addr;
285 | }
286 | 
287 | void *umm_mremap(void *old_address, size_t old_size, size_t new_size, int flags,
288 | 		 void *new_address)
289 | {
290 | 	int adjust_mmap_len = 0;
291 | 	void *ret;
292 | 
293 | 	if (!mem_ref_is_safe(old_address, old_size))
294 | 		return (void*) -EACCES;
295 | 
296 | 	if (flags & MREMAP_FIXED) {
297 | 		if (!mem_ref_is_safe(new_address, new_size))
298 | 			return (void*) -EACCES;
299 | 	} else {
300 | 		if (!umm_space_left(new_size))
301 | 			return (void*) -ENOMEM;
302 | 		adjust_mmap_len = 1;
303 | 		new_address = (void *) umm_get_map_pos() - PGADDR(new_size + PGSIZE - 1);	
304 | 	}
305 | 
306 | 	/* XXX add support in future */
307 | 	if (!(flags & MREMAP_MAYMOVE))
308 | 		return (void*) -EINVAL;
309 | 
310 | 	flags |= MREMAP_FIXED | MREMAP_MAYMOVE;
311 | 
312 | 	ret = mremap(old_address, old_size, new_size, flags, new_address);
313 | 	if (ret != new_address)
314 | 		return (void*) (long) -errno;
315 | 
316 |         if (adjust_mmap_len)
317 |                 mmap_len +=  PGADDR(new_size + PGSIZE - 1);
318 | 
319 | 	dune_vm_unmap(pgroot, old_address, old_size);
320 | 
321 |         if (dune_vm_map_phys(pgroot, new_address, new_size,
322 |                               (void *) dune_va_to_pa(new_address),
323 |                               prot_to_perm(PROT_READ | PROT_WRITE))) {
324 | 		printf("help me!\n");
325 | 		exit(1);
326 | 	}
327 | 
328 | 	return ret;
329 | }
330 | 
331 | int umm_alloc_stack(uintptr_t *stack_top)
332 | {
333 | 	int ret;
334 | 	uintptr_t base = umm_get_map_pos();
335 | 
336 | 	if (!umm_space_left(APP_STACK_SIZE))
337 | 		return -ENOMEM;
338 | 
339 | 	// Make sure the last page is left unmapped so hopefully
340 | 	// we can at least catch most common stack overruns.
341 | 	// If not, the untrusted code is only harming itself.
342 | 	ret = umm_mmap_anom((void *) (PGADDR(base) -
343 | 			    APP_STACK_SIZE + PGSIZE),
344 | 			    APP_STACK_SIZE - PGSIZE,
345 | 			    PROT_READ | PROT_WRITE, 0);
346 | 	if (ret)
347 | 		return ret;
348 | 
349 | 	mmap_len += APP_STACK_SIZE + PGOFF(base);
350 | 	*stack_top = PGADDR(base);
351 | 	return 0;
352 | }
353 | 


--------------------------------------------------------------------------------
/apps/ufirewall/Makefile:
--------------------------------------------------------------------------------
 1 | CC      = gcc
 2 | LD	= ld
 3 | RANLIB	= ranlib
 4 | CFLAGS  = -Wall -O2 -MD -I ../../ -I ../sandbox
 5 | LDFLAGS = -O2 -L ../sandbox -L ../../libdune -lsandbox -ldune -lpthread -T ../sandbox/sandbox.ld
 6 | OBJ     = firewall.o
 7 | 
 8 | ufirewall: firewall.o ../sandbox/libsandbox.a ../../libdune/libdune.a
 9 | 	$(CC) -o $(@) $(<) $(LDFLAGS)
10 | 
11 | clean:
12 | 	rm -f *.o test *.d ufirewall
13 | 
14 | -include *.d
15 | 


--------------------------------------------------------------------------------
/apps/ufirewall/firewall.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Userspace firewall rule parser and processor.
  3 |  */
  4 | 
  5 | #include <assert.h>
  6 | #include <stdio.h>
  7 | #include <string.h>
  8 | #include <stdlib.h>
  9 | #include <stdint.h>
 10 | #include <stdbool.h>
 11 | 
 12 | #include <errno.h>
 13 | #include <unistd.h>
 14 | #include <sys/syscall.h>
 15 | #include <sys/queue.h>
 16 | 
 17 | #include <sys/socket.h>
 18 | #include <netinet/in.h>
 19 | #include <arpa/inet.h>
 20 | 
 21 | #include <sandbox.h>
 22 | #include <boxer.h>
 23 | 
 24 | #include "firewall.h"
 25 | 
 26 | #define FW_TYPE_BIND_ALLOW	1
 27 | #define FW_TYPE_CONNECT_ALLOW	2
 28 | #define FW_TYPE_CONNECT_DENY	3
 29 | 
 30 | #define FW_PORT_ANY		0
 31 | #define FW_IP_ANY		0
 32 | #define FW_MASK_SINGLE		0xffffffff
 33 | 
 34 | struct fw_rule;
 35 | typedef SLIST_ENTRY(fw_rule) fw_entry_t;
 36 | 
 37 | struct fw_rule {
 38 | 	fw_entry_t	link;
 39 | 	int 		type;	// Rule type
 40 | 	uint16_t	port;	// Port number
 41 | 	uint32_t	ip;	// IPv4 address
 42 | 	uint32_t	mask;	// IPv4 netmask
 43 | };
 44 | 
 45 | SLIST_HEAD(rules_head, fw_rule);
 46 | 
 47 | static struct rules_head rules;
 48 | 
 49 | #define STR_COMMENT		"#"
 50 | #define STR_ALLOW_BIND		"allow bind"
 51 | #define STR_ALLOW_CONNECT	"allow connect"
 52 | #define STR_DENY_CONNECT	"deny connect"
 53 | 
 54 | static int firewall_parse(const char *fwrules)
 55 | {
 56 | 	FILE *f = NULL;
 57 | 	char port[8];
 58 | 	char ip[20];
 59 | 	char mask[20];
 60 | 	struct in_addr inp;
 61 | 
 62 | 	f = fopen(fwrules, "r+");
 63 | 	if (f == NULL) {
 64 | 		printf("Cannot open '%s'\n", fwrules);
 65 | 		return -1;
 66 | 	}
 67 | 
 68 | 	printf("--- Begin Firewall Rules ---\n");
 69 | 	while (1) {
 70 | 		struct fw_rule *r;
 71 | 		char *str;
 72 | 		char buf[100];
 73 | 
 74 | 		if (feof(f))
 75 | 			return 0;
 76 | 
 77 | 		r = (struct fw_rule *)malloc(sizeof(struct fw_rule));
 78 | 		str = fgets(buf, 100, f);
 79 | 		if (str == NULL)
 80 | 			goto done;
 81 | 
 82 | 		if (!strncmp(STR_COMMENT, str, strlen(STR_COMMENT))) {
 83 | 			// Comment
 84 | 			free(r);
 85 | 			continue;
 86 | 		} else if (!strcmp("\n", str)) {
 87 | 			// Blank line
 88 | 			free(r);
 89 | 			continue;
 90 | 		} else if (!strncmp(STR_ALLOW_BIND, str, strlen(STR_ALLOW_BIND))) {
 91 | 			sscanf(str, STR_ALLOW_BIND " %s", port);
 92 | 			r->type = FW_TYPE_BIND_ALLOW;
 93 | 			if (strcmp(port, "*") == 0)
 94 | 				r->port = FW_PORT_ANY;
 95 | 			else
 96 | 				r->port = atoi(port);
 97 | 			printf(STR_ALLOW_BIND " %d\n", r->port);
 98 | 		} else if (!strncmp(STR_ALLOW_CONNECT, str, strlen(STR_ALLOW_CONNECT))) {
 99 | 			sscanf(str, STR_ALLOW_CONNECT " %s %s %s", port, ip, mask);
100 | 			r->type = FW_TYPE_CONNECT_ALLOW;
101 | 			if (strcmp(port, "*") == 0)
102 | 				r->port = FW_PORT_ANY;
103 | 			else
104 | 				r->port = atoi(port);
105 | 			if (inet_aton(ip, &inp) < 0) {
106 | 				printf("Failed to parse ip address!\n");
107 | 				free(r);
108 | 				return -1;
109 | 			}
110 | 			r->ip = inp.s_addr;
111 | 			if (inet_aton(mask, &inp) < 0) {
112 | 				printf("Failed to parse ip mask!\n");
113 | 				free(r);
114 | 				return -1;
115 | 			}
116 | 			r->mask = inp.s_addr;
117 | 			printf(STR_ALLOW_CONNECT " %d %s %s\n", r->port, ip, mask);
118 | 		} else if (!strncmp(STR_DENY_CONNECT, str, strlen(STR_DENY_CONNECT))) {
119 | 			sscanf(str, STR_DENY_CONNECT " %s %s %s", port, ip, mask);
120 | 			r->type = FW_TYPE_CONNECT_DENY;
121 | 			if (strcmp(port, "*") == 0)
122 | 				r->port = FW_PORT_ANY;
123 | 			else
124 | 				r->port = atoi(port);
125 | 			if (inet_aton(ip, &inp) < 0) {
126 | 				printf("Failed to parse ip address!\n");
127 | 				free(r);
128 | 				return -1;
129 | 			}
130 | 			r->ip = inp.s_addr;
131 | 			if (inet_aton(mask, &inp) < 0) {
132 | 				printf("Failed to parse ip mask!\n");
133 | 				free(r);
134 | 				return -1;
135 | 			}
136 | 			r->mask = inp.s_addr;
137 | 			printf(STR_DENY_CONNECT " %d %s %s\n", r->port, ip, mask);
138 | 		} else {
139 | 			// Unknown!
140 | 			printf("Unknown rule:\n%s\n", str);
141 | 			return -1;
142 | 		}
143 | 
144 | 		SLIST_INSERT_HEAD(&rules, r, link);
145 | 	}
146 | 
147 | done:
148 | 	printf("--- End Firewall Rules ---\n");
149 | 
150 | 	return 0;
151 | }
152 | 
153 | bool firewall_check_bind(uint16_t port)
154 | {
155 | 	struct fw_rule *p;
156 | 
157 | 	for (p = rules.slh_first; p != NULL; p = p->link.sle_next)
158 | 	{
159 | 		if (p->type == FW_TYPE_BIND_ALLOW) {
160 | 			if (p->port == FW_PORT_ANY)
161 | 				return true;
162 | 			if (p->port == port)
163 | 				return true;
164 | 		}
165 | 	}
166 | 
167 | 	return false;
168 | }
169 | 
170 | bool firewall_check_connect(uint16_t port, uint32_t ip)
171 | {
172 | 	struct fw_rule *p;
173 | 
174 | 	for (p = rules.slh_first; p != NULL; p = p->link.sle_next)
175 | 	{
176 | 		if (p->type == FW_TYPE_CONNECT_ALLOW) {
177 | 			if ((ip & p->ip) == (ip & p->mask)) {
178 | 				if (p->port == FW_PORT_ANY)
179 | 					return true;
180 | 				if (p->port == port)
181 | 					return true;
182 | 			}
183 | 		}
184 | 		if (p->type == FW_TYPE_CONNECT_DENY) {
185 | 			if ((ip & p->ip) == (ip & p->mask)) {
186 | 				if (p->port == FW_PORT_ANY)
187 | 					return false;
188 | 				if (p->port == port)
189 | 					return false;
190 | 			}
191 | 		}
192 | 	}
193 | 
194 | 	return false;
195 | }
196 | 
197 | int firewall_init(void)
198 | {
199 | 	SLIST_INIT(&rules);
200 | 
201 | 	printf("parsing 'ufw.rules'\n");
202 | 	if (firewall_parse("ufw.rules") < 0) {
203 | 		return -1;
204 | 	}
205 | 
206 | 	return 0;
207 | }
208 | 
209 | static int check_bind(int sock, const struct sockaddr *addr, socklen_t len)
210 | {
211 | 	const struct sockaddr_in *a = (const struct sockaddr_in *)addr;
212 | 
213 |         // Only support IPv4
214 | 	if (len == sizeof(*a) && a->sin_family == AF_INET) {
215 | 		if (!firewall_check_bind(ntohs(a->sin_port)))
216 | 			return 0;
217 | 	}
218 | 
219 |         return 1;
220 | }
221 | 
222 | static int check_connect(int sock, const struct sockaddr *addr, socklen_t len)
223 | {
224 | 	const struct sockaddr_in *a = (const struct sockaddr_in *)addr;
225 | 
226 |         // Only support IPv4
227 | 	if (len == sizeof(*a) && a->sin_family == AF_INET) {
228 | 		if (!firewall_check_connect(ntohs(a->sin_port),
229 | 					    a->sin_addr.s_addr))
230 | 		{
231 | 			return 0;
232 | 		}
233 | 	}
234 | 
235 | 	return 1;
236 | }
237 | 
238 | static int syscall_monitor(struct dune_tf *tf)
239 | {
240 | 	switch (tf->rax) {
241 | 	case __NR_bind:
242 |         {
243 | 		int status = check_bind((int) ARG0(tf),
244 | 				        (const struct sockaddr *) ARG1(tf),
245 | 				        (socklen_t) ARG2(tf));
246 |                 if (!status)
247 |                     tf->rax = -EPERM;
248 |                 return status;
249 |         }
250 | 	case __NR_connect:
251 |         {
252 | 		int status = check_connect((int) ARG0(tf),
253 | 				           (const struct sockaddr *) ARG1(tf),
254 | 				           (socklen_t) ARG2(tf));
255 |                 if (!status)
256 |                     tf->rax = -EPERM;
257 |                 return status;
258 |         }
259 | 	default:
260 | 		return 1;
261 | 	}
262 | }
263 | 
264 | int main(int argc, char *argv[])
265 | {
266 | 	if (firewall_init() != 0) {
267 | 		printf("Cannot parse firewall rules exiting...\n");
268 | 		return 1;
269 | 	}
270 | 	boxer_register_syscall_monitor(syscall_monitor);
271 | 	return boxer_main(argc, argv);
272 | }
273 | 
274 | 


--------------------------------------------------------------------------------
/apps/ufirewall/firewall.h:
--------------------------------------------------------------------------------
1 | /*
2 |  * Userlevel firewall API
3 |  */
4 | 
5 | int firewall_init(void);
6 | bool firewall_check_connect(uint16_t port, uint32_t ip);
7 | bool firewall_check_bind(uint16_t port);
8 | 
9 | 


--------------------------------------------------------------------------------
/apps/ufirewall/firewall_test.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <errno.h>
  3 | #include <string.h>
  4 | 
  5 | #include <stdint.h>
  6 | 
  7 | #include <sys/socket.h>
  8 | #include <netinet/in.h>
  9 | 
 10 | int test_bind(uint16_t port)
 11 | {
 12 | 	int fd;
 13 | 	socklen_t len;
 14 | 	struct sockaddr_in saddr;
 15 | 
 16 | 	fd = socket(AF_INET, SOCK_STREAM, 0);
 17 | 	if (fd < 0) {
 18 | 		perror("socket: ");
 19 | 		return -1;
 20 | 	}
 21 | 
 22 | 	bzero(&saddr, sizeof(saddr));
 23 | 	saddr.sin_family = AF_INET;
 24 | 	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
 25 | 	saddr.sin_port = htons(port);
 26 | 	len = sizeof(saddr);
 27 | 
 28 | 	if (bind(fd, (struct sockaddr *)&saddr, len) < 0) {
 29 | 		close(fd);
 30 | 		return -1;
 31 | 	}
 32 | 
 33 | 	close(fd);
 34 | 	return 0;
 35 | }
 36 | 
 37 | int test_connect(const char *ip, uint16_t port)
 38 | {
 39 | 	int fd;
 40 | 	socklen_t len;
 41 | 	struct sockaddr_in caddr;
 42 | 
 43 | 	fd = socket(AF_INET, SOCK_STREAM, 0);
 44 | 	if (fd < 0) {
 45 | 		perror("socket: ");
 46 | 		return -1;
 47 | 	}
 48 | 
 49 | 	bzero(&caddr, sizeof(caddr));
 50 | 	caddr.sin_family = AF_INET;
 51 | 	inet_pton(AF_INET, ip, &caddr.sin_addr);
 52 | 	caddr.sin_port = htons(port);
 53 | 	len = sizeof(caddr);
 54 | 
 55 | 	if (connect(fd, (struct sockaddr *)&caddr, len) < 0) {
 56 | 		close(fd);
 57 | 		return -1;
 58 | 	}
 59 | 
 60 | 	close(fd);
 61 | 	return 0;
 62 | }
 63 | 
 64 | int main(int argc, char *argv[])
 65 | {
 66 | 	printf("Userlevel Firewall Test Application!\n");
 67 | 
 68 | 	printf("bind to port 1234: ");
 69 | 	if (test_bind(1234) < 0) {
 70 | 		printf("failed!\n");
 71 | 		perror("cause");
 72 | 		return 1;
 73 | 	}
 74 | 	printf("succeeded\n");
 75 | 
 76 | 	printf("bind to port 4321 (expect failure): ");
 77 | 	if (test_bind(4321) == 0) {
 78 | 		printf("succeeded!\n");
 79 | 		return 1;
 80 | 	}
 81 | 	printf("failed\n");
 82 | 
 83 | 	printf("connect to www.scs.stanford.edu(171.66.3.9):80: ");
 84 | 	if (test_connect("171.66.3.9", 80) < 0) {
 85 | 		printf("failed!\n");
 86 | 		perror("cause");
 87 | 		return 1;
 88 | 	}
 89 | 	printf("succeeded\n");
 90 | 
 91 | 	printf("connect to market.scs.stanford.edu(171.66.3.10):22: ");
 92 | 	if (test_connect("171.66.3.10", 22) == 0) {
 93 | 		printf("succeeded!\n");
 94 | 		return 1;
 95 | 	}
 96 | 	printf("failed\n");
 97 | 
 98 | 	printf("all tests passed!\n");
 99 | 
100 | 	return 0;
101 | }
102 | 


--------------------------------------------------------------------------------
/apps/ufirewall/ufw.rules:
--------------------------------------------------------------------------------
1 | allow bind 1234
2 | allow connect * 171.0.0.0 255.0.0.0
3 | deny connect 22 0.0.0.0 0.0.0.0
4 | 
5 | # default rules:
6 | #
7 | # deny bind *
8 | # deny connect * *
9 | 


--------------------------------------------------------------------------------
/apps/wedge/Makefile:
--------------------------------------------------------------------------------
 1 | LIBDUNE	= ../../libdune
 2 | CFLAGS	= -Wall -g -MD -I$(LIBDUNE) -fomit-frame-pointer
 3 | RANLIB	= ranlib
 4 | LIBS	= -lsthread -ldune -lpthread
 5 | 
 6 | all: libsthread.a test bench httpd
 7 | 
 8 | libsthread.a: sthread.o
 9 | 	$(AR) cru $(@) $(<)
10 | 	$(RANLIB) $(@)
11 | 
12 | test: test.o libsthread.a
13 | 	$(CC) $(CFLAGS) -o $(@) $(<) -L. -L$(LIBDUNE) $(LIBS)
14 | 
15 | bench: bench.o libsthread.a
16 | 	$(CC) $(CFLAGS) -o $(@) $(<) -L. -L$(LIBDUNE) $(LIBS)
17 | 
18 | httpd: httpd.o libsthread.a
19 | 	$(CC) $(CFLAGS) -o $(@) $(<) -L. -L$(LIBDUNE) $(LIBS)
20 | 
21 | clean:
22 | 	rm -f *.o *.d test libsthread.a bench httpd
23 | 
24 | -include *.d
25 | 


--------------------------------------------------------------------------------
/apps/wedge/bench.c:
--------------------------------------------------------------------------------
  1 | #include <sys/types.h>
  2 | #include <sys/wait.h>
  3 | #include <sys/time.h>
  4 | #include <stdio.h>
  5 | #include <unistd.h>
  6 | #include <stdlib.h>
  7 | #include <pthread.h>
  8 | #include <err.h>
  9 | #include <sys/syscall.h>
 10 | #include <sys/socket.h>
 11 | #include <netinet/in.h>
 12 | #include <string.h>
 13 | #include <arpa/inet.h>
 14 | #include <sys/mman.h>
 15 | 
 16 | #include <dune.h>
 17 | #include "sthread.h"
 18 | 
 19 | #define NR_REP	100
 20 | 
 21 | typedef void (*cb_t)(void);
 22 | 
 23 | static int _use_vmcall_gettimeofday;
 24 | 
 25 | static unsigned char *_crap;
 26 | static unsigned char *_crap2;
 27 | static unsigned char *_crappy;
 28 | static ptent_t *_pg1, *_pg2;
 29 | static int _pages;
 30 | 
 31 | static int usm_gettimeofday(struct timeval *tp, void *tzp)
 32 | {       
 33 |         int ret;
 34 |        
 35 | 	if (!_use_vmcall_gettimeofday)
 36 | 		return gettimeofday(tp, tzp);
 37 |  
 38 |         asm("vmcall\n" : "=a" (ret)
 39 |                        : "a" (SYS_gettimeofday), "D" (tp), "S" (tzp));
 40 | 
 41 |         return ret;
 42 | }
 43 | 
 44 | static int benchmark_latency(cb_t cb)
 45 | {       
 46 |         int i;
 47 |         struct timeval a, b;
 48 |         unsigned long t;
 49 |         unsigned long avg = 0;
 50 |         int num = 0;
 51 | 	int av;
 52 |             
 53 |         for (i = 0; i < 10; i++) {
 54 | 		usm_gettimeofday(&a, NULL);
 55 |                 cb();
 56 | 		usm_gettimeofday(&b, NULL);
 57 |                 
 58 |                 t = b.tv_sec - a.tv_sec;
 59 |                 
 60 |                 if (t == 0)
 61 |                         t = b.tv_usec - a.tv_usec;
 62 |                 else {                                                                                        
 63 |                         t--;                                                                                  
 64 |                                                                                                               
 65 |                         t *= 1000 * 1000;
 66 | 
 67 |                         t += b.tv_usec;
 68 |                         t += 1000 * 1000 - a.tv_usec;
 69 |                 }
 70 | 
 71 |                 printf("Elapsed %luus\n", t);
 72 | 
 73 |                 if (i > 4) {
 74 |                         avg += t;
 75 |                         num++;
 76 |                 }
 77 |         }
 78 | 
 79 | 	/* XXX roundf */
 80 | 	av = (int) ((double) avg / (double) num);
 81 | 
 82 |         printf("Avg %d (%d samples)\n", av, num);
 83 | 
 84 | 	return av;
 85 | }
 86 | 
 87 | static void *thread(void* a)
 88 | {
 89 | //	printf("In thread\n");
 90 | 
 91 | 	return NULL;
 92 | }
 93 | 
 94 | static void fork_bench(void)
 95 | {
 96 | 	int pid;
 97 | 
 98 | 	pid = fork();
 99 | 	if (pid == -1)
100 | 		err(1, "fork()");
101 | 
102 | 	if (pid == 0) {
103 | 		thread(NULL);
104 | 		exit(0);
105 | 	} else {
106 | 		wait(NULL);
107 | 	}
108 | }
109 | 
110 | static void pthread_bench(void)
111 | {
112 | 	pthread_t pt;
113 | 
114 | 	if (pthread_create(&pt, NULL, thread, NULL) != 0)
115 | 		err(1, "pthread_create()");
116 | 
117 | 	if (pthread_join(pt, NULL) != 0)
118 | 		err(1, "pthread_join()");
119 | }
120 | 
121 | static void sthread_bench(void)
122 | {
123 | 	sthread_t st;
124 | 	sc_t sc;
125 | 
126 | 	sc_init(&sc);
127 | 
128 | 	if (sthread_create(&st, &sc, thread, NULL) != 0)
129 | 		err(1, "sthread_create()");
130 | 
131 | 	if (sthread_join(st, NULL) != 0)
132 | 		err(1, "sthread_join()");
133 | }
134 | 
135 | static void http_bench(void)
136 | {
137 | 	int s;
138 | 	struct sockaddr_in s_in;
139 | 	char buf[1024];
140 | 	char *ip = getenv("BENCH_IP");
141 | 
142 | 	if ((s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
143 | 		err(1, "socket()");
144 | 
145 | 	memset(&s_in, 0, sizeof(s_in));
146 | 	s_in.sin_family      = PF_INET;
147 | 	s_in.sin_port        = htons(80);
148 | 	s_in.sin_addr.s_addr = inet_addr(ip ? ip : "127.0.0.1");
149 | 
150 | 	if (connect(s, (struct sockaddr*) &s_in, sizeof(s_in)) == -1)
151 | 		err(1, "connect()");
152 | 
153 | 	snprintf(buf, sizeof(buf), "GET / HTTP/1.0\r\n\r\n");
154 | 
155 | 	if (write(s, buf, strlen(buf)) != strlen(buf))
156 | 		err(1, "write()");
157 | 
158 | 	if (read(s, buf, sizeof(buf)) <= 0)
159 | 		err(1, "read()");
160 | 
161 | 	close(s);
162 | }
163 | 
164 | static void bench_http(void)
165 | {
166 | 	benchmark_latency(http_bench);
167 | }
168 | 
169 | static void bench_sthreads(void)
170 | {
171 | 	int pid = fork();
172 | 
173 | 	if (pid == 0) {
174 | 		printf("fork\n");
175 | 		benchmark_latency(fork_bench);
176 | 
177 | 		printf("pthread\n");
178 | 		benchmark_latency(pthread_bench);
179 | 		exit(0);
180 | 	} else
181 | 		wait(NULL);
182 | 
183 | 	printf("sthread\n");
184 | 	_use_vmcall_gettimeofday = 1;
185 | 
186 | 	if (sthread_init() == -1)
187 | 		err(1, "sthread_init()");
188 | 
189 | 	benchmark_latency(sthread_bench);
190 | }
191 | 
192 | static void set_assert(unsigned char *crap, unsigned char old, unsigned char new)
193 | {
194 | //	printf("Crap [%p] is %u want %u setting %u\n", crap, *crap, old, new);
195 | 
196 | 	assert(*crap == old);
197 | 
198 | 	*crap = new;
199 | }
200 | 
201 | static int setup_mem_cb(const void *arg, ptent_t *pte, void *va)
202 | {
203 | 	printf("PTE %lx addr %lx\n", *pte, PTE_ADDR(*pte));
204 | 
205 | 	*pte = (PTE_ADDR(*pte) + 4096) | PTE_P | PTE_W | PTE_U;
206 | 
207 | 	printf("PTE now %lx\n", *pte);
208 | 
209 | 	return 0;
210 | }
211 | 
212 | static void setup_mem(void)
213 | {
214 | 	_pg1 = pgroot; 
215 | 
216 | 	_pg2 = dune_vm_clone(_pg1);
217 | 
218 | 	dune_vm_page_walk(_pg1, _crap, _crap, setup_mem_cb, NULL);
219 | 
220 | }
221 | 
222 | static void no_switch(void)
223 | {
224 | 	int i;
225 | 
226 | 	for (i = 0; i < NR_REP; i++) {
227 | 		*_crap = 0;
228 | 
229 | 		set_assert(_crap, 0, 1);
230 | 		set_assert(_crap, 1, 2);
231 | 
232 | 		set_assert(_crap, 2, 3);
233 | 		set_assert(_crap, 3, 4);
234 | 
235 | 		set_assert(_crap, 4, 5);
236 | 		set_assert(_crap, 5, 6);
237 | 	}
238 | }
239 | 
240 | static void with_switch(void)
241 | {
242 | 	int i;
243 | 
244 | 	for (i = 0; i < NR_REP; i++) {
245 | 		load_cr3((unsigned long) _pg2);
246 | 		*_crap2 = 0;
247 | 		set_assert(_crap2, 0, 1);
248 | 		set_assert(_crap2, 1, 2);
249 | 
250 | 		load_cr3((unsigned long) _pg1);
251 | 		set_assert(_crap, 2, 3);
252 | 		set_assert(_crap, 3, 4);
253 | 
254 | 		load_cr3((unsigned long) _pg2);
255 | 		set_assert(_crap2, 4, 5);
256 | 		set_assert(_crap2, 5, 6);
257 | 	}
258 | }
259 | 
260 | static void with_switch_no_flush(void)
261 | {
262 | 	int i;
263 | 
264 | 	for (i = 0; i < NR_REP; i++) {
265 | 		load_cr3((unsigned long) _pg2 | 1UL | CR3_NOFLUSH);
266 | 		*_crap2 = 0;
267 | 		set_assert(_crap2, 0, 1);
268 | 		set_assert(_crap2, 1, 2);
269 | 
270 | 		load_cr3((unsigned long) _pg1 | 0UL | CR3_NOFLUSH);
271 | 		set_assert(_crap, 2, 3);
272 | 		set_assert(_crap, 3, 4);
273 | 
274 | 		load_cr3((unsigned long) _pg2 | 1UL | CR3_NOFLUSH);
275 | 		set_assert(_crap2, 4, 5);
276 | 		set_assert(_crap2, 5, 6);
277 | 	}
278 | }
279 | 
280 | static void ctx_switch(void)
281 | {
282 | 	load_cr3((unsigned long) _pg2);
283 | 	set_assert(_crap2, 0, 1);
284 | 	set_assert(_crap2, 1, 2);
285 | 
286 | 	load_cr3((unsigned long) _pg1);
287 | 	set_assert(_crap, 2, 3);
288 | 	set_assert(_crap, 3, 4);
289 | 
290 | 	load_cr3((unsigned long) _pg2);
291 | 	set_assert(_crap2, 4, 5);
292 | 	set_assert(_crap2, 5, 6);
293 | }
294 | 
295 | static void syscall_handler(struct dune_tf *tf)
296 | {
297 |         int syscall_num = (int) tf->rax;
298 | 
299 | 	printf("Got syscall %d\n", syscall_num);
300 | 
301 | 	dune_passthrough_syscall(tf);
302 | }
303 | 
304 | static void do_pages(int p)
305 | {
306 | 	int i, j;
307 | 
308 | 	for (i = 0; i < NR_REP; i++) {
309 | 		if (p == 0) {
310 | 		} else if (p == 1) {
311 | 			load_cr3((unsigned long) _pg2);
312 | 		} else
313 | 			load_cr3((unsigned long) _pg2 | 1UL | CR3_NOFLUSH);
314 | 
315 | 		for (j = 0; j < _pages; j++)
316 | 			_crappy[j * 4096] = 0x69;
317 | 
318 | 		if (p == 0) {
319 | 		} else if (p == 1) {
320 | 			load_cr3((unsigned long) _pg1);
321 | 		} else
322 | 			load_cr3((unsigned long) _pg1 | 0UL | CR3_NOFLUSH);
323 | 
324 | 		for (j = 0; j < _pages; j++)
325 | 			_crappy[j * 4096] = 0x69;
326 | 	}
327 | }
328 | 
329 | static void no_switch_pages(void)
330 | {
331 | 	do_pages(0);
332 | }
333 | 
334 | static void switch_pages(void)
335 | {
336 | 	do_pages(1);
337 | }
338 | 
339 | static void no_flush_switch_pages(void)
340 | {
341 | 	do_pages(2);
342 | }
343 | 
344 | static void pwn_pages(int pages)
345 | {
346 | 	int a[3];
347 | 
348 | 	printf("Alright kids - pwning %d pages\n", pages);
349 | 
350 | 	_pages = pages;
351 | 
352 | 	_crappy = mmap(NULL, 4096 * pages, PROT_READ | PROT_WRITE,
353 | 		       MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
354 | 	if (_crappy == MAP_FAILED)
355 | 		err(1, "mmap()");
356 | 
357 | 	memset(_crappy, 0, 4096 * pages);
358 | 
359 | 	a[0] = benchmark_latency(no_switch_pages);
360 | 	a[1] = benchmark_latency(switch_pages);
361 | 	a[2] = benchmark_latency(no_flush_switch_pages);
362 | 
363 | 	printf("\n=============\n");
364 | 	printf("result %d %d %d %d\n", pages, a[0], a[1], a[2]);
365 | }
366 | 
367 | static void bench_switch(int pages, int pages_end)
368 | {
369 | 	printf("w00t\n");
370 | 
371 | 	_crap = mmap(NULL, 4096 * 2, PROT_READ | PROT_WRITE,
372 | 		     MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
373 | 
374 | 	if (_crap == MAP_FAILED)
375 | 		err(1, "mmap()");
376 | 
377 | 	_crap2 = _crap + 4096;
378 | 
379 | 	printf("Crap %p crap2 %p\n", _crap, _crap2);
380 | 
381 | 	if (dune_init_and_enter())
382 | 		errx(1, "dune_init_and_enter()");
383 | 
384 | 	_use_vmcall_gettimeofday = 1;
385 | 
386 |         dune_register_syscall_handler(syscall_handler);
387 | 
388 | 	setup_mem();
389 | 
390 | 	ctx_switch();
391 | 
392 | 	printf("still alive\n");
393 | 
394 | 	printf("No switch\n");
395 | 	benchmark_latency(no_switch);
396 | 
397 | 	printf("With switch\n");
398 | 	benchmark_latency(with_switch);
399 | 
400 | 	printf("With switch no flush\n");
401 | 	benchmark_latency(with_switch_no_flush);
402 | 
403 | 	if (pages) {
404 | 		if (!pages_end)
405 | 			pages_end = pages;
406 | 
407 | 		for (; pages <= pages_end; pages++)
408 | 			pwn_pages(pages);
409 | 	}
410 | 
411 | 	printf("Still ballin\n");
412 | }
413 | 
414 | int main(int argc, char *argv[])
415 | {
416 | 	int bench = 0;
417 | 
418 | 	printf("w00t\n");
419 | 
420 | 	if (argc > 1)
421 | 		bench = atoi(argv[1]);
422 | 
423 | 	switch (bench) {
424 | 	case 0:
425 | 		bench_sthreads();
426 | 		break;
427 | 
428 | 	case 1:
429 | 		bench_http();
430 | 		break;
431 | 
432 | 	case 2:
433 | 		bench_switch(atoi(argv[2]), atoi(argv[3]));
434 | 		break;
435 | 	}
436 | 
437 | 	printf("all done\n");
438 | 
439 | 	exit(0);
440 | }
441 | 


--------------------------------------------------------------------------------
/apps/wedge/httpd.c:
--------------------------------------------------------------------------------
  1 | #include <sys/types.h>
  2 | #include <sys/socket.h>
  3 | #include <netinet/in.h>
  4 | #include <stdio.h>
  5 | #include <unistd.h>
  6 | #include <stdlib.h>
  7 | #include <err.h>
  8 | #include <string.h>
  9 | #include <fcntl.h>
 10 | #include <pthread.h>
 11 | #include <sys/wait.h>
 12 | #include <sys/mman.h>
 13 | #include <sys/syscall.h>
 14 | 
 15 | #include "sthread.h"
 16 | 
 17 | static int _imp;
 18 | 
 19 | static void do_handle_dude(int s)
 20 | {
 21 | 	char buf[4096];
 22 | 	int rc;
 23 | 	char *p;
 24 | 	int fd;
 25 | 
 26 | 	rc = read(s, buf, sizeof(buf) - 1);
 27 | 	if (rc <= 0)
 28 | 		return;
 29 | 
 30 | 	buf[rc] = 0;
 31 | 
 32 | 	p = strchr(buf, '\r');
 33 | 	if (p)
 34 | 		*p = 0;
 35 | 
 36 | 	p = strchr(buf, '\n');
 37 | 	if (p)
 38 | 		*p = 0;
 39 | 
 40 | 	if (strncmp(buf, "GET / HTTP/", 11) != 0)
 41 | 		return;
 42 | 
 43 | 	snprintf(buf, sizeof(buf),
 44 | 		 "HTTP/1.0 200 OK\nContent-Type: text/html\n\n");
 45 | 
 46 | 	if (write(s, buf, strlen(buf)) != strlen(buf))
 47 | 		return;
 48 | 
 49 | 	fd = open("index.html", O_RDONLY);
 50 | 	if (fd == -1)
 51 | 		return;
 52 | 
 53 | 	while ((rc = read(fd, buf, sizeof(buf))) > 0) {
 54 | 		if (write(s, buf, rc) != rc) {
 55 | 			close(fd);
 56 | 			return;
 57 | 		}
 58 | 	}
 59 | 
 60 | 	close(fd);
 61 | 	return;
 62 | }
 63 | 
 64 | static void *pthread(void *arg)
 65 | {
 66 | 	int s = (long) arg;
 67 | 
 68 | 	do_handle_dude(s);
 69 | 
 70 | 	return NULL;
 71 | }
 72 | 
 73 | static void handle_dude(int s)
 74 | {
 75 | 	pthread_t pt;
 76 | 	sthread_t st;
 77 | 	sc_t sc;
 78 | 
 79 | //	printf("Got connection\n");
 80 | 
 81 | 	switch (_imp) {
 82 | 	case 0:
 83 | 		do_handle_dude(s);
 84 | 		break;
 85 | 
 86 | 	case 1:
 87 | 		if (pthread_create(&pt, NULL, pthread, (void*) (long) s))
 88 | 			err(1, "pthread_create()");
 89 | 
 90 | 		if (pthread_join(pt, NULL))
 91 | 			err(1, "pthread_join()");
 92 | 		break;
 93 | 
 94 | 	case 2:
 95 | 		if (fork() == 0) {
 96 | 			do_handle_dude(s);
 97 | 			exit(0);
 98 | 		} else
 99 | 			wait(NULL);
100 | 		break;
101 | 
102 | 	case 3:
103 | 		sc_init(&sc);
104 | 		sc_fd_add(&sc, s, PROT_READ | PROT_WRITE);
105 | 		sc_sys_add(&sc, SYS_open);
106 | 		sc_sys_add(&sc, SYS_close);
107 | 
108 | 		if (sthread_create(&st, &sc, pthread, (void*) (long) s))
109 | 			err(1, "sthread_create()");
110 | 
111 | 		if (sthread_join(st, NULL))
112 | 			err(1, "sthread_join()");
113 | 		break;
114 | 
115 | 	default:
116 | 		printf("Unknown implementation %d\n", _imp);
117 | 		break;
118 | 	}
119 | }
120 | 
121 | static void pwn(void)
122 | {
123 | 	int s, dude;
124 | 	int one = 1;
125 | 	struct sockaddr_in s_in;
126 | 
127 | 	if ((s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
128 | 		err(1, "socket()");
129 | 
130 | 	if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) == -1)
131 | 		err(1, "setsockopt()");
132 | 
133 | 	memset(&s_in, 0, sizeof(s_in));
134 | 	s_in.sin_family      = PF_INET;
135 | 	s_in.sin_port        = htons(80);
136 | 	s_in.sin_addr.s_addr = INADDR_ANY;
137 | 
138 | 	if (bind(s, (struct sockaddr*) &s_in, sizeof(s_in)) == -1)
139 | 		err(1, "bind()");
140 | 
141 | 	if (listen(s, 5) == -1)
142 | 		err(1, "listen()");
143 | 
144 | 	while ((dude = accept(s, NULL, NULL)) != -1) {
145 | 		handle_dude(dude);
146 | 		close(dude);
147 | 	}
148 | 
149 | 	err(1, "accept()");
150 | 	close(s);
151 | }
152 | 
153 | int main(int argc, char *argv[])
154 | {
155 | 	if (argc > 1)
156 | 		_imp = atoi(argv[1]);
157 | 
158 | 	printf("Pwning\n");
159 | 
160 | 	if (_imp == 3) {
161 | 		if (sthread_init())
162 | 			err(1, "sthread_init()");
163 | 	}
164 | 
165 | 	pwn();
166 | 
167 | 	exit(0);
168 | }
169 | 


--------------------------------------------------------------------------------
/apps/wedge/index.html:
--------------------------------------------------------------------------------
1 | <html>
2 | <head>
3 | <title>w00t</title>
4 | </head>
5 | <body>
6 | pwned
7 | </body>
8 | </html>
9 | 


--------------------------------------------------------------------------------
/apps/wedge/sthread.h:
--------------------------------------------------------------------------------
 1 | #ifndef __STHREAD_H__
 2 | #define __STHREAD_H__
 3 | 
 4 | typedef struct sc {
 5 |         unsigned long   sc_mem[8];
 6 | 	unsigned long	sc_fd[8];
 7 | 	unsigned char	sc_sys[16];
 8 | } sc_t;
 9 | 
10 | typedef int sthread_t;
11 | typedef int tag_t;
12 | 
13 | typedef void *(*stcb_t)(void*);
14 | 
15 | extern void sc_init(sc_t *);
16 | extern void sc_mem_add(sc_t *sc, tag_t t, int prot);
17 | extern void sc_fd_add(sc_t *sc, int fd, int prot);
18 | extern void sc_sys_add(sc_t *sc, int sysno);
19 | 
20 | extern int sthread_init(void);
21 | extern int sthread_create(sthread_t *, sc_t *sc, stcb_t cb, void *arg);
22 | extern int sthread_join(sthread_t, void **ret);
23 | 
24 | extern tag_t tag_new(void);
25 | extern void *smalloc(tag_t t, size_t);
26 | 
27 | #endif /* __STHREAD_H__ */
28 | 


--------------------------------------------------------------------------------
/apps/wedge/test.c:
--------------------------------------------------------------------------------
  1 | #include <err.h>
  2 | #include <stdio.h>
  3 | #include <stdlib.h>
  4 | #include <string.h>
  5 | #include <sys/mman.h>
  6 | #include <unistd.h>
  7 | #include <assert.h>
  8 | #include <sys/syscall.h>
  9 | #include <fcntl.h>
 10 | 
 11 | #include "sthread.h"
 12 | 
 13 | static int _global = 1;
 14 | 
 15 | static void *sthread_cb(void *arg)
 16 | {
 17 | 	if (arg != (void*) 0x666)
 18 | 		errx(1, "arg %p", arg);
 19 | 
 20 | 	return (void*) 0x69;
 21 | }
 22 | 
 23 | static void *launch_sthread(stcb_t cb, void *arg)
 24 | {
 25 | 	sc_t sc;
 26 | 	sthread_t st;
 27 | 	void *ret;
 28 | 
 29 | 	sc_init(&sc);
 30 | 
 31 | 	if (sthread_create(&st, &sc, cb, arg))
 32 | 		err(1, "sthread_create()");
 33 | 
 34 | 	if (sthread_join(st, &ret))
 35 | 		err(1, "sthread_join()");
 36 | 
 37 | 	return ret;
 38 | }
 39 | 
 40 | static void test_sthread(void)
 41 | {
 42 | 	void *ret = launch_sthread(sthread_cb, (void*) 0x666);
 43 | 
 44 | 	if (ret != (void*) 0x69)
 45 | 		errx(1, "ret %p", ret);
 46 | }
 47 | 
 48 | static void *sthread_global(void *arg)
 49 | {
 50 | 	if (_global != 1)
 51 | 		errx(1, "global in sthread %d\n", _global);
 52 | 
 53 | 	_global = 3;
 54 | 
 55 | 	return NULL;
 56 | }
 57 | 
 58 | static void test_global(void)
 59 | {
 60 | 	launch_sthread(sthread_global, NULL);
 61 | }
 62 | 
 63 | static void *sthread_stack(void *arg)
 64 | {
 65 | 	unsigned char stack[1024];
 66 | 
 67 | 
 68 | 	if (stack[69] != 0)
 69 | 		errx(1, "stack is %x\n", stack[69]);
 70 | 
 71 | 	stack[69] = 0x69;
 72 | 
 73 | 	return NULL;
 74 | }
 75 | 
 76 | static void test_stack(void)
 77 | {
 78 | 	launch_sthread(sthread_stack, NULL);
 79 | }
 80 | 
 81 | static void *smalloc_st(void *arg)
 82 | {
 83 | 	char *crap = arg;
 84 | 
 85 | 	if (strcmp(crap, "hi") != 0)
 86 | 		errx(1, "crap is %s", crap);
 87 | 
 88 | 	strcpy(crap, "bye");
 89 | 
 90 | 	return NULL;
 91 | }
 92 | 
 93 | static void test_smalloc(void)
 94 | {
 95 | 	tag_t t = tag_new();
 96 | 	char *crap;
 97 | 	sc_t sc;
 98 | 	sthread_t st;
 99 | 
100 | 	crap = smalloc(t, 1024);
101 | 	strcpy(crap, "hi");
102 | 
103 | 	sc_init(&sc);
104 | 	sc_mem_add(&sc, t, PROT_READ | PROT_WRITE);
105 | 
106 | 	if (sthread_create(&st, &sc, smalloc_st, crap))
107 | 		err(1, "sthread_create()");
108 | 
109 | 	if (sthread_join(st, NULL))
110 | 		err(1, "sthread_join()");
111 | 
112 | 	if (strcmp(crap, "bye") != 0)
113 | 		errx(1, "master crap is %s", crap);
114 | }
115 | 
116 | static void *fd_st(void *arg)
117 | {
118 | 	int fd = (int) (long) arg;
119 | 
120 | 	if (write(fd, "bye", 3) != 3)
121 | 		err(1, "write()");
122 | 
123 | 	return NULL;
124 | }
125 | 
126 | static void test_fd(void)
127 | {
128 | 	int p[2];
129 | 	sc_t sc;
130 | 	char buf[1024];
131 | 	int rc;
132 | 	sthread_t st;
133 | 
134 | 	if (pipe(p) == -1)
135 | 		err(1, "pipe()");
136 | 
137 | 	sc_init(&sc);
138 | 	sc_fd_add(&sc, p[1], PROT_WRITE);
139 | 
140 | 	if (sthread_create(&st, &sc, fd_st, (void*) (long) p[1]))
141 | 		err(1, "sthread_create()");
142 | 
143 | 	if (sthread_join(st, NULL))
144 | 		err(1, "sthread_join()");
145 | 
146 | 	rc = read(p[0], buf, sizeof(buf) - 1);
147 | 	if (rc <= 0)
148 | 		err(1, "read()");
149 | 
150 | 	buf[rc] = 0;
151 | 
152 | 	if (strcmp(buf, "bye") != 0)
153 | 		errx(1, "buf is %s", buf);
154 | 
155 | 	close(p[0]);
156 | 	close(p[1]);
157 | }
158 | 
159 | static void *sys_st(void *arg)
160 | {
161 | 	char *buf = arg;
162 | 	int fd;
163 | 	int rc;
164 | 
165 | 	fd = open("/etc/passwd", O_RDONLY);
166 | 	if (fd == -1)
167 | 		err(1, "open()");
168 | 
169 | 	rc = read(fd, buf, 1023);
170 | 	if (rc <= 0)
171 | 		err(1, "read()");
172 | 
173 | 	buf[rc] = 0;
174 | 
175 | 	close(fd);
176 | 
177 | 	return NULL;
178 | }
179 | 
180 | static void test_syscall(void)
181 | {
182 | 	sc_t sc;
183 | 	tag_t t;
184 | 	char *buf;
185 | 	sthread_t st;
186 | 
187 | 	t = tag_new();
188 | 	buf = smalloc(t, 1024);
189 | 	assert(buf);
190 | 
191 | 	sc_init(&sc);
192 | 	sc_mem_add(&sc, t, PROT_READ | PROT_WRITE);
193 | 	sc_sys_add(&sc, SYS_open);
194 | 	sc_sys_add(&sc, SYS_close);
195 | 
196 | 	if (sthread_create(&st, &sc, sys_st, buf))
197 | 		err(1, "sthread_create()");
198 | 
199 | 	if (sthread_join(st, NULL))
200 | 		err(1, "sthread_join()");
201 | 
202 | 	if (strncmp(buf, "root", 4) != 0)
203 | 		errx(1, "buf is %s", buf);
204 | }
205 | 
206 | static void *parallel_read(void *arg)
207 | {
208 | 	int fd = (int) (long) arg;
209 | 	int i, rc;
210 | 	char buf[1024];
211 | 
212 | 	for (i = 0; i < 3; i++) {
213 | 		rc = read(fd, buf, 4);
214 | 		if (rc <= 0)
215 | 			return NULL;
216 | 
217 | 		buf[rc] = 0;
218 | 	}
219 | 
220 | 	if (strcmp(buf, "w00t") == 0)
221 | 		return (void*) 0x666;
222 | 
223 | 	return NULL;
224 | }
225 | 
226 | static void *parallel_write(void *arg)
227 | {
228 | 	int fd = (int) (long) arg;
229 | 	int i;
230 | 
231 | 	for (i = 0; i < 3; i++) {
232 | 		if (write(fd, "w00t", 4) != 4)
233 | 			return NULL;
234 | 	}
235 | 
236 | 	return (void*) 0x667;
237 | }
238 | 
239 | static void test_parallel(void)
240 | {
241 | 	sthread_t st[2];
242 | 	sc_t sc[2];
243 | 	int p[2];
244 | 	void *ret;
245 | 
246 | 	if (pipe(p) == -1)
247 | 		err(1, "pipe()");
248 | 
249 | 	sc_init(&sc[0]);
250 | 	sc_fd_add(&sc[0], p[0], PROT_READ | PROT_WRITE);
251 | 
252 | 	if (sthread_create(&st[0], &sc[0], parallel_read, (void*) (long) p[0]))
253 | 		err(1, "sthread_create()");
254 | 
255 | 	sc_init(&sc[1]);
256 | 	sc_fd_add(&sc[1], p[1], PROT_READ | PROT_WRITE);
257 | 
258 | 	if (sthread_create(&st[1], &sc[1], parallel_write, (void*) (long) p[1]))
259 | 		err(1, "sthread_create()");
260 | 
261 | 	if (sthread_join(st[0], &ret) == -1)
262 | 		err(1, "sthread_join()");
263 | 
264 | 	if (sthread_join(st[1], NULL) == -1)
265 | 		err(1, "sthread_join()");
266 | 
267 | 	if (ret != (void*) 0x666)
268 | 		errx(1, "ret is %p", ret);
269 | 
270 | 	close(p[0]);
271 | 	close(p[1]);
272 | }
273 | 
274 | int main(int argc, char *argv[])
275 | {
276 | 	printf("==== start\n");
277 | 
278 | 	if (sthread_init())
279 | 		err(1, "sthread_init()");
280 | 
281 | 	printf("==== Basic sthread\n");
282 | 	test_sthread();
283 | 	test_sthread();
284 | 
285 | 	printf("==== Globals\n");
286 | 	_global = 2;
287 | 	test_global();
288 | 	if (_global != 2)
289 | 		errx(1, "global in master %d\n", _global);
290 | 	test_global();
291 | 
292 | 	printf("==== Stack\n");
293 | 	test_stack();
294 | 	test_stack();
295 | 
296 | 	printf("==== smalloc\n");
297 | 	test_smalloc();
298 | 
299 | 	printf("==== fd\n");
300 | 	test_fd();
301 | 
302 | 	printf("==== syscall\n");
303 | 	test_syscall();
304 | 
305 | 	printf("==== parallel\n");
306 | 	test_parallel();
307 | 
308 | 	printf("==== end\n");
309 | 	exit(0);
310 | }
311 | 


--------------------------------------------------------------------------------
/apps/wedge/wedge_bench.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | rm -fr wedgeresults
 4 | mkdir wedgeresults
 5 | 
 6 | echo Running ctx switch benchmark...
 7 | ../../dune_env.sh ./bench 2 1 300 | grep result > wedgeresults/ctx.dat
 8 | echo Done
 9 | 
10 | echo Running create benchmark...
11 | ../../dune_env.sh ./bench 0 | grep Avg > wedgeresults/create.dat
12 | echo Done
13 | 
14 | echo Running web benchmark...
15 | do_http()
16 | {
17 | 	../../dune_env.sh ./httpd $1 > /dev/null 2> /dev/null &
18 | 	sleep 1
19 | 	./bench 1 | grep Avg >> wedgeresults/httpd.dat
20 | 	killall -9 httpd
21 | }
22 | do_http 1
23 | do_http 2
24 | do_http 3
25 | echo Done
26 | 
27 | dmesg > wedgeresults/dmesg.txt
28 | 
29 | rm -f wedgeresults.tgz                                                                                       
30 | tar zcvf wedgeresults.tgz wedgeresults
31 | rm -fr wedgeresults
32 | ls -l wedgeresults.tgz
33 | 


--------------------------------------------------------------------------------
/bench/Makefile:
--------------------------------------------------------------------------------
 1 | CC	= gcc
 2 | CFLAGS	= -Wall -g -MD -O3 -I ../
 3 | 
 4 | all: bench_dune bench_dune_ring bench_linux
 5 | 
 6 | bench_dune: bench_dune.o ../libdune/libdune.a
 7 | 	$(CC) $(CFLAGS) $(<) -o bench_dune -L ../libdune -ldune
 8 | 
 9 | bench_dune_ring: bench_dune_ring.o ../libdune/libdune.a
10 | 	$(CC) $(CFLAGS) $(<) -o bench_dune_ring -L ../libdune -ldune
11 | 
12 | bench_linux: bench_linux.o
13 | 	$(CC) $(CFLAGS) $(<) -o bench_linux
14 | 
15 | clean:
16 | 	rm -f *.o test *.d bench_dune bench_dune_ring bench_linux
17 | 
18 | -include *.d
19 | 


--------------------------------------------------------------------------------
/bench/bench.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * bench.h - shared definitions for all benchmarks
 3 |  */
 4 | 
 5 | #define NRPGS	100
 6 | #define N	10000
 7 | 
 8 | static inline void synch_tsc(void)
 9 | {
10 | 	asm volatile("cpuid" : : : "%rax", "%rbx", "%rcx", "%rdx");
11 | }
12 | 
13 | static inline unsigned long rdtscll(void)
14 | {
15 | 	unsigned int a, d;
16 | 	asm volatile("rdtsc" : "=a" (a), "=d" (d) : : "%rbx", "%rcx");
17 | 	return ((unsigned long) a) | (((unsigned long) d) << 32);
18 | }
19 | 
20 | static inline unsigned long rdtscllp(void)
21 | {
22 | 	unsigned int a, d;
23 | 	asm volatile("rdtscp" : "=a" (a), "=d" (d) : : "%rbx", "%rcx");
24 | 	return ((unsigned long) a) | (((unsigned long) d) << 32);
25 | }
26 | 
27 | static unsigned long measure_tsc_overhead(void)
28 | {
29 | 	unsigned long t0, t1, overhead = ~0UL;
30 | 	int i;
31 | 
32 | 	for (i = 0; i < N; i++) {
33 | 		t0 = rdtscll();
34 | 		asm volatile("");
35 | 		t1 = rdtscllp();
36 | 		if (t1 - t0 < overhead)
37 | 			overhead = t1 - t0;
38 | 	}
39 | 
40 | 	return overhead;
41 | }
42 | 


--------------------------------------------------------------------------------
/bench/bench_dune.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <sys/mman.h>
  3 | 
  4 | #include "libdune/dune.h"
  5 | #include "bench.h"
  6 | 
  7 | #define MAP_ADDR	0x400000000000
  8 | 
  9 | static char *mem;
 10 | unsigned long trap_tsc, overhead;
 11 | unsigned long time = 0;
 12 | static void prime_memory(void)
 13 | {
 14 | 	int i;
 15 | 
 16 | 	for (i = 0; i < NRPGS * 2; i++) {
 17 | 		mem[i * PGSIZE] = i;
 18 | 	}
 19 | }
 20 | 
 21 | static void
 22 | benchmark1_handler(uintptr_t addr, uint64_t fec, struct dune_tf *tf)
 23 | {
 24 | 	ptent_t *pte;
 25 | 	int accessed;
 26 | 
 27 | 	time += rdtscllp() - trap_tsc;
 28 | 
 29 | 	dune_vm_lookup(pgroot, (void *) addr, 0, &pte);
 30 | 	*pte |= PTE_P | PTE_W | PTE_U | PTE_A | PTE_D;
 31 | 
 32 | 	dune_vm_lookup(pgroot, (void *) addr + NRPGS * PGSIZE, 0, &pte);
 33 | 	accessed = *pte & PTE_A;
 34 | 	*pte = PTE_ADDR(*pte);
 35 | 	if (accessed)
 36 | 		dune_flush_tlb_one(addr + NRPGS * PGSIZE);
 37 | }
 38 | 
 39 | static void benchmark1(void)
 40 | {
 41 | 	int i;
 42 | 
 43 | 	for (i = 0; i < NRPGS; i++) {
 44 | 		trap_tsc = dune_get_ticks();
 45 | 		mem[i * PGSIZE] = i;
 46 | 	}
 47 | }
 48 | 
 49 | static void
 50 | benchmark2_handler(uintptr_t addr, uint64_t fec,  struct dune_tf *tf)
 51 | {
 52 | 	ptent_t *pte;
 53 | 
 54 | 	dune_vm_lookup(pgroot, (void *) addr, 0, &pte);
 55 | 	*pte |= PTE_P | PTE_W | PTE_U | PTE_A | PTE_D;
 56 | }
 57 | 
 58 | static void benchmark2(void)
 59 | {
 60 | 	int i;
 61 | 
 62 | 	dune_vm_mprotect(pgroot, (void *) MAP_ADDR, PGSIZE * NRPGS, PERM_R);
 63 | 
 64 | 	for (i = 0; i < NRPGS; i++) {
 65 | 		mem[i * PGSIZE] = i;
 66 | 	}
 67 | }
 68 | 
 69 | static void benchmark_syscall(void)
 70 | {
 71 | 	int i;
 72 | 	unsigned long ticks;
 73 | 
 74 | 	synch_tsc();
 75 | 	ticks = dune_get_ticks();
 76 | 
 77 | 	for (i = 0; i < N; i++) {
 78 | 		int ret;
 79 | 
 80 | 		asm volatile("movq $39, %%rax \n\t" // get_pid
 81 | 		"vmcall \n\t"
 82 | 		"mov %%eax, %0 \n\t" :
 83 | 		"=r" (ret) :: "rax");
 84 | 	}
 85 | 
 86 | 	dune_printf("System call took %ld cycles\n", (rdtscllp() - ticks - overhead) / N);
 87 | }
 88 | 
 89 | static void benchmark_fault(void)
 90 | {
 91 | 	int i;
 92 | 	unsigned long ticks;
 93 | 	char *fm = dune_mmap(NULL, N * PGSIZE, PROT_READ | PROT_WRITE,
 94 | 			MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
 95 | 
 96 | 	synch_tsc();
 97 | 	ticks = dune_get_ticks();
 98 | 	for (i = 0; i < N; i++) {
 99 | 		fm[i * PGSIZE] = i;
100 | 	}
101 | 
102 | 	dune_printf("Kernel fault took %ld cycles\n", (rdtscllp() - ticks - overhead) / N);
103 | }
104 | 
105 | static void benchmark_appel1(void)
106 | {
107 | 	int i;
108 | 	unsigned long tsc, avg_appel1 = 0, avg_user_fault = 0;
109 | 
110 | 	dune_register_pgflt_handler(benchmark1_handler);
111 | 
112 | 	for (i = 0; i < N; i++) {
113 | 		dune_vm_mprotect(pgroot, (void *) MAP_ADDR, PGSIZE * NRPGS, PERM_R);
114 | 
115 | 		synch_tsc();
116 | 		time = 0;
117 | 		tsc = dune_get_ticks();
118 | 		benchmark1();
119 | 
120 | 		avg_appel1 += rdtscllp() - tsc - overhead;
121 | 		avg_user_fault += (time - overhead * NRPGS) / NRPGS;
122 | 	}
123 | 
124 | 	dune_printf("User fault took %ld cycles\n", avg_user_fault / N);
125 | 	dune_printf("PROT1,TRAP,UNPROT took %ld cycles\n", avg_appel1 / N);
126 | }
127 | 
128 | static void benchmark_appel2(void)
129 | {
130 | 	int i;
131 | 	unsigned long tsc, avg = 0;
132 | 
133 | 	dune_register_pgflt_handler(benchmark2_handler);
134 | 
135 | 	for (i = 0; i < N; i++) {
136 | 		dune_vm_mprotect(pgroot, (void *) MAP_ADDR,
137 | 				 PGSIZE * NRPGS * 2, PERM_R | PERM_W);
138 | 		prime_memory();
139 | 
140 | 		synch_tsc();
141 | 		tsc = dune_get_ticks();
142 | 		benchmark2();
143 | 		avg += rdtscllp() - tsc - overhead;
144 | 	}
145 | 
146 | 	dune_printf("PROTN,TRAP,UNPROT took %ld cycles\n", avg / N);
147 | }
148 | 
149 | int main(int argc, char *argv[])
150 | {
151 | 	int ret;
152 | 
153 | 	overhead = measure_tsc_overhead();
154 | 	printf("TSC overhead is %ld\n", overhead);
155 | 
156 | 	ret = dune_init_and_enter();
157 | 	if (ret) {
158 | 		printf("failed to initialize dune\n");
159 | 		return ret;
160 | 	}
161 | 
162 | 	dune_printf("Benchmarking dune performance...\n");
163 | 
164 | 	benchmark_syscall();
165 | 	benchmark_fault();
166 | 
167 | 	ret = dune_vm_map_pages(pgroot,
168 |                            (void *) MAP_ADDR,
169 | 			               2 * NRPGS * PGSIZE,
170 | 			               PERM_R | PERM_W);
171 | 	if (ret) {
172 | 		printf("failed to setup memory mapping\n");
173 | 		return ret;
174 | 	}
175 | 
176 | 	mem = (void *) MAP_ADDR;
177 | 	prime_memory();
178 | 
179 | 	benchmark_appel1();
180 | 	benchmark_appel2();
181 | 
182 | 	return 0;
183 | }
184 | 


--------------------------------------------------------------------------------
/bench/bench_dune_ring.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <stdlib.h>
  3 | #include <sys/syscall.h>
  4 | #include <unistd.h>
  5 | #include <errno.h>
  6 | #include <string.h>
  7 | 
  8 | #include "libdune/dune.h"
  9 | 
 10 | #define N		10000
 11 | #define MAP_ADDR	0x400000000000
 12 | 
 13 | static unsigned long tsc;
 14 | 
 15 | static void pgflt_handler(uintptr_t addr, uint64_t fec, struct dune_tf *tf)
 16 | {
 17 | 	ptent_t *pte;
 18 | 
 19 | 	dune_vm_lookup(pgroot, (void *) addr, 0, &pte);
 20 | 	*pte |= PTE_P | PTE_W | PTE_U | PTE_A | PTE_D;
 21 | }
 22 | 
 23 | static void syscall_handler1(struct dune_tf *tf)
 24 | {
 25 | 	dune_ret_from_user(0);
 26 | }
 27 | 
 28 | static void userlevel_pgflt(void)
 29 | {
 30 | 	char *p = (char *) MAP_ADDR;
 31 | 	*p = 1;
 32 | 
 33 | 	syscall(SYS_gettid);
 34 | }
 35 | 
 36 | static int test_pgflt(void)
 37 | {
 38 | 	int ret;
 39 | 	unsigned long sp;
 40 | 	struct dune_tf *tf = malloc(sizeof(struct dune_tf));
 41 | 	if (!tf)
 42 | 		return -ENOMEM;
 43 | 
 44 | 	printf("testing page fault from G3... ");
 45 | 
 46 | 	ret = dune_vm_map_pages(pgroot, (void *) MAP_ADDR,
 47 | 			       1, PERM_R);
 48 | 	if (ret) {
 49 | 		printf("failed to setup memory mapping\n");
 50 | 		return ret;
 51 | 	}
 52 | 
 53 | 	dune_register_pgflt_handler(pgflt_handler);
 54 | 	dune_register_syscall_handler(&syscall_handler1);
 55 | 
 56 | 	asm ("movq %%rsp, %0" : "=r" (sp));
 57 | 
 58 | 	tf->rip = (unsigned long) &userlevel_pgflt;
 59 | 	tf->rsp = sp - 10000;
 60 | 	tf->rflags = 0x02;
 61 | 
 62 | 	ret = dune_jump_to_user(tf);
 63 | 
 64 | 	if (!ret)
 65 | 		printf("[passed]\n");
 66 | 
 67 | 	return ret;
 68 | }
 69 | 
 70 | static void userlevel_syscall(void)
 71 | {
 72 | 	int i;
 73 | 	for (i = 0; i < N; i++) {
 74 | 		syscall(SYS_gettid);
 75 | 	}
 76 | }
 77 | 
 78 | static void syscall_handler2(struct dune_tf *tf)
 79 | {
 80 | 	static int syscall_count = 0;
 81 | 
 82 | 	syscall_count++;
 83 | 	if (syscall_count == N) {
 84 | 		printf("[took %ld cycles]\n",
 85 | 		       (dune_get_ticks() - tsc) / N);
 86 | 		dune_ret_from_user(0);
 87 | 	}
 88 | 	dune_passthrough_syscall(tf);
 89 | }
 90 | 
 91 | static int test_syscall(void)
 92 | {
 93 | 	int ret;
 94 | 	unsigned long sp;
 95 | 	struct dune_tf *tf = malloc(sizeof(struct dune_tf));
 96 | 	if (!tf)
 97 | 		return -ENOMEM;
 98 | 
 99 | 	printf("measuring round-trip G3 syscall performance... ");
100 | 
101 | 	dune_register_syscall_handler(&syscall_handler2);
102 | 
103 | 	asm ("movq %%rsp, %0" : "=r" (sp));
104 | 
105 | 	tf->rip = (unsigned long) &userlevel_syscall;
106 | 	tf->rsp = sp - 10000;
107 | 	tf->rflags = 0x0;
108 | 
109 | 	tsc = dune_get_ticks();
110 | 	ret = dune_jump_to_user(tf);
111 | 
112 | 	return ret;
113 | }
114 | 
115 | int main(int argc, char *argv[])
116 | {
117 | 	int ret;
118 | 
119 | 	ret = dune_init_and_enter();
120 | 	if (ret) {
121 | 		printf("failed to initialize DUNE\n");
122 | 		return ret;
123 | 	}
124 | 
125 | 	test_pgflt();
126 | 	test_syscall();
127 | 
128 | 	return 0;
129 | }
130 | 


--------------------------------------------------------------------------------
/bench/bench_linux.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | 
  3 | #include <signal.h>
  4 | #include <stdio.h>
  5 | #include <stdlib.h>
  6 | #include <string.h>
  7 | #include <sys/mman.h>
  8 | #include <sys/syscall.h>
  9 | #include <unistd.h>
 10 | 
 11 | #include "bench.h"
 12 | 
 13 | static char *mem;
 14 | unsigned long tsc, trap_tsc, overhead;
 15 | unsigned long time = 0;
 16 | 
 17 | #define PGSIZE	4096
 18 | 
 19 | static void prime_memory(void)
 20 | {
 21 | 	int i;
 22 | 
 23 | 	for (i = 0; i < NRPGS * 2; i++) {
 24 | 		mem[i * PGSIZE] = i;
 25 | 	}
 26 | }
 27 | 
 28 | static void benchmark1_handler(int sn, siginfo_t *si, void *ctx)
 29 | {
 30 | //	fprintf (stderr, "afault_handler: %x\n", si->si_addr);
 31 | 	unsigned long addr = (((unsigned long) si->si_addr) & ~(PGSIZE - 1));
 32 | 	time += rdtscllp() - trap_tsc;
 33 | 
 34 | 	mprotect((void *) addr, PGSIZE, PROT_READ | PROT_WRITE);
 35 | 	mprotect((void *) addr + PGSIZE * NRPGS, PGSIZE, PROT_READ);
 36 | }
 37 | 
 38 | static void benchmark1(void)
 39 | {
 40 | 	int i;
 41 | 
 42 | 	for (i = 0; i < NRPGS; i++) {
 43 | 		trap_tsc = rdtscll();
 44 | 		mem[i * PGSIZE] = i;
 45 | 	}
 46 | }
 47 | 
 48 | static void benchmark2_handler(int sn, siginfo_t *si, void *ctx)
 49 | {
 50 | //	fprintf (stderr, "bfault_handler: %x\n", si->si_addr);
 51 | 	unsigned long addr = (((unsigned long) si->si_addr) & ~(PGSIZE - 1));
 52 | 	mprotect((void *) addr, PGSIZE, PROT_READ | PROT_WRITE);
 53 | }
 54 | 
 55 | static void benchmark2(void)
 56 | {
 57 | 	int i;
 58 | 
 59 | 	mprotect(mem, NRPGS * PGSIZE, PROT_READ);
 60 | 
 61 | 	for (i = 0; i < NRPGS; i++) {
 62 | 		mem[i * PGSIZE] = i;
 63 | 	}
 64 | }
 65 | 
 66 | static void benchmark_syscall(void)
 67 | {
 68 | 	int i;
 69 | 	unsigned long t0;
 70 | 
 71 | 	synch_tsc();
 72 | 	t0 = rdtscll();
 73 | 	for (i = 0; i < N; i++) {
 74 | 		syscall(SYS_gettid);
 75 | 	}
 76 | 
 77 | 	printf("System call took %ld cycles\n", (rdtscllp() - t0 - overhead) / N);
 78 | }
 79 | 
 80 | void benchmark_fault(void)
 81 | {
 82 | 	int i;
 83 | 	unsigned long ticks;
 84 | 	char *fm = mmap(NULL, N * PGSIZE, PROT_READ | PROT_WRITE,
 85 | 			MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
 86 | 
 87 | 	synch_tsc();
 88 | 	ticks = rdtscll();
 89 | 	for (i = 0; i < N; i++) {
 90 | 		fm[i * PGSIZE] = i;
 91 | 	}
 92 | 
 93 | 	printf("Kernel fault took %ld cycles\n", (rdtscllp() - ticks - overhead) / N);
 94 | }
 95 | 
 96 | static void benchmark_appel1(void)
 97 | {
 98 | 	struct sigaction act;
 99 | 	int i;
100 | 	unsigned long avg_appel1 = 0, avg_user_fault = 0;
101 | 
102 | 	memset(&act, sizeof(sigaction), 0);
103 | 	act.sa_sigaction = benchmark1_handler;
104 | 	act.sa_flags = SA_SIGINFO;
105 | 	sigemptyset(&act.sa_mask);
106 | 	sigaction(SIGSEGV, &act, NULL);
107 | 
108 | 	for (i = 0; i < N; i++) {
109 | 		time = 0;
110 | 		mprotect(mem, NRPGS * PGSIZE, PROT_READ);
111 | 		synch_tsc();
112 | 		tsc = rdtscll();
113 | 		benchmark1();
114 | 
115 | 		avg_appel1 += rdtscllp() - tsc - overhead;
116 | 		avg_user_fault += (time - overhead * NRPGS) / NRPGS;
117 | 	}
118 | 
119 | 	printf("User fault took %ld cycles\n", avg_user_fault / N);
120 | 	printf("PROT1,TRAP,UNPROT took %ld cycles\n", avg_appel1 / N);
121 | }
122 | 
123 | static void benchmark_appel2(void)
124 | {
125 | 	struct sigaction act;
126 | 	int i;
127 | 	unsigned long avg = 0;
128 | 
129 | 	memset(&act, sizeof(sigaction), 0);
130 | 	act.sa_sigaction = benchmark2_handler;
131 | 	act.sa_flags = SA_SIGINFO;
132 | 	sigemptyset(&act.sa_mask);
133 | 	sigaction(SIGSEGV, &act, NULL);
134 | 
135 | 	for (i = 0; i < N; i++) {
136 | 		mprotect(mem, NRPGS * PGSIZE * 2, PROT_READ | PROT_WRITE);
137 | 		prime_memory();
138 | 
139 | 		synch_tsc();
140 | 		tsc = rdtscll();
141 | 		benchmark2();
142 | 		avg += rdtscllp() - tsc - overhead;
143 | 	}
144 | 
145 | 	printf("PROTN,TRAP,UNPROT took %ld cycles\n", avg / N);
146 | }
147 | 
148 | int main(int argc, char *argv[])
149 | {	
150 | 	overhead = measure_tsc_overhead();
151 | 	printf("TSC overhead is %ld\n", overhead);
152 | 
153 | 	printf("Benchmarking Linux performance...\n");
154 | 
155 | 	benchmark_syscall();
156 | 	benchmark_fault();
157 | 	
158 | 	mem = mmap(NULL, NRPGS * PGSIZE * 2, PROT_READ | PROT_WRITE,
159 | 		   MAP_PRIVATE | MAP_ANONYMOUS,
160 | 		   -1, 0);
161 | 
162 | 	if (mem == (void *) -1)
163 | 		return -1;
164 | 
165 | 	prime_memory();
166 | 	benchmark_appel1();
167 | 	benchmark_appel2();
168 | 
169 | 	return 0;
170 | }
171 | 


--------------------------------------------------------------------------------
/build-eglibc.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # TODO: Check that svn, patch, and make are installed on the system
 4 | 
 5 | svn co svn://svn.eglibc.org/branches/eglibc-2_14 eglibc-2.14
 6 | cd eglibc-2.14/libc
 7 | cat ../../eglibc-2.14.diff | patch -p2 -d ./
 8 | mkdir ../eglibc-build
 9 | cd ../eglibc-build
10 | ../libc/configure --disable-sanity-checks
11 | make
12 | 
13 | 


--------------------------------------------------------------------------------
/dune_env.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | ROOT=`readlink -f $0`
 4 | ROOT=`dirname $ROOT`
 5 | LIBCBUILD=$ROOT/eglibc-2.14/eglibc-build
 6 | CMD=`readlink -f $1`
 7 | 
 8 | shift 1
 9 | 
10 | LD_PRELOAD=$LIBCBUILD/libc.so:$LIBCBUILD/nptl/libpthread.so $CMD $*
11 | 


--------------------------------------------------------------------------------
/dune_req.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | MOD=/lib/modules/`uname -r`
 4 | 
 5 | check_good()
 6 | {
 7 | 	if [ $? -ne 0 ] ; then
 8 | 		echo nope
 9 | 	else
10 | 		echo yes
11 | 	fi
12 | }
13 | 
14 | printf "Checking for x86_64 Linux... "
15 | uname -m | grep x86_64 > /dev/null
16 | check_good
17 | 
18 | printf "Checking for VT-x (w/ EPT and VPID)... "
19 | cat /proc/cpuinfo | grep flags | grep ept | grep vpid | grep vmx > /dev/null
20 | check_good
21 | 
22 | printf "Checking kernel version (3.0 or later) ... "
23 | uname -r | awk -F . '{print $1}' | grep 3 > /dev/null 2> /dev/null
24 | check_good
25 | 
26 | printf "Checking for kernel headers... "
27 | ls $MOD/build/include > /dev/null 2> /dev/null
28 | check_good
29 | 
30 | printf "Checking for syscall table location... "
31 | kern/extract_symbol.sh sys_call_table > /dev/null 2> /dev/null
32 | check_good
33 | 


--------------------------------------------------------------------------------
/eglibc-2.14.diff:
--------------------------------------------------------------------------------
  1 | diff -rup eglibc-2.14.orig/libc/nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.h eglibc-2.14/libc/nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.h
  2 | --- eglibc-2.14.orig/libc/nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.h	2012-06-29 15:42:49.000000000 -0700
  3 | +++ eglibc-2.14/libc/nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.h	2012-06-29 15:25:53.000000000 -0700
  4 | @@ -557,6 +557,17 @@ LLL_STUB_UNWIND_INFO_END
  5 |  #define lll_islocked(futex) \
  6 |    (futex != LLL_LOCK_INITIALIZER)
  7 |  
  8 | +#define DUNE_SYSCALL \
  9 | +        "push %%rax\n\t"                                                      \
 10 | +        "mov %%cs, %%rax\n\t"                                                 \
 11 | +        "test $3, %%rax\n\t"                                                  \
 12 | +        "pop %%rax\n\t"                                                       \
 13 | +        "jz 69f\n\t"                                                          \
 14 | +        "syscall\n\t"                                                         \
 15 | +        "jmp 70f\n\t"                                                         \
 16 | +        "69:"                                                                 \
 17 | +        "vmcall\n\t"                                                          \
 18 | +        "70:"
 19 |  
 20 |  /* The kernel notifies a process with uses CLONE_CLEARTID via futex
 21 |     wakeup when the clone terminates.  The memory location contains the
 22 | @@ -571,7 +582,7 @@ LLL_STUB_UNWIND_INFO_END
 23 |      if (_tid != 0)							      \
 24 |        __asm __volatile ("xorq %%r10, %%r10\n\t"				      \
 25 |  			"1:\tmovq %2, %%rax\n\t"			      \
 26 | -			"syscall\n\t"					      \
 27 | +			DUNE_SYSCALL					      \
 28 |  			"cmpl $0, (%%rdi)\n\t"				      \
 29 |  			"jne 1b"					      \
 30 |  			: "=&a" (__ignore)				      \
 31 | diff -rup eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/clone.S eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/clone.S
 32 | --- eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/clone.S	2012-06-29 15:42:39.000000000 -0700
 33 | +++ eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/clone.S	2012-06-18 14:49:49.000000000 -0700
 34 | @@ -79,7 +79,16 @@ ENTRY (BP_SYM (__clone))
 35 |  	/* End FDE now, because in the child the unwind info will be
 36 |  	   wrong.  */
 37 |  	cfi_endproc;
 38 | +	push %rax
 39 | +	mov %cs, %rax
 40 | +	test $3, %rax
 41 | +	pop %rax
 42 | +	jnz 1f
 43 | +	vmcall
 44 | +	jmp 2f
 45 | +1:
 46 |  	syscall
 47 | +2:
 48 |  
 49 |  	testq	%rax,%rax
 50 |  	jl	SYSCALL_ERROR_LABEL
 51 | @@ -103,7 +112,16 @@ L(thread_start):
 52 |  	movl	$-1, %eax
 53 |  	jne	2f
 54 |  	movl	$SYS_ify(getpid), %eax
 55 | +	push %rax
 56 | +	mov %cs, %rax
 57 | +	test $3, %rax
 58 | +	pop %rax
 59 | +	jnz 3f
 60 | +	vmcall
 61 | +	jmp 4f
 62 | +3:
 63 |  	syscall
 64 | +4:
 65 |  2:	movl	%eax, %fs:PID
 66 |  	movl	%eax, %fs:TID
 67 |  1:
 68 | diff -rup eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/getcontext.S eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/getcontext.S
 69 | --- eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/getcontext.S	2012-06-29 15:42:39.000000000 -0700
 70 | +++ eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/getcontext.S	2012-06-18 14:49:49.000000000 -0700
 71 | @@ -76,7 +76,16 @@ ENTRY(__getcontext)
 72 |  #endif
 73 |  	movl	$_NSIG8,%r10d
 74 |  	movl	$__NR_rt_sigprocmask, %eax
 75 | -	syscall
 76 | +	push %rax
 77 | +	mov %cs, %rax
 78 | +	test $3, %rax
 79 | +	pop %rax
 80 | +	jnz 1f
 81 | +	vmcall
 82 | +	jmp 2f
 83 | +1:
 84 | + 	syscall
 85 | +2:
 86 |  	cmpq	$-4095, %rax		/* Check %rax for error.  */
 87 |  	jae	SYSCALL_ERROR_LABEL	/* Jump to error handler if error.  */
 88 |  
 89 | diff -rup eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/setcontext.S eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/setcontext.S
 90 | --- eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/setcontext.S	2012-06-29 15:42:39.000000000 -0700
 91 | +++ eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/setcontext.S	2012-06-18 14:49:49.000000000 -0700
 92 | @@ -44,7 +44,16 @@ ENTRY(__setcontext)
 93 |  	movl	$SIG_SETMASK, %edi
 94 |  	movl	$_NSIG8,%r10d
 95 |  	movl	$__NR_rt_sigprocmask, %eax
 96 | -	syscall
 97 | +	push %rax
 98 | +	mov %cs, %rax
 99 | +	test $3, %rax
100 | +	pop %rax
101 | +	jnz 1f
102 | +	vmcall
103 | +	jmp 2f
104 | +1:
105 | + 	syscall
106 | +2:
107 |  	popq	%rdi			/* Reload %rdi, adjust stack.  */
108 |  	cfi_adjust_cfa_offset(-8)
109 |  	cmpq	$-4095, %rax		/* Check %rax for error.  */
110 | diff -rup eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/swapcontext.S eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/swapcontext.S
111 | --- eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/swapcontext.S	2012-06-29 15:42:39.000000000 -0700
112 | +++ eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/swapcontext.S	2012-06-18 14:49:49.000000000 -0700
113 | @@ -76,7 +76,16 @@ ENTRY(__swapcontext)
114 |  	movl	$SIG_SETMASK, %edi
115 |  	movl	$_NSIG8,%r10d
116 |  	movl	$__NR_rt_sigprocmask, %eax
117 | -	syscall
118 | +	push %rax
119 | +	mov %cs, %rax
120 | +	test $3, %rax
121 | +	pop %rax
122 | +	jnz 1f
123 | +	vmcall
124 | +	jmp 2f
125 | +1:
126 | + 	syscall
127 | +2:
128 |  	cmpq	$-4095, %rax		/* Check %rax for error.  */
129 |  	jae	SYSCALL_ERROR_LABEL	/* Jump to error handler if error.  */
130 |  
131 | diff -rup eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/sysdep.h eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/sysdep.h
132 | --- eglibc-2.14.orig/libc/sysdeps/unix/sysv/linux/x86_64/sysdep.h	2012-06-29 15:42:39.000000000 -0700
133 | +++ eglibc-2.14/libc/sysdeps/unix/sysv/linux/x86_64/sysdep.h	2012-06-18 14:49:49.000000000 -0700
134 | @@ -208,7 +208,16 @@
135 |  # define DO_CALL(syscall_name, args)		\
136 |      DOARGS_##args				\
137 |      movl $SYS_ify (syscall_name), %eax;		\
138 | -    syscall;
139 | +    push %rax;                                  \
140 | +    mov %cs, %rax;                              \
141 | +    test $3, %rax;                              \
142 | +    pop %rax;                                   \
143 | +    jnz 1f;                                     \
144 | +    vmcall;                                     \
145 | +    jmp 2f;                                     \
146 | +1:                                              \
147 | +    syscall;                                    \
148 | +2:
149 |  
150 |  # define DOARGS_0 /* nothing */
151 |  # define DOARGS_1 /* nothing */
152 | @@ -241,7 +250,16 @@
153 |      LOAD_ARGS_##nr (args)						      \
154 |      LOAD_REGS_##nr							      \
155 |      asm volatile (							      \
156 | +    "push %%rax\n\t"							      \
157 | +    "mov %%cs, %%rax\n\t"						      \
158 | +    "test $3, %%rax\n\t"						      \
159 | +    "pop %%rax\n\t"							      \
160 | +    "jz 1f\n\t"							      \
161 |      "syscall\n\t"							      \
162 | +    "jmp 2f\n\t"							      \
163 | +    "1:"								      \
164 | +    "vmcall\n\t"							      \
165 | +    "2:"								      \
166 |      : "=a" (resultvar)							      \
167 |      : "0" (name) ASM_ARGS_##nr : "memory", "cc", "r11", "cx");		      \
168 |      (long int) resultvar; })
169 | 


--------------------------------------------------------------------------------
/kern/Makefile:
--------------------------------------------------------------------------------
  1 | # a Makefile for the Dune Kernel Module
  2 | # Adapted from the ipw2200 project.
  3 | 
  4 | ifndef CONFIG_DUNE
  5 | EXTERNAL_BUILD=y
  6 | CONFIG_DUNE=m
  7 | endif
  8 | 
  9 | list-m :=
 10 | list-$(CONFIG_DUNE) += dune
 11 | obj-$(CONFIG_DUNE) += dune.o
 12 | dune-objs := \
 13 | 	core.o \
 14 | 	vmx.o \
 15 | 	ept.o \
 16 | 	preempttrap.o
 17 | 
 18 | # KSRC should be set to the path to your sources
 19 | # modules are installed into KMISC
 20 | KVER  := $(shell uname -r)
 21 | EXTRACT := $(M)/extract_symbol.sh
 22 | KSRC := /lib/modules/$(KVER)/build
 23 | KMISC := /lib/modules/$(KVER)/kernel/drivers/misc
 24 | KMISC_INC := /lib/modules/$(KVER)/include
 25 | 
 26 | SYSCALL_TBL = 0x$(shell $(EXTRACT) sys_call_table)
 27 | DO_FORK = 0x$(shell $(EXTRACT) do_fork)
 28 | _DO_FORK = 0x$(shell $(EXTRACT) _do_fork)
 29 | 
 30 | CFLAGS_vmx.o = -DSYSCALL_TBL=$(SYSCALL_TBL) -DDO_FORK=$(DO_FORK) -D_DO_FORK=$(_DO_FORK)
 31 | 
 32 | # KSRC_OUTPUT should be overridden if you are using a 2.6 kernel that
 33 | # has it's output sent elsewhere via KBUILD_OUTPUT= or O=
 34 | KSRC_OUTPUT := $(KSRC)
 35 | 
 36 | PWD=$(shell pwd)
 37 | 
 38 | VERFILE := $(KSRC_OUTPUT)/include/linux/version.h
 39 | KERNELRELEASE := $(shell \
 40 | 	if [ -r $(VERFILE) ]; then \
 41 | 		(cat $(VERFILE); echo UTS_RELEASE) | \
 42 | 		$(CC) -I$(KSRC_OUTPUT) $(CFLAGS) -E - | \
 43 | 		tail -n 1 | \
 44 | 		xargs echo; \
 45 |         else \
 46 | 		uname -r; \
 47 | 	fi)
 48 | 
 49 | MODPATH := $(DESTDIR)/lib/modules/$(KERNELRELEASE)
 50 | 
 51 | all: modules
 52 | 
 53 | clean:
 54 | 	rm -f *.mod.c *.mod *.o *.ko .*.cmd .*.flags .lst *.lst *.order *.symvers
 55 | 	rm -rf $(PWD)/tmp
 56 | #	for file in *.{c,h}; do \
 57 | #		sed -i -e "s:\ *$$::g" -e "s:\t*$$::g" $$file; \
 58 | 	done
 59 | 
 60 | distclean: clean
 61 | 	rm -f tags TAGS
 62 | 
 63 | TMP=$(PWD)/tmp
 64 | MODVERDIR=$(TMP)/.tmp_versions
 65 | 
 66 | modules:
 67 | 	mkdir -p $(MODVERDIR)
 68 | #	-cp $(IEEE80211_MODVERDIR)/*.mod $(MODVERDIR)
 69 | ifdef ($(KSRC_OUTPUT)/.tmp_versions)
 70 | 	-cp $(KSRC_OUTPUT)/.tmp_versions/*.mod $(MODVERDIR)
 71 | endif
 72 | ifeq ($(KSRC),$(KSRC_OUTPUT)) # We're not outputting elsewhere
 73 | ifdef ($(KSRC)/.tmp_versions)
 74 | 	-cp $(KSRC)/.tmp_versions/*.mod $(MODVERDIR)
 75 | endif
 76 | 	$(MAKE) -C $(KSRC) M=$(PWD) MODVERDIR=$(MODVERDIR) modules
 77 | else # We've got a kernel with seperate output, copy the config, and use O=
 78 | 	mkdir -p $(TMP)
 79 | 	cp $(KSRC_OUTPUT)/.config $(TMP)
 80 | 	$(MAKE) -C $(KSRC) M=$(PWD) MODVERDIR=$(MODVERDIR)) O=$(PWD)/tmp modules
 81 | endif
 82 | 
 83 | install: modules
 84 | 	install -d $(KMISC)
 85 | 	install -m 644 -c $(addsuffix .ko,$(list-m)) $(KMISC)
 86 | 	/sbin/depmod -a ${KVER}
 87 | 
 88 | uninstall:
 89 | 	rm -rf $(addprefix $(KMISC),$(addsuffix .ko,$(list-m)))
 90 | 	/sbin/depmod -a ${KVER}
 91 | 
 92 | 
 93 | .PHONY: TAGS tags check_inc
 94 | 
 95 | RCS_FIND_IGNORE := \( -name SCCS -o -name BitKeeper -o -name .svn -o -name CVS \) -prune -o
 96 | define all-sources
 97 | 	( find . $(RCS_FIND_IGNORE) -name '*.[chS]' -print )
 98 | endef
 99 | 
100 | TAGS:
101 | 	$(all-sources) | etags -
102 | tags:
103 | 	rm -f $@
104 | 	CTAGSF=`ctags --version | grep -i exuberant >/dev/null && echo "-I __initdata,__exitdata,EXPORT_SYMBOL,EXPORT_SYMBOL_NOVERS"`; \
105 | 	$(all-sources) | xargs ctags $$CTAGSF -a
106 | 
107 | 


--------------------------------------------------------------------------------
/kern/compat.h:
--------------------------------------------------------------------------------
  1 | #ifndef __DUNE_COMPAT_H_
  2 | #define __DUNE_COMPAT_H_
  3 | 
  4 | #include <linux/version.h>
  5 | 
  6 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,1,0)
  7 | #include <asm/fpu/api.h>
  8 | #else
  9 | #include <asm/i387.h>
 10 | #endif
 11 | 
 12 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,1,0)
 13 | #include <asm/fpu/internal.h>
 14 | #elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,4,0)
 15 | #include <asm/fpu-internal.h>
 16 | #endif
 17 | 
 18 | #if !defined(VMX_EPT_AD_BIT)
 19 | #define VMX_EPT_AD_BIT          (1ull << 21)
 20 | #define VMX_EPT_AD_ENABLE_BIT   (1ull << 6)
 21 | #endif
 22 | 
 23 | #ifndef VMX_EPT_EXTENT_INDIVIDUAL_BIT
 24 | #define VMX_EPT_EXTENT_INDIVIDUAL_BIT           (1ull << 24)
 25 | #endif
 26 | 
 27 | #ifndef X86_CR4_PCIDE
 28 | #define X86_CR4_PCIDE		0x00020000 /* enable PCID support */
 29 | #endif
 30 | 
 31 | #ifndef SECONDARY_EXEC_ENABLE_INVPCID
 32 | #define SECONDARY_EXEC_ENABLE_INVPCID	0x00001000
 33 | #endif
 34 | 
 35 | #ifndef X86_CR4_FSGSBASE
 36 | #define X86_CR4_FSGSBASE	X86_CR4_RDWRGSFS
 37 | #endif
 38 | 
 39 | #ifndef AR_TYPE_BUSY_64_TSS
 40 | #define AR_TYPE_BUSY_64_TSS VMX_AR_TYPE_BUSY_64_TSS
 41 | #endif
 42 | 
 43 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,3,0)
 44 | static inline struct page *alloc_pages_exact_node(int nid, gfp_t gfp_mask,
 45 |                                                     unsigned int order){
 46 | 	return alloc_pages_node(nid, gfp_mask, order);
 47 | }
 48 | #endif
 49 | 
 50 | 
 51 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,1,0) & defined(_DO_FORK)
 52 | typedef long (*do_fork_hack) (unsigned long, unsigned long, unsigned long,
 53 |                               int __user *, int __user *, unsigned long);
 54 | static do_fork_hack __dune_do_fork = (do_fork_hack) _DO_FORK;
 55 | static inline long
 56 | dune_do_fork(unsigned long clone_flags, unsigned long stack_start,
 57 | 	     struct pt_regs *regs, unsigned long stack_size,
 58 | 	     int __user *parent_tidptr, int __user *child_tidptr,
 59 | 	     unsigned long tls)
 60 | {
 61 | 	struct pt_regs tmp;
 62 | 	struct pt_regs *me = current_pt_regs();
 63 | 	long ret;
 64 | 
 65 | 	memcpy(&tmp, me, sizeof(struct pt_regs));
 66 | 	memcpy(me, regs, sizeof(struct pt_regs));
 67 | 
 68 | 	ret = __dune_do_fork(clone_flags, stack_start, stack_size,
 69 | 			     parent_tidptr, child_tidptr, tls);
 70 | 
 71 | 	memcpy(me, &tmp, sizeof(struct pt_regs));
 72 | 	return ret;
 73 | 
 74 | }
 75 | #elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,5,0) & defined(DO_FORK)
 76 | typedef long (*do_fork_hack) (unsigned long, unsigned long, unsigned long,
 77 |                               int __user *, int __user *);
 78 | static do_fork_hack __dune_do_fork = (do_fork_hack) DO_FORK;
 79 | static inline long
 80 | dune_do_fork(unsigned long clone_flags, unsigned long stack_start,
 81 | 	     struct pt_regs *regs, unsigned long stack_size,
 82 | 	     int __user *parent_tidptr, int __user *child_tidptr,
 83 | 	     unsigned long unused)
 84 | {
 85 | 	struct pt_regs tmp;
 86 | 	struct pt_regs *me = current_pt_regs();
 87 | 	long ret;
 88 | 
 89 | 	memcpy(&tmp, me, sizeof(struct pt_regs));
 90 | 	memcpy(me, regs, sizeof(struct pt_regs));
 91 | 
 92 | 	ret = __dune_do_fork(clone_flags, stack_start, stack_size,
 93 | 			     parent_tidptr, child_tidptr);
 94 | 
 95 | 	memcpy(me, &tmp, sizeof(struct pt_regs));
 96 | 	return ret;
 97 | 
 98 | }
 99 | #elif defined(DO_FORK)
100 | typedef long (*do_fork_hack) (unsigned long, unsigned long,
101 |                               struct pt_regs *, unsigned long,
102 |                               int __user *, int __user *);
103 | static do_fork_hack dune_do_fork = (do_fork_hack) DO_FORK;
104 | #endif
105 | 
106 | #if LINUX_VERSION_CODE < KERNEL_VERSION(3,19,0)
107 | static inline unsigned long __read_cr4(void)
108 | {
109 | 	return read_cr4();
110 | }
111 | static inline void cr4_set_bits(unsigned long mask)
112 | {
113 | 	write_cr4(read_cr4() | mask);
114 | }
115 | static inline void cr4_clear_bits(unsigned long mask)
116 | {
117 | 	write_cr4(read_cr4() & ~mask);
118 | }
119 | #endif
120 | 
121 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,1,0)
122 | static inline void compat_fpu_restore(void)
123 | {
124 | 	if (!current->thread.fpu.fpregs_active)
125 | 		fpu__restore(&current->thread.fpu);
126 | }
127 | #else
128 | static inline void compat_fpu_restore(void)
129 | {
130 | 	if (!__thread_has_fpu(current))
131 | 		math_state_restore();
132 | }
133 | #endif
134 | 
135 | #if LINUX_VERSION_CODE < KERNEL_VERSION(3,18,0)
136 | #define _PAGE_CACHE_MODE_WB _PAGE_CACHE_WB
137 | #define _PAGE_CACHE_MODE_WC _PAGE_CACHE_WC
138 | static inline long pgprot2cachemode(pgprot_t pgprot)
139 | {
140 | 	return pgprot_val(pgprot) & _PAGE_CACHE_MASK;
141 | }
142 | #endif
143 | 
144 | #endif /* __DUNE_COMPAT_H_ */
145 | 


--------------------------------------------------------------------------------
/kern/core.c:
--------------------------------------------------------------------------------
  1 | /**
  2 |  * core.c - the Dune core
  3 |  *
  4 |  * Dune allows ordinary Linux processes to access the full collection of x86
  5 |  * hardware protection and isolation mechanisms (e.g. paging, segmentation)
  6 |  * through hardware virtualization. Unlike traditional virtual machines,
  7 |  * Dune processes can make ordinary POSIX system calls and, with the exception
  8 |  * of access to privileged hardware features, are treated like normal Linux
  9 |  * processes.
 10 |  *
 11 |  * FIXME: Currently only Intel VMX is supported.
 12 |  *
 13 |  * Authors:
 14 |  *   Adam Belay   <abelay@stanford.edu>
 15 |  */
 16 | 
 17 | #include <linux/errno.h>
 18 | #include <linux/kernel.h>
 19 | #include <linux/module.h>
 20 | #include <linux/types.h>
 21 | #include <linux/miscdevice.h>
 22 | #include <linux/compat.h>
 23 | #include <linux/fs.h>
 24 | #include <linux/perf_event.h>
 25 | #include <asm/uaccess.h>
 26 | 
 27 | #include "dune.h"
 28 | #include "vmx.h"
 29 | #include "preempttrap.h"
 30 | 
 31 | MODULE_LICENSE("GPL");
 32 | MODULE_DESCRIPTION("A driver for Dune");
 33 | 
 34 | /* Callbacks for perf tool.  We intentionally make a wrong assumption that we
 35 |  * are always in the kernel mode because perf cannot profile user applications
 36 |  * on guest.
 37 |  * Callbacks are registered and unregistered along with Dune module.
 38 |  */
 39 | static int dune_is_in_guest(void)
 40 | {
 41 | 	return __this_cpu_read(local_vcpu) != NULL;
 42 | }
 43 | 
 44 | static int dune_is_user_mode(void)
 45 | {
 46 |         return 0;
 47 | }
 48 | 
 49 | static unsigned long dune_get_guest_ip(void)
 50 | {
 51 | 	unsigned long long ip = 0;
 52 | 	if (__this_cpu_read(local_vcpu))
 53 | 		ip = vmcs_readl(GUEST_RIP);
 54 | 	return ip;
 55 | }
 56 | 
 57 | static struct perf_guest_info_callbacks dune_guest_cbs = {
 58 |         .is_in_guest            = dune_is_in_guest,
 59 |         .is_user_mode           = dune_is_user_mode,
 60 |         .get_guest_ip           = dune_get_guest_ip,
 61 | };
 62 | 
 63 | static int dune_enter(struct dune_config *conf, int64_t *ret)
 64 | {
 65 | 	return vmx_launch(conf, ret);
 66 | }
 67 | 
 68 | static long dune_dev_ioctl(struct file *filp,
 69 | 			  unsigned int ioctl, unsigned long arg)
 70 | {
 71 | 	long r = -EINVAL;
 72 | 	struct dune_config conf;
 73 | 	struct dune_layout layout;
 74 | 
 75 | 	switch (ioctl) {
 76 | 	case DUNE_ENTER:
 77 | 		r = copy_from_user(&conf, (int __user *) arg,
 78 | 				   sizeof(struct dune_config));
 79 | 		if (r) {
 80 | 			r = -EIO;
 81 | 			goto out;
 82 | 		}
 83 | 
 84 | 		r = dune_enter(&conf, &conf.ret);
 85 | 		if (r)
 86 | 			break;
 87 | 
 88 | 		r = copy_to_user((void __user *)arg, &conf,
 89 | 				 sizeof(struct dune_config));
 90 | 		if (r) {
 91 | 			r = -EIO;
 92 | 			goto out;
 93 | 		}
 94 | 		break;
 95 | 
 96 | 	case DUNE_GET_SYSCALL:
 97 | 		rdmsrl(MSR_LSTAR, r);
 98 | 		printk(KERN_INFO "R %lx\n", (unsigned long) r);
 99 | 		break;
100 | 
101 | 	case DUNE_GET_LAYOUT:
102 | 		layout.phys_limit = (1UL << boot_cpu_data.x86_phys_bits);
103 | 		layout.base_map = LG_ALIGN(current->mm->mmap_base) - GPA_MAP_SIZE;
104 | 		layout.base_stack = LG_ALIGN(current->mm->start_stack) - GPA_STACK_SIZE;
105 | 		r = copy_to_user((void __user *)arg, &layout,
106 | 				 sizeof(struct dune_layout));
107 | 		if (r) {
108 | 			r = -EIO;
109 | 			goto out;
110 | 		}
111 | 		break;
112 | 
113 | 	case DUNE_TRAP_ENABLE:
114 | 		r = dune_trap_enable(arg);
115 | 		break;
116 | 
117 | 	case DUNE_TRAP_DISABLE:
118 | 		r = dune_trap_disable(arg);
119 | 		break;
120 | 
121 | 	default:
122 | 		return -ENOTTY;
123 | 	}
124 | 
125 | out:
126 | 	return r;
127 | }
128 | 
129 | static int dune_dev_release(struct inode *inode, struct file *file)
130 | {
131 | 	vmx_cleanup();
132 | 	return 0;
133 | }
134 | 
135 | static const struct file_operations dune_chardev_ops = {
136 | 	.owner		= THIS_MODULE,
137 | 	.unlocked_ioctl	= dune_dev_ioctl,
138 | #ifdef CONFIG_COMPAT
139 | 	.compat_ioctl	= dune_dev_ioctl,
140 | #endif
141 | 	.llseek		= noop_llseek,
142 | 	.release	= dune_dev_release,
143 | };
144 | 
145 | static struct miscdevice dune_dev = {
146 | 	DUNE_MINOR,
147 | 	"dune",
148 | 	&dune_chardev_ops,
149 | };
150 | 
151 | static int __init dune_init(void)
152 | {
153 | 	int r;
154 | 	perf_register_guest_info_callbacks(&dune_guest_cbs);
155 | 
156 | 	printk(KERN_ERR "Dune module loaded\n");
157 | 
158 | 	if ((r = vmx_init())) {
159 | 		printk(KERN_ERR "dune: failed to initialize vmx\n");
160 | 		return r;
161 | 	}
162 | 
163 | 	r = misc_register(&dune_dev);
164 | 	if (r) {
165 | 		printk(KERN_ERR "dune: misc device register failed\n");
166 | 		vmx_exit();
167 | 	}
168 | 
169 | 	return r;
170 | }
171 | 
172 | static void __exit dune_exit(void)
173 | {
174 | 	perf_unregister_guest_info_callbacks(&dune_guest_cbs);
175 | 	misc_deregister(&dune_dev);
176 | 	vmx_exit();
177 | }
178 | 
179 | module_init(dune_init);
180 | module_exit(dune_exit);
181 | 


--------------------------------------------------------------------------------
/kern/dune.h:
--------------------------------------------------------------------------------
  1 | /**
  2 |  * dune.h - public header for Dune support
  3 |  */
  4 | 
  5 | #pragma once
  6 | 
  7 | #ifndef __ASSEMBLY__
  8 | 
  9 | #include <linux/types.h>
 10 | 
 11 | /*
 12 |  * IOCTL interface
 13 |  */
 14 | 
 15 | /* FIXME: this must be reserved in miscdevice.h */
 16 | #define DUNE_MINOR       233
 17 | 
 18 | #define DUNE_ENTER	_IOR(DUNE_MINOR, 0x01, struct dune_config)
 19 | #define DUNE_GET_SYSCALL _IO(DUNE_MINOR, 0x02)
 20 | #define DUNE_GET_LAYOUT	_IOW(DUNE_MINOR, 0x03, struct dune_layout)
 21 | #define DUNE_TRAP_ENABLE _IOR(DUNE_MINOR, 0x04, struct dune_trap_config)
 22 | #define DUNE_TRAP_DISABLE _IO(DUNE_MINOR, 0x05)
 23 | 
 24 | // XXX: Must match libdune/dune.h
 25 | #define DUNE_SIGNAL_INTR_BASE 200
 26 | 
 27 | struct dune_config {
 28 | 	__s64 ret;
 29 | 	__u64 rax;
 30 | 	__u64 rbx;
 31 | 	__u64 rcx;
 32 | 	__u64 rdx;
 33 | 	__u64 rsi;
 34 | 	__u64 rdi;
 35 | 	__u64 rsp;
 36 | 	__u64 rbp;
 37 | 	__u64 r8;
 38 | 	__u64 r9;
 39 | 	__u64 r10;
 40 | 	__u64 r11;
 41 | 	__u64 r12;
 42 | 	__u64 r13;
 43 | 	__u64 r14;
 44 | 	__u64 r15;
 45 | 	__u64 rip;
 46 | 	__u64 rflags;
 47 | 	__u64 cr3;
 48 | 	__s64 status;
 49 | 	__u64 vcpu;
 50 | } __attribute__((packed));
 51 | 
 52 | struct dune_layout {
 53 | 	__u64 phys_limit;
 54 | 	__u64 base_map;
 55 | 	__u64 base_stack;
 56 | } __attribute__((packed));
 57 | 
 58 | struct dune_trap_regs {
 59 | 	__u64 rax;
 60 | 	__u64 rbx;
 61 | 	__u64 rcx;
 62 | 	__u64 rdx;
 63 | 	__u64 rsi;
 64 | 	__u64 rdi;
 65 | 	__u64 rsp;
 66 | 	__u64 rbp;
 67 | 	__u64 r8;
 68 | 	__u64 r9;
 69 | 	__u64 r10;
 70 | 	__u64 r11;
 71 | 	__u64 r12;
 72 | 	__u64 r13;
 73 | 	__u64 r14;
 74 | 	__u64 r15;
 75 | 	__u64 rip;
 76 | 	__u64 rflags;
 77 | } __attribute__((packed));
 78 | 
 79 | typedef void (* dune_trap_notify_func)(struct dune_trap_regs *, void *);
 80 | 
 81 | struct dune_trap_config {
 82 | 	__u64 trigger_rip;
 83 | 	dune_trap_notify_func notify_func;
 84 | 	struct dune_trap_regs *regs;
 85 | 	__u64 regs_size;
 86 | 	void *priv;
 87 | 	__u8 delay;
 88 | } __attribute__((packed));
 89 | 
 90 | #define GPA_STACK_SIZE	((unsigned long) 1 << 30) /* 1 gigabyte */
 91 | #define GPA_MAP_SIZE   (((unsigned long) 1 << 36) - GPA_STACK_SIZE) /* 63 gigabytes */
 92 | #define LG_ALIGN(addr)	((addr + (1 << 30) - 1) & ~((1 << 30) - 1))
 93 | 
 94 | /* FIXME: magic page that maps to APIC of the host */
 95 | #define GPA_APIC_PAGE ((1ul<<46)-4096)
 96 | 
 97 | #endif /* __ASSEMBLY__ */
 98 | 
 99 | #define IOCTL_DUNE_ENTER 0x80b0e901
100 | 
101 | #define DUNE_CFG_RET 0x00
102 | #define DUNE_CFG_RAX 0x08
103 | #define DUNE_CFG_RBX 0x10
104 | #define DUNE_CFG_RCX 0x18
105 | #define DUNE_CFG_RDX 0x20
106 | #define DUNE_CFG_RSI 0x28
107 | #define DUNE_CFG_RDI 0x30
108 | #define DUNE_CFG_RSP 0x38
109 | #define DUNE_CFG_RBP 0x40
110 | #define DUNE_CFG_R8 0x48
111 | #define DUNE_CFG_R9 0x50
112 | #define DUNE_CFG_R10 0x58
113 | #define DUNE_CFG_R11 0x60
114 | #define DUNE_CFG_R12 0x68
115 | #define DUNE_CFG_R13 0x70
116 | #define DUNE_CFG_R14 0x78
117 | #define DUNE_CFG_R15 0x80
118 | #define DUNE_CFG_RIP 0x88
119 | #define DUNE_CFG_RFLAGS 0x90
120 | #define DUNE_CFG_CR3 0x98
121 | #define DUNE_CFG_STATUS 0xa0
122 | #define DUNE_CFG_VCPU 0xa8
123 | 
124 | #define DUNE_RET_EXIT 1
125 | #define DUNE_RET_EPT_VIOLATION 2
126 | #define DUNE_RET_INTERRUPT 3
127 | #define DUNE_RET_SIGNAL 4
128 | #define DUNE_RET_UNHANDLED_VMEXIT 5
129 | #define DUNE_RET_NOENTER 6
130 | 
131 | #define VMCALL_START 0x1000
132 | #define VMCALL_CONTROL_GUEST_INTS 0x1000
133 | #define VMCALL_INTERRUPT 0x1001
134 | 


--------------------------------------------------------------------------------
/kern/extract_symbol.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | KVER=`uname -r`
 4 | SYSTEM_MAP=/boot/System.map-$KVER
 5 | SYM=$1
 6 | 
 7 | extract()
 8 | {
 9 | 	cat $SYSTEM_MAP | egrep " $SYM\$" | cut -d" " -f1
10 | 	exit 0
11 | }
12 | 
13 | check_file()
14 | {
15 | ls $1 2> /dev/null > /dev/null
16 | if [ $? -eq 0 ] ; then
17 | 	extract
18 | fi
19 | }
20 | 
21 | check_file $SYSTEM_MAP
22 | 
23 | SYSTEM_MAP=/lib/modules/$KVER/build/System.map
24 | check_file $SYSTEM_MAP
25 | 
26 | VMLINUX=/lib/modules/$KVER/build/vmlinux
27 | ls $VMLINUX 2> /dev/null > /dev/null
28 | if [ $? -eq 0 ] ; then
29 | 	nm $VMLINUX | egrep " $SYM\$" | egrep " (R|T) " | cut -d" " -f1
30 | 	exit 0
31 | fi
32 | 
33 | echo "FAILED - Can't find symbol!"
34 | exit 1
35 | 


--------------------------------------------------------------------------------
/kern/preempttrap.c:
--------------------------------------------------------------------------------
  1 | #include <linux/uaccess.h>
  2 | #include <linux/user-return-notifier.h>
  3 | 
  4 | #include "dune.h"
  5 | 
  6 | static struct dune_trap_config trap_conf;
  7 | 
  8 | static struct {
  9 | 	__u8 enabled;
 10 | 	__u8 triggered;
 11 | 	__u8 count;
 12 | } trap_state;
 13 | 
 14 | static void notifier_sched_in(struct preempt_notifier *notifier, int cpu)
 15 | {
 16 | 	if (!trap_state.triggered && KSTK_EIP(current) == trap_conf.trigger_rip) {
 17 | 		trap_state.triggered = 1;
 18 | 		trap_state.count = trap_conf.delay;
 19 | 	}
 20 | 
 21 | 	if (trap_state.triggered && trap_state.count-- == 0) {
 22 | 		struct pt_regs *regs = task_pt_regs(current);
 23 | 		struct dune_trap_regs trap_regs;
 24 | 
 25 | 		trap_state.triggered = 0;
 26 | 
 27 | 		trap_regs.rax = regs->ax;
 28 | 		trap_regs.rbx = regs->bx;
 29 | 		trap_regs.rcx = regs->cx;
 30 | 		trap_regs.rdx = regs->dx;
 31 | 		trap_regs.rsi = regs->si;
 32 | 		trap_regs.rdi = regs->di;
 33 | 		trap_regs.rsp = regs->sp;
 34 | 		trap_regs.rbp = regs->bp;
 35 | 		trap_regs.r8 = regs->r8;
 36 | 		trap_regs.r9 = regs->r9;
 37 | 		trap_regs.r10 = regs->r10;
 38 | 		trap_regs.r11 = regs->r11;
 39 | 		trap_regs.r12 = regs->r12;
 40 | 		trap_regs.r13 = regs->r13;
 41 | 		trap_regs.r14 = regs->r14;
 42 | 		trap_regs.r15 = regs->r15;
 43 | 		trap_regs.rip = regs->ip;
 44 | 		trap_regs.rflags = regs->flags;
 45 | 
 46 | 		/* Debuggers use the single step flags to get notification when
 47 | 		 * a breakpointed instruction is executed, so that they can
 48 | 		 * restore the int3 opcode. Unset the flags so that they don't
 49 | 		 * get the notification in our notify_func. */
 50 | 		regs->flags &= ~X86_EFLAGS_TF;
 51 | 		clear_thread_flag(TIF_SINGLESTEP);
 52 | 
 53 | 		if (sizeof(struct dune_trap_regs) == trap_conf.regs_size) {
 54 | 			copy_to_user((void __user *)trap_conf.regs,
 55 | 				     &trap_regs, sizeof(struct dune_trap_regs));
 56 | 			regs->ip = (__u64) trap_conf.notify_func;
 57 | 			regs->di = (__u64) trap_conf.regs;
 58 | 			regs->si = (__u64) trap_conf.priv;
 59 | 			/* Go past the red zone mandated by the System V x86-64 ABI. */
 60 | 			regs->sp -= 128;
 61 | 		}
 62 | 	}
 63 | }
 64 | 
 65 | static void notifier_sched_out(struct preempt_notifier *notifier, struct task_struct *next)
 66 | {
 67 | }
 68 | 
 69 | static struct preempt_ops notifier_ops = {
 70 | 	.sched_in = notifier_sched_in,
 71 | 	.sched_out = notifier_sched_out,
 72 | };
 73 | 
 74 | static struct preempt_notifier notifier = {
 75 | 	.ops = &notifier_ops,
 76 | };
 77 | 
 78 | long dune_trap_enable(unsigned long arg)
 79 | {
 80 | 	unsigned long r;
 81 | 
 82 | 	r = copy_from_user(&trap_conf, (void __user *)arg,
 83 | 			 sizeof(struct dune_trap_config));
 84 | 	if (r) {
 85 | 		r = -EIO;
 86 | 		goto out;
 87 | 	}
 88 | 
 89 | 	preempt_notifier_register(&notifier);
 90 | 	trap_state.enabled = 1;
 91 | 
 92 | out:
 93 | 	return r;
 94 | }
 95 | 
 96 | long dune_trap_disable(unsigned long arg)
 97 | {
 98 | 	if (trap_state.enabled)
 99 | 		preempt_notifier_unregister(&notifier);
100 | 	trap_state.enabled = 0;
101 | 
102 | 	return 0;
103 | }
104 | 


--------------------------------------------------------------------------------
/kern/preempttrap.h:
--------------------------------------------------------------------------------
1 | long dune_trap_enable(unsigned long arg);
2 | long dune_trap_disable(unsigned long arg);
3 | 


--------------------------------------------------------------------------------
/kern/vmx.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * vmx.h - header file for USM VMX driver.
  3 |  */
  4 | 
  5 | #include <linux/mmu_notifier.h>
  6 | #include <linux/types.h>
  7 | #include <asm/vmx.h>
  8 | #include <linux/kvm_types.h>
  9 | 
 10 | DECLARE_PER_CPU(struct vmx_vcpu *, local_vcpu);
 11 | 
 12 | struct vmcs {
 13 | 	u32 revision_id;
 14 | 	u32 abort;
 15 | 	char data[0];
 16 | };
 17 | 
 18 | struct vmx_capability {
 19 | 	u32 ept;
 20 | 	u32 vpid;
 21 | 	int has_load_efer:1;
 22 | };
 23 | 
 24 | extern struct vmx_capability vmx_capability;
 25 | 
 26 | #define NR_AUTOLOAD_MSRS 8
 27 | 
 28 | enum vmx_reg {
 29 | 	VCPU_REGS_RAX = 0,
 30 | 	VCPU_REGS_RCX = 1,
 31 | 	VCPU_REGS_RDX = 2,
 32 | 	VCPU_REGS_RBX = 3,
 33 | 	VCPU_REGS_RSP = 4,
 34 | 	VCPU_REGS_RBP = 5,
 35 | 	VCPU_REGS_RSI = 6,
 36 | 	VCPU_REGS_RDI = 7,
 37 | #ifdef CONFIG_X86_64
 38 | 	VCPU_REGS_R8 = 8,
 39 | 	VCPU_REGS_R9 = 9,
 40 | 	VCPU_REGS_R10 = 10,
 41 | 	VCPU_REGS_R11 = 11,
 42 | 	VCPU_REGS_R12 = 12,
 43 | 	VCPU_REGS_R13 = 13,
 44 | 	VCPU_REGS_R14 = 14,
 45 | 	VCPU_REGS_R15 = 15,
 46 | #endif
 47 | 	VCPU_REGS_RIP,
 48 | 	NR_VCPU_REGS
 49 | };
 50 | 
 51 | struct vmx_vcpu {
 52 | 	struct list_head list;
 53 | 	int cpu;
 54 | 	int vpid;
 55 | 	int launched;
 56 | 
 57 | 	struct mmu_notifier mmu_notifier;
 58 | 	spinlock_t ept_lock;
 59 | 	unsigned long ept_root;
 60 | 	unsigned long eptp;
 61 | 	bool ept_ad_enabled;
 62 | 
 63 | 	u8  fail;
 64 | 	u64 exit_reason;
 65 | 	u64 host_rsp;
 66 | 	u64 regs[NR_VCPU_REGS];
 67 | 	u64 cr2;
 68 | 
 69 | 	int shutdown;
 70 | 	int ret_code;
 71 | 
 72 | 	struct msr_autoload {
 73 | 		unsigned nr;
 74 | 		struct vmx_msr_entry guest[NR_AUTOLOAD_MSRS];
 75 | 		struct vmx_msr_entry host[NR_AUTOLOAD_MSRS];
 76 | 	} msr_autoload;
 77 | 
 78 | 	struct vmcs *vmcs;
 79 | 	void *syscall_tbl;
 80 | 	struct dune_config *conf;
 81 | };
 82 | 
 83 | extern __init int vmx_init(void);
 84 | extern void vmx_exit(void);
 85 | extern void vmx_cleanup(void);
 86 | 
 87 | extern int vmx_launch(struct dune_config *conf, int64_t *ret_code);
 88 | 
 89 | extern int vmx_init_ept(struct vmx_vcpu *vcpu);
 90 | extern int vmx_create_ept(struct vmx_vcpu *vcpu);
 91 | extern void vmx_destroy_ept(struct vmx_vcpu *vcpu);
 92 | 
 93 | extern int
 94 | vmx_do_ept_fault(struct vmx_vcpu *vcpu, unsigned long gpa,
 95 | 		 unsigned long gva, int fault_flags);
 96 | 
 97 | extern void vmx_ept_sync_vcpu(struct vmx_vcpu *vcpu);
 98 | extern void vmx_ept_sync_individual_addr(struct vmx_vcpu *vcpu, gpa_t gpa);
 99 | 
100 | static __always_inline unsigned long vmcs_readl(unsigned long field)
101 | {
102 |         unsigned long value;
103 | 
104 |         asm volatile (ASM_VMX_VMREAD_RDX_RAX
105 |                       : "=a"(value) : "d"(field) : "cc");
106 |         return value;
107 | }
108 | 


--------------------------------------------------------------------------------
/libdune/Makefile:
--------------------------------------------------------------------------------
 1 | CC      = gcc
 2 | CFLAGS  = -Wall -g -O3 -MD
 3 | LDFLAGS = -static -L. -ldune
 4 | OBJ     = entry.o dune.o vsyscall.o elf.o vm.o util.o page.o procmap.o debug.o
 5 | NOFPU_OBJ = trap.o
 6 | 
 7 | $(NOFPU_OBJ): EXTRA_FLAGS := -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -msoft-float
 8 | 
 9 | all: libdune.a
10 | 
11 | libdune.a: $(OBJ) $(NOFPU_OBJ)
12 | 	$(AR) crD $(@) $(OBJ) $(NOFPU_OBJ)
13 | 
14 | clean:
15 | 	rm -f *.o test *.d libdune.a
16 | 
17 | -include *.d
18 | 
19 | %.o: %.c
20 | 	$(CC) $(CFLAGS) $(EXTRA_FLAGS) -o $@ -c $<
21 | 
22 | 


--------------------------------------------------------------------------------
/libdune/cpu-x86.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * cpu-x86.h - header for X86 hardware features
 3 |  */
 4 | 
 5 | static inline void native_write_msr(unsigned int msr,
 6 |                                     unsigned low, unsigned high)
 7 | {       
 8 |         asm volatile("wrmsr" : : "c" (msr), "a"(low), "d" (high) : "memory");                                
 9 | }
10 | 
11 | typedef uint64_t u64;
12 | 
13 | #define DECLARE_ARGS(val, low, high)    unsigned low, high
14 | #define EAX_EDX_VAL(val, low, high)     ((low) | ((u64)(high) << 32))
15 | #define EAX_EDX_ARGS(val, low, high)    "a" (low), "d" (high)
16 | #define EAX_EDX_RET(val, low, high)     "=a" (low), "=d" (high)
17 | 
18 | static inline unsigned long long native_read_msr(unsigned int msr)
19 | {       
20 |         DECLARE_ARGS(val, low, high);
21 | 
22 |         asm volatile("rdmsr" : EAX_EDX_RET(val, low, high) : "c" (msr));
23 |         return EAX_EDX_VAL(val, low, high);
24 | }
25 | 
26 | #define wrmsrl(msr, val)                                        \
27 |         native_write_msr((msr), (uint32_t)((uint64_t)(val)),    \
28 | 			 (uint32_t)((uint64_t)(val) >> 32))
29 | 
30 | #define rdmsrl(msr, val)                        \
31 |         ((val) = native_read_msr((msr)))
32 | 
33 | #define MSR_FS_BASE		0xc0000100
34 | #define MSR_GS_BASE		0xc0000101
35 | #define MSR_KERNEL_GS_BASE	0xc0000102
36 | #define MSR_LSTAR		0xc0000082 /* long mode SYSCALL target */
37 | 
38 | struct tptr {
39 | 	uint16_t	limit;
40 | 	uint64_t	base;
41 | } __attribute__((packed));
42 | 
43 | #define IDTD_P                  (1 << 7)
44 | #define IDTD_CPL3		(3 << 5)
45 | #define IDTD_TRAP_GATE          0xF
46 | #define IDTD_INTERRUPT_GATE     0xE
47 | 
48 | #define IDT_ENTRIES     256
49 | 
50 | struct idtd {
51 |         uint16_t        low;
52 |         uint16_t        selector;
53 |         uint8_t         ist;
54 |         uint8_t         type;
55 |         uint16_t        middle;
56 |         uint32_t        high;
57 |         uint32_t        zero;
58 | } __attribute__((packed)) __attribute__ ((aligned));
59 | 
60 | /* x86 trap codes */
61 | #define T_DIVIDE     0		// divide error
62 | #define T_DEBUG      1		// debug exception
63 | #define T_NMI        2		// non-maskable interrupt
64 | #define T_BRKPT      3		// breakpoint
65 | #define T_OFLOW      4		// overflow
66 | #define T_BOUND      5		// bounds check
67 | #define T_ILLOP      6		// illegal opcode
68 | #define T_DEVICE     7		// device not available 
69 | #define T_DBLFLT     8		// double fault
70 | /* #define T_COPROC  9 */	// reserved (not generated by recent processors)
71 | #define T_TSS       10		// invalid task switch segment
72 | #define T_SEGNP     11		// segment not present
73 | #define T_STACK     12		// stack exception
74 | #define T_GPFLT     13		// genernal protection fault
75 | #define T_PGFLT     14		// page fault
76 | /* #define T_RES    15 */	// reserved
77 | #define T_FPERR     16		// floating point error
78 | #define T_ALIGN     17		// aligment check
79 | #define T_MCHK      18		// machine check
80 | #define T_SIMDERR   19		// SIMD floating point error
81 | 
82 | // These are arbitrarily chosen, but with care not to overlap
83 | // processor defined exceptions or interrupt vectors.
84 | #define T_SYSCALL   48		// system call
85 | 


--------------------------------------------------------------------------------
/libdune/debug.c:
--------------------------------------------------------------------------------
 1 | #include <signal.h>
 2 | #include <stdio.h>
 3 | #include <sys/ioctl.h>
 4 | #include <unistd.h>
 5 | 
 6 | #include "debug.h"
 7 | #include "local.h"
 8 | 
 9 | #define X86_EFLAGS_TF (0x100)
10 | 
11 | static struct dune_trap_regs trap_regs;
12 | 
13 | extern int dune_fd;
14 | 
15 | static void dune_trap_enable(__u64 trigger_rip, __u8 delay, dune_trap_notify_func func, void *priv)
16 | {
17 | 	struct dune_trap_config trap_conf = {
18 | 		.trigger_rip = (__u64) trigger_rip,
19 | 		.delay = delay,
20 | 		.notify_func = func,
21 | 		.regs = &trap_regs,
22 | 		.regs_size = sizeof(trap_regs),
23 | 		.priv = priv,
24 | 	};
25 | 
26 | 	ioctl(dune_fd, DUNE_TRAP_ENABLE, &trap_conf);
27 | }
28 | 
29 | static void dune_trap_disable()
30 | {
31 | 	ioctl(dune_fd, DUNE_TRAP_DISABLE);
32 | }
33 | 
34 | static void notify_on_resume(struct dune_trap_regs *regs, void *priv)
35 | {
36 | 	struct dune_config *dune_conf = (struct dune_config *) priv;
37 | 
38 | 	/* We don't need the preemption trap anymore. */
39 | 	dune_trap_disable();
40 | 
41 | 	/* Copy the TF bit from Linux mode to Dune mode. This way, the program
42 | 	 * will either single-step or continue depending on what the debugger
43 | 	 * wants the program to do. */
44 | 	dune_conf->rflags &= ~X86_EFLAGS_TF;
45 | 	dune_conf->rflags |= regs->rflags & X86_EFLAGS_TF;
46 | 
47 | 	/* Continue in Dune mode. */
48 | 	__dune_go_dune(dune_fd, dune_conf);
49 | 	/* It doesn't return. */
50 | }
51 | 
52 | void dune_debug_handle_int(struct dune_config *conf)
53 | {
54 | 	switch (conf->status) {
55 | 	case 1: /* single step */
56 | 		/* Setup notification when Linux wants to execute the
57 | 		 * instruction. By then Linux will have already delivered the
58 | 		 * SIGTRAP signal to the debugger and we will be able to switch
59 | 		 * back to Dune mode. */
60 | 		dune_trap_enable(conf->rip, 0, notify_on_resume, conf);
61 | 
62 | 		/* Set TF flag so that Linux will raise the SIGTRAP signal. */
63 | 		conf->rflags |= X86_EFLAGS_TF;
64 | 
65 | 		/* Continue in Linux mode. Actually, this will only deliver the
66 | 		 * signal. Due to the trap setup above no instructions are going
67 | 		 * to be executed in Linux mode. */
68 | 		__dune_go_linux(conf);
69 | 		/* It doesn't return. */
70 | 		break;
71 | 	case 3: /* breakpoint */
72 | 		/* Setup notification when Linux tries to execute the
73 | 		 * breakpointed instruction. */
74 | 		dune_trap_enable(conf->rip, 0, notify_on_resume, conf);
75 | 
76 | 		/* Continue in Linux mode. This will hit the int3 again for the
77 | 		 * debugger to catch it. */
78 | 		__dune_go_linux(conf);
79 | 		/* It doesn't return. */
80 | 		break;
81 | 	default:
82 | 		break;
83 | 	}
84 | }
85 | 


--------------------------------------------------------------------------------
/libdune/debug.h:
--------------------------------------------------------------------------------
1 | #include "../kern/dune.h"
2 | 
3 | void dune_debug_handle_int(struct dune_config *conf);
4 | 


--------------------------------------------------------------------------------
/libdune/dune.S:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * dune.S - assembly helper routines (e.g. system calls, interrupts, traps)
  3 |  */
  4 | 
  5 | #define __ASSEMBLY__
  6 | #include "../kern/dune.h"
  7 | 
  8 | #define USE_RDWRGSFS 0
  9 | 
 10 | #define MSR_FS_BASE	0xc0000100
 11 | #define GD_KT		0x10
 12 | #define GD_KD		0x18
 13 | #define GD_UD		0x28 | 0x03
 14 | #define GD_UT		0x30 | 0x03
 15 | 
 16 | /*
 17 |  * Trap Frame Format
 18 |  * NOTE: this reflects the layout of struct dune_tf
 19 |  */
 20 | 
 21 | /* arguments */
 22 | #define RDI	(0)
 23 | #define RSI	(8)
 24 | #define RDX	(16)
 25 | #define RCX	(24)
 26 | #define R8	(32)
 27 | #define R9	(40)
 28 | 
 29 | /* other registers */
 30 | #define R10	(48)
 31 | #define R11	(56)
 32 | #define RBX	(64)
 33 | #define RBP	(72)
 34 | #define R12	(80)
 35 | #define R13	(88)
 36 | #define R14	(96)
 37 | #define R15	(104)
 38 | 
 39 | #define REG_END	(112)
 40 | 
 41 | /* syscall num / return code */
 42 | #define RAX	(112)
 43 | 
 44 | /* exception frame */
 45 | #define ERR	(120)
 46 | #define RIP	(128)
 47 | #define CS	(136)
 48 | #define RFLAGS	(144)
 49 | #define RSP	(152)
 50 | #define SS	(160)
 51 | 
 52 | #define EF_START (128)
 53 | #define TF_END	(168)
 54 | #define TF_ALIGN (176)
 55 | 
 56 | /*
 57 |  * Supervisor Private Area Format
 58 |  */
 59 | 
 60 | #define TMP		(8)
 61 | #define KFS_BASE	(16)
 62 | #define UFS_BASE	(24)
 63 | #define IN_USERMODE	(32)
 64 | #define TRAP_STACK	(44)
 65 | 
 66 | .text
 67 | 
 68 | /*
 69 |  * macro to save destructable register state
 70 |  */
 71 | 	.macro SAVE_REGS save_full=1, include_rax=1
 72 | 	movq	%rdi, RDI(%rsp)
 73 | 	movq	%rsi, RSI(%rsp)
 74 | 	movq	%rdx, RDX(%rsp)
 75 | 	movq	%r8, R8(%rsp)
 76 | 	movq	%r9, R9(%rsp)
 77 | 
 78 | 	.if \save_full
 79 | 	movq	%r10, R10(%rsp)
 80 | 	movq	%r11, R11(%rsp)
 81 | 	movq	%rcx, RCX(%rsp)
 82 | 	.endif
 83 | 
 84 | 	.if \include_rax
 85 | 	movq	%rax, RAX(%rsp)
 86 | 	.endif
 87 | 	.endm
 88 | 
 89 | /*
 90 |  * macro to save the rest of register state
 91 |  *
 92 |  * useful for operations that violate AMD64 calling conventions
 93 |  * by destroying callee restored state
 94 |  */
 95 | 	.macro SAVE_REST
 96 | 	movq	%rbx, RBX(%rsp)
 97 | 	movq	%rbp, RBP(%rsp)
 98 | 	movq	%r12, R12(%rsp)
 99 | 	movq	%r13, R13(%rsp)
100 | 	movq	%r14, R14(%rsp)
101 | 	movq	%r15, R15(%rsp)
102 | 	.endm
103 | 
104 | /*
105 |  * macro to restore destructable register state
106 |  */
107 | 	.macro RESTORE_REGS rstor_full=1, include_rax=1
108 | 	.if \include_rax
109 | 	movq	RAX(%rsp), %rax
110 | 	.endif
111 | 
112 | 	.if \rstor_full
113 | 	movq	RCX(%rsp), %rcx
114 | 	movq	R11(%rsp), %r11
115 | 	movq	R10(%rsp), %r10
116 | 	.endif
117 | 
118 | 	movq	R9(%rsp), %r9
119 | 	movq	R8(%rsp), %r8
120 | 	movq	RDX(%rsp), %rdx
121 | 	movq	RSI(%rsp), %rsi
122 | 	movq	RDI(%rsp), %rdi
123 | 	.endm
124 | 
125 | /*
126 |  * macro to restore the rest of register state
127 |  *
128 |  * useful for operations that violate AMD64 calling conventions
129 |  * by destroying callee restored state
130 |  */
131 | 	.macro RESTORE_REST
132 | 	movq	R15(%rsp), %r15
133 | 	movq	R14(%rsp), %r14
134 | 	movq	R13(%rsp), %r13
135 | 	movq	R12(%rsp), %r12
136 | 	movq	RBP(%rsp), %rbp
137 | 	movq	RBX(%rsp), %rbx
138 | 	.endm
139 | 
140 | /*
141 |  * macro to switch to G0 fs.base
142 |  *
143 |  * NOTE: clobbers %rax, %rdx, and %rcx
144 |  */
145 | 	.macro SET_G0_FS_BASE
146 | 	movq	$0, %gs:IN_USERMODE
147 | 	movq	%gs:KFS_BASE, %rax
148 | 	movq	%gs:UFS_BASE, %rdx
149 | 	cmp	%rax, %rdx
150 | 	je	1f
151 | #if USE_RDWRGSFS
152 | 	wrfsbase %rax
153 | #else
154 | 	movq	%rax, %rdx
155 | 	shrq	$32, %rdx
156 | 	movl	$MSR_FS_BASE, %ecx
157 | 	wrmsr
158 | #endif /* USE_RDWRGSFS */
159 | 1:
160 | 	.endm
161 | 
162 | /*
163 |  * macro to switch to G3 fs.base
164 |  *
165 |  * NOTE: clobbers %rax, %rdx, and %rcx
166 |  */
167 | 	.macro SET_G3_FS_BASE
168 | 	movq	$1, %gs:IN_USERMODE
169 | 	movq	%gs:UFS_BASE, %rax
170 | 	movq	%gs:KFS_BASE, %rdx
171 | 	cmp	%rax, %rdx
172 | 	je	1f
173 | #if USE_RDWRGSFS
174 | 	wrfsbase %rax
175 | #else
176 | 	movq	%rax, %rdx
177 | 	shrq	$32, %rdx
178 | 	movl	$MSR_FS_BASE, %ecx
179 | 	wrmsr
180 | #endif /* USE_RDWRGSFS */
181 | 1:
182 | 	.endm
183 | 
184 | .globl __dune_enter
185 | __dune_enter:
186 | 	subq	$REG_END, %rsp
187 | 	SAVE_REGS 1, 0
188 | 	SAVE_REST
189 | 	movq	%rsp, DUNE_CFG_RSP(%rsi)
190 | 	movq	%rsi, %rdx
191 | 	movq	$IOCTL_DUNE_ENTER, %rsi
192 | 	movq	$16, %rax /* __NR_ioctl */
193 | 	syscall
194 | 
195 | 	cmpq	$0, %rax
196 | 	jnz __dune_ret_fail
197 | 
198 | 	movq	%rdi, %r12
199 | 	movq	%rdx, %r13
200 | 
201 | __dune_retry:
202 | 	/* Dune mode was terminated, call on_dune_exit handler function */
203 | 	movq	%r13, %rdi
204 | 	/* Update RSP to point to the top of the stack as seen from inside Dune
205 | 	 * mode. */
206 | 	movq	DUNE_CFG_RSP(%rdi), %rsp
207 | 	/* Go past the red zone mandated by the System V x86-64 ABI. */
208 | 	subq	$128, %rsp
209 | 	call	on_dune_exit
210 | 	int3 /* sentinel: on_dune_exit should not return */
211 | __dune_reenter:
212 | 	movq	%r12, %rdi
213 | 	movq	%r13, %rdx
214 | 	movq	$IOCTL_DUNE_ENTER, %rsi
215 | 	movq	$16, %rax /* __NR_ioctl */
216 | 	syscall
217 | 	cmpq	$0, %rax
218 | 	jz	__dune_retry
219 | 	movq	%rax, DUNE_CFG_STATUS(%r13)
220 | 	movq	$DUNE_RET_NOENTER, DUNE_CFG_RET(%r13)
221 | 	jmp	__dune_retry
222 | 
223 | /* __dune_ret is the location of the first instruction executed in Dune mode */
224 | .globl	__dune_ret
225 | __dune_ret:
226 | 	xorq %rax, %rax /* return 0 from __dune_enter */
227 | 
228 | __dune_ret_fail:
229 | 	RESTORE_REST
230 | 	RESTORE_REGS 1, 0
231 | 	addq	$REG_END, %rsp
232 | 	retq
233 | 
234 | .globl __dune_go_linux
235 | __dune_go_linux:
236 | 	movq DUNE_CFG_RCX(%rdi), %rcx
237 | 	movq DUNE_CFG_RBX(%rdi), %rbx
238 | 	movq DUNE_CFG_RDX(%rdi), %rdx
239 | 	movq DUNE_CFG_RBP(%rdi), %rbp
240 | 	movq DUNE_CFG_RSI(%rdi), %rsi
241 | 	movq DUNE_CFG_R8 (%rdi), %r8
242 | 	movq DUNE_CFG_R9 (%rdi), %r9
243 | 	movq DUNE_CFG_R10(%rdi), %r10
244 | 	movq DUNE_CFG_R11(%rdi), %r11
245 | 	movq DUNE_CFG_R12(%rdi), %r12
246 | 	movq DUNE_CFG_R13(%rdi), %r13
247 | 	movq DUNE_CFG_R14(%rdi), %r14
248 | 	movq DUNE_CFG_R15(%rdi), %r15
249 | 	mov %ss, %rax
250 | 	push %rax
251 | 	pushq DUNE_CFG_RSP(%rdi)
252 | 	pushq DUNE_CFG_RFLAGS(%rdi)
253 | 	mov %cs, %rax
254 | 	push %rax
255 | 	pushq DUNE_CFG_RIP(%rdi)
256 | 	pushq DUNE_CFG_RFLAGS(%rdi)
257 | 	movq DUNE_CFG_RAX(%rdi), %rax
258 | 	movq DUNE_CFG_RDI(%rdi), %rdi
259 | 	/* We are restoring the flags here, so that RFLAGS.TF is set when IRETQ is
260 | 	 * executed, so that an INT 1 will be raised _before_ executing the
261 | 	 * instruction at CS:RIP we are jumping to. */
262 | 	popf
263 | 	iretq
264 | 
265 | .globl __dune_go_dune
266 | __dune_go_dune:
267 | 	movq	%rdi, %r12
268 | 	movq	%rsi, %r13
269 | 	jmp	__dune_reenter
270 | 
271 | /*
272 |  * System Call ABI
273 |  * ---------------
274 |  *
275 |  * User Parameters:
276 |  * %rsp - stack pointer
277 |  * %rcx - instruction pointer
278 |  * %r11 - eflags
279 |  * %rax - system call number
280 |  *
281 |  * Arguments:
282 |  * %rdi - arg0, %rsi - arg1, %rdx - arg2
283 |  * %r10 - arg3, %r8 - arg4, %r9 - arg5
284 |  *
285 |  * Return code goes in %rax
286 |  *
287 |  * XXX: don't do relative jumps - watch out code is memcpy
288 |  */
289 | .globl __dune_syscall
290 | __dune_syscall:
291 | 	/* handle system calls from G0 */
292 | 	testq $1, %gs:IN_USERMODE
293 | 	jnz 1f
294 | 	pushq	%r11
295 | 	popfq
296 | 	vmcall
297 | 	jmp	*%rcx
298 | 
299 | 1:
300 | 	/* first switch to the kernel stack */
301 | 	movq	%rsp, %gs:TMP
302 | 	movq	%gs:TRAP_STACK, %rsp
303 | 
304 | 	/* now push the trap frame onto the stack */
305 | 	subq	$TF_END, %rsp
306 | 	movq	%rcx, RIP(%rsp)
307 | 	movq	%r11, RFLAGS(%rsp)
308 | 	movq	%r10, RCX(%rsp) /* fixup to standard 64-bit calling ABI */
309 | 	SAVE_REGS 0, 1
310 | 	movq	%gs:TMP, %rax
311 | 	movq	%rax, RSP(%rsp)
312 | 
313 | 	/* then restore the CPL0 FS base address */
314 | 	SET_G0_FS_BASE
315 | 
316 | 	/* then finally re-enable interrupts and jump to the handler */
317 | 	sti
318 | 	movq	%rsp, %rdi /* argument 0 */
319 | 	lea	dune_syscall_handler, %rax
320 | 	call	*%rax
321 | 
322 | 	/* next restore the CPL3 FS base address */
323 | 	SET_G3_FS_BASE
324 | 
325 | 	/* then pop the trap frame off the stack */
326 | 	RESTORE_REGS 0, 1
327 | 	movq	RCX(%rsp), %r10
328 | 	movq	RFLAGS(%rsp), %r11
329 | 	movq	RIP(%rsp), %rcx
330 | 
331 | 	/* switch to the user stack and return to ring 3 */
332 | 	movq	RSP(%rsp), %rsp
333 | 	sysretq
334 | 
335 | .globl __dune_syscall_end
336 | __dune_syscall_end:
337 | 	nop
338 | 
339 | .globl dune_pop_trap_frame
340 | dune_pop_trap_frame:
341 | 	movq	%rdi, %rsp /* might actually not be a stack!!! */
342 | 
343 | 	/* load the full register state */
344 | 	RESTORE_REGS
345 | 	RESTORE_REST
346 | 
347 | 	/* jump to the frame */
348 | 	addq	$EF_START, %rsp
349 | 	iretq
350 | 
351 | .globl dune_jump_to_user
352 | dune_jump_to_user:
353 | 	subq	$TF_ALIGN, %rsp
354 | 
355 | 	/* save the full register state */
356 | 	SAVE_REGS
357 | 	SAVE_REST
358 | 	pushfq
359 | 	popq	RFLAGS(%rsp)
360 | 
361 | 	/* save the stack pointer */
362 | 	movq	%rsp, %gs:TRAP_STACK
363 | 
364 | 	/* set the CPL 3 FS.base */
365 | 	SET_G3_FS_BASE
366 | 
367 | 	/* jump into G3 */
368 | 	movq	$GD_UT, CS(%rdi)
369 | 	movq	$GD_UD, SS(%rdi)
370 | 	jmp	dune_pop_trap_frame
371 | 
372 | .globl dune_ret_from_user
373 | dune_ret_from_user:
374 | 	/* restore the G0 stack */
375 | 	movq	%rdi, %rsi
376 | 	movq	%gs:TRAP_STACK, %rdi
377 | 
378 | 	/* return code */
379 | 	movq	%rsi, RAX(%rdi)
380 | 
381 | 	/* fill in remaining exception frame data */
382 | 	lea	dune_ret_from_user_finish, %rax
383 | 	movq	%rax, RIP(%rdi)
384 | 	movq	$GD_KT, CS(%rdi)
385 | 	movq	$GD_KD, SS(%rdi)
386 | 	movq	%rdi, RSP(%rdi)
387 | 
388 | 	/* return to the caller */
389 | 	jmp	dune_pop_trap_frame
390 | 
391 | dune_ret_from_user_finish:
392 | 	addq	$TF_ALIGN, %rsp
393 | 	ret
394 | 
395 | .globl __dune_intr
396 | .align 16
397 | __dune_intr:
398 | 	i = 0
399 | 	.rept 256
400 | 	.align 16
401 | 	.if i <> 8 && (i <= 9 || i >= 15) && i <> 17
402 | 		pushq	%rax /* placeholder for no error code */
403 | 	.endif
404 | 	pushq	%rax /* save %rax */
405 | 	mov $i, %rax
406 | 	jmp __dune_intr_with_num
407 | 	i = i + 1
408 | 	.endr
409 | 
410 | __dune_intr_with_num:
411 | 	/* save all registers */
412 | 	subq	$REG_END, %rsp
413 | 	SAVE_REGS 1, 0 /* %rax already is pushed */
414 | 	SAVE_REST
415 | 	movq	%rax, %rdi
416 | 
417 | 	/* then restore the CPL0 FS base address */
418 | 	testq	$3, CS(%rsp)
419 | 	jz	__dune_intr_handler
420 | 	SET_G0_FS_BASE
421 | 
422 | __dune_intr_handler:
423 | 	/* setup arguments and call the handler */
424 | 	movq	%rsp, %rsi
425 | 	/* align stack to 16 bytes */
426 | 	movq	%rsp, %rbp
427 | 	andq	$-0x10, %rsp
428 | 	call	dune_trap_handler
429 | 	movq	%rbp, %rsp
430 | 
431 | 	/* next restore the CPL3 FS base address */
432 | 	testq	$3, CS(%rsp)
433 | 	jz	__dune_intr_done
434 | 	SET_G3_FS_BASE
435 | 
436 | __dune_intr_done:
437 | 	/* load all registers */
438 | 	RESTORE_REST
439 | 	RESTORE_REGS
440 | 
441 | 	/* jump to the frame */
442 | 	addq	$EF_START, %rsp
443 | 	iretq
444 | 


--------------------------------------------------------------------------------
/libdune/dune.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * dune.h - the libdune API
  3 |  */
  4 | 
  5 | #pragma once
  6 | 
  7 | #include <sys/queue.h>
  8 | #include <stdbool.h>
  9 | 
 10 | #include "mmu.h"
 11 | #include "elf.h"
 12 | #include "fpu.h"
 13 | #include "../kern/dune.h"
 14 | 
 15 | #ifdef __cplusplus
 16 | extern "C" {
 17 | #endif
 18 | 
 19 | typedef void (*sighandler_t)(int);
 20 | 
 21 | // utilities
 22 | 
 23 | static inline unsigned long dune_get_ticks(void)
 24 | {
 25 | 	unsigned int a, d;
 26 | 	asm volatile("rdtsc" : "=a" (a), "=d" (d));
 27 | 	return ((unsigned long) a) | (((unsigned long) d) << 32);
 28 | }
 29 | 
 30 | extern int dune_printf(const char *fmt, ...);
 31 | extern void dune_die(void);
 32 | extern void * dune_mmap(void *addr, size_t length, int prot,
 33 | 		       int flags, int fd, off_t offset);
 34 | extern sighandler_t dune_signal(int sig, sighandler_t cb);
 35 | extern unsigned long dune_get_user_fs(void);
 36 | extern void dune_set_user_fs(unsigned long fs_base);
 37 | 
 38 | #ifndef assert
 39 | #define assert(expr) \
 40 | if (!(expr)) { \
 41 | 	dune_printf("ASSERT(" #expr ") at %s:%d in function %s\n", \
 42 | 			   __FILE__, __LINE__, __func__); \
 43 | 	dune_die(); \
 44 | }
 45 | #endif /* assert */
 46 | 
 47 | // fault handling
 48 | 
 49 | /*
 50 |  * We use the same general GDT layout as Linux so that can we use
 51 |  * the same syscall MSR values. In practice only code segments
 52 |  * matter, since ia-32e mode ignores most of segment values anyway,
 53 |  * but just to be extra careful we match data as well.
 54 |  */
 55 | #define GD_KT		0x10
 56 | #define GD_KD		0x18
 57 | #define GD_UD		0x28
 58 | #define GD_UT		0x30
 59 | #define GD_TSS		0x38
 60 | #define GD_TSS2		0x40
 61 | #define NR_GDT_ENTRIES	9
 62 | 
 63 | struct dune_tf {
 64 | 	/* manually saved, arguments */
 65 | 	uint64_t rdi;
 66 | 	uint64_t rsi;
 67 | 	uint64_t rdx;
 68 | 	uint64_t rcx;
 69 | 	uint64_t r8;
 70 | 	uint64_t r9;
 71 | 	uint64_t r10;
 72 | 	uint64_t r11;
 73 | 
 74 | 	/* saved by C calling conventions */
 75 | 	uint64_t rbx;
 76 | 	uint64_t rbp;
 77 | 	uint64_t r12;
 78 | 	uint64_t r13;
 79 | 	uint64_t r14;
 80 | 	uint64_t r15;
 81 | 
 82 | 	/* system call number, ret */
 83 | 	uint64_t rax;
 84 | 
 85 | 	/* exception frame */
 86 | 	uint32_t err;
 87 | 	uint32_t pad1;
 88 | 	uint64_t rip;
 89 | 	uint16_t cs;
 90 | 	uint16_t pad2[3];
 91 | 	uint64_t rflags;
 92 | 	uint64_t rsp;
 93 | 	uint16_t ss;
 94 | 	uint16_t pad3[3];
 95 | } __attribute__((packed));
 96 | 
 97 | #define ARG0(tf)        ((tf)->rdi)
 98 | #define ARG1(tf)        ((tf)->rsi)
 99 | #define ARG2(tf)        ((tf)->rdx)
100 | #define ARG3(tf)        ((tf)->rcx)
101 | #define ARG4(tf)        ((tf)->r8)
102 | #define ARG5(tf)        ((tf)->r9)
103 | 
104 | typedef void (*dune_intr_cb) (struct dune_tf *tf);
105 | typedef void (*dune_pgflt_cb) (uintptr_t addr, uint64_t fec,
106 | 			      struct dune_tf *tf);
107 | typedef void (*dune_syscall_cb) (struct dune_tf *tf);
108 | 
109 | // XXX: Must match kern/dune.h
110 | #define DUNE_SIGNAL_INTR_BASE 200
111 | 
112 | extern int dune_register_intr_handler(int vec, dune_intr_cb cb);
113 | extern int dune_register_signal_handler(int signum, dune_intr_cb cb);
114 | extern void dune_register_pgflt_handler(dune_pgflt_cb cb);
115 | extern void dune_register_syscall_handler(dune_syscall_cb cb);
116 | 
117 | extern void dune_pop_trap_frame(struct dune_tf *tf);
118 | extern int dune_jump_to_user(struct dune_tf *tf);
119 | extern void dune_ret_from_user(int ret)  __attribute__ ((noreturn));
120 | extern void dune_dump_trap_frame(struct dune_tf *tf);
121 | extern void dune_passthrough_syscall(struct dune_tf *tf);
122 | 
123 | // page allocation
124 | 
125 | SLIST_HEAD(page_head, page);
126 | typedef SLIST_ENTRY(page) page_entry_t;
127 | 
128 | struct page {
129 | 	page_entry_t link;
130 | 	uint64_t ref;
131 | };
132 | 
133 | extern struct page *pages;
134 | extern int num_pages;
135 | 
136 | #define PAGEBASE	0x200000000
137 | #define MAX_PAGES	(1ul << 20) /* 4 GB of memory */
138 | 
139 | extern struct page * dune_page_alloc(void);
140 | extern void dune_page_free(struct page *pg);
141 | extern void dune_page_stats(void);
142 | 
143 | static inline struct page * dune_pa2page(physaddr_t pa)
144 | {
145 | 	return &pages[PPN(pa - PAGEBASE)];
146 | }
147 | 
148 | static inline physaddr_t dune_page2pa(struct page *pg)
149 | {
150 | 	return PAGEBASE + ((pg - pages) << PGSHIFT);
151 | }
152 | 
153 | extern bool dune_page_isfrompool(physaddr_t pa);
154 | 
155 | static inline struct page * dune_page_get(struct page *pg)
156 | {
157 | 	assert(pg >= pages);
158 | 	assert(pg < (pages + num_pages));
159 | 
160 | 	pg->ref++;
161 | 
162 | 	return pg;
163 | }
164 | 
165 | static inline void dune_page_put(struct page *pg)
166 | {
167 | 	assert(pg >= pages);
168 | 	assert(pg < (pages + num_pages));
169 | 
170 | 	pg->ref--;
171 | 
172 | 	if (!pg->ref)
173 | 		dune_page_free(pg);
174 | }
175 | 
176 | // virtual memory
177 | 
178 | extern ptent_t *pgroot;
179 | extern uintptr_t phys_limit;
180 | extern uintptr_t mmap_base;
181 | extern uintptr_t stack_base;
182 | 
183 | #define APIC_BASE 0xfffffffffffff000
184 | 
185 | static inline uintptr_t dune_mmap_addr_to_pa(void *ptr)
186 | {
187 | 	return ((uintptr_t) ptr) - mmap_base +
188 | 		phys_limit - GPA_STACK_SIZE - GPA_MAP_SIZE;
189 | }
190 | 
191 | static inline uintptr_t dune_stack_addr_to_pa(void *ptr)
192 | {
193 | 	return ((uintptr_t) ptr) - stack_base +
194 | 		phys_limit - GPA_STACK_SIZE;
195 | }
196 | 
197 | static inline uintptr_t dune_va_to_pa(void *ptr)
198 | {
199 | 	if (PGADDR(ptr) == APIC_BASE)
200 | 		return GPA_APIC_PAGE;
201 | 	else if ((uintptr_t) ptr >= stack_base)
202 | 		return dune_stack_addr_to_pa(ptr);
203 | 	else if ((uintptr_t) ptr >= mmap_base)
204 | 		return dune_mmap_addr_to_pa(ptr);
205 | 	else
206 | 		return (uintptr_t) ptr;
207 | }
208 | 
209 | #define PERM_NONE  	0	/* no access */
210 | #define PERM_R		0x0001	/* read permission */
211 | #define PERM_W		0x0002	/* write permission */
212 | #define PERM_X		0x0004	/* execute permission */
213 | #define PERM_U		0x0008	/* user-level permission */
214 | #define PERM_UC		0x0010  /* make uncachable */
215 | #define PERM_COW	0x0020	/* COW flag */
216 | #define PERM_USR1	0x1000  /* User flag 1 */
217 | #define PERM_USR2	0x2000  /* User flag 2 */
218 | #define PERM_USR3	0x3000  /* User flag 3 */
219 | #define PERM_BIG	0x0100	/* Use large pages */
220 | #define PERM_BIG_1GB	0x0200	/* Use large pages (1GB) */
221 | 
222 | // Helper Macros
223 | #define PERM_SCODE	(PERM_R | PERM_X)
224 | #define PERM_STEXT	(PERM_R | PERM_W)
225 | #define PERM_SSTACK	PERM_STEXT
226 | #define PERM_UCODE	(PERM_R | PERM_U | PERM_X)
227 | #define PERM_UTEXT	(PERM_R | PERM_U | PERM_W)
228 | #define PERM_USTACK	PERM_UTEXT
229 | 
230 | static inline void dune_flush_tlb_one(unsigned long addr)
231 | {
232 | 	asm ("invlpg (%0)" :: "r" (addr) : "memory");
233 | }
234 | 
235 | static inline void dune_flush_tlb(void)
236 | {
237 | 	asm ("mov %%cr3, %%rax\n"
238 | 	     "mov %%rax, %%cr3\n" ::: "rax");
239 | }
240 | 
241 | #define CR3_NOFLUSH	(1UL << 63)
242 | 
243 | static inline void load_cr3(unsigned long cr3)
244 | {       
245 |         asm("mov %%rax, %%cr3\n" : : "a" (cr3));
246 | }
247 | 
248 | static inline void __invpcid(int mode, unsigned long addr)
249 | {
250 | 	struct {
251 | 		unsigned long eptp, gpa;
252 | 	} operand = {1, addr};
253 | 	asm volatile("invpcid (%%rax), %%rcx" ::
254 | 		     "a" (&operand), "c" (mode) : "cc", "memory");
255 | }
256 | 
257 | /* Define beginning and end of VA space */
258 | #define VA_START		((void *)0)
259 | #define VA_END			((void *)-1)
260 | 
261 | enum {
262 | 	CREATE_NONE = 0,
263 | 	CREATE_NORMAL = 1,
264 | 	CREATE_BIG = 2,
265 | 	CREATE_BIG_1GB = 3,
266 | };
267 | 
268 | extern int dune_vm_mprotect(ptent_t *root, void *va, size_t len, int perm);
269 | extern int dune_vm_map_phys(ptent_t *root, void *va, size_t len, void *pa, int perm);
270 | extern int dune_vm_map_pages(ptent_t *root, void *va, size_t len, int perm);
271 | extern void dune_vm_unmap(ptent_t *root, void *va, size_t len);
272 | extern int dune_vm_lookup(ptent_t *root, void *va, int create, ptent_t **pte_out);
273 | 
274 | extern int dune_vm_insert_page(ptent_t *root, void *va, struct page *pg, int perm);
275 | extern struct page * dune_vm_lookup_page(ptent_t *root, void *va);
276 | 
277 | extern ptent_t * dune_vm_clone(ptent_t *root);
278 | extern void dune_vm_free(ptent_t *root);
279 | extern void dune_vm_default_pgflt_handler(uintptr_t addr, uint64_t fec);
280 | 
281 | typedef int (*page_walk_cb)(const void *arg, ptent_t *ptep, void *va);
282 | extern int dune_vm_page_walk(ptent_t *root, void *start_va, void *end_va,
283 | 			    page_walk_cb cb, const void *arg);
284 | 
285 | // process memory maps
286 | 
287 | #define PROCMAP_TYPE_UNKNOWN	0x00
288 | #define PROCMAP_TYPE_FILE	0x01
289 | #define PROCMAP_TYPE_ANONYMOUS	0x02
290 | #define PROCMAP_TYPE_HEAP	0x03
291 | #define PROCMAP_TYPE_STACK	0x04
292 | #define PROCMAP_TYPE_VSYSCALL	0x05
293 | #define PROCMAP_TYPE_VDSO	0x06
294 | #define PROCMAP_TYPE_VVAR	0x07
295 | 
296 | struct dune_procmap_entry {
297 | 	uintptr_t	begin;
298 | 	uintptr_t	end;
299 | 	uint64_t	offset;
300 | 	bool		r; // Readable
301 | 	bool		w; // Writable
302 | 	bool		x; // Executable
303 | 	bool		p; // Private (or shared)
304 | 	char		*path;
305 | 	int		type;
306 | };
307 | 
308 | typedef void (*dune_procmap_cb)(const struct dune_procmap_entry *);
309 | 
310 | extern void dune_procmap_iterate(dune_procmap_cb cb);
311 | extern void dune_procmap_dump();
312 | 
313 | // elf helper functions
314 | 
315 | struct dune_elf {
316 | 	int		fd;
317 | 	unsigned char	*mem;
318 | 	int		len;
319 | 	Elf64_Ehdr	hdr;
320 | 	Elf64_Phdr	*phdr;
321 | 	Elf64_Shdr	*shdr;
322 | 	char		*shdrstr;
323 | 	void		*priv;
324 | };
325 | 
326 | typedef int (*dune_elf_phcb)(struct dune_elf *elf, Elf64_Phdr *phdr);
327 | typedef int (*dune_elf_shcb)(struct dune_elf *elf, const char *sname,
328 | 		                     int snum, Elf64_Shdr *shdr);
329 | 
330 | extern int dune_elf_open(struct dune_elf *elf, const char *path);
331 | extern int dune_elf_open_mem(struct dune_elf *elf, void *mem, int len);
332 | extern int dune_elf_close(struct dune_elf *elf);
333 | extern int dune_elf_dump(struct dune_elf *elf);
334 | extern int dune_elf_iter_sh(struct dune_elf *elf, dune_elf_shcb cb);
335 | extern int dune_elf_iter_ph(struct dune_elf *elf, dune_elf_phcb cb);
336 | extern int dune_elf_load_ph(struct dune_elf *elf, Elf64_Phdr *phdr, off_t off);
337 | 
338 | // entry routines
339 | 
340 | extern int dune_init(bool map_full);
341 | extern int dune_enter();
342 | 
343 | /**
344 |  * dune_init_and_enter - initializes libdune and enters "Dune mode"
345 |  * 
346 |  * This is a simple initialization routine that handles everything
347 |  * in one go. Note that you still need to call dune_enter() in
348 |  * each new forked child or thread.
349 |  * 
350 |  * Returns 0 on success, otherwise failure.
351 |  */
352 | static inline int dune_init_and_enter(void)
353 | {
354 | 	int ret;
355 | 	
356 | 	if ((ret = dune_init(1)))
357 | 		return ret;
358 | 	
359 | 	return dune_enter();
360 | }
361 | 
362 | extern void dune_control_guest_ints(bool enable);
363 | 
364 | #ifdef __cplusplus
365 | }
366 | #endif
367 | 


--------------------------------------------------------------------------------
/libdune/elf.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <stdlib.h>
  3 | #include <stdbool.h>
  4 | #include <unistd.h>
  5 | #include <sys/types.h>
  6 | #include <sys/stat.h>
  7 | #include <sys/mman.h>
  8 | #include <fcntl.h>
  9 | #include <errno.h>
 10 | #include <string.h>
 11 | 
 12 | #include "dune.h"
 13 | #include "elf.h"
 14 | 
 15 | #define MAX_SNAME 40
 16 | #define MAX_SHNUM 100
 17 | #define MAX_PHNUM 40
 18 | 
 19 | static int elf_read(struct dune_elf *elf, void *dst, int len, int off)
 20 | {
 21 | 	int rd;
 22 | 
 23 | 	if (elf->mem == NULL)
 24 | 		return pread(elf->fd, dst, len, off);
 25 | 		
 26 | 	rd = elf->len - off;
 27 | 	
 28 | 	if (rd <= 0)
 29 | 		return 0;
 30 | 
 31 | 	if (len < rd)
 32 | 		rd = len;
 33 | 
 34 | 	memcpy(dst, &elf->mem[off], rd);
 35 | 
 36 | 	return rd;
 37 | }
 38 | 
 39 | /**
 40 |  * dune_elf_load_ph - a utility function to map a .LOAD region into program memory
 41 |  * @elf: elf data
 42 |  * @phdr: the program header
 43 |  * 
 44 |  * Returns 0 on success, otherwise failure.
 45 |  */
 46 | int dune_elf_load_ph(struct dune_elf *elf, Elf64_Phdr *phdr, off_t off)
 47 | {
 48 | 	void *ptr;
 49 | 	int prot = PROT_NONE;
 50 | 
 51 | 	if (phdr->p_type != PT_LOAD)
 52 | 		return -EINVAL;
 53 | 	if (phdr->p_filesz > phdr->p_memsz)
 54 | 		return -EINVAL;
 55 | 
 56 | 	if (phdr->p_flags & PF_X)
 57 | 		prot |= PROT_EXEC;
 58 | 	if (phdr->p_flags & PF_R)
 59 | 		prot |= PROT_READ;
 60 | 	if (phdr->p_flags & PF_W)
 61 | 		prot |= PROT_WRITE;
 62 | 
 63 | 	ptr = mmap((void *) (PGADDR(phdr->p_vaddr) + off),
 64 | 		   phdr->p_filesz + PGOFF(phdr->p_vaddr),
 65 | 		   prot, MAP_FIXED | MAP_PRIVATE,
 66 | 		   elf->fd, PGADDR(phdr->p_offset));
 67 | 	if (ptr != (void *) (PGADDR(phdr->p_vaddr) + off))
 68 | 		return -ENOMEM;
 69 | 
 70 | 	if (phdr->p_memsz > phdr->p_filesz) {
 71 | 		unsigned long start = phdr->p_vaddr + phdr->p_filesz + off;
 72 | 		unsigned long map_start = PGADDR(start + PGSIZE - 1);
 73 | 		unsigned long zero_len = phdr->p_memsz - phdr->p_filesz;
 74 | 		int mod_prot = !(prot & PROT_WRITE);
 75 | 
 76 | 		// this is really stupid, but basically we have
 77 | 		// to manually zero the bits that aren't page aligned :(
 78 | 		if (start < map_start) {
 79 | 			if (mod_prot &&
 80 | 			    mprotect((void *) (map_start - PGSIZE),
 81 | 				     PGSIZE, prot | PROT_WRITE))
 82 | 				return -ENOMEM;
 83 | 
 84 | 			memset((void *) start, 0, map_start - start);
 85 | 
 86 | 			if (mod_prot &&
 87 | 			    mprotect((void *) (map_start - PGSIZE),
 88 | 				     PGSIZE, prot))
 89 | 				return -ENOMEM;
 90 | 		}
 91 | 
 92 | 		ptr = mmap((void *) map_start, zero_len, prot,
 93 | 			   MAP_ANON | MAP_FIXED | MAP_PRIVATE, -1, 0);
 94 | 		if (ptr != (void *) map_start)
 95 | 			return -ENOMEM;
 96 | 	}
 97 | 
 98 | 	return 0;
 99 | }
100 | 
101 | static int elf_open_phs(struct dune_elf *elf)
102 | {
103 | 	int ret;
104 | 	size_t len;
105 | 	Elf64_Phdr *phdr;
106 | 
107 | 	if (elf->hdr.e_phentsize != sizeof(Elf64_Phdr)) {
108 | 		printf("elf: unexpected phdr size\n");
109 | 		return -EINVAL;
110 | 	}
111 | 
112 | 	if (elf->hdr.e_phnum > MAX_PHNUM) // security check
113 | 		return -EINVAL;
114 | 
115 | 	len = elf->hdr.e_phnum * elf->hdr.e_phentsize;
116 | 	phdr = malloc(len);
117 | 	if (!phdr)
118 | 		return -ENOMEM;
119 | 
120 | 	ret = pread(elf->fd, (void *) phdr, len, elf->hdr.e_phoff);
121 | 	if (ret != len) {
122 | 		printf("elf: failed to read program header table\n");
123 | 		free(phdr);
124 | 		return -EIO;
125 | 	}
126 | 
127 | 	elf->phdr = phdr;
128 | 
129 | 	return 0;
130 | }
131 | 
132 | /**
133 |  * dune_elf_iter_ph - iterates over each program header
134 |  * @elf: elf data
135 |  * @cb: a function callback called for each program header
136 |  * 
137 |  * Returns 0 on success, otherwise failure. If a callback
138 |  * returns an error code, it gets propogated to the return
139 |  * value.
140 |  */
141 | int dune_elf_iter_ph(struct dune_elf *elf, dune_elf_phcb cb)
142 | {
143 | 	int i, ret;
144 | 
145 | 	if (elf->phdr == NULL) {
146 | 		ret = elf_open_phs(elf);
147 | 		if (ret < 0)
148 | 			return ret;
149 | 	}
150 | 
151 | 	for (i = 0; i < elf->hdr.e_phnum; i++) {
152 | 		ret = cb(elf, &elf->phdr[i]);
153 | 		if (ret)
154 | 			return ret;
155 | 	}
156 | 
157 | 	return 0;
158 | }
159 | 
160 | static int elf_open_shs(struct dune_elf *elf)
161 | {
162 | 	int ret;
163 | 	size_t len;
164 | 	Elf64_Shdr *shdr;
165 | 	size_t strtablen;
166 | 	char *strtab;
167 | 
168 | 	if (elf->hdr.e_shentsize != sizeof(Elf64_Shdr)) {
169 | 		printf("elf: unexpected shdr size\n");
170 | 		return -EINVAL;
171 | 	}
172 | 
173 | 	if (elf->hdr.e_shnum > MAX_SHNUM) // security check
174 | 		return -EINVAL;
175 | 
176 | 	len = elf->hdr.e_shnum * elf->hdr.e_shentsize;
177 | 	shdr = malloc(len);
178 | 	if (!shdr)
179 | 		return -ENOMEM;
180 | 
181 | 	ret = elf_read(elf, (void *) shdr, len, elf->hdr.e_shoff);
182 | 	if (ret != len) {
183 | 		printf("elf: failed to read section header table\n");
184 | 		free(shdr);
185 | 		return -EIO;
186 | 	}
187 | 
188 | 	if (elf->hdr.e_shstrndx > elf->hdr.e_shnum) {
189 | 		free(shdr);
190 | 		return -EINVAL;
191 | 	}
192 | 	if (shdr[elf->hdr.e_shstrndx].sh_type != SHT_STRTAB) {
193 | 		printf("elf: invalid section type for string table\n");
194 | 		free(shdr);
195 | 		return -EINVAL;
196 | 	}
197 | 	strtablen = shdr[elf->hdr.e_shstrndx].sh_size;
198 | 	// Security check?
199 | 	strtab = malloc(strtablen);
200 | 	if (!strtab) {
201 | 		free(shdr);
202 | 		return -ENOMEM;
203 | 	}
204 | 	ret = elf_read(elf, (void *) strtab, strtablen,
205 | 			    shdr[elf->hdr.e_shstrndx].sh_offset);
206 | 	if (ret != strtablen) {
207 | 		printf("elf: failed to read section header string table\n");
208 | 		free(shdr);
209 | 		free(strtab);
210 | 		return -EIO;
211 | 	}
212 | 
213 | 	elf->shdr = shdr;
214 | 	elf->shdrstr = strtab;
215 | 
216 | 	return 0;
217 | }
218 | 
219 | /**
220 |  * dune_elf_iter_sh - iterates over each section header
221 |  * @elf: elf data
222 |  * @cb: a function callback called for each section header
223 |  * 
224 |  * Returns 0 on success, otherwise failure. If a callback
225 |  * returns an error code, it gets propogated to the return
226 |  * value.
227 |  */
228 | int dune_elf_iter_sh(struct dune_elf *elf, dune_elf_shcb cb)
229 | {
230 | 	int i, ret;
231 | 
232 | 	if (elf->shdr == NULL) {
233 | 		ret = elf_open_shs(elf);
234 | 		if (ret < 0)
235 | 			return ret;
236 | 	}
237 | 
238 | 	for (i = 0; i < elf->hdr.e_shnum; i++) {
239 | 		char *sname = elf->shdrstr + elf->shdr[i].sh_name;
240 | 		// XXX: Check offset and length
241 | 		if (strnlen(sname, MAX_SNAME) == MAX_SNAME) {
242 | 			dune_printf("elf: section name too long\n");
243 | 			return -EINVAL;
244 | 		}
245 | 
246 | 		ret = cb(elf, sname, i, &elf->shdr[i]);
247 | 		if (ret)
248 | 			return ret;
249 | 	}
250 | 
251 | 	return 0;
252 | }
253 | 
254 | static int do_elf_open(struct dune_elf *elf)
255 | {
256 | 	Elf64_Ehdr hdr;
257 | 	int ret;
258 | 
259 | 	ret = elf_read(elf, (void *) &hdr, sizeof(Elf64_Ehdr), 0);
260 | 	if (ret != sizeof(Elf64_Ehdr)) {
261 | 		printf("elf: failed to read header\n");
262 | 		ret = -EIO;
263 | 		goto out;
264 | 	}
265 | 
266 | 	if (hdr.e_ident[EI_MAG0] != ELFMAG0 ||
267 | 	    hdr.e_ident[EI_MAG1] != ELFMAG1 ||
268 | 	    hdr.e_ident[EI_MAG2] != ELFMAG2 ||
269 | 	    hdr.e_ident[EI_MAG3] != ELFMAG3 ||
270 | 	    hdr.e_ident[EI_CLASS] != ELFCLASS64 ||
271 | 	    hdr.e_ident[EI_DATA] != ELFDATA2LSB ||
272 | 	    hdr.e_ident[EI_VERSION] != EV_CURRENT ||
273 | 	    hdr.e_version != EV_CURRENT) {
274 | 		printf("elf: failed image sanity check\n");
275 | 		ret = -EINVAL;
276 | 		goto out;
277 | 	}
278 | 
279 | 	if (hdr.e_machine != EM_X86_64) {
280 | 		printf("elf: unsupported architecture\n");
281 | 		ret = -EINVAL;
282 | 		goto out;
283 | 	}
284 | 
285 | 	elf->hdr = hdr;
286 | 	elf->phdr = NULL;
287 | 	elf->shdr = NULL;
288 | 	elf->shdrstr = NULL;
289 | 	return 0;
290 | 
291 | out:
292 | 	dune_elf_close(elf);
293 | 	return ret;
294 | }
295 | 
296 | /**
297 |  * dune_elf_open - Open an elf binary
298 |  * @elf: dune_elf object
299 |  * @path: file path to the elf object
300 |  *
301 |  * Returns: 0 on success, otherwise failure.
302 |  */
303 | int dune_elf_open(struct dune_elf *elf, const char *path)
304 | {
305 | 	int fd;
306 | 
307 | 	fd = open(path, O_RDONLY);
308 | 	if (fd <= 0) {
309 | 		printf("elf: unable to open '%s'\n", path);
310 | 		return -EIO;
311 | 	}
312 | 
313 | 	elf->fd  = fd;
314 | 	elf->mem = NULL;
315 | 	elf->len = 0;
316 | 
317 | 	return do_elf_open(elf);
318 | }
319 | 
320 | int dune_elf_open_mem(struct dune_elf *elf, void *mem, int len)
321 | {
322 | 	elf->fd  = -1;
323 | 	elf->mem = mem;
324 | 	elf->len = len;
325 | 
326 | 	return do_elf_open(elf);
327 | }
328 | 
329 | /**
330 |  * dune_elf_close - Close an elf object.
331 |  * @elf: dune_elf object
332 |  */
333 | int dune_elf_close(struct dune_elf *elf)
334 | {
335 | 	if (elf->phdr != NULL) {
336 | 		free(elf->phdr);
337 | 		elf->phdr = NULL;
338 | 	}
339 | 	if (elf->shdr != NULL) {
340 | 		free(elf->shdr);
341 | 		elf->shdr = NULL;
342 | 	}
343 | 	if (elf->shdrstr != NULL) {
344 | 		free(elf->shdrstr);
345 | 		elf->shdrstr = NULL;
346 | 	}
347 | 
348 | 	if (elf->mem == NULL)
349 | 		close(elf->fd);
350 | 
351 | 	return 0;
352 | }
353 | 
354 | static const char *ShdrTypes[SHT_NUM] = {
355 | 	"NULL", "PROGBITS", "SYMTAB", "STRTAB", "RELA", "HASH", "DYNAMIC",
356 | 	"NOTE", "NOBITS", "REL", "SHLIB", "DYNSYM", "INIT_ARRAY", "FINI_ARRAY",
357 | 	"PREINIT_ARRAY", "GROUP", "SYMTAB_SHNDX",
358 | };
359 | 
360 | static int elf_dump_sh(struct dune_elf *elf,
361 | 		       const char *sname,
362 | 		       int snum,
363 | 		       Elf64_Shdr *shdr)
364 | {
365 | 	const char *type = "UNKNOWN";
366 | 	if (shdr->sh_type < SHT_NUM)
367 | 		type = ShdrTypes[shdr->sh_type];
368 | 
369 | 	dune_printf("  [%2d] %-16s %-16s %016llx %08x\n",
370 | 			   snum, sname, type, shdr->sh_addr, shdr->sh_offset);
371 | 	dune_printf("       %016llx %016llx %c%c%c%c%c %4d %4d %5d\n",
372 | 			   shdr->sh_size, shdr->sh_entsize,
373 | 			   shdr->sh_flags & SHF_WRITE ? 'W' : ' ',
374 | 			   shdr->sh_flags & SHF_ALLOC ? 'A' : ' ',
375 | 			   shdr->sh_flags & SHF_EXECINSTR ? 'X' : ' ',
376 | 			   shdr->sh_flags & SHF_MERGE ? 'M' : ' ',
377 | 			   shdr->sh_flags & SHF_STRINGS ? 'S' : ' ',
378 | 			   shdr->sh_link, shdr->sh_info, shdr->sh_addralign);
379 | 
380 | 	return 0;
381 | }
382 | 
383 | static const char *PhdrType[PT_NUM] = {
384 | 	"NULL", "LOAD", "DYNAMIC", "INTERP", "NOTE", "SHLIB", "PHDR", "TLS",
385 | };
386 | 
387 | static int elf_dump_ph(struct dune_elf *elf, Elf64_Phdr *phdr)
388 | {
389 | 	const char *type = "UNKNOWN";
390 | 
391 | 	if (phdr->p_type < PT_NUM)
392 | 		type = PhdrType[phdr->p_type];
393 | 
394 | 	dune_printf("  %-20s 0x%016llx 0x%016llx 0x%016llx\n",
395 | 			   type, phdr->p_offset,
396 | 			   phdr->p_vaddr, phdr->p_paddr);
397 | 	dune_printf("  %-20s 0x%016llx 0x%016llx  %c%c%c    %x\n",
398 | 			   "", phdr->p_filesz, phdr->p_memsz,
399 | 			   phdr->p_flags & PF_R ? 'R' : ' ',
400 | 			   phdr->p_flags & PF_W ? 'W' : ' ',
401 | 			   phdr->p_flags & PF_X ? 'X' : ' ',
402 | 			   phdr->p_align);
403 | 
404 | 	return 0;
405 | }
406 | 
407 | /**
408 |  * dune_elf_dump - Dumps an elf binary program headers and segments
409 |  * @elf: dune_elf object
410 |  * 
411 |  * Returns: 0 on success, otherwise failure.
412 |  */
413 | int dune_elf_dump(struct dune_elf *elf)
414 | {
415 | 	int ret = 0;
416 | 
417 | 	dune_printf("--- ELF Dump ---\n");
418 | 
419 | 	// XXX: Dump Header
420 | 
421 | 	dune_printf("Section Headers:\n");
422 | 	dune_printf("  [Nr] %-16s %-16s %-16s %s\n",
423 | 			   "Name", "Type", "Address", "Offset");
424 | 	dune_printf("       %-16s %-16s %s %s %s  %s\n",
425 | 			   "Size", "EntSize", "Flags", "Link", "Info", "Align");
426 | 	if ((ret = dune_elf_iter_sh(elf, &elf_dump_sh))) {
427 | 		printf("elf: failed to dump section headers\n");
428 | 		goto out;
429 | 	}
430 | 
431 | 	dune_printf("Program Headers:\n");
432 | 	dune_printf("  %-20s %-18s %-18s %s\n",
433 | 			   "Type", "Offset", "VirtAddr", "PhysAddr");
434 | 	dune_printf("  %-20s %-18s %-18s %s   %s\n",
435 | 			   "", "FileSiz", "MemSize", "Flags", "Align");
436 | 	if ((ret = dune_elf_iter_ph(elf, &elf_dump_ph))) {
437 | 		printf("elf: failed to dump program headers\n");
438 | 		goto out;
439 | 	}
440 | 
441 | out:
442 | 	return ret;
443 | }
444 | 
445 | 
446 | 


--------------------------------------------------------------------------------
/libdune/fpu.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * fpu.h - x86 floating point, MMX, SSE, and AVX support for Dune
  3 |  */
  4 | 
  5 | #include <string.h>
  6 | 
  7 | struct fxsave_area {
  8 | 	uint16_t cwd;
  9 | 	uint16_t swd;
 10 | 	uint16_t twd;
 11 | 	uint16_t fop;
 12 | 	uint64_t rip;
 13 | 	uint64_t rdp;
 14 | 	uint32_t mxcsr;
 15 | 	uint32_t mxcsr_mask;
 16 | 	uint32_t st_regs[32];   // 8 128-bit FP registers
 17 | 	uint32_t xmm_regs[64];  // 16 128-bit XMM registers
 18 | 	uint32_t padding[24];
 19 | } __attribute__((packed));
 20 | 
 21 | struct xsave_header {
 22 | 	uint64_t xstate_bv;
 23 | 	uint64_t reserved_zero[2];
 24 | 	uint64_t reserved[5];
 25 | } __attribute__((packed));
 26 | 
 27 | struct xsave_area {
 28 | 	struct fxsave_area	fxsave;
 29 | 	struct xsave_header	header;
 30 | 	uint32_t		ymm_regs[64]; // extends XMM registers to 256-bit
 31 | 	/* FIXME: check CPUID, could be other extensions in the future */
 32 | } __attribute__((packed, aligned (64)));
 33 | 
 34 | struct fpu_area {
 35 | 	/* we only support xsave, since it's available in nehalem and later */
 36 | 	struct xsave_area	xsave;
 37 | };
 38 | 
 39 | static inline void fpu_xsave(struct fpu_area *fp, uint64_t mask)
 40 | {
 41 | 	uint32_t lmask = mask;
 42 | 	uint32_t umask = mask >> 32;
 43 | 
 44 | 	asm volatile("xsaveq %0\n\t" : "=m"(fp->xsave) :
 45 | 		     "a"(lmask), "d"(umask) :
 46 | 		     "memory");
 47 | }
 48 | 
 49 | static inline void fpu_xsaveopt(struct fpu_area *fp, uint64_t mask)
 50 | {
 51 | 	uint32_t lmask = mask;
 52 | 	uint32_t umask = mask >> 32;
 53 | 
 54 | 	asm volatile("xsaveoptq %0\n\t" : "=m"(fp->xsave) :
 55 | 		     "a"(lmask), "d"(umask) :
 56 | 		     "memory");
 57 | }
 58 | 
 59 | static inline void fpu_xrstor(struct fpu_area *fp, uint64_t mask)
 60 | {
 61 | 	uint32_t lmask = mask;
 62 | 	uint32_t umask = mask >> 32;
 63 | 
 64 | 	asm volatile("xrstorq %0\n\t" : : "m"(fp->xsave),
 65 | 		     "a"(lmask), "d"(umask) :
 66 | 		     "memory");
 67 | }
 68 | 
 69 | /*
 70 |  * dune_fpu_init - initializes an fpu area
 71 |  * @fp: the fpu area
 72 |  */
 73 | static inline void dune_fpu_init(struct fpu_area *fp)
 74 | {
 75 | 	memset(fp, 0, sizeof(struct fpu_area));
 76 | 	fp->xsave.fxsave.cwd = 0x37f;
 77 | 	fp->xsave.fxsave.mxcsr = 0x1f80;
 78 | }
 79 | 
 80 | /*
 81 |  * dune_fpu_load - loads an fpu area into fpu registers
 82 |  * @fp: the fpu area
 83 |  */
 84 | static inline void dune_fpu_load(struct fpu_area *fp)
 85 | {
 86 | 	fpu_xrstor(fp, -1);
 87 | }
 88 | 
 89 | /*
 90 |  * dune_fpu_save - saves fpu registers to an fpu area
 91 |  * @fp: the fpu area
 92 |  * 
 93 |  * WARNING: Do not call this function on a memory region
 94 |  * that was not previously loaded with dune_fpu_load().
 95 |  * 
 96 |  * If you do, register state corruption might be possible. See
 97 |  * "XSAVEOPT Usage Guidlines" under the XSAVEOPT instruction
 98 |  * description in the Intel Manual Instruction Set Reference
 99 |  * for more details.
100 |  */
101 | static inline void dune_fpu_save(struct fpu_area *fp)
102 | {
103 | 	// FIXME: need to check CPUID because only
104 | 	// sandybridge and later support XSAVEOPT
105 | 	fpu_xsaveopt(fp, -1);
106 | }
107 | 
108 | /*
109 |  * dune_fpu_save_safe - saves an fpu area from CPU registers
110 |  * @fp: the fpu area
111 |  * 
112 |  * Works under all conditions, but may be slower.
113 |  */
114 | static inline void dune_fpu_save_safe(struct fpu_area *fp)
115 | {
116 | 	fpu_xsave(fp, -1);
117 | }
118 | 


--------------------------------------------------------------------------------
/libdune/local.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * local.h - internal definitions
 3 |  */
 4 | 
 5 | 
 6 | // standard definitions
 7 | #define __str_t(x...)	#x
 8 | #define __str(x...)	__str_t(x)
 9 | extern int arch_prctl(int code, unsigned long *addr);
10 | 
11 | // assembly routines from dune.S
12 | extern int __dune_enter(int fd, struct dune_config *config);
13 | extern int __dune_ret(void);
14 | extern void __dune_syscall(void);
15 | extern void __dune_syscall_end(void);
16 | extern void __dune_intr(void);
17 | extern void __dune_go_linux(struct dune_config *config);
18 | extern void __dune_go_dune(int fd, struct dune_config *config);
19 | 
20 | // assembly routine for handling vsyscalls
21 | extern char __dune_vsyscall_page;
22 | 
23 | // initialization
24 | extern int dune_page_init(void);
25 | 


--------------------------------------------------------------------------------
/libdune/mmu-x86.h:
--------------------------------------------------------------------------------
  1 | #ifndef JOS_MACHINE_MMU_X86_H
  2 | #define JOS_MACHINE_MMU_X86_H
  3 | 
  4 | /*
  5 |  *
  6 |  * Part 1.  Paging data structures and control registers
  7 |  *
  8 |  */
  9 | 
 10 | /* index into:         
 11 |  *   n = 0 => page table 
 12 |  *   n = 1 => page directory
 13 |  *   n = 2 => page directory pointer
 14 |  *   n = 3 => page map level 4
 15 |  */
 16 | #define PDXMASK		((1 << NPTBITS) - 1)
 17 | #define PDSHIFT(n)	(12 + NPTBITS * (n))
 18 | #define PDX(n, la)	((((uintptr_t) (la)) >> PDSHIFT(n)) & PDXMASK)
 19 | 
 20 | #define NPTENTRIES	(1 << NPTBITS)
 21 | 
 22 | /* page number field of address */
 23 | #define PPN(la)		((la) >> PGSHIFT)
 24 | 
 25 | /* page size */
 26 | #define PGSHIFT		12		/* log2(PGSIZE) */
 27 | #define PGSIZE		(1 << PGSHIFT)	/* bytes mapped by a page */
 28 | #define PGMASK		(PGSIZE - 1)
 29 | 
 30 | /* offset in page */
 31 | #define PGOFF(la)	(((uintptr_t) (la)) & PGMASK)
 32 | #define PGADDR(la)	(((uintptr_t) (la)) & ~CAST64(PGMASK))
 33 | 
 34 | /* big page size */
 35 | #define BIG_PGSHIFT	21
 36 | #define BIG_PGSIZE	(1 << BIG_PGSHIFT)
 37 | #define BIG_PGMASK	(BIG_PGSIZE - 1)
 38 | 
 39 | /* offset in big page */
 40 | #define BIG_PGOFF(la)	(((uintptr_t) (la)) & BIG_PGMASK)
 41 | #define BIG_PGADDR(la)	(((uintptr_t) (la)) & ~CAST64(BIG_PGMASK))
 42 | 
 43 | /* Page table/directory entry flags. */
 44 | #define PTE_P		0x0001		/* Present */
 45 | #define PTE_W		0x0002		/* Writeable */
 46 | #define PTE_U		0x0004		/* User */
 47 | #define PTE_PWT		0x0008		/* Write-Through */
 48 | #define PTE_PCD		0x0010		/* Cache-Disable */
 49 | #define PTE_A		0x0020		/* Accessed */
 50 | #define PTE_D		0x0040		/* Dirty */
 51 | #define PTE_PS		0x0080		/* Page size, in PD/PDP/PML4 */
 52 | #define PTE_PAT		0x0080		/* Page attribute table, in 4KB PTE */
 53 | #define PTE_G		0x0100		/* Global */
 54 | #define PTE_AVAIL	0x0E00		/* 3 bits not used by hardware */
 55 | #define PTE_PAT_PS	0x1000		/* Page attribute table, in 2MB PTE */
 56 | #define PTE_AVAIL2	UINT64(0x7FF0000000000000) /* 11 bits not used by hardware */
 57 | #define PTE_NX		UINT64(0x8000000000000000) /* No execute */
 58 | 
 59 | /* DUNE Specific Flags - Using available bits in PTE */
 60 | #define PTE_COW		0x0200		/* Copy-on-write - must also be read-only */
 61 | #define PTE_USR1	UINT64(0x4000000000000000) /* Reserved for user software */
 62 | #define PTE_USR2	UINT64(0x2000000000000000) /* Reserved for user software */
 63 | #define PTE_USR3	UINT64(0x1000000000000000) /* Reserved for user software */
 64 | 
 65 | /* address in page table entry */
 66 | #define PTE_ADDR(pte) ((physaddr_t) (pte) & UINT64(0xffffffffff000))
 67 | #define PTE_FLAGS(pte) ((physaddr_t) (pte) & UINT64(0xfff0000000000fff))
 68 | 
 69 | /* Control Register flags */
 70 | #define CR0_PE 0x1		/* Protected mode enable */
 71 | #define CR0_MP 0x2		/* Monitor coProcessor */
 72 | #define CR0_EM 0x4		/* Emulation */
 73 | #define CR0_TS 0x8		/* Task Switched */
 74 | #define CR0_ET 0x10		/* Extension Type */
 75 | #define CR0_NE 0x20		/* Numeric Errror */
 76 | #define CR0_WP 0x10000		/* Write Protect */
 77 | #define CR0_AM 0x40000		/* Alignment Mask */
 78 | #define CR0_NW 0x20000000	/* Not Writethrough */
 79 | #define CR0_CD 0x40000000	/* Cache Disable */
 80 | #define CR0_PG 0x80000000	/* Paging */
 81 | 
 82 | #define CR3_PWT 0x8		/* Page-level writethrough */
 83 | #define CR3_PCD 0x10		/* Page-level cache disable */
 84 | 
 85 | #define CR4_VME 0x1		/* V86 Mode Extensions */
 86 | #define CR4_PVI 0x2		/* Protected-Mode Virtual Interrupts */
 87 | #define CR4_TSD 0x4		/* Time Stamp Disable */
 88 | #define CR4_DE 0x8		/* Debugging Extensions */
 89 | #define CR4_PSE 0x10		/* Page Size Extensions */
 90 | #define CR4_PAE 0x20		/* Page address extension */
 91 | #define CR4_MCE 0x40		/* Machine Check Enable */
 92 | #define CR4_PGE 0x80		/* Page-global enable */
 93 | #define CR4_PCE 0x100		/* Performance counter enable */
 94 | #define CR4_OSFXSR 0x200	/* FXSAVE/FXRSTOR support */
 95 | #define CR4_OSX 0x400		/* OS unmasked exception support */
 96 | 
 97 | /* MTRR registers */
 98 | #define MTRR_CAP 0xfe		/* MTRR capabilities */
 99 | #define MTRR_CAP_VCNT_MASK 0xff	/* Variable-size register count */
100 | #define MTRR_CAP_FIX 0x100	/* Fixed-size register support */
101 | #define MTRR_CAP_WC 0x400	/* Write-combining support */
102 | #define MTRR_BASE(i) (0x200 + 2*(i))	/* Physical address base */
103 | #define MTRR_BASE_UC 0x00	/* Uncacheable */
104 | #define MTRR_BASE_WC 0x01	/* Write-Combining */
105 | #define MTRR_BASE_WT 0x04	/* Writethrough */
106 | #define MTRR_BASE_WP 0x05	/* Write-Protect */
107 | #define MTRR_BASE_WB 0x06	/* Writeback */
108 | #define MTRR_MASK(i) (0x201 + 2*(i))	/* Physical address mask */
109 | #define MTRR_MASK_FULL PGADDR((ONE << 36) - 1)
110 | #define MTRR_MASK_VALID 0x800
111 | 
112 | /* EFER Register */
113 | #define EFER 0xc0000080		/* MSR number */
114 | #define EFER_SCE 0x1		/* System-call extension */
115 | #define EFER_LME 0x100		/* Long mode enable */
116 | #define EFER_LMA 0x400		/* Long mode active */
117 | #define EFER_NXE 0x800		/* No-execute enable */
118 | #define EFER_FFXSR 0x4000	/* Fast FXSAVE/FXRSTOR */
119 | 
120 | /* FS/GS base registers */
121 | #define MSR_FS_BASE	0xc0000100
122 | #define MSR_GS_BASE	0xc0000101
123 | 
124 | /* Debug registers */
125 | #define MSR_DEBUG_CTL	0x1d9		/* MSR number */
126 | #define DEBUG_CTL_LBR	(1 << 0)	/* Last-Branch Record */
127 | 
128 | #define MSR_LBR_FROM_IP	0x1db		/* Last branch from IP */
129 | #define MSR_LBR_TO_IP	0x1dc		/* Last branch to IP */
130 | #define MSR_LEX_FROM_IP	0x1dd		/* Last exception from IP */
131 | #define MSR_LEX_TO_IP	0x1de		/* Last exception to IP */
132 | 
133 | #define DR7_L(n)	(ONE << ((n)*2)) /* Local breakpoint enable */
134 | #define DR7_G(n)	(ONE << ((n)*2+1)) /* Global breakpoint enable */
135 | #define DR7_LE		(ONE << 8)	/* Local enable */
136 | #define DR7_GE		(ONE << 9)	/* Global enable */
137 | #define DR7_GD		(ONE << 13)	/* General-detect enable */
138 | #define DR7_RW_SHIFT(n)	((n) * 4 + 16)	/* Breakpoint access mode */
139 | #define DR7_LEN_SHIFT(n) ((n) * 4 + 18)	/* Breakpoint addr length */
140 | 
141 | #define DR7_RW_EXEC	0x0
142 | #define DR7_RW_WRITE	0x1
143 | #define DR7_RW_IO	0x2
144 | #define DR7_RW_RW	0x3
145 | 
146 | #define DR7_LEN_1	0x0
147 | #define DR7_LEN_2	0x1
148 | #define DR7_LEN_8	0x2
149 | #define DR7_LEN_4	0x3
150 | 
151 | /* Rflags register */
152 | #define FL_CF 0x00000001	/* Carry Flag */
153 | #define FL_PF 0x00000004	/* Parity Flag */
154 | #define FL_AF 0x00000010	/* Auxiliary carry Flag */
155 | #define FL_ZF 0x00000040	/* Zero Flag */
156 | #define FL_SF 0x00000080	/* Sign Flag */
157 | #define FL_TF 0x00000100	/* Trap Flag */
158 | #define FL_IF 0x00000200	/* Interrupt Flag */
159 | #define FL_DF 0x00000400	/* Direction Flag */
160 | #define FL_OF 0x00000800	/* Overflow Flag */
161 | #define FL_IOPL_MASK 0x00003000 /* I/O Privilege Level bitmask */
162 | #define FL_IOPL_0 0x00000000	/*   IOPL == 0 */
163 | #define FL_IOPL_1 0x00001000	/*   IOPL == 1 */
164 | #define FL_IOPL_2 0x00002000	/*   IOPL == 2 */
165 | #define FL_IOPL_3 0x00003000	/*   IOPL == 3 */
166 | #define FL_NT 0x00004000	/* Nested Task */
167 | #define FL_RF 0x00010000	/* Resume Flag */
168 | #define FL_VM 0x00020000	/* Virtual 8086 mode */
169 | #define FL_AC 0x00040000	/* Alignment Check */
170 | #define FL_VIF 0x00080000	/* Virtual Interrupt Flag */
171 | #define FL_VIP 0x00100000	/* Virtual Interrupt Pending */
172 | #define FL_ID 0x00200000	/* ID flag */
173 | 
174 | /* Page fault error codes */
175 | #define FEC_P 0x1	    /* Fault caused by protection violation */
176 | #define FEC_W 0x2		/* Fault caused by a write */
177 | #define FEC_U 0x4		/* Fault occured in user mode */
178 | #define FEC_RSV 0x8		/* Fault caused by reserved PTE bit */
179 | #define FEC_I 0x10		/* Fault caused by instruction fetch */
180 | 
181 | /*
182 |  *
183 |  * Part 2.  Segmentation data structures and constants.
184 |  *
185 |  */
186 | 
187 | /* STA_ macros are for segment type values */
188 | #define STA_A (ONE << 0)	/* Accessed */
189 | #define STA_W (ONE << 1)	/* Writable (for data segments) */
190 | #define STA_E (ONE << 2)	/* Expand down (for data segments) */
191 | #define STA_X (ONE << 3)	/* 1 = Code segment (executable) */
192 | #define STA_R (ONE << 1)	/* Readable (for code segments) */
193 | #define STA_C (ONE << 2)	/* Conforming (for code segments) */
194 | 
195 | /* SEG_ macros specify segment type values shifted into place */
196 | #define SEG_A (STA_A << 40)	/* Accessed */
197 | #define SEG_W (STA_W << 40)	/* Writable (for data segments) */
198 | #define SEG_E (STA_E << 40)	/* Expand down (for data segments) */
199 | #define SEG_X (STA_X << 40)	/* 1 = Code segment (executable) */
200 | #define SEG_R (STA_R << 40)	/* Readable (for code segments) */
201 | #define SEG_C (STA_C << 40)	/* Conforming (for code segments) */
202 | 
203 | #define SEG_S (ONE << 44)	/* 1 = non-system, 0 = system segment */
204 | 
205 | #define SEG_LDT (UINT64 (0x2) << 40) /* 64-bit local descriptor segment */
206 | #define SEG_TSSA (UINT64 (0x9) << 40) /* Available 64-bit TSS */
207 | #define SEG_TSSB (UINT64 (0xa) << 40) /* Busy 64-bit TSS */
208 | #define SEG_CG (UINT64 (0xc) << 40) /* 64-bit Call Gate */
209 | #define SEG_IG (UINT64 (0xe) << 40) /* 64-bit Interrupt Gate */
210 | #define SEG_TG (UINT64 (0xf) << 40) /* 64-bit Trap Gate */
211 | 
212 | #define SEG_DPL(x) (((x) & UINT64(3)) << 45) /* Descriptor privilege level */
213 | #define SEG_P (ONE << 47)	/* Present */
214 | #define SEG_L (ONE << 53)	/* Long mode */
215 | #define SEG_D (ONE << 54)	/* 1 = 32-bit in legacy, 0 in long mode */
216 | #define SEG_G (ONE << 55)	/* Granulatity: 1 = scale limit by 4K */
217 | 
218 | /* Base and limit for 32-bit or low half of 64-bit segments */
219 | #define SEG_LIM(x) (((x) & 0xffff) | ((x) & UINT64 (0xf0000)) << 32)
220 | #define SEG_BASELO(x) (((CAST64 (x) & 0xffffff) << 16)		\
221 | 		       | ((CAST64 (x) & 0xff000000) << 32))
222 | #define SEG_BASEHI(x) (CAST64 (x) >> 32)
223 | 
224 | #define SEG32_ASM(type, base, lim)					\
225 |     .word (((lim) >> 12) & 0xffff), ((base) & 0xffff);			\
226 |     .byte (((base) >> 16) & 0xff), (0x90 | (type)),			\
227 | 	  (0xC0 | (((lim) >> 28) & 0xf)), (((base) >> 24) & 0xff)
228 | 
229 | #define SEG32(type, base, lim, dpl)					\
230 |   ((type) | SEG_S | SEG_P | SEG_D | SEG_G | SEG_A | SEG_DPL (dpl)	\
231 |    | SEG_BASELO (base) | SEG_LIM ((lim) >> 12))
232 | 
233 | #define SEG64(type, dpl)						\
234 |   ((type) | SEG_S | SEG_P | SEG_G | SEG_L | SEG_A | SEG_DPL (dpl)		\
235 |    | SEG_LIM (0xffffffff))
236 | 
237 | /* Target and segment selector for trap/interrupt gates */
238 | #define SEG_SEL(x) (((x) & 0xffff) << 16)
239 | #define SEG_TARGETLO(x) ((CAST64 (x) & 0xffff)			\
240 | 			 | ((CAST64 (x) & 0xffff0000) << 32))
241 | #define SEG_TARGETHI(x) (CAST64 (x) >> 32)
242 | 
243 | #define GATE32(type, sel, target, dpl)					   \
244 |   ((type) | SEG_DPL (dpl) | SEG_P | SEG_SEL (sel) | SEG_TARGETLO (target))
245 | #define SETGATE(gate, type, sel, target, dpl)		\
246 |   do {							\
247 |     gate.gd_lo = GATE32 (type, sel, target, dpl);	\
248 |     gate.gd_hi = SEG_TARGETHI (target);			\
249 |   } while (0)
250 | 
251 | #ifndef __ASSEMBLER__
252 | 
253 | struct Fpregs {
254 |     uint16_t cwd;
255 |     uint16_t swd;
256 |     uint16_t twd;
257 |     uint16_t fop;
258 |     uint64_t rip;
259 |     uint64_t rdp;
260 |     uint32_t mxcsr;
261 |     uint32_t mxcsr_mask;
262 |     uint32_t st_space[32];   /* 8*16 bytes for each FP-reg = 128 bytes */
263 |     uint32_t xmm_space[64];  /* 16*16 bytes for each XMM-reg = 128 bytes */
264 |     uint32_t padding[24];
265 | };
266 | 
267 | #endif /* !__ASSEMBLER__ */
268 | 
269 | #endif /* !JOS_MACHINE_MMU_X86_H */
270 | 


--------------------------------------------------------------------------------
/libdune/mmu.h:
--------------------------------------------------------------------------------
 1 | #ifndef JOS_MACHINE_MMU_H
 2 | #define JOS_MACHINE_MMU_H
 3 | 
 4 | # define UINT64(x) ((uint64_t) x)
 5 | # define CAST64(x) ((uint64_t) x)
 6 | #define ONE UINT64 (1)
 7 | 
 8 | #include "types.h"
 9 | #include "mmu-x86.h"
10 | 
11 | typedef uint64_t ptent_t;
12 | 
13 | /*
14 |  * AMD64-specific bits
15 |  */
16 | 
17 | /* Page directory and page table constants. */
18 | #define NPTBITS	    9		/* log2(NPTENTRIES) */
19 | #define NPTLVLS	    3		/* page table depth -1 */
20 | #define PD_SKIP	    6		/* Offset of pd_lim in Pseudodesc */
21 | 
22 | #ifndef __ASSEMBLER__
23 | /* Pseudo-descriptors used for LGDT, LLDT and LIDT instructions. */
24 | struct Pseudodesc {
25 |   uint16_t pd__garbage1;
26 |   uint16_t pd__garbage2;
27 |   uint16_t pd__garbage3;
28 |   uint16_t pd_lim;		/* Limit */
29 |   uint64_t pd_base;		/* Base address */
30 | } __attribute__((packed));
31 | 
32 | struct Tss {
33 |   char tss__ign1[4];
34 |   uint64_t tss_rsp[3];		/* Stack pointer for CPL 0, 1, 2 */
35 |   uint64_t tss_ist[8];		/* Note: tss_ist[0] is ignored */
36 |   char tss__ign2[10];
37 |   uint16_t tss_iomb;		/* I/O map base */
38 |   uint8_t tss_iopb[];
39 | } __attribute__ ((packed));
40 | 
41 | struct Gatedesc {
42 |   uint64_t gd_lo;
43 |   uint64_t gd_hi;
44 | };
45 | 
46 | struct Trapframe_aux {
47 | };
48 | 
49 | struct Trapframe {
50 |   /* callee-saved registers except %rax and %rsi */
51 |   uint64_t tf_rcx;
52 |   uint64_t tf_rdx;
53 |   uint64_t tf_rdi;
54 |   uint64_t tf_r8;
55 |   uint64_t tf_r9;
56 |   uint64_t tf_r10;
57 |   uint64_t tf_r11;
58 | 
59 |   /* caller-saved registers */
60 |   uint64_t tf_rbx;
61 |   uint64_t tf_rbp;
62 |   uint64_t tf_r12;
63 |   uint64_t tf_r13;
64 |   uint64_t tf_r14;
65 |   uint64_t tf_r15;
66 | 
67 |   /* for use by trap_{ec,noec}_entry_stub */
68 |   union {
69 |     uint64_t tf_rsi;
70 |     uint64_t tf__trapentry_rip;
71 |   };
72 | 
73 |   /* saved by trap_{ec,noec}_entry_stub */
74 |   uint64_t tf_rax;
75 | 
76 |   /* hardware-saved registers */
77 |   uint32_t tf_err;
78 |   uint32_t tf__pad1;
79 |   uint64_t tf_rip;
80 |   uint16_t tf_cs;
81 |   uint16_t tf_ds;	// not saved/restored by hardware
82 |   uint16_t tf_es;	// not saved/restored by hardware
83 |   uint16_t tf_fs;	// not saved/restored by hardware
84 |   uint64_t tf_rflags;
85 |   uint64_t tf_rsp;
86 |   uint16_t tf_ss;
87 |   uint16_t tf_gs;	// not saved/restored by hardware
88 |   uint16_t tf__pad3[2];
89 | };
90 | #endif
91 | 
92 | #endif /* !JOS_MACHINE_MMU_H */
93 | 


--------------------------------------------------------------------------------
/libdune/page.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * page.c - page management
  3 |  */
  4 | 
  5 | #define _GNU_SOURCE
  6 | 
  7 | #include <errno.h>
  8 | #include <sys/mman.h>
  9 | #include <string.h>
 10 | #include <stdlib.h>
 11 | #include <stdbool.h>
 12 | #include <pthread.h>
 13 | 
 14 | #include "dune.h"
 15 | 
 16 | #define GROW_SIZE	512
 17 | 
 18 | static pthread_mutex_t page_mutex = PTHREAD_MUTEX_INITIALIZER;
 19 | 
 20 | struct page *pages;
 21 | static struct page_head pages_free;
 22 | int num_pages;
 23 | 
 24 | static void * do_mapping(void *base, unsigned long len)
 25 | {
 26 | 	void *mem;
 27 | 
 28 | 	mem = mmap((void *) base, len,
 29 | 		   PROT_READ | PROT_WRITE,
 30 | 		   MAP_FIXED | MAP_HUGETLB | MAP_PRIVATE |
 31 | 		   MAP_ANONYMOUS, -1, 0);
 32 | 
 33 | 	if (mem != (void *) base) {
 34 | 		// try again without huge pages
 35 | 		mem = mmap((void *) base, len,
 36 | 			   PROT_READ | PROT_WRITE,
 37 | 			   MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS,
 38 | 			   -1, 0);
 39 | 		if (mem != (void *) base)
 40 | 			return NULL;
 41 | 	}
 42 | 
 43 | 	return mem;
 44 | }
 45 | 
 46 | static int grow_size(void)
 47 | {
 48 | 	int i;
 49 | 	int new_num_pages = num_pages + GROW_SIZE;
 50 | 	void *ptr;
 51 | 
 52 | 	ptr = do_mapping((void *) PAGEBASE + num_pages * PGSIZE,
 53 | 			 GROW_SIZE * PGSIZE);
 54 | 	if (!ptr)
 55 | 		return -ENOMEM;
 56 | 
 57 | 	for (i = num_pages; i < new_num_pages; i++) {
 58 | 		pages[i].ref = 0;
 59 | 		SLIST_INSERT_HEAD(&pages_free, &pages[i], link);
 60 | 	}
 61 | 
 62 | 	num_pages = new_num_pages;
 63 | 
 64 | 	return 0;
 65 | }
 66 | 
 67 | void dune_page_stats(void)
 68 | {
 69 | 	int i;
 70 | 	int num_alloc = 0;
 71 | 
 72 | 	for (i = 0; i < num_pages; i++) {
 73 | 		if (pages[i].ref != 0)
 74 | 			num_alloc++;
 75 | 	}
 76 | 
 77 | 	dune_printf("DUNE Page Allocator: Alloc %d, Free %d, Total %d\n",
 78 | 			   num_alloc, num_pages - num_alloc, num_pages);
 79 | }
 80 | 
 81 | struct page * dune_page_alloc(void)
 82 | {
 83 | 	struct page *pg;
 84 | 
 85 | 	pthread_mutex_lock(&page_mutex);
 86 | 	if (SLIST_EMPTY(&pages_free)) {
 87 | 		if (grow_size()) {
 88 | 			pthread_mutex_unlock(&page_mutex);
 89 | 			return NULL;
 90 | 		}
 91 | 	}
 92 | 
 93 | 	pg = SLIST_FIRST(&pages_free);
 94 | 	SLIST_REMOVE_HEAD(&pages_free, link);
 95 | 	pthread_mutex_unlock(&page_mutex);
 96 | 
 97 | 	dune_page_get(pg);
 98 | 
 99 | 	return pg;
100 | }
101 | 
102 | void dune_page_free(struct page *pg)
103 | {
104 | 	assert(!pg->ref);
105 | 	pthread_mutex_lock(&page_mutex);
106 | 	SLIST_INSERT_HEAD(&pages_free, pg, link);
107 | 	pthread_mutex_unlock(&page_mutex);
108 | }
109 | 
110 | bool dune_page_isfrompool(physaddr_t pa)
111 | {
112 | 	// XXX: Insufficent?
113 | 	return (pa >= PAGEBASE) && (pa < PAGEBASE + num_pages*PGSIZE);
114 | }
115 | 
116 | int dune_page_init(void)
117 | {
118 | 	int i;
119 | 	void *mem;
120 | 
121 | 	SLIST_INIT(&pages_free);
122 | 	num_pages = GROW_SIZE;
123 | 
124 | 	mem = do_mapping((void *) PAGEBASE, num_pages * PGSIZE);
125 | 	if (!mem)
126 | 		return -ENOMEM;
127 | 
128 | 	pages = malloc(sizeof(struct page) * MAX_PAGES);
129 | 	if (!pages)
130 | 		goto err;
131 | 
132 | 	for (i = 0; i < num_pages; i++) {
133 | 		pages[i].ref = 0;
134 | 		SLIST_INSERT_HEAD(&pages_free, &pages[i], link);
135 | 	}
136 | 
137 | 	return 0;
138 | 
139 | err:
140 | 	munmap((void *) PAGEBASE, num_pages * PGSIZE);
141 | 	return -ENOMEM;
142 | }
143 | 


--------------------------------------------------------------------------------
/libdune/procmap.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * procmap.c - Parse linux process map information.
  3 |  */
  4 | 
  5 | /*
  6 |  * Format:
  7 |  * start addr-end addr perms offset dev(xx:yy) inode path
  8 |  *
  9 |  * Permsissions:
 10 |  *                     rwxp
 11 |  *                     ||||
 12 |  *   Readable ---------+|||
 13 |  *   (r or -)           |||
 14 |  *   Writable ----------+||
 15 |  *   (w or -)            ||
 16 |  *   Executable ---------+|
 17 |  *   (X or -)             |
 18 |  *   Private/Shared ------+
 19 |  *   (p or s)
 20 |  *
 21 |  * Special Paths:
 22 |  *  - <filename>
 23 |  *  - anonymous
 24 |  *  - [heap]
 25 |  *  - [stack]
 26 |  *  - [vsyscall]
 27 |  *  - [vdso]
 28 |  *
 29 |  * Example /proc/self/maps:
 30 |  * 00400000-0040b000 r-xp 00000000 fe:00 917797                             /bin/cat
 31 |  * 0060a000-0060b000 r--p 0000a000 fe:00 917797                             /bin/cat
 32 |  * 0060b000-0060c000 rw-p 0000b000 fe:00 917797                             /bin/cat
 33 |  * 022cf000-022f0000 rw-p 00000000 00:00 0                                  [heap]
 34 |  * 7fe598687000-7fe59881e000 r-xp 00000000 fe:00 917523                     /lib/libc-2.15.so
 35 |  * 7fe59881e000-7fe598a1e000 ---p 00197000 fe:00 917523                     /lib/libc-2.15.so
 36 |  * 7fe598a1e000-7fe598a22000 r--p 00197000 fe:00 917523                     /lib/libc-2.15.so
 37 |  * 7fe598a22000-7fe598a24000 rw-p 0019b000 fe:00 917523                     /lib/libc-2.15.so
 38 |  * 7fe598a24000-7fe598a28000 rw-p 00000000 00:00 0 
 39 |  * 7fe598a28000-7fe598a49000 r-xp 00000000 fe:00 917531                     /lib/ld-2.15.so
 40 |  * 7fe598c37000-7fe598c3a000 rw-p 00000000 00:00 0 
 41 |  * 7fe598c47000-7fe598c48000 rw-p 00000000 00:00 0 
 42 |  * 7fe598c48000-7fe598c49000 r--p 00020000 fe:00 917531                     /lib/ld-2.15.so
 43 |  * 7fe598c49000-7fe598c4a000 rw-p 00021000 fe:00 917531                     /lib/ld-2.15.so
 44 |  * 7fe598c4a000-7fe598c4b000 rw-p 00000000 00:00 0 
 45 |  * 7fff601ca000-7fff601eb000 rw-p 00000000 00:00 0                          [stack]
 46 |  * 7fff601ff000-7fff60200000 r-xp 00000000 00:00 0                          [vdso]
 47 |  * ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
 48 |  */
 49 | 
 50 | #include <stdio.h>
 51 | #include <stdlib.h>
 52 | #include <stdbool.h>
 53 | #include <string.h>
 54 | 
 55 | #include "dune.h"
 56 | 
 57 | static int get_type(const char *path)
 58 | {
 59 | 	if (path[0] != '[' && path[0] != '\0')
 60 | 		return PROCMAP_TYPE_FILE;
 61 | 	if (path[0] == '\0')
 62 | 		return PROCMAP_TYPE_ANONYMOUS;
 63 | 	if (strcmp(path, "[heap]") == 0)
 64 | 		return PROCMAP_TYPE_HEAP;
 65 | 	if (strncmp(path, "[stack", 6) == 0)
 66 | 		return PROCMAP_TYPE_STACK;
 67 | 	if (strcmp(path, "[vsyscall]") == 0)
 68 | 		return PROCMAP_TYPE_VSYSCALL;
 69 | 	if (strcmp(path, "[vdso]") == 0)
 70 | 		return PROCMAP_TYPE_VDSO;
 71 | 	if (strcmp(path, "[vvar]") == 0)
 72 | 		return PROCMAP_TYPE_VVAR;
 73 | 	return PROCMAP_TYPE_UNKNOWN;
 74 | }
 75 | 
 76 | void dune_procmap_iterate(dune_procmap_cb cb)
 77 | {
 78 | 	struct dune_procmap_entry e;
 79 | 	FILE *map;
 80 | 	unsigned int dev1, dev2, inode;
 81 | 	char read, write, execute, private;
 82 | 	char line[512];
 83 | 	char path[256];
 84 | 
 85 | 	map = fopen("/proc/self/maps", "r");
 86 | 	if (map == NULL) {
 87 | 		printf("Could not open /proc/self/maps!\n");
 88 | 		abort();
 89 | 	}
 90 | 
 91 | 	setvbuf(map, NULL, _IOFBF, 8192);
 92 | 
 93 | 	while (!feof(map)) {
 94 | 		path[0] = '\0';
 95 | 		if (fgets(line, 512, map) == NULL)
 96 | 			break;
 97 | 		sscanf((char *)&line, "%lx-%lx %c%c%c%c %lx %x:%x %d %s",
 98 | 			  &e.begin, &e.end,
 99 | 			  &read, &write, &execute, &private, &e.offset,
100 | 			  &dev1, &dev2, &inode, path);
101 | 		e.r = (read == 'r');
102 | 		e.w = (write == 'w');
103 | 		e.x = (execute == 'x');
104 | 		e.p = (private == 'p');
105 | 		e.path = path;
106 | 		e.type = get_type(path);
107 | 		cb(&e);
108 | 	}
109 | 	fclose(map);
110 | }
111 | 
112 | static void __dune_procmap_dump_helper(const struct dune_procmap_entry *e)
113 | {
114 | 	printf("0x%016lx-0x%016lx %c%c%c%c %08lx %s\n",
115 | 			   e->begin, e->end,
116 | 			   e->r ? 'R' : '-',
117 | 			   e->w ? 'W' : '-',
118 | 			   e->x ? 'X' : '-',
119 | 			   e->p ? 'P' : 'S',
120 | 			   e->offset,
121 | 			   e->path);
122 | }
123 | 
124 | void dune_procmap_dump()
125 | {
126 | 	printf("--- Process Map Dump ---\n");
127 | 	dune_procmap_iterate(&__dune_procmap_dump_helper);
128 | }
129 | 
130 | 


--------------------------------------------------------------------------------
/libdune/trap.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * trap.c - x86 fault handling
  3 |  */
  4 | 
  5 | #include <errno.h>
  6 | #include <stdbool.h>
  7 | #include <sys/types.h>
  8 | 
  9 | #include "dune.h"
 10 | #include "cpu-x86.h"
 11 | #include "../kern/dune.h"
 12 | 
 13 | static dune_syscall_cb syscall_cb;
 14 | static dune_pgflt_cb pgflt_cb;
 15 | static dune_intr_cb intr_cbs[IDT_ENTRIES];
 16 | 
 17 | static inline unsigned long read_cr2(void)
 18 | {
 19 | 	unsigned long val;
 20 | 	asm volatile("mov %%cr2, %0\n\t" : "=r" (val));
 21 | 	return val;
 22 | }
 23 | 
 24 | int dune_register_intr_handler(int vec, dune_intr_cb cb)
 25 | {
 26 | 	if (vec >= IDT_ENTRIES || vec < 0)
 27 | 		return -EINVAL;
 28 | 
 29 | 	intr_cbs[vec] = cb;
 30 | 	return 0;
 31 | }
 32 | 
 33 | int dune_register_signal_handler(int signum, dune_intr_cb cb)
 34 | {
 35 | 	return dune_register_intr_handler(DUNE_SIGNAL_INTR_BASE + signum, cb);
 36 | }
 37 | 
 38 | void dune_register_syscall_handler(dune_syscall_cb cb)
 39 | {
 40 | 	syscall_cb = cb;
 41 | }
 42 | 
 43 | void dune_register_pgflt_handler(dune_pgflt_cb cb)
 44 | {
 45 | 	pgflt_cb = cb;
 46 | }
 47 | 
 48 | static bool addr_is_mapped(void *va)
 49 | {
 50 | 	int ret;
 51 | 	ptent_t *pte;
 52 | 
 53 | 	ret = dune_vm_lookup(pgroot, va, CREATE_NONE, &pte);
 54 | 	if (ret)
 55 | 		return 0;
 56 | 
 57 | 	if (!(*pte & PTE_P))
 58 | 		return 0;
 59 | 
 60 | 	return 1;
 61 | }
 62 | 
 63 | #define STACK_DEPTH 12
 64 | 
 65 | static void dune_dump_stack(struct dune_tf *tf)
 66 | {
 67 | 	int i;
 68 | 	unsigned long *sp = (unsigned long *) tf->rsp;
 69 | 
 70 | 	// we use dune_printf() because this might
 71 | 	// have to work even if libc doesn't.
 72 | 	dune_printf("dune: Dumping Stack Contents...\n");
 73 | 	for (i = 0; i < STACK_DEPTH; i++) {
 74 | 		if (!addr_is_mapped(&sp[i])) {
 75 | 			dune_printf("dune: reached unmapped addr\n");
 76 | 			break;
 77 | 		}
 78 | 		dune_printf("dune: RSP%+-3d 0x%016lx\n", i * sizeof(long),
 79 | 			   sp[i]);
 80 | 	}
 81 | }
 82 | 
 83 | static void dune_hexdump(void *x, int len)
 84 | {
 85 | 	unsigned char *p = x;
 86 | 
 87 | 	while (len--)
 88 | 		dune_printf("%.2x ", *p++);
 89 | 
 90 | 	dune_printf("\n");
 91 | }
 92 | 
 93 | static void dump_ip(struct dune_tf *tf)
 94 | {
 95 | 	unsigned char *p = (void*) tf->rip;
 96 | 	int len = 20;
 97 | 
 98 | 	dune_printf("dune: code before IP\t");
 99 | 	dune_hexdump(p - len, len);
100 | 
101 | 	dune_printf("dune: code at IP\t");
102 | 	dune_hexdump(p, len);
103 | }
104 | 
105 | void dune_dump_trap_frame(struct dune_tf *tf)
106 | {
107 | 	// we use dune_printf() because this might
108 | 	// have to work even if libc doesn't.
109 | 	dune_printf("dune: --- Begin Trap Dump ---\n");
110 | 	dune_printf("dune: RIP 0x%016llx\n", tf->rip);
111 | 	dune_printf("dune: CS 0x%02x SS 0x%02x\n", tf->cs, tf->ss);
112 | 	dune_printf("dune: ERR 0x%08lx RFLAGS 0x%08lx\n", tf->err, tf->rflags);
113 | 	dune_printf("dune: RAX 0x%016lx RCX 0x%016lx\n", tf->rax, tf->rcx);
114 | 	dune_printf("dune: RDX 0x%016lx RBX 0x%016lx\n", tf->rdx, tf->rbx);
115 | 	dune_printf("dune: RSP 0x%016lx RBP 0x%016lx\n", tf->rsp, tf->rbp);
116 | 	dune_printf("dune: RSI 0x%016lx RDI 0x%016lx\n", tf->rsi, tf->rdi);
117 | 	dune_printf("dune: R8  0x%016lx R9  0x%016lx\n", tf->r8, tf->r9);
118 | 	dune_printf("dune: R10 0x%016lx R11 0x%016lx\n", tf->r10, tf->r11);
119 | 	dune_printf("dune: R12 0x%016lx R13 0x%016lx\n", tf->r12, tf->r13);
120 | 	dune_printf("dune: R14 0x%016lx R15 0x%016lx\n", tf->r14, tf->r15);
121 | 	dune_dump_stack(tf);
122 | 	dump_ip(tf);
123 | 	dune_printf("dune: --- End Trap Dump ---\n");
124 | }
125 | 
126 | void dune_syscall_handler(struct dune_tf *tf)
127 | {
128 | 	if (syscall_cb) {
129 | 		syscall_cb(tf);
130 | 	} else {
131 | 		dune_printf("missing handler for system call - #%d\n", tf->rax);
132 | 		dune_dump_trap_frame(tf);
133 | 		dune_die();
134 | 	}
135 | }
136 | 
137 | void dune_trap_handler(int num, struct dune_tf *tf)
138 | {
139 | 	if (intr_cbs[num]) {
140 | 		intr_cbs[num](tf);
141 | 		return;
142 | 	}
143 | 
144 | 	switch (num) {
145 | 	case T_PGFLT:
146 | 		if (pgflt_cb) {
147 | 			pgflt_cb(read_cr2(), tf->err, tf);
148 | 		} else {
149 | 			dune_printf("unhandled page fault %lx %lx\n",
150 | 				   read_cr2(), tf->err);
151 | 			dune_dump_trap_frame(tf);
152 | 			dune_procmap_dump();
153 | 			dune_die();
154 | 		}
155 | 		break;
156 | 
157 | 	case T_NMI:
158 | 	case T_DBLFLT:
159 | 	case T_GPFLT:
160 | 		dune_printf("fatal exception %d, code %lx - dying...\n",
161 | 			   num, tf->err);
162 | 		dune_dump_trap_frame(tf);
163 | 		dune_die();
164 | 		break;
165 | 
166 | 	case 32 ... 255:
167 | 		asm("vmcall": : "a" (VMCALL_INTERRUPT));
168 | 		break;
169 | 
170 | 	default:
171 | 		dune_printf("unhandled exception %d\n", num);
172 | 		dune_dump_trap_frame(tf);
173 | 		dune_die();
174 | 	}
175 | }
176 | 


--------------------------------------------------------------------------------
/libdune/types.h:
--------------------------------------------------------------------------------
 1 | #ifndef JOS_MACHINE_TYPES_H
 2 | #define JOS_MACHINE_TYPES_H
 3 | 
 4 | #ifndef NULL
 5 | #define NULL (0)
 6 | #endif
 7 | 
 8 | #ifndef inline
 9 | #define inline __inline__
10 | #endif
11 | 
12 | // Represents true-or-false values
13 | typedef int bool_t;
14 | 
15 | // Explicitly-sized versions of integer types
16 | typedef __signed char int8_t;
17 | typedef unsigned char uint8_t;
18 | typedef short int16_t;
19 | typedef unsigned short uint16_t;
20 | typedef int int32_t;
21 | typedef unsigned int uint32_t;
22 | #if __LONG_MAX__==9223372036854775807L
23 | typedef long int64_t;
24 | typedef unsigned long uint64_t;
25 | #elif __LONG_LONG_MAX__==9223372036854775807LL
26 | typedef long long int64_t;
27 | typedef unsigned long long uint64_t;
28 | #else
29 | #error Missing 64-bit type
30 | #endif
31 | typedef uint64_t __uint64_t;
32 | 
33 | // Pointers and addresses are 64 bits long.
34 | // We use pointer types to represent virtual addresses,
35 | // uintptr_t to represent the numerical values of virtual addresses,
36 | // and physaddr_t to represent physical addresses.
37 | // Use __PTRDIFF_TYPE__ so that -m32 works out properly.
38 | typedef __PTRDIFF_TYPE__ intptr_t;
39 | typedef unsigned __PTRDIFF_TYPE__ uintptr_t;
40 | typedef unsigned __PTRDIFF_TYPE__ physaddr_t;
41 | 
42 | // Page numbers are 64 bits long.
43 | typedef uint64_t ppn_t;
44 | 
45 | #define PRIu64 "ld"
46 | #define PRIx64 "lx"
47 | 
48 | #endif /* !JOS_MACHINE_TYPES_H */
49 | 


--------------------------------------------------------------------------------
/libdune/util.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * util.c - this file is for random utilities and hypervisor backdoors
  3 |  */
  4 | 
  5 | #include <string.h>
  6 | #include <stdio.h>
  7 | #include <stdarg.h>
  8 | #include <signal.h>
  9 | #include <stdbool.h>
 10 | 
 11 | #include "dune.h"
 12 | 
 13 | static int dune_puts(const char *buf)
 14 | {
 15 | 	long ret;
 16 | 
 17 | 	asm volatile("movq $1, %%rax \n\t" // SYS_write
 18 | 	    "movq $1, %%rdi \n\t" // STDOUT
 19 | 	    "movq %1, %%rsi \n\t" // string
 20 | 	    "movq %2, %%rdx \n\t" // string len
 21 | 	    "vmcall \n\t"
 22 | 	    "movq %%rax, %0 \n\t" :
 23 | 	    "=r" (ret) : "r" (buf), "r" (strlen(buf)) :
 24 | 	    "rax", "rdi", "rsi", "rdx");
 25 | 
 26 | 	return ret;
 27 | }
 28 | 
 29 | /**
 30 |  * dune_printf - a raw low-level printf request that uses a hypercall directly
 31 |  * 
 32 |  * This is intended for working around libc syscall issues.
 33 |  */
 34 | int dune_printf(const char *fmt, ...)
 35 | {
 36 | 	va_list args;
 37 | 	char buf[1024];
 38 | 
 39 | 	va_start(args, fmt);
 40 | 
 41 | 	vsprintf(buf, fmt, args);
 42 | 
 43 | 	return dune_puts(buf);
 44 | }
 45 | 
 46 | void * dune_mmap(void *addr, size_t length, int prot,
 47 | 	     int flags, int fd, off_t offset)
 48 | {
 49 | 	void *ret_addr;
 50 | 
 51 | 	asm volatile("movq $9, %%rax \n\t" // SYS_mmap
 52 | 	    "movq %1, %%rdi \n\t"
 53 | 	    "movq %2, %%rsi \n\t"
 54 | 	    "movl %3, %%edx \n\t"
 55 | 	    "movq %4, %%r10 \n\t"
 56 | 	    "movq %5, %%r8 \n\t"
 57 | 	    "movq %6, %%r9 \n\t"
 58 | 	    "vmcall \n\t"
 59 | 	    "movq %%rax, %0 \n\t" :
 60 | 	    "=r" ((unsigned long) ret_addr) : "r" ((unsigned long) addr), "r" (length),
 61 | 	    "r" (prot), "r" ((unsigned long) flags), "r" ((unsigned long) fd),
 62 | 	    "r" ((unsigned long) offset) : "rax", "rdi", "rsi", "rdx");
 63 | 
 64 | 	return ret_addr;
 65 | }
 66 | 
 67 | /**
 68 |  * dune_die - kills the Dune process immediately
 69 |  *
 70 |  */
 71 | void dune_die(void)
 72 | {
 73 | 	asm volatile("movq $60, %rax\n" // exit
 74 | 		     "vmcall\n");
 75 | }
 76 | 
 77 | /**
 78 |  * dune_passthrough_syscall - makes a syscall using the args of a trap frame
 79 |  *
 80 |  * @tf: the trap frame to apply
 81 |  * 
 82 |  * sets the return code in tf->rax
 83 |  */
 84 | void dune_passthrough_syscall(struct dune_tf *tf)
 85 | {
 86 | 	asm volatile("movq %2, %%rdi \n\t"
 87 | 		     "movq %3, %%rsi \n\t"
 88 | 		     "movq %4, %%rdx \n\t"
 89 | 		     "movq %5, %%r10 \n\t"
 90 | 		     "movq %6, %%r8 \n\t"
 91 | 		     "movq %7, %%r9 \n\t"
 92 | 		     "vmcall \n\t"
 93 | 		     "movq %%rax, %0 \n\t" :
 94 | 		     "=a" (tf->rax) :
 95 | 		     "a" (tf->rax), "r" (tf->rdi), "r" (tf->rsi),
 96 | 		     "r" (tf->rdx), "r" (tf->rcx), "r" (tf->r8),
 97 | 		     "r" (tf->r9) : "rdi", "rsi", "rdx", "r10",
 98 | 		     "r8", "r9", "memory");     
 99 | }
100 | 
101 | sighandler_t dune_signal(int sig, sighandler_t cb)
102 | {
103 | 	dune_intr_cb x = (dune_intr_cb) cb; /* XXX */
104 | 
105 | 	if (signal(sig, cb) == SIG_ERR)
106 | 		return SIG_ERR;
107 | 
108 | 	dune_register_intr_handler(DUNE_SIGNAL_INTR_BASE + sig, x);
109 | 
110 | 	return NULL;
111 | }
112 | 
113 | void dune_control_guest_ints(bool enable)
114 | {
115 | 	asm("vmcall" : : "a" (VMCALL_CONTROL_GUEST_INTS), "b" (enable));
116 | }
117 | 


--------------------------------------------------------------------------------
/libdune/vm.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * vm.c - Virtual memory management routines
  3 |  */
  4 | 
  5 | #include <malloc.h>
  6 | #include <errno.h>
  7 | #include <string.h>
  8 | #include <stdbool.h>
  9 | #include <stdint.h>
 10 | 
 11 | #include "dune.h"
 12 | 
 13 | #define PDADDR(n, i)	(((unsigned long) (i)) << PDSHIFT(n))
 14 | #define PTE_DEF_FLAGS	(PTE_P | PTE_W | PTE_U)
 15 | #define LGPGSIZE	(1 << (PGSHIFT + NPTBITS))
 16 | 
 17 | static inline int pte_present(ptent_t pte)
 18 | {
 19 | 	return (PTE_FLAGS(pte) & PTE_P);
 20 | }
 21 | 
 22 | static inline int pte_big(ptent_t pte)
 23 | {
 24 | 	return (PTE_FLAGS(pte) & PTE_PS);
 25 | }
 26 | 
 27 | static inline void * alloc_page(void)
 28 | {
 29 | 	struct page *pg = dune_page_alloc();
 30 | 	if (!pg)
 31 | 		return NULL;
 32 | 
 33 | 	return (void *) dune_page2pa(pg);
 34 | }
 35 | 
 36 | static inline void put_page(void * page)
 37 | {
 38 | 	// XXX: Using PA == VA
 39 | 	struct page *pg = dune_pa2page((physaddr_t)page);
 40 | 
 41 | 	dune_page_put(pg);
 42 | }
 43 | 
 44 | int __dune_vm_page_walk(ptent_t *dir, void *start_va, void *end_va,
 45 | 			page_walk_cb cb, const void *arg, int level,
 46 | 			int create)
 47 | {
 48 | 	// XXX: Using PA == VA
 49 | 	int i, ret;
 50 | 	int start_idx = PDX(level, start_va);
 51 | 	int end_idx = PDX(level, end_va);
 52 | 	void *base_va = (void *) ((unsigned long)
 53 | 			start_va & ~(PDADDR(level + 1, 1) - 1));
 54 | 
 55 | 	assert(level >= 0 && level <= NPTLVLS);
 56 | 	assert(end_idx < NPTENTRIES);
 57 | 
 58 | 	for (i = start_idx; i <= end_idx; i++) {
 59 | 		void *n_start_va, *n_end_va;
 60 | 		void *cur_va = base_va + PDADDR(level, i);
 61 | 		ptent_t *pte = &dir[i];
 62 | 
 63 | 		if (level == 0) {
 64 | 			if (create == CREATE_NORMAL || *pte) {
 65 | 				ret = cb(arg, pte, cur_va);
 66 | 				if (ret)
 67 | 					return ret;
 68 | 			}
 69 | 			continue;
 70 | 		}
 71 | 
 72 | 		if (level == 1) {
 73 | 			if (create == CREATE_BIG || pte_big(*pte)) {
 74 | 				ret = cb(arg, pte, cur_va);
 75 | 				if (ret)
 76 | 					return ret;
 77 | 				continue;
 78 | 			}
 79 | 		}
 80 | 
 81 | 		if (level == 2) {
 82 | 			if (create == CREATE_BIG_1GB || pte_big(*pte)) {
 83 | 				ret = cb(arg, pte, cur_va);
 84 | 				if (ret)
 85 | 					return ret;
 86 | 				continue;
 87 | 			}
 88 | 		}
 89 | 
 90 | 		if (!pte_present(*pte)) {
 91 | 			ptent_t *new_pte;
 92 | 
 93 | 			if (!create)
 94 | 				continue;
 95 | 			
 96 | 			new_pte = alloc_page();
 97 | 			if (!new_pte)
 98 | 				return -ENOMEM;
 99 | 			memset(new_pte, 0, PGSIZE);
100 | 			*pte = PTE_ADDR(new_pte) | PTE_DEF_FLAGS;
101 | 		}
102 | 
103 | 		n_start_va = (i == start_idx) ? start_va : cur_va;
104 | 		n_end_va = (i == end_idx) ? end_va : cur_va + PDADDR(level, 1) - 1;
105 | 
106 | 		ret = __dune_vm_page_walk((ptent_t *) PTE_ADDR(dir[i]),
107 | 					 n_start_va, n_end_va, cb, arg,
108 | 					 level - 1, create);
109 | 		if (ret)
110 | 			return ret;
111 | 	}
112 | 
113 | 	return 0;
114 | }
115 | 
116 | int dune_vm_page_walk(ptent_t *root, void *start_va, void *end_va,
117 | 		     page_walk_cb cb, const void *arg)
118 | {
119 | 	return __dune_vm_page_walk(root, start_va, end_va, cb, arg, 3, CREATE_NONE);
120 | }
121 | 
122 |  int dune_vm_lookup(ptent_t *root, void *va, int create, ptent_t **pte_out)
123 | {
124 | 	// XXX: Using PA == VA
125 | 	int i, j, k, l;
126 | 	ptent_t *pml4 = root, *pdpte, *pde, *pte;
127 | 
128 | 	i = PDX(3, va);
129 | 	j = PDX(2, va);
130 | 	k = PDX(1, va);
131 | 	l = PDX(0, va);
132 | 
133 | 	if (!pte_present(pml4[i])) {
134 | 		if (!create)
135 | 			return -ENOENT;
136 | 
137 | 		pdpte = alloc_page();
138 | 		memset(pdpte, 0, PGSIZE);
139 | 
140 |                 pml4[i] = PTE_ADDR(pdpte) | PTE_DEF_FLAGS;
141 | 	} else
142 | 		pdpte = (ptent_t*) PTE_ADDR(pml4[i]);
143 | 
144 | 	if (!pte_present(pdpte[j])) {
145 | 		if (!create)
146 | 			return -ENOENT;
147 | 
148 | 		pde = alloc_page();
149 | 		memset(pde, 0, PGSIZE);
150 | 
151 | 		pdpte[j] = PTE_ADDR(pde) | PTE_DEF_FLAGS;
152 | 	} else if (pte_big(pdpte[j])) {
153 | 		*pte_out = &pdpte[j];
154 | 		return 0;
155 | 	} else
156 | 		pde = (ptent_t*) PTE_ADDR(pdpte[j]);
157 | 
158 | 	if (!pte_present(pde[k])) {
159 | 		if (!create)
160 | 			return -ENOENT;
161 | 
162 | 		pte = alloc_page();
163 | 		memset(pte, 0, PGSIZE);
164 | 
165 | 		pde[k] = PTE_ADDR(pte) | PTE_DEF_FLAGS;
166 | 	} else if (pte_big(pde[k])) {
167 | 		*pte_out = &pde[k];
168 | 		return 0;
169 | 	} else
170 | 		pte = (ptent_t*) PTE_ADDR(pde[k]);
171 | 
172 | 	*pte_out = &pte[l];
173 | 	return 0;
174 | }
175 | 
176 | static inline ptent_t get_pte_perm(int perm)
177 | {
178 | 	ptent_t pte_perm = 0;
179 | 
180 | 	if (perm & PERM_R)
181 | 		pte_perm = PTE_P;
182 | 	if (perm & PERM_W)
183 | 		pte_perm |= PTE_W;
184 | 	if (!(perm & PERM_X))
185 | 		pte_perm |= PTE_NX;
186 | 	if (perm & PERM_U)
187 | 		pte_perm |= PTE_U;
188 | 	if (perm & PERM_UC)
189 | 		pte_perm |= PTE_PCD;
190 | 	if (perm & PERM_COW)
191 | 		pte_perm |= PTE_COW;
192 | 	if (perm & PERM_USR1)
193 | 		pte_perm |= PTE_USR1;
194 | 	if (perm & PERM_USR2)
195 | 		pte_perm |= PTE_USR2;
196 | 	if (perm & PERM_USR3)
197 | 		pte_perm |= PTE_USR3;
198 | 	if (perm & PERM_BIG || perm & PERM_BIG_1GB)
199 | 		pte_perm |= PTE_PS;
200 | 
201 | 	return pte_perm;
202 | }
203 | 
204 | static int __dune_vm_mprotect_helper(const void *arg, ptent_t *pte, void *va)
205 | {
206 | 	ptent_t perm = (ptent_t) arg;
207 | 
208 | //	if (!(PTE_FLAGS(*pte) & PTE_P))
209 | //		return -ENOMEM;
210 | 
211 | 	*pte = PTE_ADDR(*pte) | (PTE_FLAGS(*pte) & PTE_PS) | perm;
212 | 	return 0;
213 | }
214 | 
215 | int dune_vm_mprotect(ptent_t *root, void *va, size_t len, int perm)
216 | {
217 | 	int ret;
218 | 	ptent_t pte_perm;
219 | 
220 | 	if (!(perm & PERM_R)) {
221 | 		if (perm & PERM_W)
222 | 			return -EINVAL;
223 | 		perm = PERM_NONE;
224 | 	}
225 | 
226 | 	pte_perm = get_pte_perm(perm);
227 | 
228 | 	ret = __dune_vm_page_walk(root, va, va + len - 1,
229 | 				 &__dune_vm_mprotect_helper,
230 | 				 (void *) pte_perm, 3, CREATE_NONE);
231 | 	if (ret)
232 | 		return ret;
233 | 
234 | 	dune_flush_tlb();
235 | 
236 | 	return 0;
237 | }
238 | 
239 | struct map_phys_data {
240 | 	ptent_t perm;
241 | 	unsigned long va_base;
242 | 	unsigned long pa_base;
243 | };
244 | 
245 | static int __dune_vm_map_phys_helper(const void *arg, ptent_t *pte, void *va)
246 | {
247 | 	struct map_phys_data *data = (struct map_phys_data *) arg;
248 | 
249 | 	*pte = PTE_ADDR(va - data->va_base + data->pa_base) | data->perm;
250 | 	return 0;
251 | }
252 | 
253 | int dune_vm_map_phys(ptent_t *root, void *va, size_t len, void *pa, int perm)
254 | {
255 | 	int ret;
256 | 	struct map_phys_data data;
257 | 	int create;
258 | 
259 | //	if (!(perm & PERM_R) && (perm & ~(PERM_R)))
260 | //		return -EINVAL;
261 | 
262 | 	data.perm = get_pte_perm(perm);
263 | 	data.va_base = (unsigned long) va;
264 | 	data.pa_base = (unsigned long) pa;
265 | 
266 | 	if (perm & PERM_BIG)
267 | 		create = CREATE_BIG;
268 | 	else if (perm & PERM_BIG_1GB)
269 | 		create = CREATE_BIG_1GB;
270 | 	else
271 | 		create = CREATE_NORMAL;
272 | 
273 | 	ret = __dune_vm_page_walk(root, va, va + len - 1,
274 | 				 &__dune_vm_map_phys_helper,
275 | 				 (void *) &data, 3,
276 | 				 create);
277 | 	if (ret)
278 | 		return ret;
279 | 
280 | 	return 0;
281 | }
282 | 
283 | static int __dune_vm_map_pages_helper(const void *arg, ptent_t *pte, void *va)
284 | {
285 | 	ptent_t perm = (ptent_t) arg;
286 | 	struct page *pg = dune_page_alloc();
287 | 
288 | 	if (!pg)
289 | 		return -ENOMEM;
290 | 
291 | 	*pte = PTE_ADDR(dune_page2pa(pg)) | perm;
292 | 
293 | 	return 0;
294 | }
295 | 
296 | int dune_vm_map_pages(ptent_t *root, void *va, size_t len, int perm)
297 | {
298 | 	int ret;
299 | 	ptent_t pte_perm;
300 | 
301 | 	if (!(perm & PERM_R) && (perm & ~(PERM_R)))
302 | 		return -EINVAL;
303 | 
304 | 	pte_perm = get_pte_perm(perm);
305 | 
306 | 	ret = __dune_vm_page_walk(root, va, va + len - 1,
307 | 				 &__dune_vm_map_pages_helper,
308 | 				 (void *) pte_perm, 3, CREATE_NORMAL);
309 | 
310 | 	return ret;
311 | }
312 | 
313 | static int __dune_vm_clone_helper(const void *arg, ptent_t *pte, void *va)
314 | {
315 |        int ret;
316 |        struct page *pg = dune_pa2page(PTE_ADDR(*pte));
317 |        ptent_t *newRoot = (ptent_t *)arg;
318 |        ptent_t *newPte;
319 | 
320 |        ret = dune_vm_lookup(newRoot, va, CREATE_NORMAL, &newPte);
321 |        if (ret < 0)
322 |                return ret;
323 | 
324 |        if (dune_page_isfrompool(PTE_ADDR(*pte)))
325 |                dune_page_get(pg);
326 |        *newPte = *pte;
327 | 
328 |        return 0;
329 | }
330 | 
331 | /**
332 |  * Clone a page root.
333 |  */
334 | ptent_t *dune_vm_clone(ptent_t *root)
335 | {
336 |        int ret;
337 |        ptent_t *newRoot;
338 | 
339 |        newRoot = alloc_page();
340 |        memset(newRoot, 0, PGSIZE);
341 | 
342 |        ret = __dune_vm_page_walk(root, VA_START, VA_END,
343 |                        &__dune_vm_clone_helper, newRoot,
344 |                        3, CREATE_NONE);
345 |        if (ret < 0) {
346 |                dune_vm_free(newRoot);
347 |                return NULL;
348 |        }
349 | 
350 |        return newRoot;
351 | }
352 | 
353 | static int __dune_vm_free_helper(const void *arg, ptent_t *pte, void *va)
354 | {
355 | 	struct page *pg = dune_pa2page(PTE_ADDR(*pte));
356 | 
357 | 	if (dune_page_isfrompool(PTE_ADDR(*pte)))
358 | 		dune_page_put(pg);
359 | 
360 | 	// Invalidate mapping
361 | 	*pte = 0;
362 | 
363 | 	return 0;
364 | }
365 | 
366 | /**
367 |  * Free the page table and decrement the reference count on any pages.
368 |  */
369 | void dune_vm_free(ptent_t *root)
370 | {
371 | 	// XXX: Should only need one page walk
372 | 	// XXX: Hacky - Until I fix ref counting
373 | 	/*__dune_vm_page_walk(root, VA_START, VA_END,
374 | 			&__dune_vm_free_helper, NULL,
375 | 			3, CREATE_NONE);*/
376 | 
377 | 	__dune_vm_page_walk(root, VA_START, VA_END,
378 | 			&__dune_vm_free_helper, NULL,
379 | 			2, CREATE_NONE);
380 | 
381 | 	__dune_vm_page_walk(root, VA_START, VA_END,
382 | 			&__dune_vm_free_helper, NULL,
383 | 			1, CREATE_NONE);
384 | 
385 | 	put_page(root);
386 | 
387 | 	return;
388 | }
389 | 
390 | void dune_vm_unmap(ptent_t *root, void *va, size_t len)
391 | {
392 | 	/* FIXME: Doesn't free as much memory as it could */
393 | 	__dune_vm_page_walk(root, va, va + len - 1,
394 | 			&__dune_vm_free_helper, NULL,
395 | 			3, CREATE_NONE);
396 | 
397 | 	dune_flush_tlb();
398 | }
399 | 
400 | 
401 |  void dune_vm_default_pgflt_handler(uintptr_t addr, uint64_t fec)
402 | {
403 | 	ptent_t *pte = NULL;
404 | 	int rc;
405 | 
406 | 	/*
407 | 	 * Assert on present and reserved bits.
408 | 	 */
409 | 	assert(!(fec & (FEC_P | FEC_RSV)));
410 | 
411 | 	rc = dune_vm_lookup(pgroot, (void *) addr, 0, &pte);
412 | 	assert(rc == 0);
413 | 
414 | 	if ((fec & FEC_W) && (*pte & PTE_COW)) {
415 | 		void *newPage;
416 | 		struct page *pg = dune_pa2page(PTE_ADDR(*pte));
417 | 		ptent_t perm = PTE_FLAGS(*pte);
418 | 
419 | 		// Compute new permissions
420 | 		perm &= ~PTE_COW;
421 | 		perm |= PTE_W;
422 | 
423 | 		if (dune_page_isfrompool(PTE_ADDR(*pte)) && pg->ref == 1) {
424 | 			*pte = PTE_ADDR(*pte) | perm;
425 | 			return;
426 | 		}
427 | 
428 | 		// Duplicate page
429 | 		newPage = alloc_page();
430 | 		memcpy(newPage, (void *)PGADDR(addr), PGSIZE);
431 | 
432 | 		// Map page
433 | 		if (dune_page_isfrompool(PTE_ADDR(*pte))) {
434 | 			dune_page_put(pg);
435 | 		}
436 | 		*pte = PTE_ADDR(newPage) | perm;
437 | 
438 | 		// Invalidate
439 | 		dune_flush_tlb_one(addr);
440 | 	}
441 | }
442 | 
443 | 


--------------------------------------------------------------------------------
/libdune/vsyscall.S:
--------------------------------------------------------------------------------
 1 | #include <asm/unistd_64.h>
 2 | 
 3 | .data
 4 | .globl __dune_vsyscall_page
 5 | .balign 4096, 0xcc
 6 | .type __dune_vsyscall_page, @object
 7 | __dune_vsyscall_page:
 8 | 
 9 | 	/* handle gettimeofday() */
10 | 	mov %cs, %rax
11 | 	test $3, %rax
12 | 	mov $__NR_gettimeofday, %rax
13 | 	jnz 1f
14 | 	vmcall
15 | 	ret
16 | 1:
17 | 	syscall
18 | 	ret
19 | 
20 | 	/* handle time() */
21 | 	.balign 1024, 0xcc
22 | 	mov %cs, %rax
23 | 	test $3, %rax
24 | 	mov $__NR_time, %rax
25 | 	jnz 2f
26 | 	vmcall
27 | 	ret
28 | 2:
29 | 	syscall
30 | 	ret
31 | 
32 | 	/* handle getcpu() */
33 | 	.balign 1024, 0xcc
34 | 	mov %cs, %rax
35 | 	test $3, %rax
36 | 	mov $__NR_getcpu, %rax
37 | 	jnz 3f
38 | 	vmcall
39 | 	ret
40 | 3:
41 | 	syscall
42 | 	ret
43 | 
44 | 	.balign 4096, 0xcc
45 | 	.size __dune_vsyscall_page, 4096
46 | 


--------------------------------------------------------------------------------
/test/Makefile:
--------------------------------------------------------------------------------
 1 | CC	= gcc
 2 | CFLAGS	= -Wall -g -MD -O2 -I ../
 3 | 
 4 | all: hello test timetest test_sandbox hugepages hugepages_mod.ko
 5 | 
 6 | hello: hello.o ../libdune/libdune.a
 7 | 	$(CC) $(CFLAGS) $(<) -o hello -L ../libdune -ldune -lpthread
 8 | 
 9 | timetest: timetest.o ../libdune/libdune.a
10 | 	$(CC) $(CFLAGS) $(<) -o $(@) -L ../libdune -ldune -lpthread
11 | 
12 | test: test.o ../libdune/libdune.a
13 | 	$(CC) $(CFLAGS) $(<) -o test -L ../libdune -ldune -lpthread
14 | 
15 | test_sandbox: test_sandbox.o
16 | 	$(CC) $(CFLAGS) -o $(@) $(<) -lpthread
17 | 
18 | hugepages: hugepages.o ../libdune/libdune.a
19 | 	$(CC) $(CFLAGS) $(<) -o hugepages -L ../libdune -ldune
20 | 
21 | hugepages_mod.ko: hugepages_mod.c
22 | 	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) obj-m=hugepages_mod.o CFLAGS= modules
23 | 
24 | clean:
25 | 	rm -f *.o test *.d hello test test_sandbox hugepages
26 | 	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) obj-m=hugepages_mod.o clean
27 | 
28 | -include *.d
29 | 


--------------------------------------------------------------------------------
/test/hello.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <stdlib.h>
 3 | 
 4 | #include "libdune/dune.h"
 5 | #include "libdune/cpu-x86.h"
 6 | 
 7 | static void recover(void)
 8 | {
 9 | 	printf("hello: recovered from divide by zero\n");
10 | 	exit(0);
11 | }
12 | 
13 | static void divide_by_zero_handler(struct dune_tf *tf)
14 | {
15 | 	printf("hello: caught divide by zero!\n");
16 | 	tf->rip = (uintptr_t) &recover;
17 | }
18 | 
19 | int main(int argc, char *argv[])
20 | {
21 | 	volatile int ret;
22 | 
23 | 	printf("hello: not running dune yet\n");
24 | 
25 | 	ret = dune_init_and_enter();
26 | 	if (ret) {
27 | 		printf("failed to initialize dune\n");
28 | 		return ret;
29 | 	}
30 | 
31 | 	printf("hello: now printing from dune mode\n");
32 | 
33 | 	dune_register_intr_handler(T_DIVIDE, divide_by_zero_handler);
34 | 
35 | 	ret = 1 / ret; /* divide by zero */
36 | 
37 | 	printf("hello: we won't reach this call\n");
38 | 
39 | 	return 0;
40 | }
41 | 
42 | 


--------------------------------------------------------------------------------
/test/hugepages.c:
--------------------------------------------------------------------------------
  1 | #include <fcntl.h>
  2 | #include <stdio.h>
  3 | #include <sys/ioctl.h>
  4 | #include <sys/mman.h>
  5 | #include <asm/mman.h>
  6 | #include <sys/stat.h>
  7 | #include <sys/types.h>
  8 | #include <stdarg.h>
  9 | #include <stdlib.h>
 10 | 
 11 | #include "libdune/dune.h"
 12 | #include "hugepages.h"
 13 | 
 14 | #define MAP_HUGE_SHIFT	26
 15 | #define MAP_HUGE_1GB	(30 << MAP_HUGE_SHIFT)
 16 | 
 17 | static int errors;
 18 | 
 19 | static void test(int ok, const char *msg, ...)
 20 | {
 21 | 	va_list ap;
 22 | 	va_start(ap, msg);
 23 | 	vprintf(msg, ap);
 24 | 	va_end(ap);
 25 | 	errors += ok ? 0 : 1;
 26 | 	puts(ok ? " OK" : " FAIL");
 27 | }
 28 | 
 29 | static int pte_big(ptent_t pte)
 30 | {
 31 | 	return PTE_FLAGS(pte) & PTE_PS;
 32 | }
 33 | 
 34 | static int guest_page_order(ptent_t *root, unsigned long addr)
 35 | {
 36 | 	int level;
 37 | 	int offset;
 38 | 	ptent_t entry;
 39 | 
 40 | 	for (level = 3; level > 0; level--) {
 41 | 		offset = PDX(level, addr);
 42 | 		entry = root[offset];
 43 | 		if (pte_big(entry))
 44 | 			break;
 45 | 		root = (ptent_t *)PTE_ADDR(entry);
 46 | 	}
 47 | 	return level;
 48 | }
 49 | 
 50 | static int host_page_order(int fd, ptent_t *root, unsigned long addr)
 51 | {
 52 | 	int level;
 53 | 	int offset;
 54 | 	ptent_t entry;
 55 | 
 56 | 	for (level = 3; level > 0; level--) {
 57 | 		offset = PDX(level, addr);
 58 | 		entry = (ptent_t)&root[offset];
 59 | 		if (ioctl(fd, HUGEPAGES_READ_MEM, &entry) == -1) {
 60 | 			fprintf(stderr, "FAIL: ioctl HUGEPAGES_READ_MEM\n");
 61 | 			return -1;
 62 | 		}
 63 | 		if (pte_big(entry))
 64 | 			break;
 65 | 		root = (ptent_t *)PTE_ADDR(entry);
 66 | 	}
 67 | 	return level;
 68 | }
 69 | 
 70 | static void *prepare(char *title, void *addr, size_t size, int flags, int advise_huge, int perm)
 71 | {
 72 | 	int ok;
 73 | 	char *msg = "%s - %-16s";
 74 | 
 75 | 	if (addr)
 76 | 		flags |= MAP_FIXED;
 77 | 
 78 | 	addr = mmap(addr, size, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE|flags, -1, 0);
 79 | 	if (addr == MAP_FAILED) {
 80 | 		perror("mmap");
 81 | 		exit(1);
 82 | 	}
 83 | 
 84 | 	if (advise_huge) {
 85 | 		if (madvise(addr, size, MADV_HUGEPAGE)) {
 86 | 			perror("madvise");
 87 | 			exit(1);
 88 | 		}
 89 | 	}
 90 | 	ok = !dune_vm_map_phys(pgroot, addr, size, (void *)dune_mmap_addr_to_pa(addr), PERM_R | PERM_W | perm);
 91 | 	test(ok, msg, title, "dune_vm_map_phys");
 92 | 	*((char *)addr) = 0;
 93 | 
 94 | 	return addr;
 95 | }
 96 | 
 97 | static void test_guest(char *title, void *addr, int expected_order)
 98 | {
 99 | 	int order;
100 | 
101 | 	order = guest_page_order((unsigned long *)get_cr3(), (unsigned long)addr);
102 | 	test(order == expected_order, "%s - %-16s", title, "guest");
103 | }
104 | 
105 | static void test_host(char *title, void *addr, int expected_order, int fd)
106 | {
107 | 	unsigned long cr3;
108 | 	int order;
109 | 
110 | 	if (ioctl(fd, HUGEPAGES_GET_CR3, &cr3) == -1) {
111 | 		perror("ioctl(HUGEPAGES_GET_CR3)");
112 | 		exit(1);
113 | 	}
114 | 	order = host_page_order(fd, (unsigned long *)cr3, (unsigned long)addr);
115 | 	test(order == expected_order, "%s - %-16s", title, "host");
116 | }
117 | 
118 | static void test_extended(char *title, void *addr, int expected_order, int fd)
119 | {
120 | 	unsigned long eptp;
121 | 	int order;
122 | 
123 | 	if (ioctl(fd, HUGEPAGES_GET_EPTP, &eptp) == -1) {
124 | 		perror("ioctl(HUGEPAGES_GET_EPTP)");
125 | 		exit(1);
126 | 	}
127 | 	order = host_page_order(fd, (unsigned long *)eptp, dune_mmap_addr_to_pa(addr));
128 | 	test(order == expected_order, "%s - %-16s", title, "extended");
129 | }
130 | 
131 | int main(int argc, char *argv[])
132 | {
133 | 	void *p4k, *p2m, *p1g, *p2m_trans, *p1g_trans;
134 | 	uintptr_t base;
135 | 	unsigned long align;
136 | 	int fd;
137 | 
138 | 	int ret = dune_init_and_enter();
139 | 	if (ret) {
140 | 		fprintf(stderr, "Failed to enter dune mode.\n");
141 | 		exit(1);
142 | 	}
143 | 
144 | 	fd = open("/dev/hugepages_mod", O_RDONLY);
145 | 	if (fd <= 0) {
146 | 		perror("open(/dev/hugepages_mod)");
147 | 		exit(1);
148 | 	}
149 | 
150 | 	align = 1<<30;
151 | 	base = (mmap_base & ~(align - 1)) + align;
152 | 
153 | 	p4k = prepare("4KB", NULL, 1<<12, 0, 0, 0);
154 | 	test_guest("4KB", p4k, 0);
155 | 	test_host("4KB", p4k, 0, fd);
156 | 	test_extended("4KB", p4k, 0, fd);
157 | 
158 | 	p2m = prepare("2MB", (void *)(base+align*0), 1<<21, MAP_HUGETLB, 0, PERM_BIG);
159 | 	test_guest("2MB", p2m, 1);
160 | 	test_host("2MB", p2m, 1, fd);
161 | 	test_extended("2MB", p2m, 1, fd);
162 | 
163 | 	p1g = prepare("1GB", (void *)(base+align*1), 1<<30, MAP_HUGETLB|MAP_HUGE_1GB, 0, PERM_BIG_1GB);
164 | 	test_guest("1GB", p1g, 2);
165 | 	test_host("1GB", p1g, 2, fd);
166 | 	test_extended("1GB", p1g, 2, fd);
167 | 
168 | 	p2m_trans = prepare("2MB (transparent)", (void *)(base+align*2), 1<<21, 0, 1, PERM_BIG);
169 | 	test_guest("2MB (transparent)", p2m_trans, 1);
170 | 	test_host("2MB (transparent)", p2m_trans, 1, fd);
171 | 	test_extended("2MB (transparent)", p2m_trans, 1, fd);
172 | 
173 | 	p1g_trans = prepare("1GB (transparent)", (void *)(base+align*3), 1<<30, 0, 1, PERM_BIG_1GB);
174 | 	test_guest("1GB (transparent)", p1g_trans, 2);
175 | 	test_host("1GB (transparent)", p1g_trans, 1, fd);
176 | 	test_extended("1GB (transparent)", p1g_trans, 1, fd);
177 | 
178 | 	if (errors)
179 | 		printf("\n*** %d ERRORS FOUND ***\n", errors);
180 | 	else
181 | 		printf("\n*** SUCCESS ***\n");
182 | 	return 0;
183 | }
184 | 


--------------------------------------------------------------------------------
/test/hugepages.h:
--------------------------------------------------------------------------------
 1 | #define HUGEPAGES_GET_CR3 _IOR(0xFF, 1, unsigned long)
 2 | #define HUGEPAGES_READ_MEM _IOWR(0xFF, 2, unsigned long)
 3 | #define HUGEPAGES_GET_EPTP _IOR(0xFF, 3, unsigned long)
 4 | 
 5 | static inline unsigned long get_cr3(void)
 6 | {
 7 | 	unsigned long cr3;
 8 | 	asm("mov %%cr3, %0\n" : "=r" (cr3));
 9 | 	return cr3;
10 | }
11 | 


--------------------------------------------------------------------------------
/test/hugepages_mod.c:
--------------------------------------------------------------------------------
 1 | #include <asm/uaccess.h>
 2 | #include <asm/vmx.h>
 3 | #include <linux/fs.h>
 4 | #include <linux/miscdevice.h>
 5 | #include <linux/module.h>
 6 | 
 7 | #include "hugepages.h"
 8 | 
 9 | MODULE_LICENSE("GPL");
10 | MODULE_DESCRIPTION("hugepages_mod");
11 | 
12 | static unsigned long vmcs_read64(unsigned long field)
13 | {
14 | 	unsigned long value;
15 | 	asm volatile (ASM_VMX_VMREAD_RDX_RAX : "=a"(value) : "d"(field) : "cc");
16 | 	return value;
17 | }
18 | 
19 | static long hugepages_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg)
20 | {
21 | 	long r = -EINVAL;
22 | 	unsigned long cr3, addr, data, eptp;
23 | 
24 | 	switch (ioctl) {
25 | 	case HUGEPAGES_GET_CR3:
26 | 		cr3 = get_cr3();
27 | 		r = copy_to_user((void __user *)arg, &cr3, sizeof(cr3));
28 | 		if (r) {
29 | 			r = -EIO;
30 | 			goto out;
31 | 		}
32 | 		break;
33 | 
34 | 	case HUGEPAGES_GET_EPTP:
35 | 		eptp = vmcs_read64(EPT_POINTER) & PAGE_MASK;
36 | 		r = copy_to_user((void __user *)arg, &eptp, sizeof(eptp));
37 | 		if (r) {
38 | 			r = -EIO;
39 | 			goto out;
40 | 		}
41 | 		break;
42 | 
43 | 	case HUGEPAGES_READ_MEM:
44 | 		r = copy_from_user(&addr, (void __user *)arg, sizeof(addr));
45 | 		if (r) {
46 | 			r = -EIO;
47 | 			goto out;
48 | 		}
49 | 		data = *((unsigned long *)__va(addr));
50 | 		r = copy_to_user((void __user *)arg, &data, sizeof(data));
51 | 		if (r) {
52 | 			r = -EIO;
53 | 			goto out;
54 | 		}
55 | 		break;
56 | 
57 | 	default:
58 | 		return -ENOTTY;
59 | 	}
60 | 
61 | out:
62 | 	return r;
63 | }
64 | 
65 | static const struct file_operations chardev_ops = {
66 | 	.owner		= THIS_MODULE,
67 | 	.unlocked_ioctl	= hugepages_ioctl,
68 | #ifdef CONFIG_COMPAT
69 | 	.compat_ioctl	= hugepages_ioctl,
70 | #endif
71 | 	.llseek		= noop_llseek,
72 | };
73 | 
74 | static struct miscdevice dev = {
75 | 	MISC_DYNAMIC_MINOR,
76 | 	"hugepages_mod",
77 | 	&chardev_ops,
78 | 	.mode = S_IRUGO | S_IWUGO,
79 | };
80 | 
81 | static int __init mod_init(void)
82 | {
83 | 	return misc_register(&dev);
84 | }
85 | 
86 | static void __exit mod_exit(void)
87 | {
88 | 	misc_deregister(&dev);
89 | }
90 | 
91 | module_init(mod_init);
92 | module_exit(mod_exit);
93 | 


--------------------------------------------------------------------------------
/test/test.c:
--------------------------------------------------------------------------------
  1 | #include <sys/types.h>
  2 | #include <sys/wait.h>
  3 | #include <stdio.h>
  4 | #include <stdlib.h>
  5 | #include <unistd.h>
  6 | #include <err.h>
  7 | #include <string.h>
  8 | #include <pthread.h>
  9 | 
 10 | #include "libdune/dune.h"
 11 | 
 12 | static int check_dune(void)
 13 | {
 14 | 	dune_flush_tlb();
 15 | 
 16 | 	return 0;
 17 | }
 18 | 
 19 | static int test_fork(void)
 20 | {
 21 | 	int pid;
 22 | 	int rc;
 23 | 
 24 | 	if (dune_enter())
 25 | 		return 1;
 26 | 
 27 | 	if (check_dune())
 28 | 		return 2;
 29 | 
 30 | 	pid = fork();
 31 | 	if (pid == -1)
 32 | 		return 3;
 33 | 
 34 | 	/* child */
 35 | 	if (pid == 0) {
 36 | 		if (dune_enter())
 37 | 			return 1;
 38 | 
 39 | 		if (check_dune())
 40 | 			exit(1);
 41 | 
 42 | 		exit(69);
 43 | 	} else {
 44 | 		if (check_dune())
 45 | 			return 4;
 46 | 
 47 | 		if (waitpid(pid, &rc, 0) == -1)
 48 | 			err(5, "waitpid()");
 49 | 
 50 | 		if (WEXITSTATUS(rc) != 69)
 51 | 			return 6;
 52 | 	}
 53 | 
 54 | 	return 255;
 55 | }
 56 | 
 57 | static void *test_pthread_thread(void *arg)
 58 | {
 59 | 	if (dune_enter())
 60 | 		return NULL;
 61 | 
 62 | 	if (check_dune())
 63 | 		return NULL;
 64 | 
 65 | 	return (void*) 0x666;
 66 | }
 67 | 
 68 | static int test_pthread(void)
 69 | {
 70 | 	pthread_t pt;
 71 | 	void *ret;
 72 | 
 73 | 	if (dune_enter())
 74 | 		return 1;
 75 | 
 76 | 	if (check_dune())
 77 | 		return 2;
 78 | 
 79 | 	if (pthread_create(&pt, NULL, test_pthread_thread, NULL))
 80 | 		err(1, "pthread_create()");
 81 | 
 82 | 	if (check_dune())
 83 | 		return 3;
 84 | 
 85 | 	if (pthread_join(pt, &ret))
 86 | 		return 4;
 87 | 
 88 | 	if (ret != (void*) 0x666)
 89 | 		return 5;
 90 | 
 91 | 	if (check_dune())
 92 | 		return 6;
 93 | 
 94 | 	return 255;
 95 | }
 96 | 
 97 | static int test_signal_glob = 0;
 98 | 
 99 | static void test_signal_handler(int num)
100 | {
101 | 	test_signal_glob = 666;
102 | }
103 | 
104 | static int test_signal(void)
105 | {
106 | 	int pid;
107 | 
108 | 	if (dune_enter())
109 | 		return 1;
110 | 
111 | 	pid = getpid();
112 | 
113 | 	if (dune_signal(SIGUSR1, test_signal_handler) == SIG_ERR)
114 | 		err(1, "signal()");
115 | 
116 | 	if (kill(pid, SIGUSR1) == -1)
117 | 		err(1, "kill()");
118 | 
119 | 	if (test_signal_glob != 666)
120 | 		return 2;
121 | 
122 | 	return 255; 
123 | }
124 | 
125 | static struct test {
126 | 	char	*name;
127 | 	int	(*cb)(void);
128 | } _tests[] = {
129 | 	{ "fork", test_fork },
130 | 	{ "pthread", test_pthread },
131 | 	{ "signal", test_signal },
132 | };
133 | 
134 | static void run_test(struct test *t)
135 | {
136 | 	int rc, status;
137 | 	int pid;
138 | 
139 | 	printf("==== Running test %s\n", t->name);
140 | 
141 | 	pid = fork();
142 | 	if (pid == -1)
143 | 		err(1, "fork()");
144 | 
145 | 	/* child */
146 | 	if (pid == 0) {
147 | 		rc = t->cb();
148 | 		exit(rc);
149 | 	}
150 | 
151 | 	if (waitpid(pid, &status, 0) == -1)
152 | 		err(1, "waitpid()");
153 | 
154 | 	rc = WEXITSTATUS(status);
155 | 
156 | 	printf("==== Test %s - %s", t->name, rc != 255 ? "FAILED" : "passed" );
157 | 
158 | 	if (WIFSIGNALED(status))
159 | 		printf(" [crashed]");
160 | 
161 | 	if (rc != 255)
162 | 		printf(" rc %d\n", rc);
163 | 	else
164 | 		printf("\n");
165 | }
166 | 
167 | int main(int argc, char *argv[])
168 | {
169 | 	int i, ret;
170 | 
171 | 	ret = dune_init_and_enter();
172 | 	if (ret) {
173 | 		printf("failed to initialize dune\n");
174 | 		return ret;
175 | 	}
176 | 
177 | 	printf("Doing tests\n");
178 | 
179 | 	for (i = 0; i < sizeof(_tests) / sizeof(*_tests); i++)
180 | 		run_test(&_tests[i]);
181 | 
182 | 	printf("Done all tests\n");
183 | 	exit(0);
184 | }
185 | 


--------------------------------------------------------------------------------
/test/test_sandbox.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <stdlib.h>
  3 | #include <pthread.h>
  4 | #include <err.h>
  5 | #include <sys/types.h>
  6 | #include <sys/wait.h>
  7 | #include <unistd.h>
  8 | #include <asm/prctl.h>
  9 | #include <sys/prctl.h>
 10 | 
 11 | #define NUM_THREADS	10
 12 | 
 13 | extern int arch_prctl(int code, unsigned long *addr);
 14 | 
 15 | static int _threads_survived = 0;
 16 | static unsigned long _tls;
 17 | 
 18 | static void *xmalloc(size_t sz)
 19 | {
 20 | 	void *x = malloc(sz);
 21 | 
 22 | 	if (!x)
 23 | 		err(1, "malloc()");
 24 | 
 25 | 	return x;
 26 | }
 27 | 
 28 | static void *do_test_thread_memory(void *arg)
 29 | {
 30 | 	int times = 10000;
 31 | 	int i;
 32 | 	char **ptrs;
 33 | 
 34 | 	ptrs = xmalloc(sizeof(*ptrs) * times);
 35 | 
 36 | 	for (i = 0; i < times; i++) {
 37 | 		ptrs[i] = xmalloc(4096);
 38 | 
 39 | 		if (ptrs[i][0])
 40 | 			ptrs[i][1] = 2;
 41 | 	}
 42 | 
 43 | 	for (i = 0; i < times; i++)
 44 | 		free(ptrs[i]);
 45 | 
 46 | 	_threads_survived++;
 47 | 
 48 | 	return NULL;
 49 | }
 50 | 
 51 | static void test_thread_memory(void)
 52 | {
 53 | 	pthread_t pt[NUM_THREADS];
 54 | 	int i;
 55 | 
 56 | 	printf("=========== test_thread_memory\n");
 57 | 
 58 | 	for (i = 0; i < NUM_THREADS; i++) {
 59 | 		if (pthread_create(&pt[i], NULL, do_test_thread_memory, NULL))
 60 | 			err(1, "pthread_create()");
 61 | 	}
 62 | 
 63 | 	for (i = 0; i < NUM_THREADS; i++) {
 64 | 		if (pthread_join(pt[i], NULL))
 65 | 			err(1, "pthread_join()");
 66 | 	}
 67 | 
 68 | 	if (_threads_survived == NUM_THREADS)
 69 | 		printf("PASSED\n");
 70 | 	else
 71 | 		printf("FAILED\n");
 72 | }
 73 | 
 74 | static void *thread_pthread_fork(void *arg)
 75 | {
 76 | 	pid_t pid;
 77 | 	unsigned long tls = 0;
 78 | 
 79 | 	_threads_survived++;
 80 | 
 81 |         if (arch_prctl(ARCH_GET_FS, &tls) == -1)
 82 | 		err(1, "arch_prctl()");
 83 | 
 84 | 	if (tls == _tls) {
 85 | 		printf("FAILED\n");
 86 | 		return NULL;
 87 | 	}
 88 | 
 89 | 	_tls = tls;
 90 | 
 91 | 	if ((pid = fork()) == -1)
 92 | 		err(1, "fork()");
 93 | 
 94 | 	if (pid == 0) {
 95 | 		_threads_survived++;
 96 | 		
 97 | 		tls = 0;
 98 | 		if (arch_prctl(ARCH_GET_FS, &tls) == -1)
 99 | 			err(1, "arch_prctl()");
100 | 
101 | 		if (tls != _tls) {
102 | 			printf("FAILED\n");
103 | 			exit(0);
104 | 		}
105 | 
106 | 		if (_threads_survived == 2)
107 | 			printf("PASSED\n");
108 | 
109 | 		exit(0);
110 | 	} else
111 | 		wait(NULL);
112 | 
113 | 	return NULL;
114 | }
115 | 
116 | static void test_pthread_fork(void)
117 | {
118 | 	pthread_t pt;
119 | 
120 | 	printf("============ test_pthread_fork\n");
121 | 
122 | 	_threads_survived = 0;
123 | 	arch_prctl(ARCH_GET_FS, &_tls);
124 | 
125 | 	if (pthread_create(&pt, NULL, thread_pthread_fork, NULL))
126 | 		err(1, "pthread_create()");
127 | 
128 | 	if (pthread_join(pt, NULL))
129 | 		err(1, "pthread_join()");
130 | }
131 | 
132 | int main(int argc, char *argv[])
133 | {
134 | 	test_thread_memory();
135 | 	test_pthread_fork();
136 | 	exit(0);
137 | }
138 | 


--------------------------------------------------------------------------------
/test/timetest.c:
--------------------------------------------------------------------------------
 1 | 
 2 | #include <stdio.h>
 3 | #include <time.h>
 4 | 
 5 | #include "libdune/dune.h"
 6 | 
 7 | int main(int argc, char *argv[])
 8 | {
 9 | 	time_t t = -1;
10 | 
11 | 	int ret = dune_init_and_enter();
12 | 	if (ret) {
13 | 		printf("Failed to enter dune mode\n");
14 | 		return ret;
15 | 	}
16 | 
17 | 	t = time(&t);
18 | 	if (t == -1) {
19 | 		printf("Error calling time(&t)!\n");
20 | 		return 1;
21 | 	}
22 | 
23 | 	t = -1;
24 | 	t = time(NULL);
25 | 	if (t == -1) {
26 | 		printf("Error calling time(NULL)!\n");
27 | 		return 1;
28 | 	}
29 | 
30 | 	printf("Success!\n");
31 | 	return 0;
32 | }
33 | 
34 | 


--------------------------------------------------------------------------------